Commit graph

1708 commits

Author SHA1 Message Date
Peter Steinberger
8985598302
fix(gateway): stop paired-device duplication and redesign the Nodes page (#102810)
* fix(gateway): prune superseded silent device pairings on auto-approve

* feat(ui): unified nodes & devices inventory with dedupe and cleanup

* docs: nodes page inventory + silent pairing supersede cleanup

* refactor(gateway): run silent-pairing prune after approval broadcast

* fix(ui): surface node list errors on the nodes inventory card

* fix(gateway): restrict pairing auto-prune to same-host silent approvals

* fix(gateway): report live device connections and guard pairing prune races

* docs(ui): document bulk-cleanup name-collision tradeoff

* fix(gateway): avoid map-spread when marking live device connections

* docs: regenerate docs map
2026-07-09 15:40:30 +01:00
Peter Steinberger
5f9e0e20d4
fix: scope task suggestions to supported surfaces (#102743)
* fix: make task suggestions surface-aware

* fix: honor task suggestion action scopes

* fix: align task surface compatibility types

* fix: isolate task suggestions across surfaces

* style: satisfy task selector lint

* chore: defer task suggestion release note

* test: dedupe gateway capability fixture

* test: cover combined gateway capabilities
2026-07-09 12:59:50 +01:00
Peter Steinberger
3ccf2a0739
feat: render inline web chat widgets via capability-gated show_widget tool (#101840)
Adds client-capability-gated tool availability: gateway clients declare
capabilities at connect (new inline-widgets cap), chat.send stamps them into
the run context, and every tool assembly path (embedded runner, queued
followups, Codex app-server harness, plugin-only construction plans) drops
tools whose requiredClientCaps the originating client did not declare. The
Canvas plugin ships the first such tool, show_widget: agents pass SVG or an
HTML fragment plus a title; the plugin hosts it as a bounded, retention-scoped
Canvas document and returns the existing canvas preview handle, which web chat
renders as a sandboxed iframe fitted to the widget's reported content height.
Widget frames never get allow-same-origin (per-preview sandbox ceiling,
including the sidebar path) and the Canvas host serves widget documents with a
CSP sandbox header so direct navigation runs in an opaque origin. Verified
live end-to-end on a Testbox with gpt-5.5 (screenshots on the PR). CLI-backed
model backends do not carry client caps yet and stay fail-closed (#102577).

Closes #101790
2026-07-09 12:29:50 +01:00
Sally O'Malley
e595a8c0ac
Add Vault SecretRef plugin (#89255)
* Add Vault SecretRef plugin

Signed-off-by: sallyom <somalley@redhat.com>

* expand Vault setup to registered SecretRef targets

Signed-off-by: sallyom <somalley@redhat.com>

* fix(vault): use sdk secret target seam

* fix(vault): preserve auth profile target paths

* docs(vault): document plugin enable step

* fix(vault): make status provider-alias aware

* fix(vault): reject noncanonical secret ids

* fix(vault): separate resolver timeout deadlines

* fix(vault): forward private CA trust settings

* fix(secrets): preserve plugin policy boundaries

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-09 05:30:12 -05:00
kevinlin-openai
245b91b83d
feat(slack): support Enterprise Grid org installs (#102372)
* feat(slack): support Enterprise Grid org installs

* docs: refresh generated docs map

* fix(slack): satisfy enterprise routing CI

* fix(slack): accept org auth without app id

* docs(plugin-sdk): document channel policy hooks

* fix(slack): reuse canonical sender for enterprise replies

* test(slack): fix enterprise sender lint

---------

Co-authored-by: Kevin Lin <kevin@dendron.so>
2026-07-08 23:53:19 -07:00
Peter Steinberger
5533d979d4
feat: add follow-up task suggestions (#102422)
* feat(tools): add follow-up task suggestions

* chore: leave changelog to release flow

* fix(tools): add task suggestion display metadata

* fix(tools): update task suggestion display snapshot

* docs: format task suggestion tool table

* test(gateway): expect compaction worktree workspace

* test(gateway): preserve configured compaction workspace

* fix(ui): translate task suggestions
2026-07-09 06:30:01 +01:00
Gio Della-Libera
7d82e5b658
Doctor: audit lint default selection (#100361)
Summary:
- audit Doctor lint default selection after the full lint-family backfill
- make legacy state, skills readiness, session transcripts, and session snapshots explicit-only for default lint
- document default lint vs --all/--only and keep plugin/SDK public contracts unchanged

Validation:
- Galin review: no blocking findings
- maintainer accepted the default-lint compatibility tradeoff in PR comment
- exact-head hosted gates passed for d5d88a0db14782a36f72aa1fbe5023570343f773: CI#28976811444 and Workflow Sanity#28976811343
- local broad pnpm check was blocked by a shrinkwrap guard failure that reproduces on origin/main and is unrelated to this five-file Doctor diff

Co-authored-by: Gio Della-Libera <235387111+giodl73-repo@users.noreply.github.com>
2026-07-08 14:34:57 -07:00
Sally O'Malley
b81666ca6a
Fix container image upgrade migrations before gateway readiness (#101881)
* run all 'openclaw upgrade' migrations with container image upgrades

Signed-off-by: sallyom <somalley@redhat.com>

* fix: block gateway startup on plugin repair warnings

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
2026-07-08 14:19:05 -04:00
Peter Steinberger
4bf70be01a
feat(secrets): egress-time credential injection with process-local sentinels (#102009)
* feat(secrets): resolve SecretRef model credentials at egress via process-local sentinels

SecretRef-managed model-provider credentials now travel as opaque
oc-sent-v1 sentinels through auth storage, stream options, and SDK
config; the guarded model fetch injects real values into headers and
URLs immediately before the SSRF-guarded send and fails closed on
unknown sentinels. packages/ai adapters converge on the host guarded
fetch where the SDK supports custom fetch and unwrap at construction
where it does not. Resolved values (and their percent-encoded forms)
register for exact-value log redaction. Kill switch:
OPENCLAW_SECRET_SENTINELS=off. Also fixes a pre-existing unhandled
rejection race in capNonOkResponseBodyLazily (pipeThrough writer leak).

* test(plugin-sdk): update public surface budget
2026-07-08 12:56:41 +01:00
Peter Steinberger
7c0a7c8be2
fix(agents): keep exec visible for lean local models (#101607)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 12:46:26 +01:00
Alex Knight
d09469c7a6
fix: show exported tool results in trace viewers (#101371)
* fix: show exported tool results in trace viewers

* fix(diagnostics-otel): emit semconv response key and execute_tool identity so trace viewers show tool results

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-07 17:14:30 +10:00
Vincent Koc
f0564943a7 docs(openai): refresh realtime 2.1 examples 2026-07-06 23:22:33 -07:00
Kevin Lin
e3c40efeb0
feat(update): notify extended-stable availability (#100438)
* docs(update): clarify extended-stable notifications

* feat(update): notify extended-stable availability

* fix(update): isolate notification state

* fix(docs): align update channel table

* fix(update): refresh after channel switch

* fix(update): satisfy notification checks

* test(update): prove loopback notification path

* test(update): fix loopback server lifecycle

* fix(update): refresh extended stable without cache

* fix(update): retain extended stable throttle marker
2026-07-06 19:57:03 -07:00
pash-openai
806a116f9d
Let owner-operated Codex agents use connected account apps (#100973)
* Allow connected Codex account apps

* Preserve explicit plugin app policy

* Refresh Codex documentation map

* Unify connected apps with Codex plugin policy

* Format Codex configuration reference
2026-07-06 12:31:45 -07:00
Peter Steinberger
912af0a56f
fix(gateway): keep N-1 nodes manageable during upgrades (#101109)
* fix(gateway): allow N-1 node protocol maintenance

* docs: refresh generated map for node upgrade guide
2026-07-06 20:01:20 +01:00
Peter Steinberger
c4c4caadfe
fix(android): clarify SMS command authorization (#100993) 2026-07-06 18:36:05 +01:00
Peter Steinberger
553acdfc1a
feat(gateway): add tts.speak method returning synthesized audio inline (#100770)
* feat(gateway): add tts.speak method returning synthesized audio inline

* test(gateway): type tts.speak synthesis mock for failure shapes

* fix(gateway): restore lowercase normalizer import used by talk catalog

* test(gateway): shift advertised-method window for tts.speak

* fix(gateway): ready tts speak for landing

* docs(changelog): record tts speak gateway API

* test(agents): stabilize fast auto startup synchronization

* test(crabbox): stabilize sparse checkout exit guard
2026-07-06 18:25:08 +01:00
Peter Steinberger
0a488bd30b
fix: device pairing floods stacked approval alerts for a retrying device and stale approvals no-op (#100976)
* fix(gateway): stop device pairing approval alert floods from retrying devices

A device retrying with a broken token minted a new pending requestId (and
approval alert broadcast) every 5-minute TTL window because refresh preserved
ts and expiry keyed on ts. Pending requests now stay alive via an internal
refreshedAtMs keepalive (ts still owns ordering/--latest), superseded device
requests broadcast device.pair.resolved like node pairing already did, and the
Mac app keeps one alert per device, closes superseded visible alerts, and
resyncs its queue when approving a stale request.

Closes #100974

* chore: satisfy swiftformat and refresh native i18n inventory for pairing prompter changes
2026-07-06 17:20:06 +01:00
Peter Steinberger
30e5dfcf02
feat(gateway): read-only agents.workspace list/get browsing RPCs (#100738)
* feat(gateway): add read-only agents.workspace list/get browsing RPCs

* fix(gateway): gate workspace image reads on sniffed magic bytes, not extension

* fix(gateway): tighten workspace browsing boundary

* docs(gateway): clarify workspace read trust scope

* chore(gateway): leave release notes to release flow
2026-07-06 16:41:24 +01:00
Peter Steinberger
f53346944d
feat: correlate native search outcomes in audit history (#98704)
* feat: correlate native search outcomes in audit history

Metadata-only audit ledger for agent runs and tool actions in the shared
state DB: stable event identity, closed action/status/error vocabularies,
one-way-hashed tool-call ids, never-inferred terminal outcomes for native
web-search (explicit completed/failed only; otherwise unknown), bounded
retention, audit.list gateway RPC and openclaw audit CLI. Squashed from
the 82-commit audit stack for replay onto current main.

* feat(audit): add audit.enabled config gate (default on)

The metadata-only audit ledger records by default: an audit trail enabled
only after an incident cannot explain the incident, and the rows are
strictly less sensitive than the transcripts every install already
stores. audit.enabled=false stops new writes at the gateway subscription
seam; audit.list and openclaw audit keep serving existing records until
they expire. Documented in the configuration reference, protocol page,
and CLI reference.

* fix: repair full-matrix CI findings after rebase

- break the dynamic-tools/dynamic-tool-execution import cycle by
  extracting resolveCodexToolAbortTerminalReason into a leaf module
- restore main's session-worktree protocol exports lost in the
  index.ts auto-merge
- register the audit event writer worker as a knip entry point
- docs table formatting; subagent wait-cancellation test scoped to its
  audit intent (outcome + timing) and advanced past main's new
  lifecycle-timeout retry grace
2026-07-06 12:30:12 +01:00
Ayaan Zaidi
a18708c5c1
feat(gateway): add persisted crash-loop breaker and fatal-config exit contract
Gateways that crash-loop under systemd/launchd previously flapped forever
with no persisted state and no supervisor signal. The gateway now records
every boot outcome in the shared state DB (gateway_boot_lifecycle); three
unclean boots within five minutes trip a breaker that boots the gateway in
safe mode: full control plane available, channel/provider auto-start
suppressed at the channel-manager seam (startup, config hot-reload,
secrets.reload) with manual channels.start override, one stability bundle
per trip. The breaker re-evaluates each boot and logs recovery when the
window drains. Slow shutdowns record forced_stop and never count as
crashes; /readyz stays ready and reports suppressed channels; the health
monitor treats suppressed accounts as expected-stopped. Fatal invalid-config
errors now exit 78 (EX_CONFIG) on both the startup and unhandled-rejection
paths, engaging the systemd unit's pre-existing RestartPreventExitStatus=78
so supervisors stop relaunching until the config is fixed.
2026-07-06 06:45:55 +00:00
Peter Steinberger
62d957634c
fix(agents): cap effective compaction reserve (#100621)
* fix(agents): cap effective compaction reserve

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* docs(changelog): link small-context compaction fix

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 06:49:44 +01:00
Peter Steinberger
dd972b8bf7
fix: replies fail when memory flush is exhausted (#100618)
* fix(reply): recover from memory flush exhaustion

Co-authored-by: 忻役 <xinyi@mininglamp.com>

Co-authored-by: Jerry-Xin <jerryxin0@gmail.com>

* test(reply): remove unused memory flush result

---------

Co-authored-by: Jerry-Xin <jerryxin0@gmail.com>
2026-07-06 06:41:16 +01:00
Hemant Sudarshan
bacd1c512a
fix(browser): time out remote tab enumeration (#80147)
* fix(browser): time out remote tab enumeration

* chore: remove stale changelog entry

* fix(browser): isolate timed-out read cleanup

* fix(browser): isolate timed-out read cleanup

* test(browser): satisfy connection regression lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:56:05 +01:00
Peter Steinberger
aaf5ab910c
fix: land ten small reliability fixes (#100483)
* fix(agents): harden LSP process failures

Source: #100450

Co-authored-by: morluto <williamlin1327@gmail.com>

* fix(sandbox): report effective workspace layout

Sources: #100435, #100439

Co-authored-by: Aniruddha Adak <aniruddhaadak80@users.noreply.github.com>

Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>

* fix(security): fail install checks on stream errors

Source: #100413

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* fix(android): normalize all-day calendar events

Source: #100032

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(ios): serialize push-to-talk lifecycle

Source: #99942

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

* fix(talk): reject inherited provider names

Source: #99849

Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com>

* fix(android): stop voice capture in background

Source: #99840

Co-authored-by: xialonglee <li.xialong@xydigit.com>

* fix(cron): preserve fallback result classification

Source: #99913

Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com>

* fix(google): bound Vertex response decompression

Source: #99812

Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>

* fix(plugins): report malformed discovery JSON

Source: #99892

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* test(sandbox): configure non-default workspace fixture

* test: fix small-fix batch validation

---------

Co-authored-by: morluto <williamlin1327@gmail.com>
Co-authored-by: ZengWen-DT <ceng.wen@xydigit.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: zenglingbiao <zeng.lingbiao@xydigit.com>
Co-authored-by: xialonglee <li.xialong@xydigit.com>
Co-authored-by: jincheng-xydt <xu.jincheng@xydigit.com>
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
2026-07-06 00:08:51 +01:00
Vincent Koc
7dfc499299
fix(agents): trim media tools in lean mode (#88881)
* fix(agents): trim media tools in lean mode

* fix(agents): preserve lean tool allowlists

* fix(agents): preserve lean tool overrides

* fix(agents): enforce lean policy at harness boundary

* fix(agents): preserve lean override provenance

* test(agents): satisfy lean harness contracts

* docs(changelog): record lean local-model tool trimming

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 00:06:06 +01:00
Peter Steinberger
4da855a1ff
fix(slack): prefer native status by default (#100462)
Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-05 23:10:08 +01:00
Peter Steinberger
5e0504aa43
feat(ui): simplify Talk settings (#100453)
Co-authored-by: Peter Steinberger <steipete@openai.com>
2026-07-05 21:31:52 +01:00
Peter Steinberger
062f88e3e3
refactor: extract reusable AI runtime package (#99059)
* refactor: extract reusable AI runtime package

* refactor: complete AI provider relocation

* refactor: keep llm core internal

* refactor(ai): make @openclaw/ai self-contained with host policy ports

Move pure transport helpers (tool projections, strict-schema normalization,
prompt-cache boundary, stream guards, anthropic/openai compat, request
activity) from src into packages/ai; move utf16-slice into
normalization-core. Inject host policy (guarded fetch, redaction,
strict-tool defaults, diagnostics logging) through AiTransportHost with
inert library defaults installed by src/llm/stream.ts. Narrow the public
barrel to instance-scoped createApiRegistry/createLlmRuntime; the
process-default runtime moves behind internal/ and
registerBuiltInApiProviders takes an explicit registry. Delete the
src/llm/api-registry re-export facade.

* fix(ai): teach node, jiti, and vite resolvers the @openclaw/ai and utf16-slice subpaths

The workspace alias tables in root-alias.cjs, plugin-sdk-native-resolver,
sdk-alias, the shared vitest config, and the Control UI vite config only
knew @openclaw/llm-core; Node-side plugin loading resolved @openclaw/ai
through the pnpm symlink to the unbuilt dist (checks-node-compact CI
failures), and the Control UI build broke on the new
normalization-core/utf16-slice subpath.

* chore(ui): drop leftover service-worker debug logging

* build(release): ship @openclaw/ai with its own shrinkwrap and honest dependency set

packages/ai declares only its six real runtime deps (kysely, chalk, json5,
tslog, zod, fs-safe, and proxyline were never imported); orphaned root deps
removed. generate-npm-shrinkwrap now treats publishable packages/* like
publishable plugins so the AI tarball pins its transitive tree even though
workspace deps are omitted from the root shrinkwrap. knip learns the
package entry points; the tsdown dts neverBundle option moves to its
documented deps.dts home; the README documents the no-semver internal/*
contract and host ports.

* docs(ai): add minimal external-consumer example app

examples/ai-chat consumes only the public @openclaw/ai surface (built dist
via the workspace link): isolated runtime, built-in provider registration,
one streamed completion. Supports Anthropic/OpenAI via env keys and a
keyless local Ollama target; live-verified against Ollama.

* docs(ai): document the @openclaw/ai package and workspace shrinkwrap boundary

* chore(check): include examples/ in duplicate-scan targets

* fix: emit normalization package subpaths

* fix: complete AI package boundary artifacts

* fix: align AI package boundary contracts

* fix(ci): stabilize package release contracts

* test: align documentation contract checks

* test: keep cron docs guard aligned

* test: align restored docs contract guards

* test: follow upstream docs contracts

* docs: drop superseded talk wording
2026-07-05 01:56:40 -04:00
Peter Steinberger
f7d7148cf0
docs: rewrite published docs grounded in current source (#100142)
Source-grounded rewrite of 529 published docs pages with per-unit information-loss verification: 1,713 factual corrections cited to src/**, generated surfaces regenerated, frontmatter titles preserved for i18n, release notes pages untouched. All docs gates green.

Closes #100141
2026-07-05 00:32:47 -04:00
Peter Steinberger
e57bcbca50
docs: fold terminal reattach into the hardened terminal docs (opt-in default) 2026-07-04 15:58:18 -07:00
Peter Steinberger
5938c7809a
feat(gateway): terminal detach/reattach with output replay, terminal.list/text 2026-07-04 15:58:17 -07:00
xingzhou
27d6c88167
feat: add utility models and generated session titles (#87643)
Some checks are pending
Native App Locale Refresh / Refresh native es (push) Waiting to run
Native App Locale Refresh / Refresh native fa (push) Waiting to run
Native App Locale Refresh / Refresh native fr (push) Waiting to run
Native App Locale Refresh / Refresh native hi (push) Waiting to run
Native App Locale Refresh / Refresh native id (push) Waiting to run
Native App Locale Refresh / Refresh native it (push) Waiting to run
Native App Locale Refresh / Refresh native ja-JP (push) Waiting to run
Native App Locale Refresh / Refresh native ko (push) Waiting to run
Native App Locale Refresh / Refresh native nl (push) Waiting to run
Native App Locale Refresh / Refresh native pl (push) Waiting to run
Native App Locale Refresh / Refresh native pt-BR (push) Waiting to run
Native App Locale Refresh / Refresh native ru (push) Waiting to run
Native App Locale Refresh / Refresh native sv (push) Waiting to run
Native App Locale Refresh / Refresh native th (push) Waiting to run
Native App Locale Refresh / Refresh native tr (push) Waiting to run
Native App Locale Refresh / Refresh native uk (push) Waiting to run
Native App Locale Refresh / Refresh native vi (push) Waiting to run
Native App Locale Refresh / Refresh native zh-CN (push) Waiting to run
Native App Locale Refresh / Refresh native zh-TW (push) Waiting to run
Native App Locale Refresh / Commit native locale refresh (push) Blocked by required conditions
OpenClaw Stable Main Closeout / Resolve stable release closeout inputs (push) Waiting to run
OpenClaw Stable Main Closeout / Verify stable main closeout (push) Blocked by required conditions
Plugin Init Scaffold Validation / Validate provider scaffold (push) Waiting to run
Plugin NPM Release / preview_plugins_npm (push) Waiting to run
Plugin NPM Release / Validate release publish approval (push) Blocked by required conditions
Plugin NPM Release / preview_plugin_pack (push) Blocked by required conditions
Plugin NPM Release / publish_plugins_npm (push) Blocked by required conditions
Workflow Sanity / no-tabs (push) Waiting to run
Workflow Sanity / actionlint (push) Waiting to run
Workflow Sanity / generated-doc-baselines (push) Waiting to run
* feat: add utility model session titles

* docs: clarify utility model calls

* fix: budget utility title reasoning

* docs: refresh config baseline

* docs: refresh plugin sdk baseline

* docs: refresh plugin sdk baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 17:24:51 -04:00
Dizesales
ff58d23e8f
fix(telegram): resolve local Bot API container file paths against trustedLocalFileRoots [AI-assisted] (#91984)
* fix(telegram): resolve local Bot API container file paths against trustedLocalFileRoots

When the self-hosted telegram-bot-api server runs with --local inside a
container, getFile returns absolute file_path values rooted at the
container data dir (/var/lib/telegram-bot-api/...). The host process
mounts that volume at a different path, so the absolute path never
matches a trustedLocalFileRoots entry and inbound media fails to
materialize (messages reach the agent as bare <media:document>
placeholders without bytes).

Map container-absolute paths back to relative candidates and resolve
them under each trusted root, trying both with and without the
per-token directory segment the local server uses. Relative file_path
values are now also resolved against trusted roots before falling back
to the HTTP file endpoint, which keeps large-file (>20MB) local-mode
downloads working.

Path traversal protections: candidates are normalized, NUL bytes and
dot-segments are rejected, and reads stay behind the trusted-roots
file-access sandbox.

AI-assisted (Claude Code), validated with targeted vitest run.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Co-Authored-By: Dizesales <269209351+Dizesales@users.noreply.github.com>

* fix(telegram): map local Bot API container media paths

Co-authored-by: Lucas Magalhaes <ellucasrj@gmail.com>

* chore(config): refresh channel metadata

---------

Co-authored-by: Lucas Magalhaes <ellucasrj@gmail.com>
Co-authored-by: Dizesales <269209351+Dizesales@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 17:07:51 -04:00
Peter Steinberger
7e8ea61b08
fix(gateway): harden embedded terminal policy (#100081)
* fix(gateway): harden operator terminal policy

* test(gateway): complete terminal context coverage

* test(gateway): narrow terminal policy mock

* test(gateway): satisfy CSP header lint

* docs: refresh terminal docs map

* test: route terminal temp helper importer
2026-07-04 16:34:07 -04:00
Kevin Lin
d214622320
feat(update): support extended-stable package updates (#99811)
* feat(update): add extended-stable channel contract

* feat(update): implement extended-stable package flow

* docs(update): document extended-stable behavior

* fix(update): preserve extended-stable preflight guarantees

* fix(update): reject extended-stable Git repair

* fix(update): support loopback extended-stable canaries

* fix(update): preserve scoped package roots
2026-07-04 12:34:29 -07:00
Barbara Kudiess
129e0a8cf0
feat: pair mobile devices from the Control UI (#94672)
* feat(gateway): add device.pair.setupCode RPC for connect QR

The OpenClaw mobile/companion app scans a pairing setup code to connect to the gateway, but that code + QR could only be produced by the openclaw qr CLI (ASCII to stdout). Non-terminal clients driving onboarding had no way to display the connect QR.

Add a device.pair.setupCode gateway method that reuses resolvePairingSetupFromConfig + encodePairingSetupCode + renderQrPngDataUrl to return { setupCode, qrDataUrl?, gatewayUrl, auth, urlSource }. The embedded setup code mints a short-lived bootstrap token that hands off broad operator scopes (read/write/approvals/talk.secrets), so the method requires operator.admin (matching the wizard methods a companion already uses) and is not advertised. auth is a label only; the gateway credential is never returned, and an oversized QR is omitted so the response always satisfies the result schema.

Refs #94661.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* feat(ui): pair mobile devices from Control UI

* docs: refresh generated docs map

* docs: clarify mobile QR auto-connect

* docs: clarify mobile QR auto-connect

* docs: clarify mobile QR auto-connect

---------

Co-authored-by: Barbara Kudiess <76582160+bkudiess@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 12:41:14 -04:00
Peter Steinberger
3d6a2216ea
feat(codex): share native threads across Codex clients (#99821)
* feat(codex): share native threads across clients

* test(codex): track coexistence temp dirs

* fix(codex): preserve native source on thread forks

* test(codex): use public temp fixtures

* fix(codex): preserve owner context for deferred tools

* fix(codex): forward owner identity to dynamic tools

* fix(codex): forward owner status to harness attempts

* docs(security): document shared Codex home

* docs(security): document shared Codex home

* docs(security): document shared Codex home
2026-07-04 01:43:21 -07:00
Peter Steinberger
af420dbee5
fix(macos): remote mode fails with managed SSH aliases (#99661)
* fix(macos): support managed SSH aliases safely

* test(macos): serialize gateway state isolation
2026-07-03 15:19:01 -07:00
Jesse Merhi
8abc633cf8
Add Signal status reaction lifecycle (#98791) 2026-07-03 21:42:39 +10:00
Jesse Merhi
64318d7624
Rework Android gateway onboarding setup (#98752)
* feat(android): rework gateway onboarding setup

* fix(android): restore protocol mismatch onboarding guidance

* fix(android): sync onboarding native i18n

* fix(android): preserve LAN manual setup prefill

* fix(android): refine onboarding node approval step

* fix(android): polish onboarding recovery actions

* test(android): cover onboarding protocol mismatch copy

* fix(android): separate onboarding node approval

* fix(android): guard onboarding node approval transitions

* fix(android): keep onboarding approval states reachable

* fix(android): wait for node access before onboarding continue

* fix(android): refresh node approval after operator handoff

* fix(android): refresh onboarding approval states

* fix(android): require approval after onboarding permission changes

* fix(android): keep onboarding approval gates active

* fix(android): preserve permission reapproval state

* fix(android): skip node approval on legacy gateways

* fix(android): wait for node approval refresh

* fix(android): preserve camera setting on upgrade

* fix(android): avoid stuck approval check spinner

* fix(android): request talk secrets on operator connects

* fix(android): avoid missed node approval completion

* fix(android): keep nearby LAN setup local

* fix(android): complete onboarding after node approval

* fix(android): reconcile onboarding with gateway auth plans

* chore(android): refresh native i18n inventory after rebase

* Fix Android onboarding review edge cases

* Fix native i18n onboarding sentinels
2026-07-03 21:20:12 +10:00
Colin Johnson
7cfc66ad07
fix(android): derive Voice readiness from Gateway catalog (#98269)
* fix(android): derive voice readiness from Gateway catalog

Co-authored-by: Colin <colin@solvely.net>

* chore(android): sync native i18n inventory

* test(gateway): use registered realtime provider ids

* fix(gateway): satisfy Talk catalog lint

* chore(android): refresh voice i18n inventory

* fix(talk): preserve runtime readiness semantics

* fix(talk): make catalog readiness authoritative

* fix(talk): validate selected provider readiness

* fix(android): honor authoritative talk readiness

* fix(android): inventory voice readiness copy

* fix(talk): report runtime-selected catalog provider

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-02 23:32:03 -07:00
Josh Avant
0cdce79221
docs: update mobile app release messaging (#98843) 2026-07-01 21:11:56 -05:00
Kevin Lin
d9b5afad18
fix(codex): rename destructive approval mode to ask (#98501)
* fix(codex): rename destructive approval mode to ask

* fix(codex): keep ask reviewer app-scoped

* test: fix current-main CI regressions
2026-07-01 15:14:55 -07:00
solodmd
cf2efbe5d5
docs(gateway): fix Telegram streaming default in config-channels.md (#98453)
The config example in docs/gateway/config-channels.md incorrectly
listed streaming default as "off". The actual runtime default is
"partial", as confirmed by the Telegram plugin's default resolver.

docs/channels/telegram.md already correctly documents the default
as "partial".

Co-authored-by: Claude <noreply@anthropic.com>
2026-07-01 02:33:24 -07:00
Nikhil Patel
2d9aa92d7e
docs(config-agents): correct built-in alias table for opus and gpt (#96375)
The built-in alias shorthands table listed stale model ids that no longer
match src/config/defaults.ts (DEFAULT_MODEL_ALIASES):

  opus: anthropic/claude-opus-4-6 -> anthropic/claude-opus-4-8
  gpt:  openai/gpt-5.5            -> openai/gpt-5.4

These now match defaults.ts and the help/faq-models alias table, and resolve
an internal contradiction on this same page (its runtime-policy example already
uses anthropic/claude-opus-4-8).
2026-07-01 02:32:14 -07:00
Brian Snyder
9f98b6e174
fix(gateway): emit stale exec approval followup diagnostics (#98293)
* fix(gateway): emit stale exec approval followup diagnostics

* fix(gateway): cover approval suppression diagnostics in ci

* fix(logging): preserve approval ids in stability bundles

* docs(exec): document suppression diagnostics

---------

Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-07-01 05:20:53 +01:00
Momo
f5d0c370d6
fix(security): warn on agent skill MCP boundary drift (#98352)
Summary:
- Merged fix(security): warn on agent skill MCP boundary drift after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head ab3c29ef4c731dfdbff75f2f5c7ec65c63ec195d.
- Required merge gates passed before the squash merge.

Prepared head SHA: ab3c29ef4c731dfdbff75f2f5c7ec65c63ec195d
Review: https://github.com/openclaw/openclaw/pull/98352#issuecomment-4850104358

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
2026-07-01 03:56:28 +00:00
ooiuuii
201eb9cd29
fix(gateway): iOS Talk treats SecretRef-backed API keys as missing (#98210)
* fix(gateway): resolve Talk SecretRefs for scoped native clients

* fix(gateway): constrain Talk secret materialization

* fix(gateway): redact Talk source provider secrets

* fix(gateway): satisfy Talk config lint

* docs(gateway): clarify Talk secret config payload

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-06-30 20:17:33 -05:00
ZOOWH
5a73361ed2
fix(plugins): apply output text transforms to toolcall_delta and toolcall_end events (#97769)
* fix(plugins): apply output text transforms to toolcall_delta and toolcall_end events

toolcall_delta and toolcall_end events bypassed the output replacement
pipeline, leaking masked tokens (e.g. PII placeholders) into tool call
arguments and external systems.

Closes #97761

* fix(plugins): transform nested tool call arguments in output replacements

Add recursive transformToolCallArgumentText to handle strings, arrays,
and nested objects in tool call arguments, not just the name field.

* fix(plugins): keep tool names unchanged and cover result path

- Remove toolCall.name transformation to prevent breaking tool routing
- Add arguments transform to stream.result()/done.message via
  transformContentText for tool-call content blocks

* fix(plugins): narrow argument transform to toolCall content blocks only

Only transform arguments on content blocks with type=toolCall to avoid
touching non-tool-call blocks that happen to have an arguments field.

* test(plugins): assert stream.result() tool-call content block is transformed

* test(plugins): fix result-path fixture to actually contain toolCall block

The previous fixture used makeAssistantMessage('final') which produces
a plain text content block, not a toolCall block. The stream.result()
assertion was vacuously passing.

* style(plugins): fix type cast in result-path test assertion

* fix(agents): preserve tool argument transforms after repair

* refactor(agents): keep tool transform boundary narrow

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
2026-06-30 17:15:01 -07:00