Commit Graph

65738 Commits

Author SHA1 Message Date
Peter Steinberger
75dfd3dc09 feat(xai): support Grok Imagine Video 1.5 (#103316)
* feat(media): add per-model generation catalog metadata

* feat(xai): support Grok Imagine Video 1.5

* test(plugin-sdk): update public surface budget
2026-07-10 04:49:42 +01:00
Peter Steinberger
071e30ecd5 perf(test): trim secrets suite setup 2026-07-09 23:44:00 -04:00
Peter Steinberger
cd2f70c7ab fix(ci): pin DeepSeek live gateway models (#103321) 2026-07-10 04:43:16 +01:00
Peter Steinberger
6db586a388 fix(clawrouter): support managed gateway configuration (#103299)
* fix(clawrouter): support managed gateway configuration

* docs(clawrouter): refresh provider map
2026-07-10 04:25:41 +01:00
Peter Steinberger
a24139e199 ci: require enabled Telegram package proof (#103310) 2026-07-10 04:24:36 +01:00
Peter Steinberger
1696366f88 feat(android): add safe cron job management (#102997)
* feat(android): add safe cron job management

Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>

* fix(android): harden cron editor state

* fix(android): preserve cron state across lifecycle

* fix(android): satisfy cron release gates

* fix(android): retain cron drafts outside saved state

* fix(android): scope cron auto-delete to one-shot jobs

* fix(android): use Compose activity owner

* docs(changelog): note Android cron management

* fix(cron): harden Android job management

* chore(i18n): refresh Android cron inventory

* test(cron): cover enriched read views

* chore(changelog): defer Android cron note to release

---------

Co-authored-by: snowzlmbot <293528334+snowzlmbot@users.noreply.github.com>
2026-07-10 04:12:18 +01:00
Peter Steinberger
e8fcc93cd3 fix(talk): await realtime tool result delivery (#103268)
* fix(talk): await realtime tool result delivery

* fix(talk): terminally cancel queued results

* chore: keep release changelog out of PR

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 20:11:20 -07:00
Ted Li
4c4609d42b fix(ai): match reasoning efforts case-insensitively without lowering provider values (#102993)
* fix(ai): match reasoning effort case-insensitively

* fix(ai): preserve mapped reasoning effort casing

* fix(ai): preserve unmapped reasoning effort casing

* fix(ai): match reasoning effort map keys by case

* fix(ai): harden reasoning effort normalization

Co-authored-by: Ted Li <tl2493@columbia.edu>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 04:07:57 +01:00
Peter Steinberger
5bdd580320 fix(ui): refresh profile and agent selector after language changes (#103293)
* fix(ui): refresh mounted translations

* chore: keep release notes in PR

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-09 20:07:21 -07:00
Peter Steinberger
add2c586c2 feat(slack): support native chart presentations (#102635) 2026-07-10 04:05:23 +01:00
Peter Steinberger
a1e75e0c61 fix(infra): verify managed update handoff startup (#103278)
* fix(infra): verify managed update handoff startup

Co-authored-by: 丁宇婷0668001435 <ding.yuting@xydigit.com>

* fix(infra): terminate timed-out update handoff

---------

Co-authored-by: 丁宇婷0668001435 <ding.yuting@xydigit.com>
2026-07-10 04:03:48 +01:00
qingminlong
2fd0f88f62 fix: ignore invalid Retry-After HTTP dates (#102987)
* fix: ignore invalid Retry-After HTTP dates

* fix(ai): centralize strict Retry-After dates

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-10 04:02:44 +01:00
Peter Steinberger
2b3dc3042f fix(doctor): gate cross-state-dir legacy imports behind explicit doctor opt-in (#103247)
* fix(doctor): gate cross-state-dir legacy imports behind explicit doctor opt-in

A gateway or CLI command started with OPENCLAW_STATE_DIR pointing at a
non-default directory used to import legacy files FROM the default
~/.openclaw state dir (exec-approvals.json, plugin-binding-approvals.json)
and archive the originals with a .migrated suffix. Any isolated, test, or
staging run on a host with production state silently captured and archived
the production files.

Cross-state-dir imports now run only with the new crossStateDirImports
opt-in: openclaw doctor --fix (or an interactive doctor confirm) performs
the import; the implicit CLI/gateway preflight leaves the default dir
untouched and emits a notice pointing at doctor instead.

* test(doctor): include notices in legacy-state detector mocks
2026-07-10 03:56:02 +01:00
Peter Steinberger
0fa49ad4dd fix(doctor): suppress clean-state repair trailer (#103233)
Co-authored-by: Ke Wang <ke@pika.art>
2026-07-10 03:48:44 +01:00
Brad Reaves
b752384586 fix(agents): recover claude-cli warm-stdin continuity when no native transcript is written (reseed candidate not dropped) (#96841)
* fix(agents): recover claude-cli warm-stdin continuity when no native transcript is written

The headless warm-stdin claude-cli backend (liveSession: "claude-stdio")
never writes a native transcript, so the post-turn flush probe always
fails and the missing-transcript reuse path drops the bound session id.

Part 1 (cli-runner.ts): scope the non-destructive binding behavior to
warm-stdin sessions so they keep their binding instead of clearing it
every turn.

Part 2 (attempt-execution.ts): on a missing transcript, clear the stored
binding (no stale --resume) but still return the bound id as the reuse
candidate so prepare can re-detect the missing transcript and arm
raw-transcript reseed. Returning undefined starved reseed and lost
warm-stdin continuity.

Adds/updates regression coverage in attempt-execution.cli.test.ts and a
complementary reseed test in prepare.test.ts.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(agents): align warm-session continuity coverage

* test(agents): keep cli live-session mock complete

* fix(agents): respect stateless CLI session mode

* style(agents): keep session candidate guard focused

* test(agents): preserve minimal CLI runner fixtures

* fix(agents): preserve exact Claude warm sessions

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 03:48:18 +01:00
Peter Steinberger
9ad38e7739 fix(deepseek): align catalog costs and legacy aliases (#103241)
* fix(deepseek): align catalog with current contract

* fix(deepseek): preserve customized catalog rows

* docs(changelog): group DeepSeek catalog metadata

* fix(deepseek): preserve customized catalog rows
2026-07-10 03:41:33 +01:00
Peter Steinberger
7fd426e450 test(agents): synchronize retained writer takeover test (#103280) 2026-07-10 03:40:31 +01:00
Peter Steinberger
db12cb7023 fix(xai): align current model catalog and tools (#103260)
* fix(xai): align current model catalog and tools

* chore(xai): defer release note to release closeout

* docs: refresh xai documentation map
2026-07-10 03:36:14 +01:00
Peter Steinberger
a938b472bd perf(test): narrow session status imports 2026-07-09 22:33:20 -04:00
Peter Steinberger
eae9e7674a perf(test): reuse TUI PTY gateway fixture 2026-07-09 22:33:20 -04:00
Peter Steinberger
8d892e8dab fix(browser): handle Chrome spawn errors (#103243) 2026-07-10 03:32:36 +01:00
Peter Steinberger
8511585291 fix(test): restore OpenRouter and Fireworks live coverage (#103204)
* fix(test): restore live provider model coverage

* test: retry incomplete live tool reads

* test: correlate live probe transcripts by turn
2026-07-10 03:32:10 +01:00
Peter Steinberger
ee1450d619 fix(ci): build iOS with generic simulator (#103259) 2026-07-10 03:28:53 +01:00
Vincent Koc
f8527e77bc fix(ci): pin Kova timeout signal contract (#103264) 2026-07-09 19:28:44 -07:00
ZOOWH
7809acfc24 perf(gateway): avoid per-character chat sanitizer rebuilds (#102971)
* perf(gateway): replace O(n^2) char loop with regex in stripDisallowedChatControlChars

Replace character-by-character iteration with a single regex replace to
avoid event-loop blocking on large messages (1MB+). The regex matches
only disallowed control characters (NUL-BS, VT, FF, SO-US, DEL) while
preserving tab, newline, CR, printable ASCII, and Unicode.

Closes #102915

* perf(gateway): use String.fromCodePoint for regex to avoid lint suppression

Replace the eslint-disable comment and hex-escape regex literal with
String.fromCodePoint() construction. This avoids adding a new entry to
the lint suppression baseline while keeping the same character set and
performance characteristics.

Ref: #102915

* refactor(gateway): consolidate chat sanitizer

---------

Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 03:27:00 +01:00
Ayaan Zaidi
e6a9a5d182 docs(web): document Docker host-networking requirement for the Telegram Mini App 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
6da0af1cd3 fix(ci): use public plugin-sdk test seams and refresh generated surfaces 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
0521d848bb fix(telegram): fixed-length initData hash compare and base-path ws url 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
04ff278a1d refactor(device-bootstrap): close bootstrap purpose type 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
00aad83f43 fix(telegram): harden mini app URL and page serving 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
b2ee68780c docs(web): document Telegram dashboard entry 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
3c99adb9ca feat(telegram): add dashboard mini app command 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
9cca9afa70 feat(ui): accept dashboard bootstrap tokens 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
0c4188b3ec feat(gateway): approve control-ui bootstrap handoffs 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
c64db7c9c7 feat(plugin-sdk): export dashboard bootstrap helpers 2026-07-10 07:53:37 +05:30
Ayaan Zaidi
b7fa44abd3 feat(device-bootstrap): add control-ui bootstrap purpose 2026-07-10 07:53:37 +05:30
Miorbnli
25337df1c8 fix(proxy-capture): truncate inline preview on UTF-8 character boundary (#102409)
* fix(proxy-capture): truncate inline preview on UTF-8 character boundary

persistEventPayload stores a small UTF-8 preview (dataText) inline for fast CLI
listings and query output, capped at previewLimit bytes (default 8192). It built
the preview with buffer.subarray(0, previewLimit).toString("utf8"), which slices
the buffer at an arbitrary byte offset. For any non-ASCII body (emoji/CJK/accented
text, common in model-provider HTTP traffic), the cut lands mid-multibyte-sequence
and Node emits a trailing U+FFFD replacement char into the stored preview column.

Decode the full buffer first, then truncate with the existing truncateUtf8Prefix
helper (src/utils/utf8-truncate.ts), which backtracks off UTF-8 continuation bytes
so the preview ends on a complete character while staying within the byte budget.
ASCII previews are byte-identical; only malformed trailing U+FFFD is removed.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(proxy-capture): align stub store return type with SharedCaptureBlobRecord

The preview-boundary test stub returned a bare { blobId, sha256, byteLength },
which fails tsgo typecheck against persistPayload's declared
CaptureBlobRecord | SharedCaptureBlobRecord return. Return a complete
SharedCaptureBlobRecord instead. Also use template strings for the multibyte
fixtures to satisfy no-useless-concat. No assertion behavior change.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(proxy-capture): byte-bounded UTF-8 preview, unify store and proxy paths

The prior fix decoded the whole payload with buffer.toString("utf8") before
truncating, an availability regression for large captured payloads, and it left
the proxy-server finishBodyPreviewCapture path on the same byte-subarray decode
that can split a trailing multibyte sequence into U+FFFD.

Add truncateUtf8PrefixFromBuffer: decodes only the byte-bounded prefix and walks
back to verify the trailing multibyte sequence is complete (handles both a hard
byte cap and a buffer already sliced mid-sequence upstream, e.g. a dangling lead
byte). Use it from persistEventPayload (no full-payload decode) and
finishBodyPreviewCapture (same boundary safety), so both preview paths share one
canonical helper.

Add completeUtf8PrefixLength coverage plus proxy-server body-preview regression
tests for dangling-lead, byte-cap, emoji, and oversized-body cases.

Co-Authored-By: Claude <noreply@anthropic.com>

* style(proxy-capture): fix no-useless-assignment and unnecessary template expr

- utf8-truncate.ts: expected is reassigned in every branch, so declare without
  the unused initial value (no-useless-assignment).
- proxy-server.body-preview.test.ts: drop the redundant template wrapper around
  a single expression (no-unnecessary-template-expression). No behavior change.

Co-Authored-By: Claude <noreply@anthropic.com>

* docs(utf8-truncate): clarify completeUtf8PrefixLength byte-budget contract

Document that maxBytes is a byte (not character) limit and that the returned
length is the largest offset that does not split a multibyte sequence.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(proxy-capture): preserve UTF-8 preview boundaries

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 03:18:38 +01:00
ZOOWH
6b90610cdb fix(copilot): redact OAuth error response body in fetchJson error messages (#102953)
* fix(copilot): redact OAuth error response body in fetchJson error messages

Replace raw response body text with bounded, redacted structured error detail
extracted via extractProviderErrorDetail so OAuth error responses containing
tokens, device codes, or other sensitive fields are not leaked into Error
messages and downstream logs.

* test(copilot): add device-code and non-JSON error body redaction cases

Add regression tests covering the device code flow and non-JSON error
bodies alongside the existing token refresh coverage. Also include live
proof output showing real Response object redaction via
extractProviderErrorDetail.

Ref: #102953

* fix(copilot): normalize OAuth HTTP failures

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 03:15:29 +01:00
Peter Steinberger
67ff8dfc15 fix(ui): apply selected reasoning and speed before sending (#103253)
* fix(ui): gate sends on pending session settings

* chore(ui): keep changelog release-owned
2026-07-10 03:14:23 +01:00
Masato Hoshino
fbc73ca1b7 fix(outbound): publish conversation bindings after SQLite commit (#101023)
* fix(outbound): restore current-conversation binding map when persist fails

The generic current-conversation binding mutators (bind/touch/unbind/
prune-on-read) changed the process-wide in-memory map before calling
writePersistedBindings(), with no rollback. A throwing SQLite write left
the map ahead of disk; because bindingsLoaded is a one-time flag, the
diverged bindings were served until restart, routing inbound messages to
wrong or deleted session targets while the caller already saw the throw.

Add persistBindingsOrRestore(): snapshot the map before mutation and, on
write failure, restore it and rethrow. Covers all six write sites. Mirrors
the cron rollback precedent (#99960, src/cron/service/ops.ts persistOrRestore).

Fault-injection tests assert the map reverts for each path.

* fix(outbound): publish conversation bindings after SQLite commit

* chore(outbound): align binding files with current main

* fix(outbound): publish conversation bindings after SQLite commit

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-10 03:13:27 +01:00
wuqxuan
e99af07369 fix(cron): channel failure alerts drop when global webhook failure destination is set (#102445)
* fix(cron): keep channel-shaped failure destinations from inheriting webhook mode

* test(cron): prove channel failure destination announces under global webhook

* test(gateway): prove cron channel failure destination under global webhook

* fix(cron): harden failure destination mode inference

Tighten the resolver invariant, reuse focused test fixtures, and keep the Gateway proof at the real finished-event boundary.

Co-authored-by: wuqingxuan <wu.qingxuan@xydigit.com>

Co-authored-by: Hakan Baysal <hakan.baysal@trmix.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Hakan Baysal <hakan.baysal@trmix.com>
2026-07-10 03:13:18 +01:00
Darren2030
b8f365a82b fix(tasks): skip discarded registry sort (#102202)
Preserve the cloned task snapshot and deterministic activity ordering while avoiding the createdAt sort that tasks.list immediately replaces.

Closes #101716

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 03:12:35 +01:00
Peter Lee
cab8040b14 fix(cron): preserve cron context in session entry for async completion wakes (#101078)
* fix(cron): preserve cron context in session entry for async completion wakes (#99919)

Persist bootstrapContextRunKind on the session entry after cron agent
runs, and restore provider/model/thinking/runKind from the session
entry into directAgentParams when an async completion wake (e.g. media
generation) resumes a cron session.

Before this fix, async completion wakes lost the original cron run
context and fell back to account defaults, causing multi-step cron tasks
to silently dead-end after the first async media generation call.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(cron): authorize model override on trusted in-process dispatch for cron context restoration

* fix(cron): persist bootstrapContextRunKind on base session entry for async completion wakes

* fix(cron): route async completion wake to base cron session key instead of ephemeral run key

When the cron run-key fallback fires, record the base cron key as
effectiveSessionKey so deliverDirectSubagentAnnounce can route the
agent call to the persisted session row with its transcript and task
context instead of starting a fresh turn (#99919).

* fix(cron): add bootstrapContextRunKind to session entry slot keys and declare loadRequesterSessionEntry return type

* fix(cron): rebase onto upstream main, restore upstream agent-command behavior while keeping bootstrapContextRunKind persistence

* fix(cron): persist bootstrapContextRunKind from a pre-mutation snapshot to produce a real delta

* fix(cron): move pre-mutation snapshot inside guard so initialEntry is non-optional

* fix(cron): preserve async media continuation context

Co-authored-by: Peter Lee <li.xialong@xydigit.com>

* fix(cron): retain continuation after base cleanup

* test(gateway): complete agent scope mock

* test(gateway): preserve agent scope exports

* test(cron): persist mocked session mutations

* test(cron): model persisted session fixtures

* fix(agents): snapshot cron continuation retries

* fix(cron): harden async continuation settlement

* test(cron): control continuation recovery clock

* fix(gateway): narrow continuation model row

* chore(changelog): defer cron continuation note

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-10 03:07:30 +01:00
Peter Steinberger
73db6b2aca ci: pin docs i18n Go toolchain (#103244) 2026-07-10 03:02:52 +01:00
Peter Steinberger
25eaa53a8a fix(ci): verify performance report after push timeout (#103237) 2026-07-10 02:50:36 +01:00
Peter Steinberger
2c622e19de docs(web): the Lobster gets its own page (#103175)
A fun field guide for the Control UI lobster: what it is, when it
visits, how to interact (hover names, pokes, right-click shoo), the
Appearance toggle, the Lobsterdex, reduced-motion and privacy notes.
Deliberately teases rather than documents the rare variants, events,
and the anniversary. Registered in the Web interfaces nav group and the
generated docs map.
2026-07-10 02:48:21 +01:00
Peter Steinberger
25e93ef9f9 fix(opencode): list current Zen models in offline discovery (#103197)
* fix(opencode): refresh Zen model catalog

* fix(opencode): expose static catalog fallback
2026-07-10 02:44:56 +01:00
Peter Steinberger
10b50843e7 feat(webchat): the Lobsterdex - a quiet collection of every lobster that visited (#103172)
Arrivals (visits and offline summons) log their palette id into a
best-effort localStorage set. Settings -> Appearance gains a Lobsterdex
row: mini canonical lobsters for all twelve palettes, seen ones in
color (grails keep their glow/translucency via the palette classes),
unseen ones as dim silhouettes, with a seen/total count. Minis render
standalone (closed-lid layer inline-hidden) since they live outside the
pet's CSS context. New quickSettings.appearance strings synced across
locale bundles.
2026-07-10 02:44:24 +01:00
Vincent Koc
cbc087dcc5 fix(ci): pin Kova resource scope contract (#103217) 2026-07-09 18:40:25 -07:00
Peter Steinberger
66e4f4869c test(agents): stabilize MCP timeout retry coverage (#103223) 2026-07-10 02:35:45 +01:00