sunlit-deng
1e377e3660
fix(clickclack): bound inbound websocket payloads ( #102480 )
...
* fix(clickclack): bound inbound websocket payloads
* fix(clickclack): bound inbound websocket payloads
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:09:30 +01:00
Vincent Koc
cc083e5f4f
refactor(plugins): localize internal helper types ( #101922 )
2026-07-07 17:11:49 -07:00
Vincent Koc
3d206140f3
refactor: localize internal implementation constants ( #101758 )
2026-07-07 08:34:13 -07:00
Peter Steinberger
a2a68d154b
fix(agent): preserve explicit recipient sessions ( #101507 )
...
* fix(agent): honor recipient session routing
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
* fix(agent): preserve canonical recipient routes
* fix(agent): require exact recipient routes
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
* fix(agent): harden recipient route resolution
* fix(imessage): require canonical recipient handles
* fix(agent): refine provider recipient exactness
* fix(agent): bound direct alias session routing
* fix(signal): preserve direct alias route type
* fix(agent): honor binding-scoped recipient sessions
* fix(routing): honor configured main session aliases
* fix(clickclack): align account-owned session routes
* fix(twitch): preserve canonical recipient sessions
* fix(routing): isolate stable outbound identities
* chore: defer recipient session changelog
* fix(sms): use dedicated channel SDK facade
---------
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
2026-07-07 10:07:13 +01:00
Marvinthebored
cbcd6a102c
fix(clickclack): reply to a top-level message in-channel, not as a new thread ( #100582 )
...
* fix(clickclack): reply to a top-level message in-channel, not as a new thread
sendClickClackText routed any replyToId to createThreadReply, and the inbound
handler stamps replyToId = <triggering message id> on every reply. As a result
every reply to a top-level channel message opened its own thread, so the main
channel timeline showed nothing and the chat was effectively unusable.
Route a bare replyToId to the main channel as a quote-reply (quoted_message_id)
instead — matching the reply-to affordance of the Discord/Slack/Telegram
channels — and reserve threads for genuine thread context (an explicit threadId
or a thread-kind target). DM replies likewise quote-reply in the same
conversation. quoted_message_id is omitted when there is no reply context, so
plain sends are unchanged.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* test(clickclack): cover quote payload typing
---------
Co-authored-by: Marvinthebored <marvinthebored@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-05 22:27:27 -07:00
Ayaan Zaidi
2b7003d535
fix(clickclack): gate provenance stamping behind agentActivity opt-in
2026-07-05 09:32:37 -07:00
ragesaq
00f345a82b
fix(clickclack): forward native activity callbacks
...
Allow ClickClack-owned progress rendering to receive item callbacks when source delivery is suppressed. This lets native agentActivity persist commentary and tool rows instead of relying on default progress texts.
HyperReview-Reflex: pass
HyperReview-Tier: light
HyperReview-Scope: staged-tree:e4d63a7648ad03f91fe81588cce783fd686b6488
HyperReview-Paths-SHA256: 94ae4829752bfdafc02191354cac5ae2a2ca9fc899ad02a7ced71d38829dd352
HyperReview-Reflex-Version: 0.3.3
HyperReview-Routed-To: none
2026-07-05 09:32:37 -07:00
ragesaq
67044ce7c7
feat(clickclack): normalize reasoning progress as commentary
...
ClickClack durable activity now treats preamble, commentary, analysis, thinking, and reasoning as streaming commentary segments. Reasoning-family lanes get a normalized Thinking label, while lifecycle frames stay hidden.
Why: native ClickClack needs Clickglass parity for commentary progress, tool calls, and final assistant delivery before the sidecar can be retired.
Validation:
pnpm tsgo:extensions
pnpm tsgo:extensions:test
pnpm exec oxlint extensions/clickclack/src/activity.ts extensions/clickclack/src/activity.test.ts
pnpm exec vitest run extensions/clickclack/src/activity.test.ts
HyperReview-Reflex: pass-with-conditions
HyperReview-Tier: light
HyperReview-Scope: staged-tree:ed2adf325ad5beffcb55d7c6b929b0be7a752b61
HyperReview-Paths-SHA256: e5499bb489781e9c4dd31828a71220bbe89c4e646011a7f31f5ce3b8db8d54c6
HyperReview-Reflex-Version: 0.3.3
HyperReview-Routed-To: none
HyperReview-Receipt-SHA256: 4d3480047c0b66556236cecde7dd3e199b57a027b8dd894acab47056d9be5b4c
2026-07-05 09:32:37 -07:00
ragesaq
a08ca5fc5d
feat(clickclack): stamp model/thinking attribution onto agent posts
...
Wires replyOptions.onModelSelected so the resolved provider/model and
thinking level for each turn (including after fallback) are sent as
author_model / author_thinking fields on activity rows and the final
reply. Servers without these columns ignore the unknown JSON fields, so
the wire shape is backward compatible; servers that persist them get
per-message attribution.
2026-07-05 09:32:37 -07:00
ragesaq
339cc4f12a
fix(clickclack): address review — docs, lint lanes, activity coalescing
...
- docs: document agentActivity option, the non-inherited agent_activity:write
scope, default-off and best-effort degradation behavior
- activity: type the enqueue catch parameter as unknown (lint lane)
- activity: treat toolCallId as opaque; normalize only itemId lane prefixes
- activity: skip identical/stale-shorter commentary snapshots so no
redundant PATCHes queue
- http-client: fail fast when createActivityMessage has no channel or
conversation target; narrow mocked request bodies before JSON.parse
2026-07-05 09:32:37 -07:00
ragesaq
01b34139b1
feat(clickclack): publish durable agent activity rows (commentary + tool)
...
Opt-in per-account (agentActivity: true): the ClickClack channel extension
now mirrors streamed commentary and tool progress into durable
agent_commentary / agent_tool message rows via the existing
replyOptions.onItemEvent seam, coalesced so one logical step is one row.
Requires a bot token carrying the agent_activity:write scope; publishing
is best-effort and never interrupts final text delivery.
2026-07-05 09:32:37 -07:00
Peter Steinberger
f3e3b6985b
fix: land nine small correctness fixes ( #100204 )
...
* fix(memory-wiki): preserve dollar notes on reimport
Co-authored-by: 李兰 0668001394 <li.lan3@xydigit.com>
* fix(voice-call): handle spawn error during tunnel cleanup
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
* fix(media): reject invalid response byte limits
Co-authored-by: linhongkuan <linhk8@mail2.sysu.edu.cn>
* fix(infra): match listening ports exactly
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
* fix(exec): preserve UTF-16 boundaries when truncating output
Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>
* fix(agents): reject surrogate HTML entities
Co-authored-by: mikasa0818 <0668001030@xydigit.com>
* fix(anthropic): guard Claude Fable 5 prefix boundaries
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
* fix(models): render context windows in decimal K
Co-authored-by: harjoth <harjoth.khara@gmail.com>
* fix(clickclack): preserve websocket rejection diagnostics
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
* fix(exec): use canonical UTF-16 slicing helper
Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>
* style(exec): sort UTF-16 helper imports
* style(exec): sort UTF-16 helper imports
* style(exec): sort UTF-16 helper imports
* style(infra): format response limit helper
* style(infra): format response limit helper
---------
Co-authored-by: 李兰 0668001394 <li.lan3@xydigit.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: linhongkuan <linhk8@mail2.sysu.edu.cn>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>
Co-authored-by: mikasa0818 <0668001030@xydigit.com>
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
Co-authored-by: harjoth <harjoth.khara@gmail.com>
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
2026-07-05 01:44:56 -07:00
Vincent Koc
3e2646a786
fix(release): use workspace host deps in release lockfile
...
(cherry picked from commit d377c0f910 )
2026-06-30 15:54:12 -07:00
Vincent Koc
66e676d29b
chore(release): close out 2026.6.11 on main
2026-06-30 11:31:08 -07:00
mushuiyu886
f4fa10c2c5
fix(clickclack): bound REST success JSON response reads ( #96970 )
...
* fix(clickclack): bound REST success JSON response reads
* test(clickclack): harden response cap proof
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-06-27 07:30:32 -07:00
Vincent Koc
0671c08900
chore(release): close out 2026.6.10 on main ( #96271 )
...
* chore(release): close out 2026.6.10 on main
* chore(release): align native app metadata for 2026.6.10
* chore(release): sync Android 2026.6.10 notes
* docs(changelog): preserve 2026.6.9 history
* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Vincent Koc
f2eca94391
feat(plugins): externalize additional official plugins ( #95683 )
2026-06-22 16:12:51 +08:00
Vincent Koc
b039e949b6
chore(release): close out 2026.6.9
2026-06-21 12:24:15 +08:00
Vincent Koc
f14a2cb9c5
fix(clickclack): bound api error response bodies
2026-06-19 13:16:08 +02:00
Vincent Koc
b794d7fb58
fix(clickclack): reconnect after websocket errors
2026-06-19 07:07:25 +02:00
Vincent Koc
405df6f166
fix(clickclack): clear gateway status after poll failures
2026-06-17 16:40:43 +02:00
Vincent Koc
6774e7f259
chore(release): sync main to 2026.6.8
2026-06-17 07:25:30 +08:00
Shakker
920e6a8eec
chore: set version 2026.6.9
2026-06-16 19:54:07 +01:00
Peter Steinberger
797bcd5bdb
fix: propagate ClickClack toolsAllow through replies
...
Propagate ClickClack account-level runtime tool allowlists through inbound reply dispatch so restricted ClickClack accounts keep their tool policy when model/agent replies are generated.
This threads `toolsAllow` through shared dispatch, provider wrappers, embedded agent execution, and ACP hook events. ACP-bound sessions now fail closed for restrictive runtime allowlists because ACPX cannot enforce per-turn tool allowlists on reused persistent sessions.
Verification:
- Live ClickClack E2E on Crabbox AWS `run_6a0472ed7e71`, provider `aws`, id `cbx_dace25addcaa`.
- `node scripts/run-vitest.mjs run src/auto-reply/reply/dispatch-acp.test.ts src/plugin-sdk/acp-runtime.test.ts src/auto-reply/reply/dispatch-from-config.reply-dispatch.test.ts src/auto-reply/dispatch.test.ts src/auto-reply/reply/agent-runner-execution.test.ts src/auto-reply/reply/provider-dispatcher.test.ts extensions/clickclack/src/inbound.test.ts --reporter=verbose`
- Crabbox changed gate `run_d32af37fb265`, provider `aws`, id `cbx_8236876017c9`: `corepack pnpm check:changed`
- Autoreview clean: `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main`
Supersedes #89500 .
Co-authored-by: Michael Appel <mappel@nvidia.com>
2026-06-05 08:40:35 -07:00
Peter Steinberger
4fa5092cdc
docs: document small extension sources
2026-06-04 21:02:07 -04:00
Peter Steinberger
802cdc7783
docs: document clickclack plugin
2026-06-04 08:12:22 -04:00
Peter Steinberger
1878ca0820
chore(release): prepare 2026.6.2 beta
2026-06-04 00:06:52 +01:00
Peter Steinberger
e254346bc2
chore(release): prepare 2026.6.3 beta
2026-06-03 23:42:34 +01:00
Peter Steinberger
a14eacf372
chore(release): set version 2026.6.2
2026-06-01 23:06:55 +01:00
Peter Steinberger
8e28c773fe
chore(release): prepare 2026.6.1
2026-06-01 10:30:15 +01:00
Peter Steinberger
22cb7fb6b7
chore(lint): enable no-promise-executor-return
2026-05-31 23:06:13 +01:00
Peter Steinberger
0d17623f00
chore: bump OpenClaw version to 2026.5.31
...
Bumps OpenClaw release metadata to 2026.5.31 across package manifests, app version files, plugin metadata, changelog headings, and generated shrinkwraps.
Verification:
- pnpm plugins:sync:check
- pnpm ios:version:check
- pnpm deps:shrinkwrap:check
- git diff --check
- stale 2026.5.30/build-code scan across changed files
- autoreview clean: no accepted/actionable findings
- PR CI green for real gates: Checks, security scans, dependency guard, app lanes, real behavior proof
Known non-code workflow issue:
- label workflow failed because this PR hits GitHub's 100-label issue cap before the size-label step.
2026-05-31 14:46:17 +01:00
Peter Steinberger
48ccc50282
chore: update dependencies
2026-05-31 09:07:53 +01:00
Peter Steinberger
604339ebf9
fix(clickclack): normalize reconnect intervals
2026-05-31 01:37:46 -04:00
Peter Steinberger
cd07d013ba
chore(release): bump version to 2026.5.30
2026-05-30 06:49:13 +01:00
Peter Steinberger
cee2a50fe6
chore(release): prepare 2026.5.28
2026-05-28 01:48:07 +01:00
Peter Steinberger
bb46b79d3c
refactor: internalize OpenClaw agent runtime ( #85341 )
...
* refactor: extract agent core package
Introduce packages/agent-core as the OpenClaw-owned home for reusable agent loop, harness, session, prompt, and runtime dependency contracts.
* refactor: extract shared llm runtime
Move provider model registries, stream wrappers, OAuth helpers, and LLM utilities into src/llm with plugin-sdk barrels instead of depending on the old embedded runtime layout.
* refactor: remove pi runtime internals
Rename remaining Pi-shaped agent surfaces to OpenClaw agent runtime names, delete obsolete Pi docs and package graph checks, and add the third-party notice for incorporated code.
* refactor: tighten agent session runtime
Make agent-core/runtime dependencies explicit, consolidate compaction and session transcript helpers, and move model/session helpers behind OpenClaw-owned contracts.
* refactor: remove static model and pi auth paths
Drop static model catalogs and Pi auth bridges, move model/provider facts to manifest-owned runtime contracts, and harden internal embedded-agent utilities.
* refactor: remove legacy provider compat paths
* docs: remove agent parity notes
* fix: skip provider wildcard metadata parsing
* refactor: share session extension sdk loading
* refactor: inline acpx proxy error formatter
* refactor: fold edit recovery into edit tool
* fix: accept extension batch separator
* test: align startup provider plugin expectations
* fix: restore provider-scoped release discovery
* test: align static asset packaging expectations
* fix: run static provider catalogs during scoped discovery
* fix: add provider entry catalogs for scoped live discovery
* fix: load lightweight provider catalog entries
* fix: refresh provider-scoped plugin metadata
* fix: keep provider catalog entries on release live path
* fix: keep static manifest models in release live checks
* fix: harden release model discovery
* fix: reduce OpenAI live cache probe reasoning
* fix: disable OpenAI cache probe reasoning
* ci: extend OpenAI gateway live timeout
* fix: extend live gateway model budget
* fix: stabilize release validation regressions
* fix: honor provider aliases in model rows
* fix: stabilize release validation lanes
* fix: stabilize release memory qa
* ci: stabilize release validation lanes
* ci: prefer ipv4 for live docker node calls
* fix: restore shared tool-call stream wrapper
* ci: remove legacy pi test shard alias
* fix: clean up embedded agent test drift
* fix: stabilize runtime alias status
* fix: clean up embedded agent ci drift
* fix: restore release ci invariants
* fix: clean up post-rebase runtime drift
* fix: restore release ci checks
* fix: restore release ci after rebase
* fix: remove stale pi runtime path
* test: align compaction runtime expectations
* test: update plugin prerelease expectations
* fix: handle claude live tool approvals
* fix: stabilize release validation gates
* fix: finish agent runtime import
* test: finish post-rebase agent runtime mocks
* fix: keep codex compaction native
* fix: stabilize codex app-server hook tests
* test: isolate codex diagnostic active run
* test: remove codex diagnostic completion race
# Conflicts:
# extensions/codex/src/app-server/run-attempt.test.ts
* ci: fix full release manifest performance run id
* refactor: narrow llm plugin sdk boundary
* chore: drop generated google boundary stamps
* fix: repair rebase fallout
* fix: clean up rebased runtime references
* fix: decode codex jwt payloads as base64url
* fix: preserve shipped pi runtime alias
* fix: add scoped sdk virtual modules
* fix: decode llm codex oauth jwt as base64url
* fix: avoid stale vertex adc negative cache
* fix: harden tool arg decoding and codeql path
* fix: keep vertex adc negative checks live
* refactor: consolidate codex jwt and edit helpers
* fix: await codex oauth node runtime imports
* fix: preserve sdk tool and notice contracts
* fix: preserve shipped compat config boundaries
* fix: align codex oauth callback host
* fix: terminate agent-core loop streams on failure
* fix: keep codex oauth callback alive during fallback
* ci: include session tools in critical codeql scans
* fix: keep Cloudflare Anthropic provider auth header
* docs: redirect legacy pi runtime pages
* fix: honor bundled web provider compat discovery
* fix: protect session output spill files
* fix: keep legacy agent dir env blocked
* fix: contain auto-discovered skill symlinks
* fix: harden agent core sdk proxy surfaces
* fix: restore approval reaction sdk compat
* fix: keep live docker runs bounded
* fix: keep codex oauth redirect host aligned
* fix: resolve post-rebase agent runtime drift
* fix: redact anthropic oauth parse failures
* fix: preserve responses strict tool shaping
* fix: repair agent runtime rebase cleanup
* docs: redirect retired parity pages
* fix: bound auto-discovered resources to roots
* fix: repair post-rebase agent test drift
* fix: preserve bundled provider allowlist migration
* fix: preserve manifest-owned provider aliases
* fix: declare photon image dependency
* fix: keep provider headers out of proxy body
* fix: preserve shipped env aliases
* fix: refresh control ui i18n generated state
* fix: quote read fallback paths
* fix: preview edits through configured backend
* test: satisfy core test typecheck
* fix: preserve ZAI usage auth fallback
* test: repair codex diagnostic test
* fix: repair agent runtime rebase drift
* test: finish embedded runner import rename
* fix: repair agent runtime rebase integrations
* test: align compaction oauth fallback expectations
* fix: allow sdk-auth session models
* fix: update doctor tool schema import
* fix: preserve bedrock plugin region
* fix: stream harmony-like prose immediately
* ci: include session runtime in codeql shards
* fix: repair latest rebase integrations
* fix: honor explicit codex websocket transport
* fix: keep openai-compatible credentials provider-scoped
* fix: refresh sdk api baseline after rebase
* fix: route cli runtime aliases through openclaw harness
* test: rename stale harness mock expectation
* test: rename embedded agent overflow calls
* test: clean embedded auth test wording
* test: use openclaw stream types in deepinfra cache test
* fix: refresh sdk api baseline on latest main
* fix: honor bundled discovery compat allowlists
* fix: refresh sdk api baseline after latest rebase
* fix: remove stale rebase imports
* test: rename stale model catalog mock
* test: mock renamed doctor runtime modules
* fix: map canonical kimi env auth
* fix: use internal model registry in bench script
* fix: migrate deepinfra provider catalog entry
* fix: enforce builtin tool suppression
* fix: route compaction auth and proxy payloads safely
* refactor: prune unused llm registry leftovers
* test: update codex hooks session import
* test: fix model picker ci coverage
* test: align model picker auth mock types
2026-05-27 19:24:04 +01:00
Peter Steinberger
7aaca4a8a6
chore(release): prepare 2026.5.27
2026-05-27 16:53:50 +01:00
Peter Steinberger
1507a9701b
refactor: centralize inbound supplemental context
...
* refactor: centralize inbound supplemental context
* refactor: trim supplemental finalizer typing
* docs: clarify supplemental context projection
* refactor: move inbound finalization into core
* refactor: simplify channel inbound facts
* refactor: fold supplemental media into inbound finalizer
* refactor: migrate channel inbound callers to builder
* docs: mark inbound finalizer compat types deprecated
* refactor: wire runtime turn context builder
* refactor: replace channel turn runtime API
* fix: respect discord quote visibility
* fix: avoid deprecated line dispatch helper
* refactor: deprecate channel message SDK seams
* docs: trim channel outbound SDK page
* test: migrate irc inbound assertion
* refactor: deprecate outbound SDK facades
* refactor: deprecate channel helper SDK facades
* refactor: deprecate channel streaming SDK facade
* refactor: move direct dm helpers into inbound SDK
* chore: mark legacy test-utils SDK alias deprecated
* refactor: remove unused allow-from read helper
* refactor: route remaining channel dispatch through core
* refactor: enforce modern extension SDK imports
* test: give slow image root tests more time
* ci: support node fallback on windows
* fix: add transcripts tool display metadata
* refactor: trim legacy channel test seams
* fix: preserve channel compat after rebase
* fix: keep deprecated channel inbound aliases
* fix: preserve discord thread context visibility
* fix: clean final rebase conflicts
* fix: preserve channel message dispatch aliases
* fix: sync channel refactor after rebase
* fix: sync channel refactor after latest main
* fix: dedupe memory-core subagent mock
* test: align clickclack inbound dispatch assertions
* fix: sync plugin sdk api hash after rebase
* fix: sync channel refactor after latest main
* fix: sync plugin sdk api hash after rebase
* fix: sync plugin sdk api hash after latest main
* test: remove stale inbound context awaits
2026-05-27 09:26:06 +01:00
Michael Appel
10546e57dd
clickclack: enforce inbound sender allowlist [AI] ( #83741 )
...
* fix: enforce clickclack sender allowlist
* addressing codex review
* test(clickclack): drop removed senderIsOwner from inbound test fixture
2026-05-26 18:41:12 -07:00
Peter Steinberger
d00d0a21c2
chore: bump OpenClaw to 2026.5.26
2026-05-26 01:26:00 +01:00
Peter Steinberger
cda7c30150
build: refresh dependency pins ( #86628 )
...
* build: refresh dependencies
* build: align pi fallback version
2026-05-25 21:55:46 +01:00
Peter Steinberger
0cba872e38
chore: bump version to 2026.5.24
2026-05-24 02:40:16 +01:00
Peter Steinberger
c4f0da00a9
refactor: use channel target resolution APIs ( #85814 )
...
* refactor: use channel target resolution apis
* refactor: satisfy delivery lint
* refactor: remove unused target parsing shim
* fix: preserve routed cron topic targets
2026-05-23 21:26:55 +01:00
Peter Steinberger
4df34cb790
chore(release): bump version to 2026.5.22
2026-05-22 21:25:16 +01:00
Peter Steinberger
e2c92be90b
chore(release): bump version to 2026.5.21
2026-05-22 00:09:45 +01:00
Peter Steinberger
02182d5a30
refactor: remove sender owner tool gating
2026-05-21 15:14:48 +01:00
Peter Steinberger
7b9066120a
chore(release): bump version to 2026.5.20
2026-05-20 21:58:56 +01:00
Peter Steinberger
c1579b7727
chore: bump release version to 2026.5.19
2026-05-18 23:11:42 +01:00
Peter Steinberger
16ef041b5d
fix(channels): preserve implicit default accounts
2026-05-17 06:42:28 +01:00