* fix(release): validate prepared npm package sets
Forward-port the beta3 package-set preflight, Telegram, and Parallels validation to main while preserving main's existing Bun install smoke. Recompute decoded proxy response lengths and require artifact tarballs to exactly match the verified manifest.
* fix(release): lock fixture registry proxy origin
Drops the decorative layer from the sessions roster per maintainer feedback:
overview tiles, the drawer hero, detail sections, stat cards, checkpoint
cards, and the goal chip become flat token surfaces (no gradients, no inset
highlight shadows, no translucent color-mix glass); kind avatars and overview
icon chips lose their nested borders and read as flat tints; the skeleton
shimmer gradient becomes a plain opacity pulse. Focus rings, the drag-drop
target outline, and the live status dot ring stay - those are signal, not
decoration.
* fix(agents): allow model fallback when takeover wrapper holds classifiable promptError
When EmbeddedAttemptPromptErrorWithCleanupTakeoverError wraps a real
provider-level failure (e.g. timeout, rate_limit) inside .promptError but
inherits the name "EmbeddedAttemptSessionTakeoverError", the fallback
classifier isNonProviderRuntimeCoordinationError aborts the fallback chain
without checking whether the underlying cause is a retryable provider error.
Fix: in isNonProviderRuntimeCoordinationError, check err.promptError before
returning true for takeover-named errors. If promptError is a classifiable
provider failure (timeout, rate_limit, etc.), let fallback proceed — the
takeover is a cleanup side-effect, not the root cause.
Tests:
- Unit tests for the classifier: timeout, rate_limit, unclassifiable,
and pure takeover (regression)
- Integration tests for the runWithModelFallback pipeline: timeout
and rate_limit promptError both produce correct fallback and reason;
pure takeover still aborts
Related to #99963
* fix(agents): carry preserved prompt failures
* fix(agents): keep pure takeovers fatal
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(codex-dynamic-tools): use truncateUtf16Safe for notice text truncation
* fix(codex): keep dynamic tool text UTF-16 safe
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(agents): use truncateUtf16Safe for runner error text truncation
One .slice(0, 200) truncation site in the embedded agent runner
may cut UTF-16 surrogate pairs in half when the error text contains
multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.
* test(agents): cover UTF-16 overflow diagnostics
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* feat(onboard): guided CLI onboarding with live AI verification and classic fallback
Interactive `openclaw onboard` (and bare `openclaw` on a fresh install) now
runs a guided flow with macOS-app parity: detect existing AI access, live-test
candidates with a real completion before persisting anything, walk down the
ladder on failure with mapped reasons, and offer verified manual API-key entry
from installed provider manifests (masked input). In-flow escapes: classic
wizard, Crestodian chat, skip-AI. Classic wizard gains an optional post-auth
live verification step. `--classic`, `--modern`, and `--non-interactive`
contracts unchanged. Docs corrected for post-#99935 routing.
Closes#101851
* improve(onboard): quiet probe diagnostics in wizard TTY, carry risk ack into classic escape
Candidate live-tests during guided setup are probes: rename their run id and
lane to the existing probe conventions (logging/subsystem.ts console
suppression, command-queue quiet probe lanes) so expected failures stop
leaking raw diagnostics into the Clack UI; file diagnostics unchanged. The
classic-wizard escape now passes the already-collected risk acknowledgement
through instead of re-prompting in the same session.
* fix(onboard): quiet the session-derived setup-inference probe lane too
The live-test run enqueues on two lanes: the explicit probe lane and one
derived from its temp session key. Extend the shared quiet-probe predicate to
cover the derived lane so a failing candidate cannot leak lane-task
diagnostics into the wizard TTY.
* improve(onboard): suppress subsystem console output during wizard live tests
Provider-transport subsystem loggers (model-fetch start/response, transport
errors) carry no run id, so probe suppression cannot catch them and a failing
candidate printed raw log lines into the Clack TTY. Reuse the TUI console
subsystem-filter seam via a finally-safe scoped helper around guided
activation and the classic live-verify; file logging is unchanged and the
gateway (macOS app) surface is unaffected.
* fix(onboard): never auto-replace a configured model when its live check fails
The re-run verification probe executes outside the configured workspace (setup
never runs workspace plugins), so a workspace-backed current model can fail
the check while working fine in the agent. Stop the auto ladder on an
existing-model failure and hand the decision to the manual stage instead of
silently persisting a different candidate as the default. Docs note the
fail-safe and the workspace caveat.
* feat(onboard): two-way switching between Crestodian chat and the menu wizards
From the chat, `open setup wizard`, `open classic wizard`, and `open channel
wizard for <channel>` hand off to the guided flow, the classic wizard, or the
masked `channels add` wizard after the chat TUI tears down (mirrors the
open-tui handoff; gateway surface gets a text pointer instead). The hosted
channel wizard no longer dead-ends at sensitive steps — it offers the switch
and remembers the channel. New read-only `channel info <channel>` operation
and ring-zero action surface label, blurb, configured state, and the real
docs URL from channel-setup discovery so the assistant can explain Slack or
Telegram prerequisites instead of guessing; both prompts instruct it to use
them. `channels add --channel <id>` now preselects the channel. Docs cover
the interchangeable flows.
* fix(onboard): avoid param reassignment in open-setup handoff
* improve(onboard): separate ask-about vs connect intent in channel prompt guidance
Live test showed the agent detouring an explicit connect request through
channel_info because the guidance said to consult it first. Both prompts now
distinguish asking about a channel (channel info + docs link) from asking to
connect (connect right away).
* fix(channels): mark channel token entry as sensitive input
The shared single-token prompt lacked sensitive:true, so terminal wizards
echoed pasted channel tokens and the Crestodian chat bridge (which refuses
plain-text secrets based on this flag) hosted the Telegram token step in
visible chat. Found live-testing the chat-to-wizard switch; pre-existing on
main but load-bearing for the masked-wizard contract this PR documents.
* fix(onboard): restore terminal state around the guided flow's TUI launch
Mirror the classic finalize handoff so the chat TUI never inherits the wizard
prompter's raw/paused terminal state on the default first-run path.
* fix(channels): type the token prompter mock for the sensitive-flag assertion
* fix(gateway): map the TUI-only open-setup action to none for app clients
Engine-side surface gating already prevents open-setup replies on the gateway
surface; this keeps the client-visible action enum stable even if that gate
ever regresses. (Reviewed with the switching round; missed in its commit.)
* docs: regenerate docs map for onboarding page changes
* fix(nodes): defer and back off remote bin probes
* chore: leave release changelog ownership centralized
* fix(nodes): probe the live post-pairing surface
* fix(nodes): retry probes after reconnect
* fix(nodes): bind probes to live connections
* test(skills): isolate remote bin signature configs
* test(skills): place remote skills under workspace root
* style(skills): satisfy probe delay lint
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(google-meet): use truncateUtf16Safe for log value truncation
One .slice(0, 180) truncation site in the Google Meet extension
may cut UTF-16 surrogate pairs in half when the log value contains
multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.
* test(google-meet): cover UTF-16 model log boundary
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(migrate-claude): use truncateUtf16Safe for skill description truncation
One .slice(0, 180) truncation site in the migrate-claude extension
may cut UTF-16 surrogate pairs in half when the skill description
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.
* test(migrate-claude): cover UTF-16 skill description
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(slack): use truncateUtf16Safe for message body preview truncation
One .slice(0, 160) truncation site in the Slack message handler may
cut UTF-16 surrogate pairs in half when the message body preview
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.
* test(slack): cover UTF-16 preview boundary
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(browser): remove hardcoded profile="user" suggestion from browser tool description
The browser tool description hardcoded a suggestion to use profile="user"
for logged-in sessions, even when the operator has configured a different
default profile (e.g. browser.defaultProfile: "openclaw").
Replace with profile-agnostic guidance that references the configured
browser.defaultProfile setting instead of prescribing a specific value.
Fixes#102566
* test: update browser tool description assertion for profile-agnostic wording
* refactor(browser): unify tool profile guidance
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Adds client-capability-gated tool availability: gateway clients declare
capabilities at connect (new inline-widgets cap), chat.send stamps them into
the run context, and every tool assembly path (embedded runner, queued
followups, Codex app-server harness, plugin-only construction plans) drops
tools whose requiredClientCaps the originating client did not declare. The
Canvas plugin ships the first such tool, show_widget: agents pass SVG or an
HTML fragment plus a title; the plugin hosts it as a bounded, retention-scoped
Canvas document and returns the existing canvas preview handle, which web chat
renders as a sandboxed iframe fitted to the widget's reported content height.
Widget frames never get allow-same-origin (per-preview sandbox ceiling,
including the sidebar path) and the Canvas host serves widget documents with a
CSP sandbox header so direct navigation runs in an opaque origin. Verified
live end-to-end on a Testbox with gpt-5.5 (screenshots on the PR). CLI-backed
model backends do not carry client caps yet and stay fail-closed (#102577).
Closes#101790
* fix(openai): use truncateUtf16Safe for image gen log value truncation
One .slice(0, N) truncation site in the OpenAI image generation
provider may cut UTF-16 surrogate pairs in half when the log value
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.
* fix(openai): keep image auth logs UTF-16 safe
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(msteams): surface quoted message body in Teams quote replies
Teams sends the quoted text of a 1:1 DM quote-reply in <p itemprop="preview">
(a truncated snippet), not <p itemprop="copy"> which the parser matched. The
match failed, so quoteInfo was undefined and nothing was surfaced to the agent.
Fix 1 (primary): extractMSTeamsQuoteInfo now accepts copy OR preview (prefers
copy, falls back to preview) and captures the blockquote itemid as the quoted
message id.
Fix 2 (enhancement): when the quoted message id is known, fetch the full text
via the app-only Graph endpoint GET /chats/{chatId}/messages/{id} (permitted
with Chat.Read.All, unlike the delegated /me/chats listing) and use it as the
quote body. Restricted to chats (DM + group) whose Graph chat id is a 19: id;
any failure degrades to the truncated preview so message handling never breaks.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* fix(msteams): address review — DM-only full-text fetch, drop unsupported $select, fix mocks
Addresses ClawSweeper review on the quote-reply PR:
- Security (P1): restrict the app-only Graph full-text quote fetch to 1:1 DMs.
Previously it ran for any non-channel chat, so in a group an allowlisted
sender could quote a non-allowlisted member and the fetched full body would
bypass the supplemental-quote visibility allowlist. Group/channel quotes keep
the (now-surfaced) truncated preview from fix 1.
- Graph contract (P2): the get-chatMessage endpoint does not support OData
query params; drop the ?$select=id,body that tenants enforcing the contract
would reject (which would silently fall back to the preview).
- Tests (P1): add fetchChatMessageText to the two vi.mock(../graph-thread.js)
factories prod now touches, and add a group-chat regression test proving the
Graph full-text fetch does not fire for group quotes.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* docs(msteams): add redacted real Teams quote-reply proof screenshots
Real-behavior evidence for the quote-reply fix (personal names + avatars
redacted): a 1:1 DM where the bot now reads back the full quoted message.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* docs(msteams): remove committed proof screenshots from branch
Proof media should live as external PR artifacts, not in the product tree.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* test(msteams): bound and prove quote enrichment
* test(msteams): use valid open DM fixture
---------
Co-authored-by: Yash Inani <yashinani@Yashs-MacBook-Pro.local>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass.ts
The import path `openclaw/plugin-sdk/ssrf-runtime-internal` was renamed
to `openclaw/plugin-sdk/ssrf-runtime` in a previous version, but
cdp-proxy-bypass.ts still referenced the old path. The neighbouring
cdp.helpers.ts already uses the correct path. This caused the browser
plugin to fail to load with "Package subpath is not defined by exports".
Fixes#96639
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass
The import path `openclaw/plugin-sdk/ssrf-runtime-internal` was renamed
to `openclaw/plugin-sdk/ssrf-runtime` in a previous version, but
cdp-proxy-bypass.ts still referenced the old path. The neighbouring
cdp.helpers.ts already uses the correct path. This caused the browser
plugin to fail to load with "Package subpath is not defined by exports".
Update the corresponding vi.mock path in the test file to match.
Fixes#96639
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(plugin-sdk): promote managed-proxy bypass exports to public ssrf-runtime
Export registerManagedProxyBrowserCdpBypass and fetchConfiguredLocalOriginWithSsrFGuard
from the public ssrf-runtime path so that the browser plugin and ollama embedding
provider can lazy-load without hitting the private ssrf-runtime-internal subpath
that is excluded from package.json exports.
Fixes#96639
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(build): bundle private SSRF runtime for packaged plugins
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Feedback pass on the sessions redesign: status pills become a plain colored
dot + label (green pulse for live, green dot with neutral label for done,
muted idle, red failed) in both the roster and the drawer hero, and the
Runtime column moves out of the table into the row drawer as Runtime (agent
runtime) plus Run duration. Runtime stays searchable. Responsive breakpoints
reflow for the 7-column roster and the actions column shrinks to the chevron
and row menu that landed in #102564.
Closes#102654
* fix(inworld): use truncateUtf16Safe for error body and parse error truncation
Two .slice(0, N) truncation sites in the Inworld TTS extension may
cut UTF-16 surrogate pairs in half when the error body or parse error
message contains multi-byte characters such as emoji. Replace both
with truncateUtf16Safe to keep the truncated output valid Unicode.
* test(inworld): cover UTF-16-safe TTS errors
Co-authored-by: lizeyu-xydt <li.zeyu@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>