Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,777 Commits 756 Branches 79 Tags
Commit Graph

965 Commits

Author SHA1 Message Date
Peter Steinberger
0202d79df4 fix(inbound-meta): land #30984 include account_id context (@Stxle2) 
Landed from contributor PR #30984 by @Stxle2.

Co-authored-by: Stxle2 <166609401+Stxle2@users.noreply.github.com>
 2026-03-02 03:36:48 +00:00
Ayaan Zaidi
c13b35b83d feat(telegram): improve DM topics support (#30579) (thanks @kesor) 2026-03-02 09:06:45 +05:30
Peter Steinberger
072e1e9e38 test(session): cover internal route without external fallback 2026-03-02 03:33:12 +00:00
graysurf
95db5bb5e8 fix(session): preserve external lastTo routing for internal turns 2026-03-02 03:33:12 +00:00
Vincent Koc
1a42ea3abf
fix(auto-reply): normalize block-reply callback to Promise for timeout path (#31200) 
* Auto-reply: wrap block reply callback in Promise.resolve for timeout safety

* Build: add strict smoke build script for CI regression gating

* CI: gate strict TS smoke build in check workflow

* docs(changelog): add auto-reply block reply timeout fix under Unreleased

* docs(changelog): credit original #19779 contributor and vincentkoc
 2026-03-01 19:23:38 -08:00
Jose E Velez
0c8fa63b93
feat: lightweight bootstrap context mode for heartbeat/cron runs (openclaw#26064) thanks @jose-velez 
Verified:
- pnpm build
- pnpm check (fails on pre-existing unrelated repo issues in extensions/diffs and src/agents/tools/nodes-tool.test.ts)
- pnpm vitest run src/agents/bootstrap-files.test.ts src/infra/heartbeat-runner.model-override.test.ts src/cli/cron-cli.test.ts
- pnpm test:macmini (fails on pre-existing extensions/diffs import errors; touched suites pass)

Co-authored-by: jose-velez <10926182+jose-velez@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 20:13:24 -06:00
Peter Steinberger
a6a742f3d0 fix(auto-reply): land #31080 from @scoootscooob 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-02 01:17:42 +00:00
Peter Steinberger
412eabc42b fix(session): retire stale dm main route after dmScope migration (#31010) 2026-03-02 00:33:54 +00:00
Peter Steinberger
fbd832d64f refactor(config): share byte-size parsing for memory flush 2026-03-02 00:32:33 +00:00
Peter Steinberger
9e727893ff refactor(session): consolidate transcript snapshot reads 2026-03-02 00:32:33 +00:00
Peter Steinberger
d729ab2150 fix(session): harden usage accounting and memory flush recovery 2026-03-02 00:07:29 +00:00
Peter Steinberger
b99666a47a fix(security): harden inbound metadata sentinel stripping 2026-03-01 23:11:48 +00:00
Agent
3a93a7bb1e fix(security): enforce auth for abort triggers and models 2026-03-01 21:30:07 +00:00
Onur
8292401719 ACP: rename stream char limits to output/sessionUpdate 2026-03-01 20:39:24 +01:00
Onur
053e5eb506 ACP: remove maxMetaEventsPerTurn limit 2026-03-01 20:39:24 +01:00
Onur
ca31683ca3 Tests: fix dispatch-acp mock typings for tsgo 2026-03-01 20:39:24 +01:00
Onur
f4538b22f7 ACP: fix projector dedupe regressions 2026-03-01 20:39:24 +01:00
Onur
be73eb28b3 ACP: improve live text batching readability 2026-03-01 20:39:24 +01:00
Onur
dd2fcade3e ACP: make live mode flush incremental chunks 2026-03-01 20:39:24 +01:00
Onur
43c57005a6 ACP: start typing lifecycle at turn start and harden delivery 2026-03-01 20:39:24 +01:00
Onur
c8b958e573 ACP: add hidden-boundary separator for hidden tool events 2026-03-01 20:39:24 +01:00
Onur
acd6ddb829 ACP: hide tool_call tags by default 2026-03-01 20:39:24 +01:00
Onur
c3a1fe01ae ACP: make final_only defer all projected output 2026-03-01 20:39:24 +01:00
Onur
4a82012461 ACP: default stream delivery to final_only 2026-03-01 20:39:24 +01:00
Onur
4e2efaf659 ACP: simplify stream config to repeatSuppression 2026-03-01 20:39:24 +01:00
Onur
752398a6ba Refactor: split ACP dispatch delivery and settings 2026-03-01 20:39:24 +01:00
Onur
54ed2efc20 Tests: complete ACP meta dedupe coverage 2026-03-01 20:39:24 +01:00
Onur
2466a9bb13 ACP: carry dedupe/projector updates onto configurable acpx branch 2026-03-01 20:39:24 +01:00
Glucksberg
6dbbc58a8d
fix(slack): use SLACK_USER_TOKEN when connecting to Slack (#28103) 
* fix(slack): use SLACK_USER_TOKEN when connecting to Slack (closes #26480)

* test(slack): fix account fixture typing for user token source

---------

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 11:05:35 -06:00
pushkarsingh32
4ba0a4d4fb
fix(slack): wrap session key in backticks to prevent emoji shortcode parsing (openclaw#30266) thanks @pushkarsingh32 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: pushkarsingh32 <29558481+pushkarsingh32@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 09:23:50 -06:00
Jarvis
fcb6859784
fix(memoryFlush): correct context token accounting for flush gating (#5343) 
Merged via squash.

Prepared head SHA: afaa7bae3b18a470928a14eea306c9b91957ba90
Co-authored-by: jarvis-medmatic <252428873+jarvis-medmatic@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-02-28 16:54:57 -08:00
Yassine Amjad
61989091a4
fix(reply): fix duplicate block replies by unblocking coalesced payloads (#5080) 
Merged via squash.

Prepared head SHA: 399e1259cb935e46123864143c7f8879b5ff459c
Co-authored-by: yassine20011 <59234686+yassine20011@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-02-28 14:51:43 -08:00
fuller-stack-dev
70a4f25ab1
fix(security): remove post-compaction audit injection message (#28507) 
* fix: remove post-compaction audit injection (Layer 3)

Remove the post-compaction read audit that injects fake system messages
into conversations after context compaction. This audit:

- Hardcodes WORKFLOW_AUTO.md (a file that doesn't exist in standard
  workspaces) as a required read after every compaction
- Leaks raw regex syntax (memory\/\d{4}-\d{2}-\d{2}\.md) in
  user-facing warning messages
- Injects messages via enqueueSystemEvent that appear as user-role
  messages, tricking agents into reading attacker-controlled files
- Creates a persistent prompt injection vector (see #27697)

Layer 1 (compaction summary) and Layer 2 (workspace context refresh
from AGENTS.md via post-compaction-context.ts) remain intact and are
sufficient for post-compaction context recovery.

Deleted files:
- src/auto-reply/reply/post-compaction-audit.ts
- src/auto-reply/reply/post-compaction-audit.test.ts

Modified files:
- src/auto-reply/reply/agent-runner.ts (removed imports, audit map,
  flag setting, and Layer 3 audit block)

Fixes #27697, fixes #26851, fixes #20484, fixes #22339, fixes #25600
Relates to #26461

* fix: resolve lint failures from post-compaction audit removal

* Tests: add regression for removed post-compaction audit warnings

---------

Co-authored-by: Wilfred (OpenClaw Agent) <jay@openclaw.dev>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-27 17:15:59 -08:00
Onur Solmaz
a7929abad8
Discord: thread bindings idle + max-age lifecycle (#27845) (thanks @osolmaz) 
* refactor discord thread bindings to idle and max-age lifecycle

* fix: migrate legacy thread binding expiry and reduce hot-path disk writes

* refactor: remove remaining thread-binding ttl legacy paths

* fix: harden thread-binding lifecycle persistence

* Discord: fix thread binding types in message/reply paths

* Infra: handle win32 unknown inode in file identity checks

* Infra: relax win32 guarded-open identity checks

* Config: migrate threadBindings ttlHours to idleHours

* Revert "Infra: relax win32 guarded-open identity checks"

This reverts commit de94126771db072ecda6a014e80700310e76df61.

* Revert "Infra: handle win32 unknown inode in file identity checks"

This reverts commit 96fc5ddfb39762aa078d70dd4b4d3754e49a159b.

* Discord: re-read live binding state before sweep unbind

* fix: add changelog note for thread binding lifecycle update (#27845) (thanks @osolmaz)

---------

Co-authored-by: Onur Solmaz <onur@textcortex.com>
 2026-02-27 10:02:39 +01:00
Peter Steinberger
bce643a0bd refactor(security): enforce account-scoped pairing APIs 2026-02-26 21:57:52 +01:00
Peter Steinberger
a1628d89ec refactor: unify outbound session context wiring 2026-02-26 21:03:28 +01:00
Shakker
fe842b5f14 test(auto-reply): cover inbound timestamp guard 2026-02-26 17:10:09 +00:00
Liu Yuan
c596658b8d feat(auto-reply): make agent time-aware with message timestamps 
Add human-readable timestamp field to the Conversation info JSON block.

Before:
  {
    "conversation_label": "D id:123"
  }

After:
  {
    "conversation_label": "D id:123",
    "timestamp": "Sun 2026-02-15 13:35 GMT+8"
  }

Benefits:
- Better time awareness for time-related questions
- Understand conversation gaps and response delays
- Handle delayed message delivery
- Context for relative time references ("just now", "later")
 2026-02-26 17:10:09 +00:00
Peter Steinberger
273973d374 refactor: unify typing dispatch lifecycle and policy boundaries 2026-02-26 17:36:16 +01:00
Peter Steinberger
37a138c554 fix: harden typing lifecycle and cross-channel suppression 2026-02-26 17:01:09 +01:00
joshavant
67e9554645 test(session): normalize parent fork parentSession path assertion 2026-02-26 14:47:22 +00:00
SidQin-cyber
79176cc4e5 fix(typing): force cleanup when dispatch idle is never received 
Add a grace timer after markRunComplete so the typing controller
cleans up even when markDispatchIdle is never called, preventing
indefinite typing keepalive loops in cron and announce flows.

Made-with: Cursor
(cherry picked from commit 684eaf2893542d648daa1ca0b0c1a32c264bb8bd)
 2026-02-26 13:40:58 +00:00
Peter Steinberger
4b259ab81b fix(models): normalize trailing @profile parsing across resolver paths 
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Marcus Castro <mcaxtr@gmail.com>
Co-authored-by: Brandon Wise <brandonawise@gmail.com>
 2026-02-26 14:34:15 +01:00
Peter Steinberger
473a27470f fix(auto-reply): gate inline directives on resolved auth (#27248) 
Landed from contributor PR #27248 by @kevinWangSheng.

Co-authored-by: shenghui kevin <shenghuikevin@shenghuideMac-mini.local>
 2026-02-26 13:11:39 +00:00
Peter Steinberger
b402770f63 refactor(reply): split abort cutoff and timeout policy modules 2026-02-26 14:00:35 +01:00
Peter Steinberger
c397a02c9a fix(queue): harden drain/abort/timeout race handling 
- reject new lane enqueues once gateway drain begins
- always reset lane draining state and isolate onWait callback failures
- persist per-session abort cutoff and skip stale queued messages
- avoid false 600s agentTurn timeout in isolated cron jobs

Fixes #27407
Fixes #27332
Fixes #27427

Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>
Co-authored-by: zjmy <zhangjunmengyang@gmail.com>
Co-authored-by: suko <miha.sukic@gmail.com>
 2026-02-26 13:43:39 +01:00
Peter Steinberger
8bf1c9a23a fix(typing): stop keepalive restarts after run completion (land #27413, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-26 11:42:38 +00:00
Peter Steinberger
199ef9f8ea fix(typing): add main-run dispatch idle safety net (land #27250, thanks @Sid-Qin) 
Co-authored-by: Sid Qin <s3734389@gmail.com>
 2026-02-26 11:36:08 +00:00
Ayaan Zaidi
e64d72299e fix(auto-reply): tighten silent token semantics and prefix streaming 2026-02-26 16:04:48 +05:30
Onur Solmaz
a7d56e3554
feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00