Commit graph

73 commits

Author SHA1 Message Date
sunlit-deng
1e377e3660
fix(clickclack): bound inbound websocket payloads (#102480)
* fix(clickclack): bound inbound websocket payloads

* fix(clickclack): bound inbound websocket payloads

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:09:30 +01:00
Vincent Koc
cc083e5f4f
refactor(plugins): localize internal helper types (#101922) 2026-07-07 17:11:49 -07:00
Vincent Koc
3d206140f3
refactor: localize internal implementation constants (#101758) 2026-07-07 08:34:13 -07:00
Peter Steinberger
a2a68d154b
fix(agent): preserve explicit recipient sessions (#101507)
* fix(agent): honor recipient session routing

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): preserve canonical recipient routes

* fix(agent): require exact recipient routes

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>

Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): harden recipient route resolution

* fix(imessage): require canonical recipient handles

* fix(agent): refine provider recipient exactness

* fix(agent): bound direct alias session routing

* fix(signal): preserve direct alias route type

* fix(agent): honor binding-scoped recipient sessions

* fix(routing): honor configured main session aliases

* fix(clickclack): align account-owned session routes

* fix(twitch): preserve canonical recipient sessions

* fix(routing): isolate stable outbound identities

* chore: defer recipient session changelog

* fix(sms): use dedicated channel SDK facade

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
2026-07-07 10:07:13 +01:00
Marvinthebored
cbcd6a102c
fix(clickclack): reply to a top-level message in-channel, not as a new thread (#100582)
* fix(clickclack): reply to a top-level message in-channel, not as a new thread

sendClickClackText routed any replyToId to createThreadReply, and the inbound
handler stamps replyToId = <triggering message id> on every reply. As a result
every reply to a top-level channel message opened its own thread, so the main
channel timeline showed nothing and the chat was effectively unusable.

Route a bare replyToId to the main channel as a quote-reply (quoted_message_id)
instead — matching the reply-to affordance of the Discord/Slack/Telegram
channels — and reserve threads for genuine thread context (an explicit threadId
or a thread-kind target). DM replies likewise quote-reply in the same
conversation. quoted_message_id is omitted when there is no reply context, so
plain sends are unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(clickclack): cover quote payload typing

---------

Co-authored-by: Marvinthebored <marvinthebored@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-05 22:27:27 -07:00
Ayaan Zaidi
2b7003d535 fix(clickclack): gate provenance stamping behind agentActivity opt-in 2026-07-05 09:32:37 -07:00
ragesaq
00f345a82b fix(clickclack): forward native activity callbacks
Allow ClickClack-owned progress rendering to receive item callbacks when source delivery is suppressed. This lets native agentActivity persist commentary and tool rows instead of relying on default progress texts.

HyperReview-Reflex: pass
HyperReview-Tier: light
HyperReview-Scope: staged-tree:e4d63a7648ad03f91fe81588cce783fd686b6488
HyperReview-Paths-SHA256: 94ae4829752bfdafc02191354cac5ae2a2ca9fc899ad02a7ced71d38829dd352
HyperReview-Reflex-Version: 0.3.3
HyperReview-Routed-To: none
2026-07-05 09:32:37 -07:00
ragesaq
67044ce7c7 feat(clickclack): normalize reasoning progress as commentary
ClickClack durable activity now treats preamble, commentary, analysis, thinking, and reasoning as streaming commentary segments. Reasoning-family lanes get a normalized Thinking label, while lifecycle frames stay hidden.

Why: native ClickClack needs Clickglass parity for commentary progress, tool calls, and final assistant delivery before the sidecar can be retired.

Validation:

pnpm tsgo:extensions

pnpm tsgo:extensions:test

pnpm exec oxlint extensions/clickclack/src/activity.ts extensions/clickclack/src/activity.test.ts

pnpm exec vitest run extensions/clickclack/src/activity.test.ts

HyperReview-Reflex: pass-with-conditions
HyperReview-Tier: light
HyperReview-Scope: staged-tree:ed2adf325ad5beffcb55d7c6b929b0be7a752b61
HyperReview-Paths-SHA256: e5499bb489781e9c4dd31828a71220bbe89c4e646011a7f31f5ce3b8db8d54c6
HyperReview-Reflex-Version: 0.3.3
HyperReview-Routed-To: none
HyperReview-Receipt-SHA256: 4d3480047c0b66556236cecde7dd3e199b57a027b8dd894acab47056d9be5b4c
2026-07-05 09:32:37 -07:00
ragesaq
a08ca5fc5d feat(clickclack): stamp model/thinking attribution onto agent posts
Wires replyOptions.onModelSelected so the resolved provider/model and
thinking level for each turn (including after fallback) are sent as
author_model / author_thinking fields on activity rows and the final
reply. Servers without these columns ignore the unknown JSON fields, so
the wire shape is backward compatible; servers that persist them get
per-message attribution.
2026-07-05 09:32:37 -07:00
ragesaq
339cc4f12a fix(clickclack): address review — docs, lint lanes, activity coalescing
- docs: document agentActivity option, the non-inherited agent_activity:write
  scope, default-off and best-effort degradation behavior
- activity: type the enqueue catch parameter as unknown (lint lane)
- activity: treat toolCallId as opaque; normalize only itemId lane prefixes
- activity: skip identical/stale-shorter commentary snapshots so no
  redundant PATCHes queue
- http-client: fail fast when createActivityMessage has no channel or
  conversation target; narrow mocked request bodies before JSON.parse
2026-07-05 09:32:37 -07:00
ragesaq
01b34139b1 feat(clickclack): publish durable agent activity rows (commentary + tool)
Opt-in per-account (agentActivity: true): the ClickClack channel extension
now mirrors streamed commentary and tool progress into durable
agent_commentary / agent_tool message rows via the existing
replyOptions.onItemEvent seam, coalesced so one logical step is one row.
Requires a bot token carrying the agent_activity:write scope; publishing
is best-effort and never interrupts final text delivery.
2026-07-05 09:32:37 -07:00
Peter Steinberger
f3e3b6985b
fix: land nine small correctness fixes (#100204)
* fix(memory-wiki): preserve dollar notes on reimport

Co-authored-by: 李兰 0668001394 <li.lan3@xydigit.com>

* fix(voice-call): handle spawn error during tunnel cleanup

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* fix(media): reject invalid response byte limits

Co-authored-by: linhongkuan <linhk8@mail2.sysu.edu.cn>

* fix(infra): match listening ports exactly

Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>

* fix(exec): preserve UTF-16 boundaries when truncating output

Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>

* fix(agents): reject surrogate HTML entities

Co-authored-by: mikasa0818 <0668001030@xydigit.com>

* fix(anthropic): guard Claude Fable 5 prefix boundaries

Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>

* fix(models): render context windows in decimal K

Co-authored-by: harjoth <harjoth.khara@gmail.com>

* fix(clickclack): preserve websocket rejection diagnostics

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

* fix(exec): use canonical UTF-16 slicing helper

Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>

* style(exec): sort UTF-16 helper imports

* style(exec): sort UTF-16 helper imports

* style(exec): sort UTF-16 helper imports

* style(infra): format response limit helper

* style(infra): format response limit helper

---------

Co-authored-by: 李兰 0668001394 <li.lan3@xydigit.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: linhongkuan <linhk8@mail2.sysu.edu.cn>
Co-authored-by: 徐闻涵0668001344 <xu.wenhan1@xydigit.com>
Co-authored-by: liuhao1024 <sunsky.lau@gmail.com>
Co-authored-by: mikasa0818 <0668001030@xydigit.com>
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
Co-authored-by: harjoth <harjoth.khara@gmail.com>
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
2026-07-05 01:44:56 -07:00
Vincent Koc
3e2646a786
fix(release): use workspace host deps in release lockfile
(cherry picked from commit d377c0f910)
2026-06-30 15:54:12 -07:00
Vincent Koc
66e676d29b
chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
mushuiyu886
f4fa10c2c5
fix(clickclack): bound REST success JSON response reads (#96970)
* fix(clickclack): bound REST success JSON response reads

* test(clickclack): harden response cap proof

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-06-27 07:30:32 -07:00
Vincent Koc
0671c08900
chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Vincent Koc
f2eca94391
feat(plugins): externalize additional official plugins (#95683) 2026-06-22 16:12:51 +08:00
Vincent Koc
b039e949b6
chore(release): close out 2026.6.9 2026-06-21 12:24:15 +08:00
Vincent Koc
f14a2cb9c5
fix(clickclack): bound api error response bodies 2026-06-19 13:16:08 +02:00
Vincent Koc
b794d7fb58
fix(clickclack): reconnect after websocket errors 2026-06-19 07:07:25 +02:00
Vincent Koc
405df6f166
fix(clickclack): clear gateway status after poll failures 2026-06-17 16:40:43 +02:00
Vincent Koc
6774e7f259
chore(release): sync main to 2026.6.8 2026-06-17 07:25:30 +08:00
Shakker
920e6a8eec
chore: set version 2026.6.9 2026-06-16 19:54:07 +01:00
Peter Steinberger
797bcd5bdb
fix: propagate ClickClack toolsAllow through replies
Propagate ClickClack account-level runtime tool allowlists through inbound reply dispatch so restricted ClickClack accounts keep their tool policy when model/agent replies are generated.

This threads `toolsAllow` through shared dispatch, provider wrappers, embedded agent execution, and ACP hook events. ACP-bound sessions now fail closed for restrictive runtime allowlists because ACPX cannot enforce per-turn tool allowlists on reused persistent sessions.

Verification:
- Live ClickClack E2E on Crabbox AWS `run_6a0472ed7e71`, provider `aws`, id `cbx_dace25addcaa`.
- `node scripts/run-vitest.mjs run src/auto-reply/reply/dispatch-acp.test.ts src/plugin-sdk/acp-runtime.test.ts src/auto-reply/reply/dispatch-from-config.reply-dispatch.test.ts src/auto-reply/dispatch.test.ts src/auto-reply/reply/agent-runner-execution.test.ts src/auto-reply/reply/provider-dispatcher.test.ts extensions/clickclack/src/inbound.test.ts --reporter=verbose`
- Crabbox changed gate `run_d32af37fb265`, provider `aws`, id `cbx_8236876017c9`: `corepack pnpm check:changed`
- Autoreview clean: `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main`

Supersedes #89500.

Co-authored-by: Michael Appel <mappel@nvidia.com>
2026-06-05 08:40:35 -07:00
Peter Steinberger
4fa5092cdc docs: document small extension sources 2026-06-04 21:02:07 -04:00
Peter Steinberger
802cdc7783 docs: document clickclack plugin 2026-06-04 08:12:22 -04:00
Peter Steinberger
1878ca0820
chore(release): prepare 2026.6.2 beta 2026-06-04 00:06:52 +01:00
Peter Steinberger
e254346bc2
chore(release): prepare 2026.6.3 beta 2026-06-03 23:42:34 +01:00
Peter Steinberger
a14eacf372
chore(release): set version 2026.6.2 2026-06-01 23:06:55 +01:00
Peter Steinberger
8e28c773fe
chore(release): prepare 2026.6.1 2026-06-01 10:30:15 +01:00
Peter Steinberger
22cb7fb6b7
chore(lint): enable no-promise-executor-return 2026-05-31 23:06:13 +01:00
Peter Steinberger
0d17623f00
chore: bump OpenClaw version to 2026.5.31
Bumps OpenClaw release metadata to 2026.5.31 across package manifests, app version files, plugin metadata, changelog headings, and generated shrinkwraps.

Verification:
- pnpm plugins:sync:check
- pnpm ios:version:check
- pnpm deps:shrinkwrap:check
- git diff --check
- stale 2026.5.30/build-code scan across changed files
- autoreview clean: no accepted/actionable findings
- PR CI green for real gates: Checks, security scans, dependency guard, app lanes, real behavior proof

Known non-code workflow issue:
- label workflow failed because this PR hits GitHub's 100-label issue cap before the size-label step.
2026-05-31 14:46:17 +01:00
Peter Steinberger
48ccc50282
chore: update dependencies 2026-05-31 09:07:53 +01:00
Peter Steinberger
604339ebf9 fix(clickclack): normalize reconnect intervals 2026-05-31 01:37:46 -04:00
Peter Steinberger
cd07d013ba
chore(release): bump version to 2026.5.30 2026-05-30 06:49:13 +01:00
Peter Steinberger
cee2a50fe6
chore(release): prepare 2026.5.28 2026-05-28 01:48:07 +01:00
Peter Steinberger
bb46b79d3c
refactor: internalize OpenClaw agent runtime (#85341)
* refactor: extract agent core package

Introduce packages/agent-core as the OpenClaw-owned home for reusable agent loop, harness, session, prompt, and runtime dependency contracts.

* refactor: extract shared llm runtime

Move provider model registries, stream wrappers, OAuth helpers, and LLM utilities into src/llm with plugin-sdk barrels instead of depending on the old embedded runtime layout.

* refactor: remove pi runtime internals

Rename remaining Pi-shaped agent surfaces to OpenClaw agent runtime names, delete obsolete Pi docs and package graph checks, and add the third-party notice for incorporated code.

* refactor: tighten agent session runtime

Make agent-core/runtime dependencies explicit, consolidate compaction and session transcript helpers, and move model/session helpers behind OpenClaw-owned contracts.

* refactor: remove static model and pi auth paths

Drop static model catalogs and Pi auth bridges, move model/provider facts to manifest-owned runtime contracts, and harden internal embedded-agent utilities.

* refactor: remove legacy provider compat paths

* docs: remove agent parity notes

* fix: skip provider wildcard metadata parsing

* refactor: share session extension sdk loading

* refactor: inline acpx proxy error formatter

* refactor: fold edit recovery into edit tool

* fix: accept extension batch separator

* test: align startup provider plugin expectations

* fix: restore provider-scoped release discovery

* test: align static asset packaging expectations

* fix: run static provider catalogs during scoped discovery

* fix: add provider entry catalogs for scoped live discovery

* fix: load lightweight provider catalog entries

* fix: refresh provider-scoped plugin metadata

* fix: keep provider catalog entries on release live path

* fix: keep static manifest models in release live checks

* fix: harden release model discovery

* fix: reduce OpenAI live cache probe reasoning

* fix: disable OpenAI cache probe reasoning

* ci: extend OpenAI gateway live timeout

* fix: extend live gateway model budget

* fix: stabilize release validation regressions

* fix: honor provider aliases in model rows

* fix: stabilize release validation lanes

* fix: stabilize release memory qa

* ci: stabilize release validation lanes

* ci: prefer ipv4 for live docker node calls

* fix: restore shared tool-call stream wrapper

* ci: remove legacy pi test shard alias

* fix: clean up embedded agent test drift

* fix: stabilize runtime alias status

* fix: clean up embedded agent ci drift

* fix: restore release ci invariants

* fix: clean up post-rebase runtime drift

* fix: restore release ci checks

* fix: restore release ci after rebase

* fix: remove stale pi runtime path

* test: align compaction runtime expectations

* test: update plugin prerelease expectations

* fix: handle claude live tool approvals

* fix: stabilize release validation gates

* fix: finish agent runtime import

* test: finish post-rebase agent runtime mocks

* fix: keep codex compaction native

* fix: stabilize codex app-server hook tests

* test: isolate codex diagnostic active run

* test: remove codex diagnostic completion race

# Conflicts:
#	extensions/codex/src/app-server/run-attempt.test.ts

* ci: fix full release manifest performance run id

* refactor: narrow llm plugin sdk boundary

* chore: drop generated google boundary stamps

* fix: repair rebase fallout

* fix: clean up rebased runtime references

* fix: decode codex jwt payloads as base64url

* fix: preserve shipped pi runtime alias

* fix: add scoped sdk virtual modules

* fix: decode llm codex oauth jwt as base64url

* fix: avoid stale vertex adc negative cache

* fix: harden tool arg decoding and codeql path

* fix: keep vertex adc negative checks live

* refactor: consolidate codex jwt and edit helpers

* fix: await codex oauth node runtime imports

* fix: preserve sdk tool and notice contracts

* fix: preserve shipped compat config boundaries

* fix: align codex oauth callback host

* fix: terminate agent-core loop streams on failure

* fix: keep codex oauth callback alive during fallback

* ci: include session tools in critical codeql scans

* fix: keep Cloudflare Anthropic provider auth header

* docs: redirect legacy pi runtime pages

* fix: honor bundled web provider compat discovery

* fix: protect session output spill files

* fix: keep legacy agent dir env blocked

* fix: contain auto-discovered skill symlinks

* fix: harden agent core sdk proxy surfaces

* fix: restore approval reaction sdk compat

* fix: keep live docker runs bounded

* fix: keep codex oauth redirect host aligned

* fix: resolve post-rebase agent runtime drift

* fix: redact anthropic oauth parse failures

* fix: preserve responses strict tool shaping

* fix: repair agent runtime rebase cleanup

* docs: redirect retired parity pages

* fix: bound auto-discovered resources to roots

* fix: repair post-rebase agent test drift

* fix: preserve bundled provider allowlist migration

* fix: preserve manifest-owned provider aliases

* fix: declare photon image dependency

* fix: keep provider headers out of proxy body

* fix: preserve shipped env aliases

* fix: refresh control ui i18n generated state

* fix: quote read fallback paths

* fix: preview edits through configured backend

* test: satisfy core test typecheck

* fix: preserve ZAI usage auth fallback

* test: repair codex diagnostic test

* fix: repair agent runtime rebase drift

* test: finish embedded runner import rename

* fix: repair agent runtime rebase integrations

* test: align compaction oauth fallback expectations

* fix: allow sdk-auth session models

* fix: update doctor tool schema import

* fix: preserve bedrock plugin region

* fix: stream harmony-like prose immediately

* ci: include session runtime in codeql shards

* fix: repair latest rebase integrations

* fix: honor explicit codex websocket transport

* fix: keep openai-compatible credentials provider-scoped

* fix: refresh sdk api baseline after rebase

* fix: route cli runtime aliases through openclaw harness

* test: rename stale harness mock expectation

* test: rename embedded agent overflow calls

* test: clean embedded auth test wording

* test: use openclaw stream types in deepinfra cache test

* fix: refresh sdk api baseline on latest main

* fix: honor bundled discovery compat allowlists

* fix: refresh sdk api baseline after latest rebase

* fix: remove stale rebase imports

* test: rename stale model catalog mock

* test: mock renamed doctor runtime modules

* fix: map canonical kimi env auth

* fix: use internal model registry in bench script

* fix: migrate deepinfra provider catalog entry

* fix: enforce builtin tool suppression

* fix: route compaction auth and proxy payloads safely

* refactor: prune unused llm registry leftovers

* test: update codex hooks session import

* test: fix model picker ci coverage

* test: align model picker auth mock types
2026-05-27 19:24:04 +01:00
Peter Steinberger
7aaca4a8a6
chore(release): prepare 2026.5.27 2026-05-27 16:53:50 +01:00
Peter Steinberger
1507a9701b
refactor: centralize inbound supplemental context
* refactor: centralize inbound supplemental context

* refactor: trim supplemental finalizer typing

* docs: clarify supplemental context projection

* refactor: move inbound finalization into core

* refactor: simplify channel inbound facts

* refactor: fold supplemental media into inbound finalizer

* refactor: migrate channel inbound callers to builder

* docs: mark inbound finalizer compat types deprecated

* refactor: wire runtime turn context builder

* refactor: replace channel turn runtime API

* fix: respect discord quote visibility

* fix: avoid deprecated line dispatch helper

* refactor: deprecate channel message SDK seams

* docs: trim channel outbound SDK page

* test: migrate irc inbound assertion

* refactor: deprecate outbound SDK facades

* refactor: deprecate channel helper SDK facades

* refactor: deprecate channel streaming SDK facade

* refactor: move direct dm helpers into inbound SDK

* chore: mark legacy test-utils SDK alias deprecated

* refactor: remove unused allow-from read helper

* refactor: route remaining channel dispatch through core

* refactor: enforce modern extension SDK imports

* test: give slow image root tests more time

* ci: support node fallback on windows

* fix: add transcripts tool display metadata

* refactor: trim legacy channel test seams

* fix: preserve channel compat after rebase

* fix: keep deprecated channel inbound aliases

* fix: preserve discord thread context visibility

* fix: clean final rebase conflicts

* fix: preserve channel message dispatch aliases

* fix: sync channel refactor after rebase

* fix: sync channel refactor after latest main

* fix: dedupe memory-core subagent mock

* test: align clickclack inbound dispatch assertions

* fix: sync plugin sdk api hash after rebase

* fix: sync channel refactor after latest main

* fix: sync plugin sdk api hash after rebase

* fix: sync plugin sdk api hash after latest main

* test: remove stale inbound context awaits
2026-05-27 09:26:06 +01:00
Michael Appel
10546e57dd
clickclack: enforce inbound sender allowlist [AI] (#83741)
* fix: enforce clickclack sender allowlist

* addressing codex review

* test(clickclack): drop removed senderIsOwner from inbound test fixture
2026-05-26 18:41:12 -07:00
Peter Steinberger
d00d0a21c2
chore: bump OpenClaw to 2026.5.26 2026-05-26 01:26:00 +01:00
Peter Steinberger
cda7c30150
build: refresh dependency pins (#86628)
* build: refresh dependencies

* build: align pi fallback version
2026-05-25 21:55:46 +01:00
Peter Steinberger
0cba872e38
chore: bump version to 2026.5.24 2026-05-24 02:40:16 +01:00
Peter Steinberger
c4f0da00a9
refactor: use channel target resolution APIs (#85814)
* refactor: use channel target resolution apis

* refactor: satisfy delivery lint

* refactor: remove unused target parsing shim

* fix: preserve routed cron topic targets
2026-05-23 21:26:55 +01:00
Peter Steinberger
4df34cb790
chore(release): bump version to 2026.5.22 2026-05-22 21:25:16 +01:00
Peter Steinberger
e2c92be90b
chore(release): bump version to 2026.5.21 2026-05-22 00:09:45 +01:00
Peter Steinberger
02182d5a30 refactor: remove sender owner tool gating 2026-05-21 15:14:48 +01:00
Peter Steinberger
7b9066120a
chore(release): bump version to 2026.5.20 2026-05-20 21:58:56 +01:00
Peter Steinberger
c1579b7727
chore: bump release version to 2026.5.19 2026-05-18 23:11:42 +01:00
Peter Steinberger
16ef041b5d
fix(channels): preserve implicit default accounts 2026-05-17 06:42:28 +01:00