1018 Commits

Author SHA1 Message Date
Nicholas
f8ba8f7699
fix(docs): update outdated hooks documentation URLs (#16165)
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8ed13fb02fae2cb6dd3cacdb3cd1ef37a5cdd4d8
Co-authored-by: nicholascyh <188132635+nicholascyh@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-02-14 13:05:37 +01:00
Peter Steinberger
3b56a6252b chore!: remove moltbot legacy state/config support 2026-02-14 12:40:47 +01:00
Nick Taylor
1fb52b4d7b
feat(gateway): add trusted-proxy auth mode (#15940)
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279d4b304f83186fda44dfe63a729406a835dafa
Co-authored-by: nickytonline <833231+nickytonline@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-02-14 12:32:17 +01:00
Peter Steinberger
d8beddc8b7 refactor(onboard): unify auth-choice aliases and provider flags 2026-02-14 05:58:26 +01:00
Peter Steinberger
eab9dc538a refactor(onboard): unify auth-choice catalog for CLI help 2026-02-14 05:51:17 +01:00
AI-Reviewer-QS
28431b84cc
fix(gateway): prune expired entries instead of clearing all hook auth failure state (#15848)
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 188a40e8a35112b9ea2df23dd0a940b9be1eac1d
Co-authored-by: AI-Reviewer-QS <255312808+AI-Reviewer-QS@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-02-14 01:46:12 +01:00
Peter Steinberger
e7c3c27fd0 perf(test): trim browser and models suite overhead 2026-02-14 00:38:55 +00:00
Shadril Hassan Shifat
1c928e493d
fix(hooks): replace console logging with proper subsystem logging in loader (openclaw#11029) thanks @shadril238
Verified:
- pnpm build
- pnpm check
- pnpm test

Co-authored-by: shadril238 <63901551+shadril238@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 18:21:11 -06:00
Peter Steinberger
05524bb5ef perf(test): remove duplicate models list e2e suite 2026-02-14 00:20:47 +00:00
Peter Steinberger
ec4da3aca9 perf(test): lighten models list e2e registry mock 2026-02-14 00:17:49 +00:00
Peter Steinberger
fecb3f326e perf(test): trim models/browser suite overhead 2026-02-14 00:08:02 +00:00
Peter Steinberger
cf2524b8b9 refactor(models): share auth helpers and forward-compat list fallbacks 2026-02-14 01:07:35 +01:00
Vincent Koc
a0cbf9002d
fix(models): antigravity opus 4.6 availability follow-up (#12845)
* fix(models): antigravity opus 4.6 availability follow-up

* chore(format): apply updated oxfmt config to models files

* fix(models): retain zai glm-5 forward-compat fallback after extraction

* chore(format): apply updated oxfmt config

* fix(models): fail fast on unknown auth login provider

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 00:54:46 +01:00
solstead
ab71fdf821
Plugin API: compaction/reset hooks, bootstrap file globs, memory plugin status (#13287)
* feat: add before_compaction and before_reset plugin hooks with session context

- Pass session messages to before_compaction hook
- Add before_reset plugin hook for /new and /reset commands
- Add sessionId to plugin hook agent context

* feat: extraBootstrapFiles config with glob pattern support

Add extraBootstrapFiles to agent defaults config, allowing glob patterns
(e.g. "projects/*/TOOLS.md") to auto-load project-level bootstrap files
into agent context every turn. Missing files silently skipped.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(status): show custom memory plugins as enabled, not unavailable

The status command probes memory availability using the built-in
memory-core manager. Custom memory plugins (e.g. via plugin slot)
can't be probed this way, so they incorrectly showed "unavailable".
Now they show "enabled (plugin X)" without the misleading label.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use async fs.glob and capture pre-compaction messages

- Replace globSync (node:fs) with fs.glob (node:fs/promises) to match
  codebase conventions for async file operations
- Capture session.messages BEFORE replaceMessages(limited) so
  before_compaction hook receives the full conversation history,
  not the already-truncated list

* fix: resolve lint errors from CI (oxlint strict mode)

- Add void to fire-and-forget IIFE (no-floating-promises)
- Use String() for unknown catch params in template literals
- Add curly braces to single-statement if (curly rule)

* fix: resolve remaining CI lint errors in workspace.ts

- Remove `| string` from WorkspaceBootstrapFileName union (made all
  typeof members redundant per no-redundant-type-constituents)
- Use type assertion for extra bootstrap file names
- Drop redundant await on fs.glob() AsyncIterable (await-thenable)

* fix: address Greptile review — path traversal guard + fs/promises import

- workspace.ts: use path.resolve() + traversal check in loadExtraBootstrapFiles()
- commands-core.ts: import fs from node:fs/promises, drop fs.promises prefix

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: resolve symlinks before workspace boundary check

Greptile correctly identified that symlinks inside the workspace could
point to files outside it, bypassing the path prefix check. Now uses
fs.realpath() to resolve symlinks before verifying the real path stays
within the workspace boundary.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address Greptile review — hook reliability and type safety

1. before_compaction: add compactingCount field so plugins know both
   the full pre-compaction message count and the truncated count being
   fed to the compaction LLM. Clarify semantics in comment.

2. loadExtraBootstrapFiles: use path.basename() for the name field
   so "projects/quaid/TOOLS.md" maps to the known "TOOLS.md" type
   instead of an invalid WorkspaceBootstrapFileName cast.

3. before_reset: fire the hook even when no session file exists.
   Previously, short sessions without a persisted file would silently
   skip the hook. Now fires with empty messages array so plugins
   always know a reset occurred.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: validate bootstrap filenames and add compaction hook timeout

- Only load extra bootstrap files whose basename matches a recognized
  workspace filename (AGENTS.md, TOOLS.md, etc.), preventing arbitrary
  files from being injected into agent context.
- Wrap before_compaction hook in a 30-second Promise.race timeout so
  misbehaving plugins cannot stall the compaction pipeline.
- Clarify hook comments: before_compaction is intentionally awaited
  (plugins need messages before they're discarded) but bounded.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: make before_compaction non-blocking, add sessionFile to after_compaction

- before_compaction is now true fire-and-forget — no await, no timeout.
  Plugins that need full conversation data should persist it themselves
  and return quickly, or use after_compaction for async processing.
- after_compaction now includes sessionFile path so plugins can read
  the full JSONL transcript asynchronously. All pre-compaction messages
  are preserved on disk, eliminating the need to block compaction.
- Removes Promise.race timeout pattern that didn't actually cancel
  slow hooks (just raced past them while they continued running).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add sessionFile to before_compaction for parallel processing

The session JSONL already has all messages on disk before compaction
starts. By providing sessionFile in before_compaction, plugins can
read and extract data in parallel with the compaction LLM call rather
than waiting for after_compaction. This is the optimal path for memory
plugins that need the full conversation history.

sessionFile is also kept on after_compaction for plugins that only
need to act after compaction completes (analytics, cleanup, etc.).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: move bootstrap extras into bundled hook

---------

Co-authored-by: Solomon Steadman <solstead@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Clawdbot <clawdbot@alfie.local>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 00:45:45 +01:00
Peter Steinberger
2086cdfb9b perf(test): reduce hot-suite import and setup overhead 2026-02-13 20:26:39 +00:00
Peter Steinberger
08725270e2 perf: honor low timeout budgets in health telegram probes 2026-02-13 19:22:25 +00:00
Marcus Castro
eed8cd383f
fix(agent): search all agent stores when resolving --session-id (#13579)
* fix(agent): search all agent stores when resolving --session-id

When `--session-id` was provided without `--to` or `--agent`, the reverse
lookup only searched the default agent's session store. Sessions created
under a specific agent (e.g. `--agent mybot`) live in that agent's store
file, so the lookup silently failed and the session was not reused.

Now `resolveSessionKeyForRequest` iterates all configured agent stores
when the primary store doesn't contain the requested sessionId.

Fixes #12881

* fix: search other agent stores when --to key does not match --session-id

When --to derives a session key whose stored sessionId doesn't match the
requested --session-id, the cross-store search now also runs. This handles
the case where a user provides both --to and --session-id targeting a
session in a different agent's store.
2026-02-13 18:46:54 +01:00
Peter Steinberger
fdfc34fa1f perf(test): stabilize e2e harness and reduce flaky gateway coverage 2026-02-13 17:32:14 +00:00
Mariano Belinky
86e4fe0a7a Auth: land codex oauth onboarding flow (#15406) 2026-02-13 17:18:49 +00:00
Peter Steinberger
b272158fe4 perf(test): eliminate resetModules via injectable seams 2026-02-13 16:20:37 +00:00
Peter Steinberger
e665d77917 perf(test): remove extra module resets in cli and message suites 2026-02-13 16:08:38 +00:00
Omair Afzal
59733a02c8
fix(configure): reject literal "undefined" and "null" gateway auth tokens (#13767)
* fix(configure): reject literal "undefined" and "null" gateway auth tokens

* fix(configure): reject literal "undefined" and "null" gateway auth tokens

* fix(configure): validate gateway password prompt and harden token coercion (#13767) (thanks @omair445)

* test: remove unused vitest imports in baseline lint fixtures (#13767)

---------

Co-authored-by: Luna AI <luna@coredirection.ai>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 17:04:41 +01:00
Peter Steinberger
4337fa2096 fix: remove any from doctor-security dmScope regression test (#13129) (thanks @VintLin) 2026-02-13 16:43:39 +01:00
Peter Steinberger
f612e35907 fix: add dmScope guidance regression coverage (#13129) (thanks @VintLin) 2026-02-13 16:43:39 +01:00
VintLin
ca3c83acdf fix(security): clarify dmScope remediation path with explicit CLI command
# Problem
The security audit and onboarding screens suggested 'Set session.dmScope="..."'
for multi-user DM isolation. This led users to try setting the value in invalid
config paths (e.g., 'channels.imessage.dmScope').

# Changes
- Updated 'src/security/audit.ts' to use 'formatCliCommand' for dmScope remediation.
- Updated 'src/commands/doctor-security.ts' and 'src/commands/onboard-channels.ts'
  to use the explicit 'openclaw config set' command format.

# Validation
- Verified text alignment with 'pnpm tsgo'.
- Confirmed CLI command formatting remains consistent across modified files.
2026-02-13 16:43:39 +01:00
Peter Steinberger
faa4959111 fix(onboard): include vllm auth group id 2026-02-13 15:23:46 +00:00
loiie45e
2e04630105
openai-codex: add gpt-5.3-codex-spark forward-compat model (#15174)
Merged via maintainer flow after rebase + local gates.

Prepared head SHA: 6cac87cbf97e5f627085787fe5f565778fa223bf

Co-authored-by: loiie45e <15420100+loiie45e@users.noreply.github.com>
Co-authored-by: mbelinky <2406260+mbelinky@users.noreply.github.com>
2026-02-13 15:21:07 +00:00
Tonic
08b7932df0
feat(agents) : Hugging Face Inference provider first-class support and Together API fix and Direct Injection Refactor Auths [AI-assisted] (#13472)
* initial commit

* removes assesment from docs

* resolves automated review comments

* resolves lint , type , tests , refactors , and submits

* solves : why do we have to lint the tests xD

* adds greptile fixes

* solves a type error

* solves a ci error

* refactors auths

* solves a failing test after i pulled from main lol

* solves a failing test after i pulled from main lol

* resolves token naming issue to comply with better practices when using hf / huggingface

* fixes curly lints !

* fixes failing tests for google api from main

* solve merge conflicts

* solve failing tests with a defensive check 'undefined' openrouterapi key

* fix: preserve Hugging Face auth-choice intent and token behavior (#13472) (thanks @Josephrp)

* test: resolve auth-choice cherry-pick conflict cleanup (#13472)

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 16:18:16 +01:00
Peter Steinberger
a7d6e44719 perf(test): reduce test startup overhead 2026-02-13 14:48:45 +00:00
gejifeng
513fd835a1 tests: fix vLLM onboarding selection 2026-02-13 15:48:37 +01:00
gejifeng
0472dd68f0 fix code review 2026-02-13 15:48:37 +01:00
gejifeng
e73d881c50 Onboarding: add vLLM provider support 2026-02-13 15:48:37 +01:00
Peter Steinberger
9131b22a28 test: migrate suites to e2e coverage layout 2026-02-13 14:28:22 +00:00
Harrington-bot
771c7ba14e test: add pickAsset unit tests for architecture-aware signal-cli install 2026-02-13 14:25:26 +01:00
Harrington-bot
eb4a0a84f2 fix: use Homebrew for signal-cli install on non-x64 architectures 2026-02-13 14:25:26 +01:00
loiie45e
07faab6ac3
openai-codex: bridge OAuth profiles into pi auth.json for model discovery (#15184) 2026-02-13 11:39:37 +00:00
青雲
fd076eb43a
fix: /status shows incorrect context percentage — totalTokens clamped to contextTokens (#15114) (#15133)
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a489669fc7e86db03484ef5a0ae222d9360e72f7
Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
2026-02-12 23:52:19 -05:00
Peter Steinberger
ba7dccc49d test: speed up test suite and trim redundant onboarding tests 2026-02-13 04:30:48 +00:00
Marcus Castro
ec44e262be
fix(security): prevent String(undefined) coercion in credential inputs (#12287)
* fix(security): prevent String(undefined) coercion in credential inputs

When a prompter returns undefined (due to cancel, timeout, or bug),
String(undefined).trim() produces the literal string "undefined" instead
of "". This truthy string prevents secure fallbacks from triggering,
allowing predictable credential values (e.g., gateway password = "undefined").

Fix all 8 occurrences by using String(value ?? "").trim(), which correctly
yields "" for null/undefined inputs and triggers downstream validation or
fallback logic.

Fixes #8054

* fix(security): also fix String(undefined) in api-provider credential inputs

Address codex review feedback: 4 additional occurrences of the unsafe
String(variable).trim() pattern in auth-choice.apply.api-providers.ts
(Cloudflare Account ID, Gateway ID, synthetic API key inputs + validators).

* fix(test): strengthen password coercion test per review feedback

* fix(security): harden credential prompt coercion

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 04:25:05 +01:00
Peter Steinberger
85409e401b fix: preserve inter-session input provenance (thanks @anbecker) 2026-02-13 02:02:01 +01:00
Vladimir Peshekhonov
957b883082
fix(agents): stabilize overflow compaction retries and session context accounting (openclaw#14102) thanks @vpesh
Verified:
- CI checks for commit 86a7ecb45ebf0be61dce9261398000524fd9fab6
- Rebase conflict resolution for compatibility with latest main

Co-authored-by: vpesh <9496634+vpesh@users.noreply.github.com>
2026-02-12 17:53:13 -06:00
Skyler Miao
cb0350230c
feat(minimax): update models from M2.1 to M2.5 (#14865)
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1d58bc5760af657e205f7a113cec30aaf461abc6
Co-authored-by: adao-max <153898832+adao-max@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
2026-02-12 16:48:46 -05:00
kumarabhirup
54ee12e759
Ironclaw rename: update CLI binary references, fix Next.js invocation, harden package resolution
Comprehensive update to complete the openclaw → ironclaw CLI rename across the
codebase, fix build/runtime issues, and add test coverage for infra modules.

CLI binary rename (openclaw → ironclaw):
- Update DEFAULT_CLI_NAME and all argv parsing to recognize "ironclaw" binary
- Extend package name sets (CORE_PACKAGE_NAMES, ALL_PACKAGE_NAMES) to include
  both "ironclaw" and "openclaw" for backward compatibility
- Update NPM registry URL to fetch from ironclaw package
- Update gateway lock detection, port listener classification, and launchd/systemd
  service scanning to recognize ironclaw-prefixed services and binaries
- Update daemon inspect markers and legacy detection for ironclaw
- Update voice-call extension core-bridge to resolve ironclaw package root
- Fix install instructions in embeddings error messages (npm i -g ironclaw@latest)

Web app / Next.js fixes:
- Replace fragile `npx next` invocations with direct `node next-bin` resolution
  to avoid broken pnpm virtual-store symlinks in global installs
- Add resolveNextBin() helper that resolves apps/web/node_modules/next directly

Infra hardening:
- Workspace templates: compute both source and dist fallback paths for template
  directory resolution (fixes templates not found in bundled builds)
- Control UI assets: recognize both "openclaw" and "ironclaw" package names
- Update-check, update-runner, update-cli: normalize ironclaw@ tag prefixes

New tests:
- Add openclaw-root.test.ts, ports-format.test.ts, update-global.test.ts
- Add workspace-templates.test.ts and control-ui-assets.test.ts coverage
- Add argv.test.ts coverage for ironclaw binary detection

Test fixes (28 failures → 0):
- Update all test assertions expecting "openclaw" CLI command output to "ironclaw"
- Fix version.test.ts package name from "openclaw" to "ironclaw"
- Fix camera/canvas temp path patterns in nodes-camera and program.nodes-media tests
- Fix pairing message, telegram bot, channels, daemon, onboard, gateway tool,
  status, and profile test expectations

Version: 2026.2.10-1.2 (published to npm as ironclaw@2026.2.10-1.2)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 12:19:49 -08:00
kumarabhirup
8341c6048c
feat(web): full UI redesign with light/dark theme, TanStack data tables, media rendering, and gateway-routed agent execution
Overhaul the Dench web app with a comprehensive visual redesign and several
major feature additions across the chat interface, workspace, and agent
runtime layer.

Theme & Design System
- Replace the dark-only palette with a full light/dark theme system that
  respects system preference via localStorage + inline script (no FOUC).
- Introduce new design tokens: glassmorphism surfaces, semantic colors
  (success/warning/error/info), object-type chip palettes, and a tiered
  shadow scale (sm/md/lg/xl).
- Add Instrument Serif + Inter via Google Fonts for a refined typographic
  hierarchy; headings use the serif face, body uses Inter.
- Rebrand UI from "Ironclaw" to "Dench" across the landing page and
  metadata.

Chat & Chain-of-Thought
- Rewrite the chain-of-thought component with inline media detection and
  rendering — images, video, audio, and PDFs referenced in agent output
  are now displayed directly in the conversation thread.
- Add status indicator parts (e.g. "Preparing response...",
  "Optimizing session context...") that render as subtle activity badges
  instead of verbose reasoning blocks.
- Integrate react-markdown with remark-gfm for proper markdown rendering
  in assistant messages (tables, strikethrough, autolinks, etc.).
- Improve report-block splitting and lazy-loaded ReportCard rendering.

Workspace
- Introduce @tanstack/react-table for the object table, replacing the
  hand-rolled table with full column sorting, fuzzy filtering via
  match-sorter-utils, row selection, and bulk actions.
- Add a new media viewer component for in-workspace image/video/PDF
  preview.
- New API routes: bulk-delete entries, field management (CRUD + reorder),
  raw-file serving endpoint for media assets.
- Redesign workspace sidebar, empty state, and entry detail modal with
  the new theme tokens and improved layout.

Agent Runtime
- Switch web agent execution from --local to gateway-routed mode so
  concurrent chat threads share the gateway's lane-based concurrency
  system, eliminating cross-process file-lock contention.
- Advertise "tool-events" capability during WebSocket handshake so the
  gateway streams tool start/update/result events to the UI.
- Add new agent callback hooks: onLifecycleStart, onCompactionStart/End,
  and onToolUpdate for richer real-time feedback.
- Forward media URLs emitted by agent events into the chat stream.

Dependencies
- Add @tanstack/match-sorter-utils and @tanstack/react-table to the web
  app.

Published as ironclaw@2026.2.10-1.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 11:17:23 -08:00
Peter Steinberger
5e7842a41d
feat(zai): auto-detect endpoint + default glm-5 (#14786)
* feat(zai): auto-detect endpoint + default glm-5

* test: fix Z.AI default endpoint expectation (#14786)

* test: bump embedded runner beforeAll timeout

* chore: update changelog for Z.AI GLM-5 autodetect (#14786)

* chore: resolve changelog merge conflict with main (#14786)

* chore: append changelog note for #14786 without merge conflict

* chore: sync changelog with main to resolve merge conflict
2026-02-12 19:16:04 +01:00
Peter Steinberger
069670388e perf(test): speed up test runs and harden temp cleanup 2026-02-12 17:59:52 +00:00
asklee-klawd
f8c91b3c5f
fix: prevent undefined token in gateway auth config (#13809)
- Guard against undefined/empty token in buildGatewayAuthConfig
- Automatically generate random token when token param is undefined, empty, or whitespace
- Prevents JSON.stringify from writing literal string "undefined" to config
- Add tests for undefined, empty, and whitespace token cases

Fixes #13756

Co-authored-by: Klawd Asklee <klawdebot@gmail.com>
2026-02-12 07:45:38 -06:00
Tomsun28
540996f10f
feat(provider): Z.AI endpoints + model catalog (#13456) (thanks @tomsun28) (#13456)
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 07:01:48 -06:00
kumarabhirup
e62035968c
Merge remote-tracking branch 'upstream/main' into dench-workspace
Co-authored-by: Cursor <cursoragent@cursor.com>

# Conflicts:
#	extensions/feishu/package.json
#	package.json
#	pnpm-lock.yaml
#	src/agents/pi-embedded-subscribe.ts
#	src/gateway/server-startup.ts
#	src/security/audit-extra.ts
#	src/telegram/bot-message-context.ts
2026-02-12 01:58:58 -08:00
kumarabhirup
e865265f0f
Gateway: pre-build web app + Control UI before daemon install (2026.2.6-3.7)
The Next.js web app was only built inside the gateway process on first
boot.  When the daemon was freshly installed (e.g. `onboard
--install-daemon`), the LaunchAgent would start and block on `next
build`, causing a noticeably slow first startup.

Add `ensureWebAppBuilt()` to `src/gateway/server-web-app.ts` — a
standalone pre-build function that checks for `.next/BUILD_ID` and runs
dep install + `next build` if missing.  Skips silently when the web app
is disabled, already built, in dev mode, or inapplicable (global npm
install without `apps/web`).

Call both `ensureWebAppBuilt()` and `ensureControlUiAssetsBuilt()` before
the daemon is installed in every relevant path:

- Interactive onboarding (`onboarding.finalize.ts`) — moved the existing
  Control UI build from after the daemon install to before it, and added
  the web app build alongside it.
- Non-interactive onboarding (`daemon-install.ts`) — added both pre-build
  calls before `service.install()`.
- Standalone `openclaw gateway install` CLI (`daemon-cli/install.ts`) —
  added both pre-build calls before `service.install()`.
- Configure wizard (`configure.wizard.ts`) — added the web app build
  alongside the existing Control UI build.

Updated test mocks for `ensureWebAppBuilt` in onboarding, configure
wizard, and daemon CLI coverage tests.

Bumped version to 2026.2.6-3.7 and published to npm.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 01:32:18 -08:00