* fix(discord): defer component interactions to prevent timeout
Discord requires interaction responses within 3 seconds. Button clicks
were routed through the LLM pipeline before responding, exceeding this
window and showing 'This interaction failed' to users.
Now immediately defers the interaction, then processes the agent
response asynchronously.
Fixes#16262
* fix: harden deferred interaction replies and silent chat finals (#16287) (thanks @robbyczgw-cla)
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Rebrand from OpenClaw to Ironclaw across 16 files:
Web app (apps/web):
- layout.tsx: update metadata title to "Ironclaw" and description to
"AI CRM with an agent that connects to your apps and does the work for you"
- page.tsx: change landing page heading from "OpenClaw Dench" to "Ironclaw"
- agent-runner.ts: rename stderr log prefix to [ironclaw stderr]
- package.json: rename package from "openclaw-web" to "ironclaw-web"
Package identity (root):
- package.json: rename package from "openclaw-ai-sdk" to "ironclaw",
update description to reflect CRM/workspace focus, change bin entry
from "openclaw-ai-sdk" to "ironclaw"
- openclaw.mjs: update error message to reference "ironclaw"
- src/version.ts: change CORE_PACKAGE_NAME to "ironclaw"
CLI and TUI:
- command-format.ts: extend CLI prefix regex to accept both "ironclaw"
and "openclaw" for backward compatibility
- register.agent.ts: update example identity name to "Ironclaw" with
🔩 emoji (replacing 🦞)
- tui.ts: rename TUI header from "openclaw tui" to "ironclaw tui"
Onboarding and configuration wizards:
- configure.wizard.ts: rename engine selection prompts and wizard intro
headers to "Ironclaw"
- onboarding.ts: rename onboarding intro and security warning text
- onboarding.finalize.ts: rename all dashboard/control-UI messages and
Brave Search setup instructions to reference "Ironclaw"
Security audit:
- audit.ts: rename state-dir permission warning details to "Ironclaw"
- audit-extra.ts: rename plugin remediation text to "Ironclaw"
Telegram:
- bot-message-context.ts: rename access-denied message to "Ironclaw"
* Gateway: require explicit auth for url overrides
* Gateway: scope credential blocking to non-local URLs only
Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.
Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.
This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.
* Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier)
* Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier)
* Tests: format gateway chat test (#8113) (thanks @victormier)
* Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier)
---------
Co-authored-by: Victor Mier <victormier@gmail.com>
highlightMatch() was replacing tokens inside ANSI escape codes,
corrupting sequences like [38;2;123;127;135m when searching for '2'.
Fix: apply highlighting to plain text before theme styling.
- Set inputTokens, outputTokens, totalTokens to 0 in sessions.reset
- Clear TUI sessionInfo tokens immediately before async reset
- Prevents stale token display after session reset
Fixes#1523
