openclaw

Author	SHA1	Message	Date
Brian Ernesto	ab1da26f4d	fix(macos): show sessions after controls in tray menu (#38079 ) * fix(macos): show sessions after controls in tray menu When many sessions are active, the injected session rows push the toggles, action buttons, and settings items off-screen, requiring a scroll to reach them. Change findInsertIndex and findNodesInsertIndex to anchor just before the separator above 'Settings…' instead of before 'Send Heartbeats'. This ensures the controls section is always immediately visible on menu open, with sessions appearing below. * refactor: extract findAnchoredInsertIndex to eliminate duplication findInsertIndex and findNodesInsertIndex shared identical logic. Extract into a single private helper so any future anchor change (e.g. Settings item title) only needs one edit. * macOS: use structural tray menu anchor --------- Co-authored-by: Brian Ernesto <bernesto@users.noreply.github.com> Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>	2026-03-18 11:29:11 +11:00
scoootscooob	4e912bffd8	Agents: improve prompt cache hit rate and add prompt composition regression tests (#49237 ) Merged via squash. Prepared head SHA: 978b0cd6c79064f4c67e5f347655263a6d1cfbdf Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Reviewed-by: @scoootscooob	2026-03-17 16:40:20 -07:00
joshavant	79f7dbfd6e	Changelog: add config set expansion entry	2026-03-17 18:32:55 -05:00
Vincent Koc	0e4c072f37	Models: add native GPT-5.4 mini and nano support (#49289 ) * Models: add GPT-5.4 mini and nano support * Tests: cover OpenAI GPT-5.4 mini and nano extension support	2026-03-17 16:21:39 -07:00
Ayaan Zaidi	e4825a0f93	fix(telegram): unify transport fallback chain (#49148 ) * fix(telegram): unify transport fallback chain * fix: address telegram fallback review comments * fix: validate pinned SSRF overrides * fix: unify telegram fallback retries (#49148)	2026-03-17 22:44:15 +05:30
Harold Hunt	272d6ed24b	Plugins: add binding resolution callbacks (#48678 ) Merged via squash. Prepared head SHA: 6d7b32b1849cae1001e581eb6f53b79594dff9b4 Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com> Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com> Reviewed-by: @huntharo	2026-03-17 13:11:08 -04:00
Peter Steinberger	ccf16cd889	fix(gateway): clear trusted-proxy control ui scopes	2026-03-17 10:07:53 -07:00
Jonathan Jing	2145eb5908	feat(mattermost): add retry logic and timeout handling for DM channel creation (#42398 ) Merged via squash. Prepared head SHA: 3db47be907decd78116603c6ab4a48ff91eb2c25 Co-authored-by: JonathanJing <17068507+JonathanJing@users.noreply.github.com> Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Reviewed-by: @mukhtharcm	2026-03-17 22:16:56 +05:30
Menglin Li	7b61b025ff	fix(compaction): break safeguard cancel loop for sessions with no summarizable messages (#41981 ) (#42215 ) Merged via squash. Prepared head SHA: 7ce6bd834e8653561f5389b8756bfab7664ab9f3 Co-authored-by: lml2468 <39320777+lml2468@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-17 09:44:31 -07:00
Peter Steinberger	4d8106eece	docs(security): clarify wildcard Control UI origins	2026-03-17 09:36:51 -07:00
Peter Steinberger	a724bbce1a	feat: add bundled Chutes extension (#49136 ) * refactor: generalize bundled provider discovery seams * feat: land chutes extension via plugin-owned auth (#41416) (thanks @Veightor)	2026-03-17 09:35:21 -07:00
Bob	ea15819ecf	ACP: harden startup and move configured routing behind plugin seams (#48197 ) * ACPX: keep plugin-local runtime installs out of dist * Gateway: harden ACP startup and service PATH * ACP: reinitialize error-state configured bindings * ACP: classify pre-turn runtime failures as session init failures * Plugins: move configured ACP routing behind channel seams * Telegram tests: align startup probe assertions after rebase * Discord: harden ACP configured binding recovery * ACP: recover Discord bindings after stale runtime exits * ACPX: replace dead sessions during ensure * Discord: harden ACP binding recovery * Discord: fix review follow-ups * ACP bindings: load channel snapshots across workspaces * ACP bindings: cache snapshot channel plugin resolution * Experiments: add ACP pluginification holy grail plan * Experiments: rename ACP pluginification plan doc * Experiments: drop old ACP pluginification doc path * ACP: move configured bindings behind plugin services * Experiments: update bindings capability architecture plan * Bindings: isolate configured binding routing and targets * Discord tests: fix runtime env helper path * Tests: fix channel binding CI regressions * Tests: normalize ACP workspace assertion on Windows * Bindings: isolate configured binding registry * Bindings: finish configured binding cleanup * Bindings: finish generic cleanup * Bindings: align runtime approval callbacks * ACP: delete residual bindings barrel * Bindings: restore legacy compatibility * Revert "Bindings: restore legacy compatibility" This reverts commit ac2ed68fa2426ecc874d68278c71c71ad363fcfe. * Tests: drop ACP route legacy helper names * Discord/ACP: fix binding regressions --------- Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>	2026-03-17 17:27:52 +01:00
Kwest OG	8139f83175	fix(telegram): persist sticky IPv4 fallback across polling restarts (fixes #48177 ) (#48282 ) * fix(telegram): persist sticky IPv4 fallback across polling restarts (fixes #48177) Hoist resolveTelegramTransport() out of createTelegramBot() so the transport (and its sticky IPv4 fallback state) persists across polling restarts. Previously, each polling restart created a new transport with stickyIpv4FallbackEnabled=false, causing repeated IPv6 timeouts on hosts with unstable IPv6 connectivity. Changes: - bot.ts: accept optional telegramTransport in TelegramBotOptions - monitor.ts: resolve transport once before polling loop - polling-session.ts: pass transport through to bot creation AI-assisted (Claude Sonnet 4). Tested: tsc --noEmit clean. * Update extensions/telegram/src/polling-session.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * style: fix oxfmt formatting in bot.ts * test: cover telegram transport reuse across restarts * fix: preserve telegram sticky IPv4 fallback across polling restarts (#48282) (thanks @yassinebkr) --------- Co-authored-by: Yassine <yassinebkr@users.noreply.github.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Ayaan Zaidi <hi@obviy.us>	2026-03-17 21:56:12 +05:30
F_ool	094a0cc412	fix(context-engine): preserve legacy plugin sessionKey interop (#44779 ) Merged via squash. Prepared head SHA: e04c6fb47d1ad2623121c907b2e8dcaff62b9ad7 Co-authored-by: hhhhao28 <112874572+hhhhao28@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-17 09:14:14 -07:00
Peter Steinberger	ebee4e2210	fix(tlon): defer DM cite expansion until after auth	2026-03-17 09:08:20 -07:00
Jari Mustonen	4f6955fb11	fix(hooks): pass sessionFile and sessionKey in after_compaction hook (#40781 ) Merged via squash. Prepared head SHA: 11e85f865148f6c6216aaf00fc5b0ef78238070a Co-authored-by: jarimustonen <1272053+jarimustonen@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-17 08:30:37 -07:00
Andrew Demczuk	f84a41dcb8	fix(security): block JVM, Python, and .NET env injection vectors in host exec sandbox (#49025 ) Add JAVA_TOOL_OPTIONS, _JAVA_OPTIONS, JDK_JAVA_OPTIONS, PYTHONBREAKPOINT, and DOTNET_STARTUP_HOOKS to blockedKeys in the host exec security policy. Closes #22681	2026-03-17 15:37:55 +01:00
Josh Lehman	1399ca5fcb	fix(plugins): forward plugin subagent overrides (#48277 ) Merged via squash. Prepared head SHA: ffa45893e0ea72bc21b48d0ea227253ba207eec0 Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-17 07:20:27 -07:00
Stable Genius	6b6942552d	fix(macos): stop relaunching the app after quit when launch-at-login is enabled (#40213 ) Merged via squash. Prepared head SHA: c702d98bd63f4de4059df54f8aaea1ff56c01a34 Co-authored-by: stablegenius49 <259448942+stablegenius49@users.noreply.github.com> Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com> Reviewed-by: @ImLukeF	2026-03-17 20:59:56 +11:00
Br1an	7303253427	fix: update macOS node service to use current CLI command shape (closes #43171 ) (#46843 ) Merged via squash. Prepared head SHA: dbf2edd6f4fdc89aea865bec631f7a289a4dcbd1 Co-authored-by: Br1an67 <29810238+Br1an67@users.noreply.github.com> Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com> Reviewed-by: @ImLukeF	2026-03-17 20:46:54 +11:00
stim64045-spec	6101c023bb	fix(ui): restore control-ui query token compatibility (#43979 ) * fix(ui): restore control-ui query token imports * chore(changelog): add entry for openclaw#43979 thanks @stim64045-spec --------- Co-authored-by: 大禹 <dayu@dayudeMac-mini.local> Co-authored-by: Val Alexander <bunsthedev@gmail.com> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>	2026-03-17 04:03:35 -05:00
Peter Steinberger	990d0d7261	docs(image-generation): remove nano banana stock docs	2026-03-17 01:09:58 -07:00
Vincent Koc	99c7750c2d	Changelog: add Telegram DM topic session-key fix	2026-03-17 01:07:47 -07:00
Peter Steinberger	f9588da3e0	refactor: split plugin testing seam from bundled extension helpers	2026-03-17 01:05:09 -07:00
Peter Steinberger	13505c7392	docs(changelog): restore 2026.2.27 heading	2026-03-17 00:05:42 -07:00
Peter Steinberger	e5919bc524	docs(gateway): clarify URL allowlist semantics	2026-03-17 00:03:27 -07:00
scoootscooob	80a2af1d65	Agents: move bootstrap warnings out of system prompt (#48753 ) Merged via squash. Prepared head SHA: dc1d4d075af7afdf4c143f1639cd49e129969f6c Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Reviewed-by: @scoootscooob	2026-03-16 23:25:04 -07:00
Peter Steinberger	57204b4fa9	fix(gateway): surface env override keys in exec approvals	2026-03-16 23:24:32 -07:00
Peter Steinberger	be2e6ca0f6	fix(macos): harden exec approval socket auth	2026-03-16 23:00:22 -07:00
Vincent Koc	cc88b4a72d	Commands: add /plugins chat command (#48765 ) * Tests: stabilize MCP config merge follow-ups * Commands: add /plugins chat command * Docs: add /plugins slash command guide	2026-03-16 22:57:44 -07:00
Peter Steinberger	223ae42c79	fix(feishu): harden webhook signature compare	2026-03-16 22:22:30 -07:00
Josh Avant	da34f81ce2	fix(secrets): scope message SecretRef resolution and harden doctor/status paths (#48728 ) * fix(secrets): scope message runtime resolution and harden doctor/status * docs: align message/doctor/status SecretRef behavior notes * test(cli): accept scoped targetIds wiring in secret-resolution coverage * fix(secrets): keep scoped allowedPaths isolation and tighten coverage gate * fix(secrets): avoid default-account coercion in scoped target selection * test(doctor): cover inactive telegram secretref inspect path * docs Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com> * changelog Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com> --------- Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>	2026-03-17 00:01:34 -05:00
Vincent Koc	06459ca0df	Agents: run bundle MCP tools in embedded Pi (#48611 ) * Agents: run bundle MCP tools in embedded Pi * Plugins: fix bundle MCP path resolution * Plugins: warn on unsupported bundle MCP transports * Commands: add embedded Pi MCP management * Config: move MCP management to top-level config	2026-03-16 21:46:05 -07:00
Peter Steinberger	1ffe8fde84	fix: stabilize docker test suite	2026-03-17 03:02:03 +00:00
Keshav Rao	3aa4199ef0	agent: preemptive context overflow detection during tool loops (#29371 ) Merged via squash. Prepared head SHA: 19661b8fb1e3aea20e438b28e8323d7f42fe01d6 Co-authored-by: keshav55 <3821985+keshav55@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-16 19:04:00 -07:00
lishuaigit	76500c7a78	fix: detect Ollama "prompt too long" as context overflow error (#34019 ) Merged via squash. Prepared head SHA: 825a402f0fe7d521902291e7dd6dbb288699224e Co-authored-by: lishuaigit <7495165+lishuaigit@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-16 18:57:33 -07:00
Tak Hoffman	4863b651c6	docs: rename onboarding user-facing wizard copy Co-authored-by: Tak <contact-redacted@example.com>	2026-03-16 19:50:31 -05:00
Clayton Shaw	6ba4d0ddc3	fix: remove orphaned tool_result blocks during compaction (#15691 ) (#16095 ) Merged via squash. Prepared head SHA: b772432c1ff17f49fdfc747ba88e7ed297b08465 Co-authored-by: claw-sylphx <260243939+claw-sylphx@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-16 15:57:45 -07:00
Sayr Wolfridge	a53030a7f2	fix(compaction): stabilize toolResult trim/prune flow in safeguard (#44133 ) Merged via squash. Prepared head SHA: ec789c66ec14fb4f23ead56f4c4ad87743ca89eb Co-authored-by: SayrWolfridge <267323413+SayrWolfridge@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-16 15:02:49 -07:00
sparkyrider	10ef58dd69	fix(whatsapp): restore implicit reply mentions for LID identities (#48494 ) Threads selfLid from the Baileys socket through the inbound WhatsApp pipeline and adds LID-format matching to the implicit mention check in group gating, so reply-to-bot detection works when WhatsApp sends the quoted sender in @lid format. Also fixes the device-suffix stripping regex (was a silent no-op). Closes #23029 Co-authored-by: sparkyrider <sparkyrider@users.noreply.github.com> Reviewed-by: @ademczuk	2026-03-16 22:44:35 +01:00
Josh Lehman	eeb140b4f0	fix(plugins): late-binding subagent runtime for non-gateway load paths (#46648 ) Merged via squash. Prepared head SHA: 44742652c9ac2eec82a6d958fd77f84ba1d29c0a Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-16 14:27:54 -07:00
git-jxj	abce640772	fix(ui): language dropdown selection not persisting after refresh (#48019 ) Merged via squash. Prepared head SHA: 06c82586d96392dfd49a6944971d854f5890dc1c Co-authored-by: git-jxj <65210887+git-jxj@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf	2026-03-17 00:03:48 +03:00
Tak Hoffman	2de28379dd	Plugins: remove public extension-api surface (#48462 ) * Plugins: remove public extension-api surface * Plugins: fix loader setup routing follow-ups * CI: ignore non-extension helper dirs in extension-fast * Docs: note extension-api removal as breaking	2026-03-16 15:51:08 -05:00
Altay	412811ec19	fix(changelog): add entry for Control UI logger import fix (#48469 ) * fix(changelog): note Control UI logger import fix * fix(changelog): attribute Control UI logger fix entry * fix(changelog): credit original Control UI fix author	2026-03-16 23:17:12 +03:00
Vincent Koc	4649f82b77	Docs: normalize unreleased changelog refs	2026-03-16 08:39:05 -07:00
Vincent Koc	c28a52263b	Docs: repair unreleased changelog attribution	2026-03-16 08:36:27 -07:00
Hung-Che Lo	f8bcfb9d73	feat(skills): preserve all skills in prompt via compact fallback before dropping (#47553 ) * feat(skills): add compact format fallback for skill catalog truncation When the full-format skill catalog exceeds the character budget, applySkillsPromptLimits now tries a compact format (name + location only, no description) before binary-searching for the largest fitting prefix. This preserves full model awareness of registered skills in the common overflow case. Three-tier strategy: 1. Full format fits → use as-is 2. Compact format fits → switch to compact, keep all skills 3. Compact still too large → binary search largest compact prefix Other changes: - escapeXml() utility for safe XML attribute values - formatSkillsCompact() emits same XML structure minus <description> - Compact char-budget check reserves 150 chars for the warning line the caller prepends, preventing prompt overflow at the boundary - 13 tests covering all tiers, edge cases, and budget reservation - docs/.generated/config-baseline.json: fix pre-existing oxfmt issue * docs: document compact skill prompt fallback --------- Co-authored-by: Frank Yang <frank.ekn@gmail.com>	2026-03-16 22:12:15 +08:00
Radek Sienkiewicz	7deb543624	Browser: support non-Chrome existing-session profiles via userDataDir (#48170 ) Merged via squash. Prepared head SHA: e490035a24a3a7f0c17f681250b7ffe2b0dcd3d3 Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com> Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com> Reviewed-by: @velvet-shark	2026-03-16 14:21:22 +01:00
Yauheni Shauchenka	80bef826f8	fix(slack): harden bolt import interop (#45953 ) * fix(slack): harden bolt import interop * fix(slack): simplify bolt interop resolver * fix(slack): harden startup bolt interop * fix(slack): place changelog entry at section end --------- Co-authored-by: Ubuntu <ubuntu@vps-1c82b947.vps.ovh.net> Co-authored-by: Altay <altay@uinaf.dev>	2026-03-16 15:49:24 +03:00
Myeongwon Choi	6a8f5bc12f	feat(telegram): add configurable silent error replies (#19776 ) Port and complete #19776 on top of the current Telegram extension layout. Adds a default-off `channels.telegram.silentErrorReplies` setting. When enabled, Telegram bot replies marked as errors are delivered silently across the regular bot reply flow, native/slash command replies, and fallback sends. Thanks @auspic7 Co-authored-by: Myeongwon Choi <36367286+auspic7@users.noreply.github.com> Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>	2026-03-16 22:18:34 +11:00

1 2 3 4 5 ...

5027 Commits