Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
18,942 Commits 756 Branches 79 Tags
Commit Graph

1098 Commits

Author SHA1 Message Date
Peter Steinberger
f4094ab19e refactor: share slack text truncation 2026-03-14 01:41:17 +00:00
Val Alexander
0e8672af87
fix(ui): stop dashboard chat history reload storm (#45541) 
* UI: stop dashboard chat history reload storm

* Changelog: add PR number for chat reload fix

* fix: resolve branch typecheck regressions
 2026-03-13 19:19:53 -05:00
Robin Waslander
a54bf71b4c
fix(imessage): sanitize SCP remote path to prevent shell metacharacter injection 
References GHSA-g2f6-pwvx-r275.
 2026-03-14 00:38:14 +01:00
Peter Steinberger
46d4fe2fa1 refactor: share embedded run and discord test helpers 2026-03-13 23:35:28 +00:00
Peter Steinberger
0201f3ff7b refactor: share auto reply helper fixtures 2026-03-13 23:35:28 +00:00
Peter Steinberger
6cabcf3fd2 test: dedupe session idle timeout assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
801113b46a refactor: share session entry persistence update 2026-03-13 23:35:27 +00:00
Peter Steinberger
cad1c95405 test: dedupe inline action skip assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
8cd48c2896 test: dedupe model info reply setup 2026-03-13 23:35:27 +00:00
Peter Steinberger
0f9e16ca46 refactor: share provider chunk context resolution 2026-03-13 23:35:27 +00:00
Peter Steinberger
da51e40638 refactor: share auth label suffix formatting 2026-03-13 23:35:27 +00:00
Peter Steinberger
bd758bb438 refactor: share abort target apply params 2026-03-13 23:35:27 +00:00
Peter Steinberger
aaea0b2f28 test: dedupe directive auth ref label setup 2026-03-13 23:35:27 +00:00
Peter Steinberger
07b3f5233e test: dedupe post compaction legacy fallback checks 2026-03-13 23:35:27 +00:00
Peter Steinberger
91c94c8b95 test: dedupe elevated permission assertions 2026-03-13 23:35:27 +00:00
Peter Steinberger
b9e5f23914 test: dedupe route reply slack no-op cases 2026-03-13 23:35:27 +00:00
Peter Steinberger
467a7bae3f refactor: share session conversation normalization 2026-03-13 21:40:53 +00:00
Peter Steinberger
0f637b5e30 refactor: share acp conversation text normalization 2026-03-13 21:40:53 +00:00
Vincent Koc
a976cc2e95
Slack: add opt-in interactive reply directives (#44607) 
* Reply: add Slack interactive directive parser

* Reply: wire Slack directives into normalization

* Reply: cover Slack directive parsing

* Reply: test Slack directive normalization

* Slack: hint interactive reply directives

* Config: add Slack interactive reply capability type

* Config: validate Slack interactive reply capability

* Reply: gate Slack directives behind capability

* Slack: gate interactive reply hints by capability

* Tests: cover Slack interactive reply capability gating

* Changelog: note opt-in Slack interactive replies

* Slack: fix interactive reply review findings

* Slack: harden interactive reply routing and limits

* Slack: harden interactive reply trust and validation
 2026-03-13 14:08:04 -07:00
xingsy97
2c39cd0953
fix(agents): rephrase session reset prompt to avoid Azure content filter (#43403) 
* fix(agents): rephrase session reset prompt to avoid Azure content filter

Azure OpenAI's content filter flags the phrase 'Execute your Session
Startup sequence now' as potentially harmful, causing /new and /reset
to return 400 for all Azure-hosted deployments.

Replace 'Execute ... now' with 'Run your Session Startup sequence' in
session-reset-prompt.ts and post-compaction-context.ts. The semantics
are identical but the softer phrasing avoids the false-positive.

Closes #42769

* ci: retrigger checks (windows shard timeout)

* fix: add changelog for Azure startup prompt fix (#43403) (thanks @xingsy97)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-13 15:07:03 +05:30
Cypherm
61d219cb39
feat: show status reaction during context compaction (#35474) 
Merged via squash.

Prepared head SHA: 145a7b7c4e1939718c41a300899ae813bd9c511b
Co-authored-by: Cypherm <28184436+Cypherm@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-12 21:06:15 -07:00
Peter Steinberger
6b14e6b55b test(commands): align slash-command config persistence coverage 2026-03-13 02:51:55 +00:00
Peter Steinberger
268a8592de fix: avoid ineffective dynamic imports 2026-03-13 01:33:37 +00:00
Peter Steinberger
d5bffcdeab
feat: add fast mode toggle for OpenAI models 2026-03-12 23:31:31 +00:00
Vincent Koc
4ca84acf24
fix(runtime): duplicate messages, share singleton state across bundled chunks (#43683) 
* Tests: add fresh module import helper

* Process: share command queue runtime state

* Agents: share embedded run runtime state

* Reply: share followup queue runtime state

* Reply: share followup drain callback state

* Reply: share queued message dedupe state

* Reply: share inbound dedupe state

* Tests: cover shared command queue runtime state

* Tests: cover shared embedded run runtime state

* Tests: cover shared followup queue runtime state

* Tests: cover shared inbound dedupe state

* Tests: cover shared Slack thread participation state

* Slack: share sent thread participation state

* Tests: document fresh import helper

* Telegram: share draft stream runtime state

* Tests: cover shared Telegram draft stream state

* Telegram: share sent message cache state

* Tests: cover shared Telegram sent message cache

* Telegram: share thread binding runtime state

* Tests: cover shared Telegram thread binding state

* Tests: avoid duplicate shared queue reset

* refactor(runtime): centralize global singleton access

* refactor(runtime): preserve undefined global singleton values

* test(runtime): cover undefined global singleton values

---------

Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com>
 2026-03-12 14:59:27 -04:00
Vincent Koc
08aa57a3de
Commands: require owner for /config and /debug (#44305) 
* Commands: add non-owner gate helper

* Commands: enforce owner-only config and debug

* Commands/test: cover owner-only config and debug

* Changelog: add owner-only config debug entry

* Commands/test: split config owner gating section

* Commands: redact sender ids in verbose command logs

* Commands: preserve internal read-only config access

* Commands/test: keep operator.write config show coverage non-owner
 2026-03-12 14:58:14 -04:00
avirweb
f2e28fc30f
fix(telegram): allow fallback models in /model validation (#40105) 
Merged via squash.

Prepared head SHA: de07585e03cba06897d50c1d79fbe09d326c6ac9
Co-authored-by: avirweb <257412074+avirweb@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-12 13:55:51 +01:00
Mathias Nagler
e8a162d3d8
fix(mattermost): prevent duplicate messages when block streaming + threading are active (#41362) 
* fix(mattermost): prevent duplicate messages when block streaming + threading are active

Remove replyToId from createBlockReplyPayloadKey so identical content is
deduplicated regardless of threading target. Add explicit threading dock
to the Mattermost plugin with resolveReplyToMode reading from config
(default "all"), and add replyToMode to the Mattermost config schema.

Fixes #41219

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(mattermost): address PR review — per-account replyToMode and test clarity

Read replyToMode from the merged per-account config via
resolveMattermostAccount so account-level overrides are honored in
multi-account setups. Add replyToMode to MattermostAccountConfig type.
Rename misleading test to clarify it exercises shouldDropFinalPayloads
short-circuit, not payload key dedup.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Replies: keep block-pipeline reply targets distinct

* Tests: cover block reply target-aware dedupe

* Update CHANGELOG.md

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-12 03:15:17 -04:00
ademczuk
58634c9c65
fix(agents): check billing errors before context overflow heuristics (#40409) 
Merged via squash.

Prepared head SHA: c88f89c462d87957a4c6c51a23ab997fd307059d
Co-authored-by: ademczuk <5212682+ademczuk@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 21:08:55 +03:00
Luke
7761e7626f
Providers: add Opencode Go support (#42313) 
* feat(providers): add opencode-go provider support and onboarding

* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF

* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF

* Update CHANGELOG.md

---------

Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-11 01:31:06 -04:00
Peter Steinberger
aad014c7c1 fix: harden subagent control boundaries 2026-03-11 01:44:38 +00:00
Peter Steinberger
3a39dc4e18 refactor(security): unify config write target policy 2026-03-11 01:35:04 +00:00
Peter Steinberger
8eac939417 fix(security): enforce target account configWrites 2026-03-11 01:24:36 +00:00
Josh Avant
36d2ae2a22 SecretRef: harden custom/provider secret persistence and reuse (#42554) 
* Models: gate custom provider keys by usable secret semantics

* Config: project runtime writes onto source snapshot

* Models: prevent stale apiKey preservation for marker-managed providers

* Runner: strip SecretRef marker headers from resolved models

* Secrets: scan active agent models.json path in audit

* Config: guard runtime-source projection for unrelated configs

* Extensions: fix onboarding type errors in CI

* Tests: align setup helper account-enabled expectation

* Secrets audit: harden models.json file reads

* fix: harden SecretRef custom/provider secret persistence (#42554) (thanks @joshavant)
 2026-03-10 23:55:10 +00:00
PonyX-lab
53374394fb
Fix stale runtime model reuse on session reset (#41173) 
Merged via squash.

Prepared head SHA: d8a04a466a3b110aa7d608cc1425a66fa65e326b
Co-authored-by: PonyX-lab <266766228+PonyX-lab@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-10 14:02:43 -07:00
Frank Yang
96e4975922
fix: protect bootstrap files during memory flush (#38574) 
Merged via squash.

Prepared head SHA: a0b9a02e2ef1a6f5480621ccb799a8b35a10ce48
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-10 12:44:33 +08:00
Harold Hunt
de49a8b72c
Telegram: exec approvals for OpenCode/Codex (#37233) 
Merged via squash.

Prepared head SHA: f2433790941841ade0efe6292ff4909b2edd6f18
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
 2026-03-09 23:04:35 -04:00
Altay
531e8362b1
Agents: add fallback error observations (#41337) 
Merged via squash.

Prepared head SHA: 852469c82ff28fb0e1be7f1019f5283e712c4283
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-10 01:12:10 +03:00
Mariano
3c3474360b
acp: harden follow-up reliability and attachments (#41464) 
Merged via squash.

Prepared head SHA: 7d167dff54ab975f90224feb3fe697a5e508e895
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 23:03:50 +01:00
Mariano
4aebff78bc
acp: forward attachments into ACP runtime sessions (#41427) 
Merged via squash.

Prepared head SHA: f2ac51df2c4c84a7c3f7150cb736b087d592ac94
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 22:32:32 +01:00
Ayaan Zaidi
26e76f9a61
fix: dedupe inbound Telegram DM replies per agent (#40519) 
Merged via squash.

Prepared head SHA: 6e235e7d1f7a00ef43455a9240b62e24dbc4ef94
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-03-09 09:31:05 +05:30
Mariano
e3df94365b
ACP: add optional ingress provenance receipts (#40473) 
Merged via squash.

Prepared head SHA: b63e46dd94479de611dab68868340aa18bdaff2f
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-09 04:19:03 +01:00
Peter Steinberger
f6cb77134c refactor: centralize acp session resolution guards 2026-03-08 18:40:14 +00:00
Hermione
c942655451
fix(hooks): use resolveAgentIdFromSessionKey in runBeforeReset (#39875) 
Merged via squash.

Prepared head SHA: 00a2b241df1cf4fa7089d6ee98b5d7e2c7acf105
Co-authored-by: rbutera <6047293+rbutera@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-08 19:07:28 +03:00
Daniel Hnyk
9425209602
fix(mattermost): pass payload.replyToId as root_id for threaded replies (#27744) 
Merged via squash.

Prepared head SHA: e02907987221bd6ced0a93ff6fcff58531283150
Co-authored-by: hnykda <2741256+hnykda@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-08 14:13:13 +05:30
Ayaan Zaidi
930caeaafb fix(chat): preserve sender labels in dashboard history 2026-03-08 09:17:02 +05:30
Peter Steinberger
7e59803df2 refactor(queue): use stable tuple key for recent message dedupe 2026-03-08 01:14:16 +00:00
Peter Steinberger
5edcab2eee fix(queue): land #33168 from @rylena 
Landed from contributor PR #33168 by @rylena.

Co-authored-by: Rylen Anil <rylen.anil@gmail.com>
 2026-03-08 00:51:11 +00:00
Peter Steinberger
61000b8e4d fix(acp): block sandboxed slash spawns 2026-03-08 00:23:07 +00:00
Peter Steinberger
d228a62143 refactor: share trimmed string entry normalization 2026-03-07 23:27:51 +00:00