Commit graph

15245 commits

Author SHA1 Message Date
lzyyzznl
0aae1ea816
fix(slack): use truncateUtf16Safe for message body preview truncation (#102612)
* fix(slack): use truncateUtf16Safe for message body preview truncation

One .slice(0, 160) truncation site in the Slack message handler may
cut UTF-16 surrogate pairs in half when the message body preview
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* test(slack): cover UTF-16 preview boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:37:49 +01:00
wings1029
0bdd646fc2
fix(text): keep context tails UTF-16 safe (#102599)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:37:07 +01:00
Gary
981d67a703
fix(browser): remove hardcoded profile="user" suggestion from tool description (#102582)
* fix(browser): remove hardcoded profile="user" suggestion from browser tool description

The browser tool description hardcoded a suggestion to use profile="user"
for logged-in sessions, even when the operator has configured a different
default profile (e.g. browser.defaultProfile: "openclaw").

Replace with profile-agnostic guidance that references the configured
browser.defaultProfile setting instead of prescribing a specific value.

Fixes #102566

* test: update browser tool description assertion for profile-agnostic wording

* refactor(browser): unify tool profile guidance

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:32:56 +01:00
Peter Steinberger
3ccf2a0739
feat: render inline web chat widgets via capability-gated show_widget tool (#101840)
Adds client-capability-gated tool availability: gateway clients declare
capabilities at connect (new inline-widgets cap), chat.send stamps them into
the run context, and every tool assembly path (embedded runner, queued
followups, Codex app-server harness, plugin-only construction plans) drops
tools whose requiredClientCaps the originating client did not declare. The
Canvas plugin ships the first such tool, show_widget: agents pass SVG or an
HTML fragment plus a title; the plugin hosts it as a bounded, retention-scoped
Canvas document and returns the existing canvas preview handle, which web chat
renders as a sandboxed iframe fitted to the widget's reported content height.
Widget frames never get allow-same-origin (per-preview sandbox ceiling,
including the sidebar path) and the Canvas host serves widget documents with a
CSP sandbox header so direct navigation runs in an opaque origin. Verified
live end-to-end on a Testbox with gpt-5.5 (screenshots on the PR). CLI-backed
model backends do not carry client caps yet and stay fail-closed (#102577).

Closes #101790
2026-07-09 12:29:50 +01:00
lzyyzznl
6c3a46fb41
fix(openai): use truncateUtf16Safe for image gen log value truncation (#102611)
* fix(openai): use truncateUtf16Safe for image gen log value truncation

One .slice(0, N) truncation site in the OpenAI image generation
provider may cut UTF-16 surrogate pairs in half when the log value
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* fix(openai): keep image auth logs UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:21:24 +01:00
velanir-ai-manager
e84a0dde17
fix(msteams): surface quoted message body in Teams quote replies (#101856)
* fix(msteams): surface quoted message body in Teams quote replies

Teams sends the quoted text of a 1:1 DM quote-reply in <p itemprop="preview">
(a truncated snippet), not <p itemprop="copy"> which the parser matched. The
match failed, so quoteInfo was undefined and nothing was surfaced to the agent.

Fix 1 (primary): extractMSTeamsQuoteInfo now accepts copy OR preview (prefers
copy, falls back to preview) and captures the blockquote itemid as the quoted
message id.

Fix 2 (enhancement): when the quoted message id is known, fetch the full text
via the app-only Graph endpoint GET /chats/{chatId}/messages/{id} (permitted
with Chat.Read.All, unlike the delegated /me/chats listing) and use it as the
quote body. Restricted to chats (DM + group) whose Graph chat id is a 19: id;
any failure degrades to the truncated preview so message handling never breaks.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(msteams): address review — DM-only full-text fetch, drop unsupported $select, fix mocks

Addresses ClawSweeper review on the quote-reply PR:

- Security (P1): restrict the app-only Graph full-text quote fetch to 1:1 DMs.
  Previously it ran for any non-channel chat, so in a group an allowlisted
  sender could quote a non-allowlisted member and the fetched full body would
  bypass the supplemental-quote visibility allowlist. Group/channel quotes keep
  the (now-surfaced) truncated preview from fix 1.
- Graph contract (P2): the get-chatMessage endpoint does not support OData
  query params; drop the ?$select=id,body that tenants enforcing the contract
  would reject (which would silently fall back to the preview).
- Tests (P1): add fetchChatMessageText to the two vi.mock(../graph-thread.js)
  factories prod now touches, and add a group-chat regression test proving the
  Graph full-text fetch does not fire for group quotes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(msteams): add redacted real Teams quote-reply proof screenshots

Real-behavior evidence for the quote-reply fix (personal names + avatars
redacted): a 1:1 DM where the bot now reads back the full quoted message.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(msteams): remove committed proof screenshots from branch

Proof media should live as external PR artifacts, not in the product tree.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(msteams): bound and prove quote enrichment

* test(msteams): use valid open DM fixture

---------

Co-authored-by: Yash Inani <yashinani@Yashs-MacBook-Pro.local>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:20:54 +01:00
huangjianxiong
ac71074807
fix(mattermost): keep slash command error truncation UTF-16 safe (#102607)
* fix(mattermost): keep slash command error truncation UTF-16 safe

Replace `.slice(0, 300)` and `.slice(0, 200)` with `truncateUtf16Safe`
in sanitizeCommandLookupError and sanitizeMattermostLogValue to prevent
surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(mattermost): cover UTF-16-safe slash logs

Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:20:38 +01:00
pengxuewu-lab
fb52a989b2
fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass (#96994)
* fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass.ts

The import path `openclaw/plugin-sdk/ssrf-runtime-internal` was renamed
to `openclaw/plugin-sdk/ssrf-runtime` in a previous version, but
cdp-proxy-bypass.ts still referenced the old path. The neighbouring
cdp.helpers.ts already uses the correct path. This caused the browser
plugin to fail to load with "Package subpath is not defined by exports".

Fixes #96639

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(plugin-sdk): update ssrf-runtime import path in cdp-proxy-bypass

The import path `openclaw/plugin-sdk/ssrf-runtime-internal` was renamed
to `openclaw/plugin-sdk/ssrf-runtime` in a previous version, but
cdp-proxy-bypass.ts still referenced the old path. The neighbouring
cdp.helpers.ts already uses the correct path. This caused the browser
plugin to fail to load with "Package subpath is not defined by exports".

Update the corresponding vi.mock path in the test file to match.

Fixes #96639

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(plugin-sdk): promote managed-proxy bypass exports to public ssrf-runtime

Export registerManagedProxyBrowserCdpBypass and fetchConfiguredLocalOriginWithSsrFGuard
from the public ssrf-runtime path so that the browser plugin and ollama embedding
provider can lazy-load without hitting the private ssrf-runtime-internal subpath
that is excluded from package.json exports.

Fixes #96639

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(build): bundle private SSRF runtime for packaged plugins

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:20:18 +01:00
Alix-007
65b2e7a4e3
fix(mattermost): add timeout to REST client requests (#102027)
* fix(mattermost): add timeout to REST client requests

* fixup: preserve Mattermost DM retry timeout

* test(mattermost): reuse hanging server helper

* test(mattermost): satisfy timeout lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:12:30 +01:00
lzyyzznl
08663917fa
fix(inworld): use truncateUtf16Safe for error body and parse error truncation (#102608)
* fix(inworld): use truncateUtf16Safe for error body and parse error truncation

Two .slice(0, N) truncation sites in the Inworld TTS extension may
cut UTF-16 surrogate pairs in half when the error body or parse error
message contains multi-byte characters such as emoji. Replace both
with truncateUtf16Safe to keep the truncated output valid Unicode.

* test(inworld): cover UTF-16-safe TTS errors

Co-authored-by: lizeyu-xydt <li.zeyu@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:09:34 +01:00
sunlit-deng
1e377e3660
fix(clickclack): bound inbound websocket payloads (#102480)
* fix(clickclack): bound inbound websocket payloads

* fix(clickclack): bound inbound websocket payloads

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:09:30 +01:00
huangjianxiong
5ba981a437
fix(qa-matrix): keep room scenario preview truncation UTF-16 safe (#102606)
* fix(qa-matrix): keep room scenario preview truncation UTF-16 safe

Replace 7x `.slice(0, N)` with `truncateUtf16Safe(..., N)` in
runMatrixStreamingPreviewScenario and runMatrixToolProgressScenario
to prevent surrogate pair corruption in body/formattedBody previews.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(qa-matrix): prove UTF-16 artifact boundaries

Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:07:23 +01:00
Masato Hoshino
c9ec548e6f
fix(browser): preserve strict CDP discovery policy on target-list lookup (#102328)
* fix(browser): preserve strict CDP discovery policy on target-list lookup

findPageByTargetIdViaTargetList fetched the CDP /json/list endpoint without
passing an ssrfPolicy argument, so the caller's discovery policy was dropped at
the fetch layer while the sibling tryTerminateExecutionViaCdp scoped it. Build
the scoped control policy with scopeCdpPolicyToConfiguredEndpoint and pass it to
fetchJson, matching the sibling lookup path.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* test(browser): tighten target-list CDP policy test comment

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* test(browser): consolidate target-list SSRF coverage

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:04:39 +01:00
Vincent Koc
0ac8933721
fix(text): keep diagnostic truncation UTF-16 safe
Co-authored-by: chengzhichao-xydt <chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: wangmiao0668000666 <wang.miao86@xydigit.com>
Co-authored-by: 黄剑雄0668001315 <huang.jianxiong@xydigit.com>
2026-07-09 04:02:39 -07:00
qingminlong
56096eb859
fix(browser): report malformed relay CDP frames (#102070)
* fix(browser): report malformed relay CDP frames

* refactor(browser): streamline relay frame validation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:00:38 +01:00
qingminlong
6cd94f6049
fix(web): mark partial response reads when streams fail (#102550)
* fix(web): mark partial response reads when streams fail

* fix(web): report partial stream bytes accurately

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:58:56 +01:00
huangjianxiong
c067802cda
fix(microsoft-foundry): keep connection test error truncation UTF-16 safe (#102605)
* fix(microsoft-foundry): keep connection test error truncation UTF-16 safe

Replace `.slice(0, 200)` with `truncateUtf16Safe(body, 200)` in
testFoundryConnection error messages to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(microsoft-foundry): cover UTF-16-safe connection errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:51:38 +01:00
Alix-007
bebf0b98c1
fix(nextcloud-talk): add timeouts to Talk send requests (#102025)
* fix(nextcloud-talk): add timeouts to Talk send requests

* test(nextcloud-talk): simplify send timeout proof

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:49:48 +01:00
huangjianxiong
c335ecdb73
fix(microsoft-foundry): keep Azure CLI error truncation UTF-16 safe (#102604)
* fix(microsoft-foundry): keep Azure CLI error truncation UTF-16 safe

Replace `.slice(0, 300)` with `truncateUtf16Safe(normalized, 300)` in
summarizeAzErrorMessage to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(microsoft-foundry): cover UTF-16-safe CLI errors

* test(microsoft-foundry): assert complete CLI error

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:49:35 +01:00
huangjianxiong
0a8677ec99
fix(whatsapp): keep echo tracker log truncation UTF-16 safe (#102603)
* fix(whatsapp): keep echo tracker log truncation UTF-16 safe

Replace `.slice(0, 50)` with `truncateUtf16Safe(text, 50)` in
echo tracker verbose log message to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(whatsapp): cover UTF-16-safe echo previews

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:46:52 +01:00
Peter Steinberger
5154fe08fa
feat: show Codex sessions across Gateway and paired nodes (#102586)
* feat(codex): add federated session catalog

* fix(codex): align session catalog checks

* fix(ui): translate Codex session catalog

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 03:42:03 -07:00
huangjianxiong
29d2a1ed42
fix(ollama): use truncateUtf16Safe for malformed NDJSON log truncation (#102593)
* fix(ollama): use truncateUtf16Safe for malformed NDJSON log warning

The parseNdjsonStream function uses naive .slice(0, 120) on malformed
NDJSON data in log warnings which can split surrogate pairs. Replace
with truncateUtf16Safe().

* test(ollama): cover UTF-16-safe NDJSON warnings

* test(ollama): satisfy lint in NDJSON coverage

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:38:54 +01:00
Sally O'Malley
e595a8c0ac
Add Vault SecretRef plugin (#89255)
* Add Vault SecretRef plugin

Signed-off-by: sallyom <somalley@redhat.com>

* expand Vault setup to registered SecretRef targets

Signed-off-by: sallyom <somalley@redhat.com>

* fix(vault): use sdk secret target seam

* fix(vault): preserve auth profile target paths

* docs(vault): document plugin enable step

* fix(vault): make status provider-alias aware

* fix(vault): reject noncanonical secret ids

* fix(vault): separate resolver timeout deadlines

* fix(vault): forward private CA trust settings

* fix(secrets): preserve plugin policy boundaries

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-07-09 05:30:12 -05:00
Vincent Koc
45d15aabf9
fix(tts-local-cli): preserve file output on stream errors
Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>
2026-07-09 03:28:51 -07:00
huangjianxiong
c87b9a7cee
fix(parallel): use truncateUtf16Safe for MCP error JSON truncation (#102592)
* fix(parallel): use truncateUtf16Safe for MCP error JSON truncation

The extractMcpToolPayload function and error messages use naive
.slice(0, 500) on JSON-serialized errors and results which can split
surrogate pairs. Replace with truncateUtf16Safe().

* test(parallel): cover UTF-16-safe MCP errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:25:28 +01:00
lsr911
1beea4b873
fix(qqbot): use truncateUtf16Safe for debug log URL/key truncation (#102572)
* fix(qqbot): use truncateUtf16Safe for debug log URL/key truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- image-size.ts: URL preview in debug logs (2 sites)
- upload-cache.ts: cache key preview in debug logs (2 sites)

Co-Authored-By: Claude <noreply@anthropic.com>

* test(qqbot): cover UTF-16-safe debug previews

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:20:38 +01:00
Alix-007
b37476ab0b
fix(twilio): redact webhook turnToken diagnostics (#102089)
* fix(twilio): redact webhook turnToken diagnostics

* chore(twilio): rerun ci

* fix(twilio): contain webhook URL diagnostics

Co-authored-by: Alix-007 <li.long15@xydigit.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:19:40 +01:00
NIO
32dee52329
fix(googlechat): cap approval binding registries (#101744)
Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-09 11:12:32 +01:00
lsr911
6ad8a77b51
fix(telegram): use truncateUtf16Safe for raw update log truncation (#102567)
* fix(telegram): use truncateUtf16Safe for raw update log truncation

* refactor(telegram): own raw log bounds in formatter

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:11:35 +01:00
lsr911
e39e628a84
fix(active-memory): use truncateUtf16Safe for log value truncation (#102551)
* fix(active-memory): use truncateUtf16Safe for log value truncation

* fix(active-memory): use truncateUtf16Safe for log value truncation

* test(active-memory): cover UTF-16-safe log limits

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:10:42 +01:00
Peter Steinberger
fc5a4defaf
feat(cohere): add current Command models (#102563)
* feat(cohere): add current Command models

* docs: keep release notes out of PR
2026-07-09 11:07:50 +01:00
zw-xysk
9fa913740d
fix(tts-local-cli): handle stdout/stderr stream errors in speech provider (#102347)
* fix(tts-local-cli): handle stdout/stderr stream errors in speech provider

CLI TTS speech provider spawns a child process to generate audio and
registers stdout/stderr data listeners but omits stream error handlers.

stdout carries synthesized audio data. A pipe error mid-generation must
reject the promise so the caller does not silently receive truncated
audio when the child later exits zero. stderr carries diagnostic logs
only — errors there are benign and should not crash the provider.

Apply separate strategies matching vincentkoc's requirement:
- stdout (audio): error → reject(Promise) — surface the failure
- stderr (diagnostic): error → ignore — does not affect audio output

* fix lint: remove unused signal param from mock kill()

* fix(tts-local-cli): contain child stream failures

Co-authored-by: 赵旺0668001248 <zhao.wang1@xydigit.com>

* chore(tts-local-cli): keep release notes in PR body

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:06:10 +01:00
huangjianxiong
fae5421f81
fix(diagnostics-prometheus): use truncateUtf16Safe for error message truncation (#102591)
* fix(diagnostics-prometheus): use truncateUtf16Safe for error message truncation

The safeErrorMessage function uses naive .slice(0, 500) on error messages
which can split surrogate pairs. Replace with truncateUtf16Safe().

* test(diagnostics-prometheus): cover UTF-16-safe errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 11:04:47 +01:00
huangjianxiong
4be6fa7413
fix(codex-supervisor): use truncateUtf16Safe for stderr tail truncation (#102590)
* fix(codex-supervisor): use truncateUtf16Safe for stderr tail truncation

StdioCodexJsonRpcConnection includes stderr output in the transport-closed
error message with a naive .slice(0, 1200) which can split surrogate pairs.
Replace with truncateUtf16Safe().

* test(codex-supervisor): cover UTF-16-safe stderr tails

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:59:17 +01:00
lsr911
f650d641e4
fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation (#102576)
* fix(codex): use truncateUtf16Safe in trajectory and client parse log truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in:
- trajectory.ts: payload redaction display (20k char limit)
- client.ts: parse error log truncation

Co-Authored-By: Claude <noreply@anthropic.com>

* test(codex): cover UTF-16 truncation boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:53:25 +01:00
qingminlong
c86fe21cad
fix(browser): keep UTF-8 stderr tails valid (#102543) 2026-07-09 10:51:52 +01:00
wangmiao0668000666
6433b82723
fix(qa-lab): surface gateway child stream failures (#102104)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:28:32 +01:00
wings1029
f7cc6ebe1e
fix(agent-core,memory-core): keep compaction summary and memory snippet truncation UTF-16 safe (#102542)
* fix(agent-core,memory-core): keep compaction summary and memory snippet truncation UTF-16 safe

* fix: make compaction and memory truncation UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 10:08:11 +01:00
Ayaan Zaidi
1ad346e465 test(codex): align shared-client version fixtures with the 0.143.0 floor 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
8589759818 fix(codex): keep terminal idle backstop gated during in-flight app-server requests 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
bb1da73b14 fix(codex): fail detached-but-leased clients on suspect retirement 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
80b2b709ca fix(codex): scope client fan-out to terminal liveness kills 2026-07-09 14:26:05 +05:30
Ayaan Zaidi
ca3f247eb2 fix(codex): fan out app-server liveness retirement 2026-07-09 14:26:05 +05:30
lsr911
6a3834d41d
fix(memory-core): use truncateUtf16Safe for diary context truncation (#102524)
* fix(memory-core): use truncateUtf16Safe for diary context truncation

* test(memory-core): cover utf16 diary truncation

* refactor(memory-core): use plugin sdk text runtime

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:49:21 +01:00
wangmiao0668000666
51b4e78c33
fix(google-meet): bound Google API requests (#102149)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:39:34 +01:00
Peter Steinberger
42a8679c4d
fix: restore release validation on main (#102516)
* test(qqbot): assert approval fence exactly

* fix(release): wait for ClawHub publish logging

* fix(ci): repair Bun global install smoke

* test(slack): fix app identity fixture
2026-07-09 09:39:08 +01:00
lsr911
32de666163
fix(codex): use truncateUtf16Safe for tool transcript output truncation (#102522)
* fix(codex): use truncateUtf16Safe for tool transcript output truncation

Replace naive .slice(0, N) with truncateUtf16Safe() in event-projector
tool transcript output text to prevent surrogate pair splitting.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(codex): keep streamed output utf16-safe

* refactor(codex): use plugin sdk text runtime

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:37:07 +01:00
lsr911
145b71f57e
fix(oc-path): use truncateUtf16Safe for error message path truncation (#102527)
* fix(oc-path): use truncateUtf16Safe for error message path truncation

Replace naive .slice(0, 80) with truncateUtf16Safe() at three
error-reporting call sites to prevent surrogate pair splitting
in oc:// path validation error messages.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(oc-path): cover utf16 error truncation

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:35:17 +01:00
lsr911
ed9ce1c584
fix(discord): use truncateUtf16Safe for deploy error body truncation (#102525)
* fix(discord): use truncateUtf16Safe for deploy error body truncation

* test(discord): cover utf16 deploy errors

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:33:46 +01:00
xingzhou
b23fdcfac9
fix(codex): avoid broken emoji in dynamic tool timeout logs (#102509)
* fix(codex): keep dynamic tool log fields UTF-16 safe

* test(codex): narrow dynamic tool response item

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 09:26:22 +01:00