Commit graph

1111 commits

Author SHA1 Message Date
NianJiu
7e20018b69
fix: count multi-failure tool summaries accurately (#102981)
* fix: count tool summary failures

* fix(agents): preserve per-call tool failures

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>

---------

Co-authored-by: NianJiuZst <180004567+NianJiuZst@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 00:53:06 +01:00
Vincent Koc
eaee8b7e74
chore(codex): update managed app-server to 0.144.1 (#103156) 2026-07-09 16:52:33 -07:00
Ayaan Zaidi
474d660137 fix(infra): converge legacy state migrations on archive collisions 2026-07-09 18:57:58 +05:30
Peter Steinberger
124119a898
test(plugins): sync release contracts (#102777)
* test(plugins): sync release contracts

* test(codex): isolate dynamic tool capability test
2026-07-09 13:57:35 +01:00
lzyyzznl
e99b5deb7a
fix(codex): keep dynamic tool output UTF-16 safe (#102622)
* fix(codex-dynamic-tools): use truncateUtf16Safe for notice text truncation

* fix(codex): keep dynamic tool text UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:44:34 +01:00
wings1029
0bdd646fc2
fix(text): keep context tails UTF-16 safe (#102599)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:37:07 +01:00
Peter Steinberger
3ccf2a0739
feat: render inline web chat widgets via capability-gated show_widget tool (#101840)
Adds client-capability-gated tool availability: gateway clients declare
capabilities at connect (new inline-widgets cap), chat.send stamps them into
the run context, and every tool assembly path (embedded runner, queued
followups, Codex app-server harness, plugin-only construction plans) drops
tools whose requiredClientCaps the originating client did not declare. The
Canvas plugin ships the first such tool, show_widget: agents pass SVG or an
HTML fragment plus a title; the plugin hosts it as a bounded, retention-scoped
Canvas document and returns the existing canvas preview handle, which web chat
renders as a sandboxed iframe fitted to the widget's reported content height.
Widget frames never get allow-same-origin (per-preview sandbox ceiling,
including the sidebar path) and the Canvas host serves widget documents with a
CSP sandbox header so direct navigation runs in an opaque origin. Verified
live end-to-end on a Testbox with gpt-5.5 (screenshots on the PR). CLI-backed
model backends do not carry client caps yet and stay fail-closed (#102577).

Closes #101790
2026-07-09 12:29:50 +01:00
lsr911
f650d641e4
fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation (#102576)
* fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- trajectory.ts: payload redaction display (20k char limit)
- client.ts: parse error log truncation

Co-Authored-By: Claude <noreply@anthropic.com>

* test(codex): cover UTF-16 truncation boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:53:25 +01:00
Ayaan Zaidi
1ad346e465 test(codex): align shared-client version fixtures with the 0.143.0 floor 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
8589759818 fix(codex): keep terminal idle backstop gated during in-flight app-server requests 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
bb1da73b14 fix(codex): fail detached-but-leased clients on suspect retirement 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
80b2b709ca fix(codex): scope client fan-out to terminal liveness kills 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
ca3f247eb2 fix(codex): fan out app-server liveness retirement 2026-07-09 14:26:05 +05:30
lsr911
32de666163
fix(codex): use truncateUtf16Safe for tool transcript output truncation (#102522)
* fix(codex): use truncateUtf16Safe for tool transcript output truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in event-projector
tool transcript output text to prevent surrogate pair splitting.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(codex): keep streamed output utf16-safe

* refactor(codex): use plugin sdk text runtime

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:37:07 +01:00
xingzhou
b23fdcfac9
fix(codex): avoid broken emoji in dynamic tool timeout logs (#102509)
* fix(codex): keep dynamic tool log fields UTF-16 safe

* test(codex): narrow dynamic tool response item

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:26:22 +01:00
xingzhou
4adfc30b90
fix(codex): app inventory error diagnostics stay UTF-16 safe (#102414)
* fix(codex): keep app inventory error messages UTF-16 safe

* refactor(codex): unify app inventory error truncation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:31:18 +01:00
Vincent Koc
8a5ad170c0 chore(codex): bump app-server to 0.143.0 2026-07-08 23:07:20 -07:00
Vincent Koc
bf3e2f5b80 fix(codex): migrate retired approval policy 2026-07-08 23:07:20 -07:00
Peter Steinberger
ed28c57e20
fix(codex): validate maintained app-server types (#101726)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 15:48:08 +01:00
Peter Steinberger
176fee5d07
fix: prevent garbled emoji at remaining text limits (#101685)
* fix: keep remaining bounded text UTF-16 safe

Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>

* test: use tracked prompt template fixture

---------

Co-authored-by: 0668000787 <ma.weibin@xydigit.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: 廖石荣 0668000909 <liao.shirong@xydigit.com>
Co-authored-by: 陈志强0668000989 <chen.zhiqiang1@xydigit.com>
2026-07-07 14:49:15 +01:00
lsr911
37d613a596
fix(codex): use truncateUtf16Safe for attempt notification text truncation (#101534)
* fix(codex): use truncateUtf16Safe for attempt notification text truncation

.slice(0, 237) on notification text can split surrogate pairs from
CJK characters or emoji in agent output, producing U+FFFD in Codex
desktop notifications.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(codex): cover UTF-16-safe attempt previews

* test(codex): assign notification coverage to a shard

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 12:00:35 +01:00
Peter Lee
c2cc50c9a0
fix(codex): use UTF-16-safe truncation for approval display paths (#100177)
* fix(codex): use UTF-16-safe truncation for approval display paths

* fix(codex): resolve oxlint errors in approval-bridge and elicitation-bridge tests

* test(codex): cover approval Unicode boundaries

* test(codex): narrow approval command assertion

* chore: remove generated changelog entry

* chore: restore CHANGELOG.md to upstream/main baseline

* test(codex): tighten UTF-16 approval assertions

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-07 11:46:50 +01:00
mushuiyu886
846195c6b0
fix(codex): handle app-server stdio stream errors (#101505)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 03:41:27 -07:00
xingzhou
f14eb97ae7
fix(codex): honor Pro reasoning effort contracts (#101484)
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-07 03:13:50 -07:00
Peter Steinberger
554d772c1a
refactor(codex): keyed turn routing, client-scoped rate limits, and resume subscription safety (#101376)
* feat(codex): scope app-server rate limits to the physical client

Replace the process-global rate-limit cache with a WeakMap keyed by the
physical app-server client, tracking per-limitId revisions. Rolling
account/rateLimits/updated notifications merge sparsely per the protocol
contract (credits/individualLimit/planType survive nulls), and
usage-limit errors only trust a snapshot for auth-profile blocking when
the same client observed a primary update during the failing turn's
startup. Fixes cross-client rate-limit bleed in usage-limit error
messages. A new client-runtime module installs the
account/chatgptAuthTokens/refresh handler and the rate-limit observer
once per physical client, replacing per-start inline handlers in
shared-client, run-attempt, and side-question.

* refactor(codex): split thread/resume subscription safety into thread-resume

Move the thread/resume request out of thread-lifecycle into a dedicated
thread-resume module that retires the exact physical client when resume
acceptance is indeterminate: only a structured RPC rejection proves
Codex holds no subscription, so any other failure abandons the client
instead of returning it to the shared pool. Resume responses naming a
different thread now fail closed (assertCodexThreadResumeSubscription),
and the fresh-thread fallback requires a released subscription unless
the resume was a proven RPC rejection.

* refactor(codex): replace client-factory positional DI with shared-client factory

Delete the lazy positional-argument CodexAppServerClientFactory and use
the options-object factory type exported from shared-client. Callers in
run-attempt, compact, bounded-turn, provider-capabilities, and the
web-search provider now default to getLeasedSharedCodexAppServerClient
directly; the lazy indirection was ineffective because those modules
already import shared-client statically.

* feat(codex): route app-server turn traffic through a keyed turn router

Install one turn router per physical app-server client and replace the
broad per-attempt notification/request fanout with explicit per-thread
routes. Attempt startup reserves the thread route (before thread/resume
on the resume path, so early notifications buffer instead of racing),
run-attempt activates it with receive-time, queued, and request
handlers, arms the route before turn/start, binds the accepted turn id
to flush buffered traffic in wire order, and releases the route on
cleanup. Requests for a pending turn wait for binding instead of being
auto-declined, native turn completion waits use route state instead of
scanning buffered notifications, and correlation readers now match the
canonical v2 wire shapes only (top-level threadId, nested turn.id). The
unscoped response-delta lease-count attribution and its client API are
deleted along with the retired correlation predicates.

* test(codex): reset the shared binding store between thread-lifecycle tests

SQLite bindings are keyed by session identity rather than the per-test
temp dir, so earlier tests leaked resumable threads into fresh-start
expectations. The old silent resume-failure fallback masked the leak;
subscription safety surfaces it.

* test(codex): reset the binding store between delivery-hint iterations

The loop reuses one session identity across iterations, so the previous
iteration's thread would resume against a harness that cannot serve it.
2026-07-07 07:25:15 +01:00
Peter Steinberger
e5798e5477
refactor(codex): raise app-server floor to 0.142, drop range compat, fix deferred spawn_agent steering (#101221)
* refactor(codex): raise app-server floor to 0.142 and drop range-compat protocol paths

* refactor(codex): model subagent mirror state as one map

* style(codex): format event-projector

* test(codex): drop unused shared-client test import

* refactor(codex): drop v1-era notification field aliases

* fix(codex): teach models to load deferred native spawn_agent via tool_search

* docs(codex): realign harness config tables

* docs(changelog): note Codex app-server protocol update
2026-07-07 05:48:53 +01:00
Peter Steinberger
7a5e5e1852
fix(codex): register the ring-zero crestodian tool directly instead of relying on a dead per-run plugin config override (#101281) 2026-07-07 05:08:08 +01:00
Darren2030
ceb7a4adba
fix(codex): project guardianWarning circuit-breaker notification (#101220)
* fix(codex): project guardianWarning circuit-breaker notification

Codex emits a `guardianWarning` notification from its rejection
circuit-breaker (e.g. 3 consecutive or 10 total denials in a turn)
right before ending the turn as interrupted. The app-server event
projector had no case for it, so the rejection-limit reason was
silently dropped and the turn degraded to a generic interruption.

Project it on the `codex_app_server.guardian` stream with phase
"warning", alongside the existing autoApprovalReview handling. The
exact v2 param shape is not bundled in OpenClaw's protocol schemas,
so the human-readable reason is read defensively.

Closes #101207

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(codex): route guardianWarning through thread-scoped filter

`guardianWarning` is thread-scoped — codex emits it with only
{message, threadId} (no turnId). The turn-strict pre-switch filter
therefore dropped it before it reached the projection switch, making
the handler added in the previous commit dead code for real traffic.

Correlate it on the thread alone (mirroring hook notifications) so it
reaches the switch, and read the `message` field per the codex schema.
The regression test now sends the real {threadId, message} shape
instead of a synthetic turnId, so it actually exercises the routing.

Refs #101207

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* repro(codex): add real behavior proof for guardianWarning projection

* fix(codex): narrow guardian warning projection

Co-authored-by: 曾文锋0668000834 <zeng.wenfeng@xydigit.com>

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-07-06 19:33:24 -07:00
Peter Steinberger
0d981095d4
refactor(codex): store app-server thread bindings in SQLite plugin state (#101210)
* test(codex): shorten placeholder auth fixture strings

* feat(plugin-state): add reject-new overflow policy for keyed namespaces

* feat(agents): thread agent identity and session generation through reset and hooks

* refactor(codex): add SQLite-backed app-server thread binding store

* refactor(codex): move app-server runtime callers onto the binding store

* refactor(codex): move conversation, entry, and thread-tool flows onto the binding store

* refactor(codex): move command handlers onto the binding store

* feat(codex): import legacy binding sidecars via doctor state migration

* fix(codex): keep doctor sidecar scan inside stateDir

* fix(codex): make binding migration landable

* chore(changelog): defer release note

* test(plugin-state): stabilize durable-capacity ordering
2026-07-07 03:03:44 +01:00
pash-openai
806a116f9d
Let owner-operated Codex agents use connected account apps (#100973)
* Allow connected Codex account apps

* Preserve explicit plugin app policy

* Refresh Codex documentation map

* Unify connected apps with Codex plugin policy

* Format Codex configuration reference
2026-07-06 12:31:45 -07:00
Vincent Koc
2f89de8165
fix(codex): preserve yielded native subagent delivery 2026-07-06 11:58:00 -07:00
cxbAsDev
68487e4c1e
fix(codex): honor timeoutSeconds for dynamic tool calls when timeoutMs is absent (#100722)
* fix(codex): honor timeoutSeconds for dynamic tool calls when timeoutMs is absent

* fix(codex): enforce integer timeoutSeconds and cover side-question path

* chore(proof): extend codex timeoutSeconds proof to side-question path and fractional rejection

* fix(codex): leave headroom when arming watchdog from timeoutSeconds

* fix(codex): preserve dynamic tool timeout budgets

* test(codex): satisfy dynamic tool response types

* test(codex): type structured timeout promise

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-06 17:52:51 +01:00
Vincent Koc
123ec165bb
fix(codex): extend native hook relay timeout 2026-07-06 08:59:04 -07:00
Vincent Koc
94a0d2ec3b
test: align shifted main assertions (#100897)
Some checks are pending
Native App Locale Refresh / Refresh native ja-JP (push) Waiting to run
Native App Locale Refresh / Refresh native ko (push) Waiting to run
Native App Locale Refresh / Refresh native nl (push) Waiting to run
Native App Locale Refresh / Refresh native pl (push) Waiting to run
Native App Locale Refresh / Refresh native pt-BR (push) Waiting to run
Native App Locale Refresh / Refresh native ru (push) Waiting to run
Native App Locale Refresh / Refresh native sv (push) Waiting to run
Native App Locale Refresh / Refresh native th (push) Waiting to run
Native App Locale Refresh / Refresh native tr (push) Waiting to run
Native App Locale Refresh / Refresh native uk (push) Waiting to run
Native App Locale Refresh / Refresh native vi (push) Waiting to run
Native App Locale Refresh / Refresh native zh-CN (push) Waiting to run
Native App Locale Refresh / Refresh native zh-TW (push) Waiting to run
Native App Locale Refresh / Commit native locale refresh (push) Blocked by required conditions
OpenClaw Stable Main Closeout / Resolve stable release closeout inputs (push) Waiting to run
OpenClaw Stable Main Closeout / Verify stable main closeout (push) Blocked by required conditions
Plugin Init Scaffold Validation / Validate provider scaffold (push) Waiting to run
Plugin NPM Release / preview_plugins_npm (push) Waiting to run
Plugin NPM Release / Validate release publish approval (push) Blocked by required conditions
Plugin NPM Release / preview_plugin_pack (push) Blocked by required conditions
Plugin NPM Release / publish_plugins_npm (push) Blocked by required conditions
Plugin NPM Release / verify_plugins_npm (push) Blocked by required conditions
Website Installer Sync / static (push) Waiting to run
Website Installer Sync / linux-docker (push) Waiting to run
Website Installer Sync / macos-installer (push) Waiting to run
Website Installer Sync / windows-installer (push) Waiting to run
Website Installer Sync / sync-website (push) Blocked by required conditions
Workflow Sanity / no-tabs (push) Waiting to run
Workflow Sanity / actionlint (push) Waiting to run
Workflow Sanity / generated-doc-baselines (push) Waiting to run
2026-07-06 07:24:26 -07:00
Vincent Koc
e7d43db52f
test(codex): make side tool abort test deterministic 2026-07-06 13:47:54 +02:00
Peter Steinberger
f53346944d
feat: correlate native search outcomes in audit history (#98704)
* feat: correlate native search outcomes in audit history

Metadata-only audit ledger for agent runs and tool actions in the shared
state DB: stable event identity, closed action/status/error vocabularies,
one-way-hashed tool-call ids, never-inferred terminal outcomes for native
web-search (explicit completed/failed only; otherwise unknown), bounded
retention, audit.list gateway RPC and openclaw audit CLI. Squashed from
the 82-commit audit stack for replay onto current main.

* feat(audit): add audit.enabled config gate (default on)

The metadata-only audit ledger records by default: an audit trail enabled
only after an incident cannot explain the incident, and the rows are
strictly less sensitive than the transcripts every install already
stores. audit.enabled=false stops new writes at the gateway subscription
seam; audit.list and openclaw audit keep serving existing records until
they expire. Documented in the configuration reference, protocol page,
and CLI reference.

* fix: repair full-matrix CI findings after rebase

- break the dynamic-tools/dynamic-tool-execution import cycle by
  extracting resolveCodexToolAbortTerminalReason into a leaf module
- restore main's session-worktree protocol exports lost in the
  index.ts auto-merge
- register the audit event writer worker as a knip entry point
- docs table formatting; subagent wait-cancellation test scoped to its
  audit intent (outcome + timing) and advanced past main's new
  lifecycle-timeout retry grace
2026-07-06 12:30:12 +01:00
lin-hongkuan
d0fdfe845b
fix(codex): return JSON-RPC codes for handler errors (#100713)
Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
2026-07-06 08:59:20 +01:00
Peter Steinberger
f53103de72
fix(skills): make Skill Workshop lifecycle approvals decidable and non-wedging (#91266, #94249, #93173) (#100498)
Approval wait now fits inside the Codex dynamic-tool watchdog (70s +10s
gateway grace under the 90s kill), approval cards carry proposal id,
skill name, description, file count, and body size (spoof-safe
rendering), and timeouts return a structured pending-not-failed outcome
instead of a bare error. Expired requests cannot execute late; no
auto-apply; generic plugin approvals unchanged.
2026-07-06 04:54:48 +01:00
Peter Steinberger
443c582949
fix(ios): restore in-flight runs after reconnect (#100277)
* fix(ios): restore in-flight chat runs from gateway history

Restore active Apple chat ownership across reconnect, foreground, and sequence-gap recovery using the existing chat.history snapshot. Preserve agent/session scoping and Gateway user-turn identity across Codex and Copilot mirrors, including current offline-cache integration.

* fix(ios): restore in-flight chat runs from gateway history
2026-07-06 03:23:38 +01:00
Vincent Koc
17ba497424
fix(codex): ignore missing mirrored session history (#100484)
* fix(codex): ignore missing mirrored session history

* test(codex): prove missing mirrored history stays quiet

* fix(codex): narrow missing history proof

---------

Co-authored-by: Alex Tang <alextangli@outlook.com>
2026-07-05 16:04:34 -07:00
Kevin Lin
5fdaa04eca
feat(qa-lab): add Codex Slack approval scenarios (#91519)
* feat(qa-lab): add codex slack approval scenarios

* fix(qa-lab): harden Codex Slack approval proof

* fix(qa-lab): validate Codex approval model

* test(qa-lab): verify approved Codex operation

* fix(qa-lab): normalize Slack QA account routing

* fix(qa-lab): read Codex tool result transcripts

* fix(qa-lab): harden Codex approval cleanup

* fix(qa-lab): support Codex Mantis checkpoints

* fix(qa-lab): repair Mantis pnpm bootstrap

* fix(qa-lab): normalize Codex tool result text

* fix(qa-lab): scope Mantis pnpm fallback

* fix(qa-lab): bootstrap pinned pnpm without npm

* fix(qa-lab): terminate pnpm metadata record

* fix(qa-lab): bootstrap official node for mantis

* fix(qa-lab): make mantis pnpm shim executable

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 22:47:18 +01:00
Peter Steinberger
c757675f34
improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
Peter Steinberger
1f484a8dbd test: speed up and stabilize full suite 2026-07-05 08:00:23 -04:00
Peter Steinberger
07bf384a8b
feat(crestodian): conversational agent-loop onboarding across CLI, web install, and macOS app (#99935)
* feat(crestodian): AI-first conversational onboarding with typed-op guardrails

Interactive `openclaw onboard` (and bare `openclaw` on a fresh install) now
opens the Crestodian conversation: detection-backed first-run proposal
(Claude Code/Codex logins, API keys), persona AI turns for every free-form
message (configless local-runtime fallback, 60s deadline, deterministic
degradation), approval-gated typed operations, chat-hosted channel setup
(`connect <channel>`), config get/schema read ops with secret redaction, and
a post-write validation hook that feeds schema errors back for a self-fix
turn. Adds the additive gateway `crestodian.chat` method so app clients run
the same conversation. Classic wizard stays behind --classic/explicit flags;
non-interactive automation unchanged; `--modern` becomes a deprecated alias
for `openclaw crestodian`.

* feat(macos): Crestodian chat onboarding and importance-ordered permissions

Replace the gateway step-wizard page with a Crestodian chat over the new
crestodian.chat method (works before any model auth exists), sort the
permissions page by importance with no scrolling, drop the redundant manual
refresh, and bump the onboarding version.

* feat(crestodian): run the custodian on the real agent loop with a ring-zero tool

Crestodian conversations now execute through the same embedded agent runner
as regular agents: a persistent agent session with a single construction-gated
`crestodian` tool wrapping the typed operations (read actions free; mutations
require approved=true asserted from explicit user consent, audited, with
post-write config validation fed back into the loop). The engine prefers the
loop (configured models or the Codex app-server fallback) and degrades to the
single-turn planner, then to deterministic commands. Setup approval seeds the
crestodian exec approval so local model harnesses can run; the configless
Codex backend config now enables exec and direct tool loading (it was
dead-on-arrival behind tools.exec.mode=deny and the tool-search index).

* test(crestodian): type the engine mock signatures for the core test lane

* fix(crestodian): map the advertised create_agent tool action

* fix(crestodian): host-verified approval arming and a macOS setup completion gate

Review findings: the model-supplied approved flag alone could authorize
ring-zero mutations (prompt injection / model error), and removing the macOS
wizard gate let users Next past the Crestodian page with nothing configured.
Mutating tool actions now also require host-verified consent (the engine arms
approval only when the user's actual message is an explicit yes), and local
macOS onboarding blocks advancing until setup authored the config, using the
same signal the old step wizard checked.

* fix(crestodian): bind approval to the exact proposed operation and gate dot navigation

A generic yes no longer authorizes arbitrary mutations: denied mutating tool
calls register a canonical operation fingerprint (host-owned, per session),
and an armed turn executes only the identical call, once. The denial message
is arming-aware so the approved turn self-heals in one roundtrip, and the
agent protocol pre-registers proposals. macOS onboarding page dots now honor
the same setup-completion gate as the Next button.

* fix(crestodian): redact sensitive wizard answers, skip logged-out CLIs, gate programmatic advance

Sensitive channel-wizard answers (tokens, passwords) are redacted from the
AI-visible conversation history; setup and the onboarding welcome never pick
or advertise a definitively logged-out CLI as the model; and macOS
handleNext() honors the page gates for programmatic callers (chat handoff)
just like the Next button.

* fix(crestodian): align the onboarding welcome's configured predicate with the app gate

A valid config carrying only a default model (partial/hand-written) now still
gets the first-run proposal instead of the ready guide, so the macOS setup
gate can always be satisfied from the conversation.

* fix(crestodian): armed turns can never mint their own executable proposal

An approval-mismatched call inside an armed turn no longer re-registers and
invites a retry (which let the model swap the approved operation for another
in the same turn); it voids the approval entirely and requires a fresh yes.
Proposals register only in unarmed turns, which the agent protocol already
does when proposing.

* fix(onboard): route any explicit setup flag to the classic wizard

* fix(ci): satisfy new lint rules, tool-display guard, and generated artifacts for crestodian

* chore(i18n): refresh native inventory after permissions copy wrap

* fix(crestodian): harden conversational onboarding

* docs(crestodian): document conversational onboarding

* test(crestodian): type embedded runner mock

* fix(crestodian): close onboarding security gaps

* chore: retrigger ci
2026-07-05 01:02:53 -07:00
Peter Steinberger
bafdec9868
fix: preserve codex transcript ownership (#100160)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 20:04:43 -07:00
Dallin Romney
c2fc7aa28a
refactor: consolidate exact keyed async queues (#99691)
* refactor: consolidate keyed async queues

* chore: refresh merge-ref CI

* refactor: encapsulate keyed queue ownership
2026-07-04 16:45:07 -07:00
Peter Steinberger
bbb744269f
test: make the local pnpm test gate green on macOS hosts (#100069)
Fixes 21 macOS-only failing test cases across three classes: canonicalized fixture roots (macOS /var -> /private/var tmpdir symlink vs production realpathing), load-tolerant process-spawn tests (content-gated pid files, readiness-sequenced kill windows, bounded-window timer assertions), and cross-file worker leak guards (skip-channel env, gateway token env, imessage runtime singleton). Test-only; no production changes. Fixes #100025.
2026-07-04 17:17:42 -04:00
Jason (Json)
0221544190
fix(release): block stale Codex runtime pins (#100015)
Prevents opted-in plugin runtime dependencies from being published with stale
registry pins. The same freshness assertion now guards both npm and ClawHub
release paths, including the managed Codex runtime.

Prepared head SHA: d5d0ecba4b423503475d8861192a48d55b7ef873
Reviewed-by: @fuller-stack-dev

Closes #99951
2026-07-04 15:13:31 -06:00
Peter Steinberger
614e87cce1
chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Peter Steinberger
6df0fb818d
feat: add session thread management (#98510)
* feat: add session thread management

Squash of codex/thread-management (025aefc3ad1) onto origin/main:
pin/archive/rename sessions via sessions.patch, archived-aware
sessions.list, lifecycle fencing, read-only archived chat, SDK +
Swift protocol support, Control UI session management.

* refactor(ui): minimal session rows with hover-revealed management

Chat picker and sidebar recents share session-row primitives: single-line
rows, relative timestamps, rename/archive/pin revealed on hover or focus,
accent pin badge for pinned rows, and an active-run spinner in the trail
slot. Sidebar floats pinned sessions above recency via the shared
comparator and gains archive/pin actions through the unified sessions-view
patch fallback. Archive eligibility is one shared policy
(canArchiveSessionRow); the sidebar/picker active-run tooltip now uses the
real sessionsView.activeRun locale key.

* fix: align session admission with mailbox-era main

Integration fixes after rebasing onto current main: sessions_list mailbox
test expectations learn the archived/pinned row fields and archived:false
list param; gateway agent admission treats a session as deleted only when
both the requested and canonical alias sets miss it (legacy bare-main
stores and exec-approval followups read under different spellings); cron
persist tests keep a consistent store across claim-guarded persist calls;
the ACP abort hook test asserts abort propagation instead of signal
identity; drop dead lifecycle writes flagged by no-useless-assignment and
fix the promise-executor return in the codex compact test.

* fix(qa): align UI e2e and shard fixtures with redesigned session rows

Sidebar session rows are wrapper divs with an inner link now: update the
navigation browser tests and chat-flow Playwright selectors. Seed a real
per-test session store for the auto-fallback admission guard instead of
depending on leftover host files at /tmp/sessions.json. Teach the
test-projects routing fixture about the suites that newly import the
shared temp-dir helper. Document the Codex thread-format contract for
archivedAt/pinnedAt (flag derived from server-stamped timestamp, epoch ms
here vs Codex epoch seconds) at the type and in the session docs.

* test: route auto-fallback suite through temp-dir helper plans

The auto-fallback suite now imports the shared temp-dir helper for its
seeded session store, so the top-level helper routing fixture must list
it in the auto-reply plan.
2026-07-04 14:30:47 -04:00