Vincent Koc
5e78c8bc95
Webhooks: tighten pre-auth body handling ( #46802 )
...
* Webhooks: tighten pre-auth body handling
* Webhooks: clean up request body guards
2026-03-15 09:45:18 -07:00
Vincent Koc
a47722de7e
Integrations: tighten inbound callback and allowlist checks ( #46787 )
...
* Integrations: harden inbound callback and allowlist handling
* Integrations: address review follow-ups
* Update CHANGELOG.md
* Mattermost: avoid command-gating open button callbacks
2026-03-15 09:24:24 -07:00
Peter Steinberger
e885f1999f
refactor: reduce extension channel setup duplication
2026-03-14 02:40:27 +00:00
Peter Steinberger
74e50d3be3
test: share send cfg threading helpers
2026-03-14 02:40:27 +00:00
Peter Steinberger
91d9573b55
refactor: declone model picker model ref parsing
2026-03-14 01:41:17 +00:00
Peter Steinberger
83571fdb93
refactor: dedupe agent list filtering
2026-03-13 21:40:53 +00:00
Peter Steinberger
ba2d57d024
refactor: share mattermost test harnesses
2026-03-13 20:37:53 +00:00
Peter Steinberger
48853f875b
refactor: share test request helpers
2026-03-13 20:37:53 +00:00
Peter Steinberger
2dd180472f
refactor: share mattermost interaction test helpers
2026-03-13 20:19:39 +00:00
Lyle
c965049dc6
fix(mattermost): pass mediaLocalRoots through reply delivery ( #44021 )
...
Merged via squash.
Prepared head SHA: 856f11f129f7d6a4bc8f23e8d13c786ecb871f52
Co-authored-by: LyleLiu666 <31182860+LyleLiu666@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-12 20:13:51 +05:30
Teconomix
171d2df9e0
feat(mattermost): add replyToMode support (off | first | all) ( #29587 )
...
Merged via squash.
Prepared head SHA: 4a67791f53b1109959082738429471b7a5bc93b8
Co-authored-by: teconomix <6959299+teconomix@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-12 18:03:12 +05:30
Mathias Nagler
e8a162d3d8
fix(mattermost): prevent duplicate messages when block streaming + threading are active ( #41362 )
...
* fix(mattermost): prevent duplicate messages when block streaming + threading are active
Remove replyToId from createBlockReplyPayloadKey so identical content is
deduplicated regardless of threading target. Add explicit threading dock
to the Mattermost plugin with resolveReplyToMode reading from config
(default "all"), and add replyToMode to the Mattermost config schema.
Fixes #41219
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(mattermost): address PR review — per-account replyToMode and test clarity
Read replyToMode from the merged per-account config via
resolveMattermostAccount so account-level overrides are honored in
multi-account setups. Add replyToMode to MattermostAccountConfig type.
Rename misleading test to clarify it exercises shouldDropFinalPayloads
short-circuit, not payload key dedup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Replies: keep block-pipeline reply targets distinct
* Tests: cover block reply target-aware dedupe
* Update CHANGELOG.md
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-12 03:15:17 -04:00
Echo
bda63c3c7f
fix(mattermost): preserve markdown formatting and native tables ( #18655 )
...
Merged via squash.
Prepared head SHA: d30fff1776ba94da0b68e5610248829c05450572
Co-authored-by: echo931 <259437483+echo931@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-10 17:40:01 +05:30
Teconomix
6d0547dc2e
mattermost: fix DM media upload for unprefixed user IDs ( #29925 )
...
Merged via squash.
Prepared head SHA: 5cffcb072cc82394fe4c93d6c1c0c520325180b7
Co-authored-by: teconomix <6959299+teconomix@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-10 14:22:24 +05:30
Kyle
a438ff4397
fix(plugin-sdk): remove remaining bundled plugin src imports (openclaw#39638)
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Kyle <3477429+kyledh@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-08 22:32:45 -05:00
Daniel Hnyk
9425209602
fix(mattermost): pass payload.replyToId as root_id for threaded replies ( #27744 )
...
Merged via squash.
Prepared head SHA: e02907987221bd6ced0a93ff6fcff58531283150
Co-authored-by: hnykda <2741256+hnykda@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-08 14:13:13 +05:30
Peter Steinberger
2646739d23
refactor: centralize strict numeric parsing
2026-03-08 03:02:25 +00:00
Vincent Koc
a4ffebbef4
Mattermost: default unknown media kind
2026-03-07 16:07:41 -08:00
Peter Steinberger
27dad962fe
refactor: normalize runtime group sender gating decisions
2026-03-07 23:27:51 +00:00
Peter Steinberger
7242777d63
refactor: unify account list/default scaffolding
2026-03-07 20:33:50 +00:00
Peter Steinberger
d918fe3ecf
refactor(mattermost): dedupe interaction callback test flows
2026-03-07 17:58:31 +00:00
Vincent Koc
f03f305ade
Mattermost: fix interaction action lookup sentinel ( #38992 )
2026-03-07 08:20:13 -08:00
Muhammed Mukhthar CM
4f08dcccfd
Mattermost: add interactive model picker ( #38767 )
...
Merged via squash.
Prepared head SHA: 0883654e887b1176fc9299370b4ef5a351f5ac9d
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-07 21:45:29 +05:30
Vincent Koc
a274ef929f
Mattermost: harden interaction callback binding ( #38057 )
2026-03-06 11:08:45 -05:00
Muhammed Mukhthar CM
4a80d48ea9
fix(mattermost): allow reachable interaction callback URLs ( #37543 )
...
Merged via squash.
Prepared head SHA: 4d593731be5a5dcbf3106d596b38acfeb8cf0aa8
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-06 15:27:47 +05:30
Tak Hoffman
89b303c553
Mattermost: switch plugin-sdk imports to scoped subpaths (openclaw#36480)
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 11:28:16 -06:00
Tony Dehnke
136ca87f7b
feat(mattermost): add interactive buttons support ( #19957 )
...
Merged via squash.
Prepared head SHA: 8a25e608729d0b9fd07bb0ee4219d199d9796dbe
Co-authored-by: tonydehnke <36720180+tonydehnke@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-05 20:14:57 +05:30
Joseph Turian
e5b6a4e19d
Mattermost: honor onmessage mention override and add gating diagnostics tests ( #27160 )
...
Merged via squash.
Prepared head SHA: 6cefb1d5bf3d6dfcec36c1cee3f9ea887f10c890
Co-authored-by: turian <65918+turian@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-05 17:59:54 +05:30
Gustavo Madeira Santana
b192276283
Plugins/mattermost: migrate to scoped plugin-sdk imports
2026-03-04 02:35:12 -05:00
Gustavo Madeira Santana
009d4d115a
Extensions: migrate mattermost plugin-sdk imports
2026-03-04 01:21:21 -05:00
Josh Avant
646817dd80
fix(outbound): unify resolved cfg threading across send paths ( #33987 )
2026-03-04 00:20:44 -06:00
Muhammed Mukhthar CM
b1b41eb443
feat(mattermost): add native slash command support (refresh) ( #32467 )
...
Merged via squash.
Prepared head SHA: 989126574ead75c0eedc185293659eb0d4fc6844
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
2026-03-03 12:39:18 +05:30
Josh Avant
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
Peter Steinberger
c0bf42f2a8
refactor: centralize delivery/path/media/version lifecycle
2026-03-02 04:04:36 +00:00
Peter Steinberger
f4f094fc3b
test(mattermost): cover defaultAccount resolution
2026-03-02 04:03:55 +00:00
Peter Steinberger
41537e9303
fix(channels): add optional defaultAccount routing
2026-03-02 04:03:46 +00:00
Peter Steinberger
355b4c62bc
fix(mattermost): land #30891 route private channels as group (@BlueBirdBack)
...
Landed from contributor PR #30891 by @BlueBirdBack.
Co-authored-by: BlueBirdBack <BlueBirdBack@users.noreply.github.com>
2026-03-02 03:14:17 +00:00
Peter Steinberger
8e48520d74
fix(channels): align command-body parsing sources
2026-03-01 23:11:48 +00:00
Peter Steinberger
a0c5e28f3b
refactor(extensions): use scoped pairing helper
2026-02-26 21:57:52 +01:00
Peter Steinberger
dc6e4a5b13
fix: harden dm command authorization in open mode
2026-02-26 19:49:36 +01:00
Peter Steinberger
64de4b6d6a
fix: enforce explicit group auth boundaries across channels
2026-02-26 18:49:16 +01:00
Peter Steinberger
cd80c7e7ff
refactor: unify dm policy store reads and reason codes
2026-02-26 17:47:57 +01:00
Peter Steinberger
273973d374
refactor: unify typing dispatch lifecycle and policy boundaries
2026-02-26 17:36:16 +01:00
Shakker
b044c149c1
Mattermost: avoid raw fetch in monitor media download
2026-02-26 16:03:39 +00:00
Peter Steinberger
37a138c554
fix: harden typing lifecycle and cross-channel suppression
2026-02-26 17:01:09 +01:00
Peter Steinberger
051fdcc428
fix(security): centralize dm/group allowlist auth composition
2026-02-26 16:35:33 +01:00
Peter Steinberger
892a9c24b0
refactor(security): centralize channel allowlist auth policy
2026-02-26 13:06:33 +01:00
Peter Steinberger
8bdda7a651
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:18 +01:00
Peter Steinberger
8f8e46d898
refactor: unify reaction ingress policy guards across channels
2026-02-26 01:34:47 +01:00
Peter Steinberger
d42ef2ac62
refactor: consolidate typing lifecycle and queue policy
2026-02-25 02:16:03 +00:00