* Agents: allow gpt-5.3-codex-spark in fallback and thinking
* Fix: model picker issue for openai-codex/gpt-5.3-codex-spark
Fixed an issue in the model picker.
- Switch DEFAULT_PACKAGE_NAME to ironclaw in update-cli and update-runner
- Add cliName param to system prompt builder for dynamic CLI references
- Update README clone URL from openclaw-ai-sdk to ironclaw
- Update cron dashboard empty state to reference ironclaw CLI
- Restructure dench skill: flatten knowledge/ paths, add browser use section
* feat(slack): populate thread session with existing thread history
When a new session is created for a Slack thread, fetch and inject
the full thread history as context. This preserves conversation
continuity so the bot knows what it previously said in the thread.
- Add resolveSlackThreadHistory() to fetch all thread messages
- Add ThreadHistoryBody to context payload
- Use thread history instead of just thread starter for new sessions
Fixes#4470
* chore: remove redundant comments
* fix: use threadContextNote in queue body
* fix(slack): address Greptile review feedback
- P0: Use thread session key (not base session key) for new-session check
This ensures thread history is injected when the thread session is new,
even if the base channel session already exists.
- P1: Fetch up to 200 messages and take the most recent N
Slack API returns messages in chronological order (oldest first).
Previously we took the first N, now we take the last N for relevant context.
- P1: Batch resolve user names with Promise.all
Avoid N sequential API calls when resolving user names in thread history.
- P2: Include file-only messages in thread history
Messages with attachments but no text are now included with a placeholder
like '[attached: image.png, document.pdf]'.
- P2: Add documentation about intentional 200-message fetch limit
Clarifies that we intentionally don't paginate; 200 covers most threads.
* style: add braces for curly lint rule
* feat(slack): add thread.initialHistoryLimit config option
Allow users to configure the maximum number of thread messages to fetch
when starting a new thread session. Defaults to 20. Set to 0 to disable
thread history fetching entirely.
This addresses the optional configuration request from #2608.
* chore: trigger CI
* fix(slack): ensure isNewSession=true on first thread turn
recordInboundSession() in prepare.ts creates the thread session entry
before session.ts reads the store, causing isNewSession to be false
on the very first user message in a thread. This prevented thread
context (history/starter) from being injected.
Add IsFirstThreadTurn flag to message context, set when
readSessionUpdatedAt() returns undefined for the thread session key.
session.ts uses this flag to force isNewSession=true.
* style: format prepare.ts for oxfmt
* fix: suppress InboundHistory/ThreadStarterBody when ThreadHistoryBody present (#13912)
When ThreadHistoryBody is fetched from the Slack API (conversations.replies),
it already contains pending messages and the thread starter. Passing both
InboundHistory and ThreadStarterBody alongside ThreadHistoryBody caused
duplicate content in the LLM context on new thread sessions.
Suppress InboundHistory and ThreadStarterBody when ThreadHistoryBody is
present, since it is a strict superset of both.
* remove verbose comment
* fix(slack): paginate thread history context fetch
* fix(slack): wire session file path options after main merge
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
- Fix spawnAgentProcess path resolution: walk up to find package root
instead of assuming 2 levels up from apps/web (breaks in standalone
where cwd is deep inside .next/standalone/); use openclaw.mjs in
production since scripts/run-node.mjs isn't shipped in the package
- Add missing readline error handlers in active-runs.ts and
agent-runner.ts to prevent "Unhandled 'error' event" crashes when
the child process fails to start
- Pass OPENCLAW_ROOT env var from gateway to standalone server so the
web app can reliably find the CLI entry point
- Add 32 tests covering path resolution, SSE streaming, error handling,
run lifecycle, replay, and abort
Co-authored-by: Cursor <cursoragent@cursor.com>
replyToMode "first"/"all" only filters replyToId but never generates
it — that required the LLM to emit [[reply_to_current]] tags. Inject
replyToCurrent:true on all payloads so applyReplyTagsToPayload sets
replyToId=currentMessageId, then let the existing mode filter decide
which replies keep threading (first only, all, or off).
Covers both final reply path (reply-payloads.ts) and block streaming
path (agent-runner-execution.ts).
Adds thread_ts and parent_user_id to the Slack message footer for thread
replies, giving agents awareness of thread context. Top-level messages
remain unchanged.
Includes tests verifying:
- Thread replies include thread_ts and parent_user_id in footer
- Top-level messages exclude thread metadata
* fix: replace file-based session store lock with in-process Promise chain mutex
Node.js is single-threaded, so file-based locking (open('wx') + polling +
stale eviction) is unnecessary and causes timeouts under heavy session load.
Replace with a simple per-storePath Promise chain that serializes access
without any filesystem overhead.
In a 1159-session environment over 3 hours:
- Lock timeouts: 25
- Stuck sessions: 157 (max 1031s, avg 388s)
- Slow listeners: 39 (max 265s, avg 70s)
Root cause: during sessions.json file I/O, await yields control and other
lock requests hit the 10s timeout waiting for the .lock file to be released.
* test: add comprehensive tests for Promise chain mutex lock
- Concurrent access serialization (10 parallel writers, counter integrity)
- Error resilience (single & multiple consecutive throws don't poison queue)
- Independent storePath parallelism (different paths run concurrently)
- LOCK_QUEUES cleanup after completion and after errors
- No .lock file created on disk
Also fix: store caught promise in LOCK_QUEUES to avoid unhandled rejection
warnings when queued fn() throws.
* fix: add timeout to Promise chain mutex to prevent infinite hangs on Windows
* fix(session-store): enforce strict queue timeout + cross-process lock
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
- Add standalone-hoist-pnpm.sh to hoist .pnpm packages to top-level
node_modules so require('next') resolves in global npm installs
(the pnpm symlinks don't survive npm tarball packing)
- Add startup probe (waitForStartupOrCrash) to detect child process
crashes within 3s instead of silently returning a handle to a dead
server — logs clear error with stderr output
- Gate "Open the Web UI" onboarding hatch option on web app build
availability so users aren't offered a dead URL
- Add post-publish sanity check in deploy.sh for standalone server.js
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(security): distinguish webhooks from internal hooks in audit summary
The attack surface summary reported a single 'hooks: disabled/enabled' line
that only checked the external webhook endpoint (hooks.enabled), ignoring
internal hooks (hooks.internal.enabled). Users who enabled internal hooks
(session-memory, command-logger, etc.) saw 'hooks: disabled' and thought
something was broken.
Split into two separate lines:
- hooks.webhooks: disabled/enabled
- hooks.internal: disabled/enabled
Fixes#13466
* test(security): move attack surface tests to focused test file
Move the 3 new hook-distinction tests from the monolithic audit.test.ts
(1,511 lines) into a dedicated audit-extra.sync.test.ts that tests
collectAttackSurfaceSummaryFindings directly. Avoids growing the
already-large test file and keeps tests focused on the changed unit.
* fix: add changelog entry for security audit hook split (#13474) (thanks @mcaxtr)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
The newly added 'resolved' field contains secrets after ${ENV}
substitution. This commit ensures redactConfigSnapshot also redacts
the resolved field to prevent credential leaks in config.get responses.
The initial fix using snapshot.parsed broke configs with $include directives.
This commit adds a new 'resolved' field to ConfigFileSnapshot that contains
the config after $include and ${ENV} substitution but BEFORE runtime defaults
are applied. This is now used by config set/unset to avoid:
1. Breaking configs with $include directives
2. Leaking runtime defaults into the written config file
Also removes applyModelDefaults from writeConfigFile since runtime defaults
should only be applied when loading, not when writing.
Fixes#6070
The config set/unset commands were using snapshot.config (which contains
runtime-merged defaults) instead of snapshot.parsed (the raw user config).
This caused runtime defaults like agents.defaults to leak into the written
config file when any value was set or unset.
Changed both set and unset commands to use structuredClone(snapshot.parsed)
to preserve only user-specified config values.
* fix(security): prevent String(undefined) coercion in credential inputs
When a prompter returns undefined (due to cancel, timeout, or bug),
String(undefined).trim() produces the literal string "undefined" instead
of "". This truthy string prevents secure fallbacks from triggering,
allowing predictable credential values (e.g., gateway password = "undefined").
Fix all 8 occurrences by using String(value ?? "").trim(), which correctly
yields "" for null/undefined inputs and triggers downstream validation or
fallback logic.
Fixes#8054
* fix(security): also fix String(undefined) in api-provider credential inputs
Address codex review feedback: 4 additional occurrences of the unsafe
String(variable).trim() pattern in auth-choice.apply.api-providers.ts
(Cloudflare Account ID, Gateway ID, synthetic API key inputs + validators).
* fix(test): strengthen password coercion test per review feedback
* fix(security): harden credential prompt coercion
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Ship a self-contained standalone server with the npm package so
`npm i -g ironclaw` can serve the web UI without runtime `npm install`
or `next build`. This eliminates the fragile first-boot build step
and cuts the cold-start time for the gateway web app.
Changes:
- next.config.ts: enable `output: "standalone"` and set
`outputFileTracingRoot` to the monorepo root so pnpm workspace
deps are traced correctly. Remove the now-unnecessary manual
webpack externals for Node.js built-ins.
- package.json: update `files` to ship only the standalone build
output, static assets, and public dir (instead of the entire
`apps/web/` tree). Add `web:build` and `web:prepack` to the
`prepack` script so the standalone server is built and its
static/public assets are copied into place before publish. Bump
version to 2026.2.10-1.5.
- server-web-app.ts: rewrite the web app lifecycle to prefer the
pre-built standalone `server.js` in production. Add
`resolveStandaloneServerJs`, `hasStandaloneBuild`,
`hasLegacyNextBuild`, and `isInWorkspace` helpers. In dev
workspaces, fall back to building on-the-fly or legacy
`next start`. Export key functions for testability.
- server-web-app.test.ts: add comprehensive unit tests covering
path resolution, standalone/legacy build detection,
ensureWebAppBuilt scenarios (skip, disabled, dev, standalone,
legacy, missing), startWebAppIfEnabled (skip, disabled, null
config, missing dir, standalone start, missing build error,
default port, graceful stop).
- workspace-sidebar.tsx: update sidebar branding to "Ironclaw".
Published as ironclaw@2026.2.10-1.5.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Introduced a new RelationSelect component for managing relations in forms.
- Updated EntryDetailModal and ObjectTable components to utilize RelationSelect for relation fields, allowing for inline editing and improved user experience.
- Enhanced API route for fetching relation options based on user input.
- Refactored EditableCell to support relation editing with dropdowns, improving data entry efficiency.
- Added new API endpoint for fetching lightweight options for relation dropdowns.
This update streamlines the handling of relational data within the workspace, enhancing the overall functionality and user interface.
