Commit graph

65517 commits

Author SHA1 Message Date
Peter Steinberger
2f013382a0
feat(ui): add settings profile page with lifetime token stats, streaks, and activity heatmap (#102842)
* feat(ui): add settings profile i18n strings and regenerated locale bundles

* feat(ui): add settings profile page with token stats, streak heatmap, and top tools

* chore(ui): record intentional OpenClaw brand string in raw-copy baseline
2026-07-09 15:03:12 +01:00
wangyan2026
2e9e46bb37
fix(crestodian): keep prompt history UTF-16 safe (#102627)
* fix(crestodian): keep assistant prompt history truncation UTF-16 safe

* test(crestodian): simplify history boundary proof

* test(crestodian): add dangling-surrogate proof and raw-slice bug evidence

* test(crestodian): remove duplicate UTF-16 cases

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 15:01:34 +01:00
xingzhou
763ef215e0
fix(ui): keep event payload previews UTF-16 safe (#102625)
* fix(ui): keep event payload previews UTF-16 safe

* chore: use shared utf16 truncator in presenter

* fix(ui): use canonical utf16 truncator import

* refactor(ui): reuse canonical text truncation

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 15:01:17 +01:00
Pavan Kumar Gondhi
3ba72f624a
fix: trust hook mapping provenance (#102418) 2026-07-09 19:26:00 +05:30
Peter Steinberger
f9bafcc240
feat(ui): show agent avatars in the agents page selector (#102817)
Replace the native <select> on the Agents page with an accessible custom
listbox dropdown (openclaw-agent-select) that renders each agent's avatar
image, identity emoji, or initial. Local /avatar/<id> routes are fetched
with the bearer credential and rendered as cached blob URLs when gateway
token auth is active, matching the chat-avatar contract.

Refs #102792, #57067
2026-07-09 14:55:25 +01:00
NIO
2d5dd6c035
fix(googlechat): bound control and media requests (#102227)
* fix(googlechat): add 30 s request timeout to withGoogleChatResponse

* fix(googlechat): satisfy ResolvedGoogleChatAccount in api.test.ts

* fix(googlechat): bound control and media requests

Co-authored-by: NIO <nocodet@mail.com>

---------

Co-authored-by: NIO <nocodet@mail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 14:49:14 +01:00
Peter Steinberger
47cc6c9667
fix(qqbot): propagate canonical image MIME types (#102795) 2026-07-09 14:48:11 +01:00
Peter Steinberger
2786239080 fix(ci): refresh native i18n sentinel 2026-07-09 09:45:36 -04:00
huangjianxiong
0e626690cd
fix(qa-matrix): keep shared reply previews UTF-16 safe (#102656)
* fix(qa-matrix): keep reply body preview truncation UTF-16 safe

Replace `.slice(0, 200)` with `truncateUtf16Safe(replyBody, 200)` in
buildMatrixReplyArtifact to prevent surrogate pair corruption.

Ref. lsr911 pattern — mechanical substitution, no behavior change.

* test(qa-matrix): preserve reply preview semantics

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 14:41:54 +01:00
Peter Steinberger
f6b9901243
fix(msteams): bound team group lookup cache (#102814)
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
2026-07-09 14:31:45 +01:00
Ayaan Zaidi
474d660137 fix(infra): converge legacy state migrations on archive collisions 2026-07-09 18:57:58 +05:30
Peter Steinberger
25e18fc3b5 fix(ci): sync lobster pet raw-copy baseline 2026-07-09 09:21:08 -04:00
wuqxuan
3fd52514e3
fix: surface OpenAI chat-completions refusal as assistant text (#102344)
* fix: surface OpenAI chat-completions refusal as assistant text

* fix: cover message.refusal on packages/ai completions path
2026-07-09 06:10:03 -07:00
Vincent Koc
cb7468fc58
refactor(android): remove orphaned legacy screens (#102809) 2026-07-09 06:02:30 -07:00
Peter Steinberger
124119a898
test(plugins): sync release contracts (#102777)
* test(plugins): sync release contracts

* test(codex): isolate dynamic tool capability test
2026-07-09 13:57:35 +01:00
Peter Steinberger
fdd19e3017
feat(ui): merge the voice level meter into the stop-voice pill and disambiguate the stop controls (#102786)
* feat(ui): merge voice level meter into the stop-voice pill and disambiguate stop controls

* docs(web): describe the live voice pill control in Talk mode

* test(ui): capture dark-mode voice control proof in talk e2e

* fix(ui): keep the live voice pill wide at phone widths

* fix(ui): show the stop glyph instead of a fake listening meter when a talk session errors

* test(ui): assemble the mock talk client secret so scanners do not flag it
2026-07-09 13:55:56 +01:00
Peter Steinberger
9f2c357700 perf(test): scope registry and port fixtures 2026-07-09 08:53:35 -04:00
Alix-007
e5259fa8bb
fix(google): add timeout to Vertex ADC token refresh (#102050)
* fix(google): add timeout to Vertex ADC token refresh

* test(google): consolidate ADC timeout proof

* fix(google): bound all ADC token refreshes

* test(google): observe ADC timeout before advancing time

* fix(google): keep dependency timeout claims exact

* fix(google): bound library-managed ADC refreshes

* fix(google): recover after ADC refresh timeout

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 13:46:33 +01:00
Peter Steinberger
07a7d596ff
feat(providers): add Qwen 3.6 Flash and Gemini 3.1 Live (#102791)
* feat(providers): add current Qwen and Gemini Live models

* fix(google): align live thinking enum type

* fix(google): align live thinking enum type
2026-07-09 13:37:16 +01:00
Peter Steinberger
c8c1f37d2f
feat(cli): add roast taglines to startup banner (#102789) 2026-07-09 13:35:01 +01:00
Peter Steinberger
01f4596d5a
feat(webchat): sidebar lobster status pet (seeded per session) (#102766)
* feat(webchat): composer lobster mascot perches on the empty prompt

A decorative OpenClaw lobster (smooth icons.lobster style) sits on the
composer edge while the prompt is idle, ducks away on typing/runs, and
plays personality-weighted idle acts (scuttle, wave, snip, hop, spin,
peek, bubbles, nap with z's; poke to startle). Look and personality are
seeded per session + page load: palette, size, antennae, accessory,
perch, facing, temperament. Decorative contract: aria-hidden, no config,
reduced-motion stays fully static, timers pause on hidden tabs and clean
up on disconnect. Hidden on short-landscape viewports where the composer
scrolls.

Closes #102754

* refactor(webchat): move lobster mascot from composer to sidebar status pet

The composer perch read too close to Claude Code's input mascot. The pet
now lives on the sidebar footer ledge above the connection dot and
mirrors gateway state: idle personality acts when quiet, a faster scurry
pool while runs are active, grey-eyed worried pacing while disconnected,
and a startle on every status flip. Composer wiring reverted; element
renamed openclaw-lobster-pet; hidden in the collapsed rail.
2026-07-09 13:34:29 +01:00
Peter Steinberger
deb7faf7b0
refactor(ui): harden Lit lifecycle boundaries (#102745)
* refactor(ui): harden Lit lifecycle boundaries

* fix(ui): clear ChatPage subscriptions before teardown

* test(ui): satisfy lifecycle lint gates

* chore: defer Lit lifecycle release note

* fix(ui): sync raw-copy baseline

* test(ui): avoid order-sensitive Sessions mock

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 05:28:52 -07:00
Peter Steinberger
e45e755fb9
feat(ui): add native link routing bridge (#102783) 2026-07-09 13:26:24 +01:00
Peter Steinberger
411bf2ad4b
test(android): cover discovery and startup gates (#102758)
* test(android): cover discovery and startup gates

Co-authored-by: NianJiuZst <180004567+users.noreply.github.com>

* test(android): keep startup gate tests keystore-free
2026-07-09 13:25:40 +01:00
Alix-007
64e80888d4
fix(qqbot): bound speech transcription requests (#102028)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 13:25:29 +01:00
Vincent Koc
0535679083
fix(release): validate exact prepared npm package sets (#102759)
* fix(release): validate prepared npm package sets

Forward-port the beta3 package-set preflight, Telegram, and Parallels validation to main while preserving main's existing Bun install smoke. Recompute decoded proxy response lengths and require artifact tarballs to exactly match the verified manifest.

* fix(release): lock fixture registry proxy origin
2026-07-09 05:19:24 -07:00
Vincent Koc
aaf5ddd832
refactor(ui): localize internal declarations (#102793) 2026-07-09 05:16:06 -07:00
lzyyzznl
f786efddcd
fix(cron): keep bounded diagnostics UTF-16 safe (#102624)
* fix(cron): use truncateUtf16Safe for diagnostic entry and summary truncation

* test(cron): cover UTF-16 diagnostic boundaries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 13:05:51 +01:00
maweibin
5b2c316950
fix(auto-reply): keep fallback reason truncation UTF-16 safe (#102631)
* fix(auto-reply): keep fallback reason truncation UTF-16 safe

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(auto-reply): cover UTF-16 fallback truncation

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 13:05:36 +01:00
Masato Hoshino
a49567cdfd
fix(qqbot): treat inbound attachment content types case-insensitively (#102753)
* fix(qqbot): treat inbound attachment content types case-insensitively

* test(qqbot): use distinct download paths per image; note voice sentinel in comment
2026-07-09 05:05:34 -07:00
mushuiyu886
813a5da839
fix(media): keep input_file text truncation UTF-16 safe (#102634)
* fix(media): keep input_file text truncation UTF-16 safe

* test(media): strengthen input file truncation proof

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 13:05:14 +01:00
Peter Steinberger
66db3024bc
test(android): cover main activity lifecycle gates (#102764) 2026-07-09 13:04:57 +01:00
Vincent Koc
d6cb18736a
refactor(xai): localize internal declarations (#102778) 2026-07-09 05:00:37 -07:00
Peter Steinberger
5f9e0e20d4
fix: scope task suggestions to supported surfaces (#102743)
* fix: make task suggestions surface-aware

* fix: honor task suggestion action scopes

* fix: align task surface compatibility types

* fix: isolate task suggestions across surfaces

* style: satisfy task selector lint

* chore: defer task suggestion release note

* test: dedupe gateway capability fixture

* test: cover combined gateway capabilities
2026-07-09 12:59:50 +01:00
Peter Steinberger
c9b3358d43
improve(ui): flatten sessions page surfaces (#102760)
Drops the decorative layer from the sessions roster per maintainer feedback:
overview tiles, the drawer hero, detail sections, stat cards, checkpoint
cards, and the goal chip become flat token surfaces (no gradients, no inset
highlight shadows, no translucent color-mix glass); kind avatars and overview
icon chips lose their nested borders and read as flat tints; the skeleton
shimmer gradient becomes a plain opacity pulse. Focus rings, the drag-drop
target outline, and the live status dot ring stay - those are signal, not
decoration.
2026-07-09 12:55:24 +01:00
SunnyShu
1690afe304
fix(agents): allow model fallback when takeover wrapper holds classifiable promptError (#100118)
* fix(agents): allow model fallback when takeover wrapper holds classifiable promptError

When EmbeddedAttemptPromptErrorWithCleanupTakeoverError wraps a real
provider-level failure (e.g. timeout, rate_limit) inside .promptError but
inherits the name "EmbeddedAttemptSessionTakeoverError", the fallback
classifier isNonProviderRuntimeCoordinationError aborts the fallback chain
without checking whether the underlying cause is a retryable provider error.

Fix: in isNonProviderRuntimeCoordinationError, check err.promptError before
returning true for takeover-named errors. If promptError is a classifiable
provider failure (timeout, rate_limit, etc.), let fallback proceed — the
takeover is a cleanup side-effect, not the root cause.

Tests:
- Unit tests for the classifier: timeout, rate_limit, unclassifiable,
  and pure takeover (regression)
- Integration tests for the runWithModelFallback pipeline: timeout
  and rate_limit promptError both produce correct fallback and reason;
  pure takeover still aborts

Related to #99963

* fix(agents): carry preserved prompt failures

* fix(agents): keep pure takeovers fatal

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:52:30 +01:00
Peter Steinberger
8d6c54f513
improve(ui): remove the Context Profile presets card from Quick Settings (#102748)
* fix(control-ui): remove the Context Profile presets card from Quick Settings

* fix(control-ui): regenerate i18n raw-copy baseline after Gateway Host card rebase
2026-07-09 12:50:50 +01:00
Peter Steinberger
1fdb0e79d3 perf(test): isolate models config auth fixtures 2026-07-09 07:48:09 -04:00
lzyyzznl
e99b5deb7a
fix(codex): keep dynamic tool output UTF-16 safe (#102622)
* fix(codex-dynamic-tools): use truncateUtf16Safe for notice text truncation

* fix(codex): keep dynamic tool text UTF-16 safe

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:44:34 +01:00
mikasa
18fd6ee9e6
fix(tts-local-cli): cap local CLI speech outputs (#101510)
* fix(tts-local-cli): bound local speech output

Co-authored-by: mikasa0818 <0668001030@xydigit.com>

* chore(tts-local-cli): keep changelog release-owned

* docs(tts-local-cli): format output-limit note

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:42:41 +01:00
Peter Steinberger
292e1cfa1b
feat(cli): refresh startup taglines (#102750) 2026-07-09 12:42:31 +01:00
Bruno Wowk (Volky)
fa0349aa44
fix(gateway): validate exact custom browser origins (#38290)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:41:53 +01:00
lzyyzznl
5497662408
fix(active-memory): keep search queries UTF-16 safe (#102621)
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:41:38 +01:00
lzyyzznl
7222e3e1ea
fix(agents): use truncateUtf16Safe for runner error text truncation (#102618)
* fix(agents): use truncateUtf16Safe for runner error text truncation

One .slice(0, 200) truncation site in the embedded agent runner
may cut UTF-16 surrogate pairs in half when the error text contains
multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* test(agents): cover UTF-16 overflow diagnostics

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:41:05 +01:00
Peter Steinberger
e2a112a556
feat(onboard): guided CLI onboarding with live AI verification and classic fallback (#101880)
* feat(onboard): guided CLI onboarding with live AI verification and classic fallback

Interactive `openclaw onboard` (and bare `openclaw` on a fresh install) now
runs a guided flow with macOS-app parity: detect existing AI access, live-test
candidates with a real completion before persisting anything, walk down the
ladder on failure with mapped reasons, and offer verified manual API-key entry
from installed provider manifests (masked input). In-flow escapes: classic
wizard, Crestodian chat, skip-AI. Classic wizard gains an optional post-auth
live verification step. `--classic`, `--modern`, and `--non-interactive`
contracts unchanged. Docs corrected for post-#99935 routing.

Closes #101851

* improve(onboard): quiet probe diagnostics in wizard TTY, carry risk ack into classic escape

Candidate live-tests during guided setup are probes: rename their run id and
lane to the existing probe conventions (logging/subsystem.ts console
suppression, command-queue quiet probe lanes) so expected failures stop
leaking raw diagnostics into the Clack UI; file diagnostics unchanged. The
classic-wizard escape now passes the already-collected risk acknowledgement
through instead of re-prompting in the same session.

* fix(onboard): quiet the session-derived setup-inference probe lane too

The live-test run enqueues on two lanes: the explicit probe lane and one
derived from its temp session key. Extend the shared quiet-probe predicate to
cover the derived lane so a failing candidate cannot leak lane-task
diagnostics into the wizard TTY.

* improve(onboard): suppress subsystem console output during wizard live tests

Provider-transport subsystem loggers (model-fetch start/response, transport
errors) carry no run id, so probe suppression cannot catch them and a failing
candidate printed raw log lines into the Clack TTY. Reuse the TUI console
subsystem-filter seam via a finally-safe scoped helper around guided
activation and the classic live-verify; file logging is unchanged and the
gateway (macOS app) surface is unaffected.

* fix(onboard): never auto-replace a configured model when its live check fails

The re-run verification probe executes outside the configured workspace (setup
never runs workspace plugins), so a workspace-backed current model can fail
the check while working fine in the agent. Stop the auto ladder on an
existing-model failure and hand the decision to the manual stage instead of
silently persisting a different candidate as the default. Docs note the
fail-safe and the workspace caveat.

* feat(onboard): two-way switching between Crestodian chat and the menu wizards

From the chat, `open setup wizard`, `open classic wizard`, and `open channel
wizard for <channel>` hand off to the guided flow, the classic wizard, or the
masked `channels add` wizard after the chat TUI tears down (mirrors the
open-tui handoff; gateway surface gets a text pointer instead). The hosted
channel wizard no longer dead-ends at sensitive steps — it offers the switch
and remembers the channel. New read-only `channel info <channel>` operation
and ring-zero action surface label, blurb, configured state, and the real
docs URL from channel-setup discovery so the assistant can explain Slack or
Telegram prerequisites instead of guessing; both prompts instruct it to use
them. `channels add --channel <id>` now preselects the channel. Docs cover
the interchangeable flows.

* fix(onboard): avoid param reassignment in open-setup handoff

* improve(onboard): separate ask-about vs connect intent in channel prompt guidance

Live test showed the agent detouring an explicit connect request through
channel_info because the guidance said to consult it first. Both prompts now
distinguish asking about a channel (channel info + docs link) from asking to
connect (connect right away).

* fix(channels): mark channel token entry as sensitive input

The shared single-token prompt lacked sensitive:true, so terminal wizards
echoed pasted channel tokens and the Crestodian chat bridge (which refuses
plain-text secrets based on this flag) hosted the Telegram token step in
visible chat. Found live-testing the chat-to-wizard switch; pre-existing on
main but load-bearing for the masked-wizard contract this PR documents.

* fix(onboard): restore terminal state around the guided flow's TUI launch

Mirror the classic finalize handoff so the chat TUI never inherits the wizard
prompter's raw/paused terminal state on the default first-run path.

* fix(channels): type the token prompter mock for the sensitive-flag assertion

* fix(gateway): map the TUI-only open-setup action to none for app clients

Engine-side surface gating already prevents open-setup replies on the gateway
surface; this keeps the client-visible action enum stable even if that gate
ever regresses. (Reviewed with the switching round; missed in its commit.)

* docs: regenerate docs map for onboarding page changes
2026-07-09 12:40:55 +01:00
Peter Steinberger
a0267273d0
test(qa): assert Telegram command denial (#102732) 2026-07-09 12:40:48 +01:00
Countermarch
5b4302b52e
Reduce remote node bin probe churn (#79438)
* fix(nodes): defer and back off remote bin probes

* chore: leave release changelog ownership centralized

* fix(nodes): probe the live post-pairing surface

* fix(nodes): retry probes after reconnect

* fix(nodes): bind probes to live connections

* test(skills): isolate remote bin signature configs

* test(skills): place remote skills under workspace root

* style(skills): satisfy probe delay lint

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:40:44 +01:00
lzyyzznl
57c468ca1b
fix(google-meet): use truncateUtf16Safe for log value truncation (#102617)
* fix(google-meet): use truncateUtf16Safe for log value truncation

One .slice(0, 180) truncation site in the Google Meet extension
may cut UTF-16 surrogate pairs in half when the log value contains
multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* test(google-meet): cover UTF-16 model log boundary

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:40:26 +01:00
Peter Steinberger
443a939af3 perf(test): reuse models config plan 2026-07-09 07:39:46 -04:00
lzyyzznl
d750477d43
fix(migrate-claude): use truncateUtf16Safe for skill description truncation (#102616)
* fix(migrate-claude): use truncateUtf16Safe for skill description truncation

One .slice(0, 180) truncation site in the migrate-claude extension
may cut UTF-16 surrogate pairs in half when the skill description
contains multi-byte characters such as emoji. Replace it with
truncateUtf16Safe to keep the truncated output valid Unicode.

* test(migrate-claude): cover UTF-16 skill description

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 12:38:20 +01:00