Peter Steinberger
31f83c86b2
refactor(test): dedupe agent harnesses and routing fixtures
2026-02-18 04:49:22 +00:00
Peter Steinberger
8a9fddedc9
refactor: extract shared install and embedding utilities
2026-02-18 04:49:22 +00:00
Gustavo Madeira Santana
4d3403b7ac
chore: fix CI errors
2026-02-17 23:46:40 -05:00
Peter Steinberger
adac9cb67f
refactor: dedupe gateway and scheduler test scaffolding
2026-02-18 04:04:14 +00:00
Peter Steinberger
ac0db68235
refactor(security): extract safeBins trust resolver
2026-02-18 05:01:31 +01:00
Peter Steinberger
e8154c12e6
refactor(net): table-drive embedded IPv6 decoding and SSRF tests
2026-02-18 04:57:08 +01:00
Peter Steinberger
28bac46c92
fix(security): harden safeBins path trust
2026-02-18 04:55:31 +01:00
Peter Steinberger
442fdbf3d8
fix(security): block SSRF IPv6 transition bypasses
2026-02-18 04:53:09 +01:00
Peter Steinberger
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
Peter Steinberger
6dcc052bb4
fix: stabilize model catalog and pi discovery auth storage compatibility
2026-02-18 02:09:40 +01:00
Nick Lamb
f42e13c17c
feat(telegram): add forum topic creation support ( #17035 )
...
* Revert "fix(gateway): set explicit chat timeouts for mesh gateway calls"
This reverts commit c529e6005a8b14052ebe53af9f7437b6d934c2c7717caa97fb2ab6313d9932c66aff4959e0e7e4ffb91e43714bd4a142fd8f06b961b037d6acd7157634b18ea9db#18601
* fix(ui): preserve locale bootstrap and trusted-proxy overview behavior
* fix(scripts): harden Windows UI spawn behavior
* fix(slack): validate interaction payloads and handle malformed actions
* fix(mattermost): harden react remove flag parsing
* docs(changelog): record PR 18608 fixups
* fix(heartbeat): bound responsePrefix strip for ack detection
* chore: Fix types in tests 3/N.
* chore: chore: Fix types in tests 4/N.
* chore: Fix types in tests 5/N.
* chore: Fix types in tests 6/N.
* chore: Format files.
* chore: Fix types that were broken due to reverts.
* chore: Cleanup unused vars that were leftover from the reverts.
* fix(actions): layer per-account gate fallback
* fix(subagents): pass group context in /subagents spawn
* fix(failover): align abort timeout detection and regressions
* fix(models): sync auth-profiles before availability checks
* fix(ui): correct usage range totals and muted styles
* Revert "feat: show transcript file size in session status"
This reverts commit 15dd2cda20#18591
* fix(agents): align session lock hold budget with run timeouts
* Revert "fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies"
This reverts commit e179d453c7#18584
* revert(tools): finish rollback of PR #18584
* chore: Fix Slack test.
* revert: remove accidentally merged video-quote-finder skill (#18550 )
* revert: accidental merge of OC-09 sandbox env sanitization change
* fix(doctor): move forced exit to top-level command
* chore: Fix types in tests 7/N.
* chore: Fix types in tests 8/N.
* chore: Fix types in tests 9/N.
* chore: Fix types in tests 10/N.
* chore: Fix types in tests 11/N.
* chore: chore: Fix types in tests 12/N.
* chore: Fix type errors from reverts.
* fix(gateway): remove watch-mode build/start race (#18782 )
* fix(doctor): repair googlechat open dm wildcard auto-fix
* test(extensions): cast fetch mocks to satisfy tsgo
* fix(gateway): harden channel health monitor recovery
* fix(reply): track messaging media aliases for dedupe
* refactor(plugins): split before-agent hooks by model and prompt phases
* revert(telegram): undo accidental merge of PR #18564
* fix(agents): restore multi-image image tool schema contract
* chore: Format files.
* fix(ui): gate sessions refresh on successful delete
* revert(docs): undo accidental merge of #18516
* revert(exec): undo accidental merge of PR #18521
* docs(cron): clarify webhook posting summary condition
* fix(gateway): preserve chat.history context under hard caps
* chore: Fix types in tests 13/N.
* chore: Fix types in tests 14/N.
* chore: Fix types in tests 15/N.
* chore: Fix types in tests 16/N.
* chore: Fix types in tests 17/N.
* chore: Fix types in tests 18/N.
* chore: Format files.
* revert(sandbox): revert SHA-1 slug restoration
* test(session): cover stale threadId fallback
* test(status): cover token summary variants
* test(telegram): cover getFile file-too-big errors
* test(voice-call): cover stream disconnect auto-end
* chore(format): fix test import order
* test(agents): cover tool result media placeholders
* chore: chore: Fix types in tests 19/N.
* chore: Fix types in tests 20/N.
* chore: Fix types in tests 21/N.
* chore: Fix types in tests 22/N.
* chore: Fix types in tests 23/N.
* docs(voice-call): document stale call reaper config
* fix(doctor): audit env-only gateway tokens
* fix(sessions): purge deleted transcript archives
* test(docker): cover browser install build arg
* revert(gateway): restore loopback auth setup
* revert(voice-call): undo cached greeting note
* revert(voice-call): undo oxfmt formatting
* revert(voice-call): undo oxfmt formatting pass
* revert(voice-call): remove cached inbound greeting
* test: stabilize infra tests
* fix(subagents): harden announce retry guards
* Revert "fix(whatsapp): allow per-message link preview override\n\nWhatsApp messages default to enabling link previews for URLs. This adds\nsupport for overriding this behavior per-message via the \nparameter (e.g. from tool options), consistent with Telegram.\n\nFix: Updated internal WhatsApp Web API layers to pass option\ndown to Baileys ."
This reverts commit 1bef2fc68bd24340d75b#18147 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 5e2285b6a011957602+Marvae@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
* style(telegram): format dispatch files
* chore: Fix types in tests 33/N.
* chore: Fix types in tests 34/N.
* chore: Fix types in tests 35/N.
* chore: Fix types in tests 36/N.
* chore: Fix types in tests 37/N.
* chore: Fix types in tests 38/N.
* chore: Fix types in tests 39/N.
* chore: Fix types in tests 40/N.
* chore: Fix types in tests 41/N.
* chore: Fix types in tests 42/N.
* chore: Fix types in tests 43/N.
* chore: Fix types in tests 44/N.
* chore: Fix types in tests 45/N.
* chore: Typecheck tests.
* chore: Fix broken test.
* chore: Fix hanging test.
* fix(telegram): avoid duplicate preview bubbles in partial stream mode (#18956 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: cf4eca71d422031114+obviyus@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
* fix: before_tool_call hook double-fires with abort signal (#16852 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6269d617f3550246+sreuter@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
* Revert "Default Telegram polls to public"
This reverts commit c43e95e011556b531a145cbfaf5cc7#16977 )"
This reverts commit 7bb9a7dcfc#19007 )
* fix: preserve telegram dm topic thread ids
* style: drop aidev-note prefix in telegram comments
* test: pass extensionContext in abort dedupe e2e
* fix: align tool execute arg parsing for hooks
* test: type telegram action mock passthrough args
* Configure: make model picker allowlist searchable
* Configure: improve searchable model picker token matching
* Docs: add screenshot showing model picker usability issue
* fix: searchable model picker in configure (#19010 ) (thanks @bjesuiter)
* fix(extensions): revert openai codex auth plugin (PR #18009 )
* feat(telegram): add channel_post support for bot-to-bot communication (#17857 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 27a343cd4d35386211+theSamPadilla@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
* Revert "fix: handle forum/topics in Telegram DM thread routing (#17980 )"
This reverts commit e20b87f1ba#17974 README change
* voice-call: harden closed-loop turn loop and transcript routing (#19140 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 14a3edb005132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
* iOS onboarding: stop auth step-3 retry loop churn (#19153 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a38ec42bdd132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
* Revert: fully roll back #17974 zh-cn UI README
* chore(subagents): add regression coverage and changelog
* fix(daemon): scope token drift warnings
* test(web): fix baileys mock typing
* test(cron): cover webhook session rollover overrides
* docs(changelog): note webhook session reuse fix
* fix(discord): normalize command allowFrom prefixes
* fix(cli): honor update restart overrides
* fix(cron): add spin-loop regression coverage
* test(gateway): cover trusted proxy trimming
* test(discord): cover audioAsVoice replies
* test(feishu): cover post mentions for other users
* fix(discord): preserve DM lastRoute user target
* Revert "fix(browser): track original port mapping for EADDRINUSE fallback"
This reverts commit 8e55503d770e6daa2e6e#17986 templates
* test: add fetch mock helper and reaction coverage
* CLI: approve latest pending device request
* docs(readme): remove Android install link
* revert(agents): remove llms.txt discovery prompt (#19192 )
* fix(ui): revert PR #18093 directive tags (#19188 )
* test(discord): cover auto-thread skip types
* test(update): cover restart gating
* docs(zai): document tool_stream defaults
* revert: per-model thinkingDefault override (#19195 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: fe2c59e22219554889+sebslight@users.noreply.github.com >
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com >
Reviewed-by: @sebslight
* fix(gateway): make stale token cleanup non-fatal
* Agents: add before_message_write persistence regression tests
* fix(mattermost): surface reactions support
* Tests: fix fetch mock typings for type-aware checks
* revert: fix models set catalog validation (#19194 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7e3b2ff7af19554889+sebslight@users.noreply.github.com >
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com >
Reviewed-by: @sebslight
* test: cover cron telemetry and typed fetch mocks
* revert(agents): revert base64 image validation (#19221 )
* docs(cli): add components send example
* test(sessions): add delivery info regression coverage
* fix(daemon): guard preferred node selection
* test(auto-reply): cover sender_id metadata
* revert: PR 18288 accidental merge (#19224 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 3cda31578c19554889+sebslight@users.noreply.github.com >
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com >
Reviewed-by: @sebslight
* test(telegram): cover autoSelectFamily env precedence
* test(cron): add model fallback regression coverage
* test(release): add appcast regression coverage
* docs(changelog): remove revert entries
* docs: add maintainer application section
* docs: refine maintainer application guidance
* docs: add vision doc and link from README
* docs: add community plugins guide
* Update auto-response message for third-party extensions
* update my contributing list
* iOS: use operator session for ChatSheet RPCs (#19320 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0753b3a1a2132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
* fix: sanitize native command names for Telegram API (#19257 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b608be3488179671552+akramcodez@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
* docs(slack): add assistant:write requirement for typing status
* chore: document sessions_spawn response note and subagent context prefix
* feat(ios): auto-select local signing team (#18421 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bbb9c3aa481540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
* fix(bluebubbles): recover outbound message IDs and include sender metadata
* fix cron announce routing and timeout handling
* changelog: add @tyler6204 credit for today's entries
* feat: share to openclaw ios app (#19424 )
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0a7ab8589a132747814+mbelinky@users.noreply.github.com >
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com >
Reviewed-by: @mbelinky
* Docs: expand multi-agent routing
* docs(changelog): add missing 2026.2.16 entries and reorder by user impact
* chore(release): bump version to 2026.2.17
* fix(signal): canonicalize message targets in tool and inbound flows
* docs: tighten contribution guidance and vision links
* docs: tighten PR scope and review-size policy in vision
* fix(gateway): block cross-session fallback in node event delivery
* fix(gateway): make health monitor checks single-flight
* fix(ios): harden share relay routing and delivery guards
* fix(telegram): normalize topic-create targets and add regression tests
* feat(cron): add default stagger controls for scheduled jobs
* fix(cron): retry next-second schedule compute on undefined
* docs(security): harden gateway security guidance
* feat(models): support anthropic sonnet 4.6
* fix: wire agents.defaults.imageModel into media understanding auto-discovery
resolveAutoEntries only checked a hardcoded list of providers
(openai, anthropic, google, minimax) when looking for an image model.
agents.defaults.imageModel was never consulted by the media understanding
pipeline — it was only wired into the explicit `image` tool.
Add resolveImageModelFromAgentDefaults that reads the imageModel config
(primary + fallbacks) and inserts it into the auto-discovery chain before
the hardcoded provider list. runProviderEntry already falls back to
describeImageWithModel (via pi-ai) for providers not in the media
understanding registry, so no additional provider registration is needed.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
(cherry picked from commit b381029ede#19508 )
* fix(gateway): avoid premature agent.wait completion on transient errors
* fix(agent): preemptively guard tool results against context overflow
* fix: harden tool-result context guard and add message_id metadata
* fix: use importOriginal in session-key mock to include DEFAULT_ACCOUNT_ID
The run.skill-filter test was mocking ../../routing/session-key.js with only
buildAgentMainSessionKey and normalizeAgentId, but the module also exports
DEFAULT_ACCOUNT_ID which is required transitively by src/web/auth-store.ts.
Switch to importOriginal pattern so all real exports are preserved alongside
the mocked functions.
* pi-runner: guard accumulated tool-result overflow in transformContext
* PI runner: compact overflowing tool-result context
* Subagent: harden tool-result context recovery
* Enhance tool-result context handling by adding support for legacy tool outputs and improving character estimation for message truncation. This includes a new function to create legacy tool results and updates to existing functions to better manage context overflow scenarios.
* Enhance iMessage handling by adding reply tag support in send functions and tests. This includes modifications to prepend or rewrite reply tags based on provided replyToId, ensuring proper message formatting for replies.
* Enhance message delivery across multiple channels by implementing sticky reply context for chunked messages. This includes preserving reply references in Discord, Telegram, and iMessage, ensuring that follow-up messages maintain their intended reply targets. Additionally, improve handling of reply tags in system prompts and tests to support consistent reply behavior.
* Enhance read tool functionality by implementing auto-paging across chunks when no explicit limit is provided, scaling output budget based on model context window. Additionally, add tests for adaptive reading behavior and capped continuation guidance for large outputs. Update related functions to support these features.
* Refine tool-result context management by stripping oversized read-tool details payloads during compaction, ensuring repeated read calls do not bypass context limits. Introduce new utility functions for handling truncation content and enhance character estimation for tool results. Add tests to validate the removal of excessive details in context overflow scenarios.
* Refine message delivery logic in Matrix and Telegram by introducing a flag to track if a text chunk was sent. This ensures that replies are only marked as delivered when a text chunk has been successfully sent, improving the accuracy of reply handling in both channels.
* fix: tighten reply threading coverage and prep fixes (#19508 ) (thanks @tyler6204)
* fix(hooks): backport internal message hook bridge with safe delivery semantics
* fix(subagent): update SUBAGENT_SPAWN_ACCEPTED_NOTE for clarity on auto-announcement behavior
* fix: follow-up slack streaming routing/tests (#9972 ) (thanks @natedenh)
* fix: reduce default image dimension from 2000px to 1200px
Large images (2000px) consume excessive context tokens when sent to LLMs.
1200px provides sufficient detail for most use cases while significantly
reducing token usage.
The 5MB byte limit remains unchanged as JPEG compression at 1200px
naturally produces smaller files.
(cherry picked from commit 40182123dd#19345 )
* test(whatsapp): add resolveWhatsAppOutboundTarget test suite
* style: auto-format files
* fix(test): correct mock order for invalid allowList entry test
* feat(skills): Add 'Use when / Don't use when' routing blocks (#14521 )
* feat(skills): add 'Use when / Don't use when' blocks to skill descriptions
Based on OpenAI's Shell + Skills + Compaction best practices article.
Key changes:
- Added clear routing logic to skill descriptions
- Added negative examples to prevent misfires
- Added templates/examples to github skill
- Included Blake's specific setup notes for openhue
Skills updated:
- apple-reminders: Clarify vs Clawdbot cron
- github: Clarify vs local git operations
- imsg: Clarify vs other messaging channels
- openhue: Add device inventory, room layout
- tmux: Clarify vs exec tool
- weather: Add location defaults, format codes
Reference: https://developers.openai.com/blog/skills-shell-tips
* fix(skills): restore metadata and generic CLI examples
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
* feat(agents): add generic provider api key rotation (#19587 )
* feat(skills): improve descriptions with routing logic (#14577 )
* feat(skills): improve descriptions with routing logic
Apply OpenAI's recommended pattern for skill descriptions:
- Add 'Use when' conditions for clear triggering
- Add 'NOT for' negative examples to reduce misfires
- Make descriptions act as routing logic, not marketing copy
Based on: https://developers.openai.com/blog/skills-shell-tips/
Skills updated:
- coding-agent: clarify when to delegate vs direct edit
- github: add boundaries vs browser/scripting
- weather: add scope limitations
Glean reported 20% drop in skill triggering without negative
examples, recovering after adding them. This change brings
Clawdbot skills in line with that pattern.
* docs(skills): clarify routing boundaries (openclaw#14577) (thanks @DylanWoodAkers)
* docs(changelog): add PR 14577 release note (openclaw#14577) (thanks @DylanWoodAkers)
---------
Co-authored-by: ClawdBotWolf <clawdbotwolf@proton.me >
Co-authored-by: Peter Steinberger <steipete@gmail.com >
* Add frontend-design skill
* feat(telegram): add forum topic creation support (#10427 )
Add `topic-create` action to the Telegram message adapter, enabling
programmatic creation of forum topics in supergroups.
Changes:
- Add `createForumTopicTelegram()` to `src/telegram/send.ts`
- Add `createForumTopic` handler in `telegram-actions.ts`
- Wire `topic-create` action in Telegram adapter
- Register `topic-create` in message action names and spec
The bot requires `can_manage_topics` permission in the target group.
Supports optional `iconColor` and `iconCustomEmojiId` parameters.
Closes #10427
* chore: fix formatting in frontend-design SKILL.md
* fix: add action gate check and config type for createForumTopic
Address review feedback:
- Add isActionEnabled() gate in telegram-actions.ts
- Add gate() check in telegram adapter listActions
- Add createForumTopic to TelegramActionConfig type
* fix(telegram): normalize topic-create targets and add regression tests
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com >
Co-authored-by: cpojer <christoph.pojer@gmail.com >
Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com >
Co-authored-by: Josh Avant <830519+joshavant@users.noreply.github.com >
Co-authored-by: Shadow <hi@shadowing.dev >
Co-authored-by: Hongwei Ma <Marvae@users.noreply.github.com >
Co-authored-by: Marvae <11957602+Marvae@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Co-authored-by: Ayaan Zaidi <zaidi@uplause.io >
Co-authored-by: Ayaan Zaidi <hi@obviy.us >
Co-authored-by: Sascha Reuter <s.reuter@geek-it.de >
Co-authored-by: sreuter <550246+sreuter@users.noreply.github.com >
Co-authored-by: Nimrod Gutman <nimrod.g@singular.net >
Co-authored-by: Vignesh <mailvgnsh@gmail.com >
Co-authored-by: Benjamin Jesuiter <bjesuiter@gmail.com >
Co-authored-by: Sam Padilla <35386211+theSamPadilla@users.noreply.github.com >
Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com >
Co-authored-by: Mariano <132747814+mbelinky@users.noreply.github.com >
Co-authored-by: Shakker <shakkerdroid@gmail.com >
Co-authored-by: Mariano Belinky <mbelinky@gmail.com >
Co-authored-by: Shadow <shadow@openclaw.ai >
Co-authored-by: Sk Akram <skcodewizard786@gmail.com >
Co-authored-by: akramcodez <179671552+akramcodez@users.noreply.github.com >
Co-authored-by: Onur <onur@textcortex.com >
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Co-authored-by: Pablo Nunez <pnunfe@gmail.com >
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com >
Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com >
Co-authored-by: Han Xiao <han.xiao@jina.ai >
Co-authored-by: Verite Igiraneza <69280208+VeriteIgiraneza@users.noreply.github.com >
Co-authored-by: Blakeshannon <blake@blakeshannon.com >
Co-authored-by: Peter Steinberger <peter@steipete.me >
Co-authored-by: DylanWoodAkers <dylan@lec.com >
Co-authored-by: ClawdBotWolf <clawdbotwolf@proton.me >
Co-authored-by: Claw <claw@openclaw.ai >
2026-02-18 01:38:44 +01:00
Peter Steinberger
f07bb8e8fc
fix(hooks): backport internal message hook bridge with safe delivery semantics
2026-02-18 00:35:41 +01:00
Tyler Yust
087dca8fa9
fix(subagent): harden read-tool overflow guards and sticky reply threading ( #19508 )
...
* fix(gateway): avoid premature agent.wait completion on transient errors
* fix(agent): preemptively guard tool results against context overflow
* fix: harden tool-result context guard and add message_id metadata
* fix: use importOriginal in session-key mock to include DEFAULT_ACCOUNT_ID
The run.skill-filter test was mocking ../../routing/session-key.js with only
buildAgentMainSessionKey and normalizeAgentId, but the module also exports
DEFAULT_ACCOUNT_ID which is required transitively by src/web/auth-store.ts.
Switch to importOriginal pattern so all real exports are preserved alongside
the mocked functions.
* pi-runner: guard accumulated tool-result overflow in transformContext
* PI runner: compact overflowing tool-result context
* Subagent: harden tool-result context recovery
* Enhance tool-result context handling by adding support for legacy tool outputs and improving character estimation for message truncation. This includes a new function to create legacy tool results and updates to existing functions to better manage context overflow scenarios.
* Enhance iMessage handling by adding reply tag support in send functions and tests. This includes modifications to prepend or rewrite reply tags based on provided replyToId, ensuring proper message formatting for replies.
* Enhance message delivery across multiple channels by implementing sticky reply context for chunked messages. This includes preserving reply references in Discord, Telegram, and iMessage, ensuring that follow-up messages maintain their intended reply targets. Additionally, improve handling of reply tags in system prompts and tests to support consistent reply behavior.
* Enhance read tool functionality by implementing auto-paging across chunks when no explicit limit is provided, scaling output budget based on model context window. Additionally, add tests for adaptive reading behavior and capped continuation guidance for large outputs. Update related functions to support these features.
* Refine tool-result context management by stripping oversized read-tool details payloads during compaction, ensuring repeated read calls do not bypass context limits. Introduce new utility functions for handling truncation content and enhance character estimation for tool results. Add tests to validate the removal of excessive details in context overflow scenarios.
* Refine message delivery logic in Matrix and Telegram by introducing a flag to track if a text chunk was sent. This ensures that replies are only marked as delivered when a text chunk has been successfully sent, improving the accuracy of reply handling in both channels.
* fix: tighten reply threading coverage and prep fixes (#19508 ) (thanks @tyler6204)
2026-02-17 15:32:52 -08:00
Sebastian
c0072be6a6
docs(cli): add components send example
2026-02-17 09:58:47 -05:00
Sebastian
cc359d338e
test: add fetch mock helper and reaction coverage
2026-02-17 09:02:39 -05:00
cpojer
73668bb963
chore: Fix broken test.
2026-02-17 15:54:17 +09:00
cpojer
49bd9f75f4
chore: Fix types in tests 33/N.
2026-02-17 15:50:07 +09:00
cpojer
6e5df1dc0f
chore: Fix types in tests 25/N.
2026-02-17 14:31:02 +09:00
cpojer
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
Sebastian
f7d2e15a2e
test: stabilize infra tests
2026-02-16 22:37:34 -05:00
Josh Avant
81741c37fd
fix(gateway): remove watch-mode build/start race ( #18782 )
2026-02-17 11:24:08 +09:00
cpojer
4b8f53979e
chore: Fix type errors from reverts.
2026-02-17 11:22:49 +09:00
cpojer
262b7a157a
chore: chore: Fix types in tests 12/N.
2026-02-17 11:22:49 +09:00
Sebastian
f924ab40d8
revert(tools): undo accidental merge of PR #18584
2026-02-16 21:13:48 -05:00
Peter Steinberger
9789dfd95b
fix(ui): correct usage range totals and muted styles
2026-02-17 03:04:00 +01:00
Sebastian
3518554e23
fix(heartbeat): bound responsePrefix strip for ack detection
2026-02-16 20:56:55 -05:00
Peter Steinberger
5115f6fdf3
style: normalize imports for oxfmt 0.33
2026-02-17 00:59:54 +00:00
Vignesh Natarajan
064a3079cb
Heartbeat: queue pending wakes per target
2026-02-17 01:54:59 +01:00
Vignesh Natarajan
f988abf202
Cron: route reminders by session namespace
2026-02-17 01:54:59 +01:00
Peter Steinberger
7649f9cba4
refactor(test): share heartbeat sandbox fixtures
2026-02-17 00:49:42 +00:00
Peter Steinberger
ed74f48bd5
refactor(status): share update channel display + one-liner
2026-02-17 00:32:34 +00:00
cpojer
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
Peter Steinberger
b9aed3a07c
refactor(infra): reuse device auth scope normalization
2026-02-17 00:11:02 +00:00
Peter Steinberger
12a947223b
fix(ci): restore main checks after bulk merges
2026-02-16 23:47:27 +00:00
Peter Steinberger
eaa2f7a7bf
fix(ci): restore main lint/typecheck after direct merges
2026-02-16 23:26:11 +00:00
Operative-001
e9f2e6a829
fix(heartbeat): prune transcript for HEARTBEAT_OK turns
...
When a heartbeat run results in HEARTBEAT_OK (or empty/duplicate), the user+assistant
turns are now pruned from the session transcript. This prevents context window
pollution from zero-information exchanges.
Implementation:
- captureTranscriptState(): records transcript file path and size before heartbeat
- pruneHeartbeatTranscript(): truncates file back to pre-heartbeat size
- Called in ok-empty, ok-token, and duplicate cases (same places as restoreHeartbeatUpdatedAt)
This extends the existing pattern where delivery is suppressed and updatedAt is restored
for HEARTBEAT_OK responses - now the transcript is also cleaned up.
Fixes #17804
2026-02-17 00:01:15 +01:00
Buddy (AI)
91903bac15
fix: include OPENCLAW_SERVICE_VERSION in system presence version detection
...
The gateway's system-presence.ts was not detecting the version when
OpenClaw is run as a launchd service, because the daemon-runtime.ts
sets OPENCLAW_SERVICE_VERSION but system-presence.ts only checked
OPENCLAW_VERSION and npm_package_version.
This caused 'openclaw status' to show 'unknown' for the version.
Issue: #18456
🤖 AI-assisted (lightly tested)
2026-02-16 23:56:10 +01:00
Peter Steinberger
230e1d9962
refactor(auth): share profile id dedupe helper
2026-02-16 22:55:59 +00:00
Rami Abdelrazzaq
0b8b95f2c9
fix(update): prevent gateway crash loop after failed self-update
...
The gateway unconditionally scheduled a SIGUSR1 restart after every
update.run call, even when the update itself failed (broken deps,
build errors, etc.). This left the process restarting into a broken
state — corrupted node_modules, partial builds — causing a crash loop
that required manual intervention.
Three fixes:
1. Only restart on success: scheduleGatewaySigusr1Restart is now
gated on result.status === "ok". Failed or skipped updates still
write the restart sentinel (so the status can be reported back to
the user) but the running gateway stays alive.
2. Early bail on step failure: deps install, build, and ui:build now
check exit codes immediately (matching the preflight section) so a
failed deps install no longer cascades into a broken build and
ui:build.
3. Auto-repair config during update: the doctor step now runs with
--fix alongside --non-interactive, so unknown config keys left over
from schema changes between versions are stripped automatically
instead of causing a startup validation crash.
2026-02-16 23:54:49 +01:00
Saurabh.Chopade
bb5ce3b02f
CLI: preserve message send components payload
2026-02-16 23:54:08 +01:00
康熙
153794080e
fix: support OAuth for Gemini media understanding
...
Extract parseGeminiAuth() to shared infra module and use it in both
embeddings-gemini.ts and inline-data.ts.
Previously, inline-data.ts directly set x-goog-api-key header without
handling OAuth JSON format. Now it properly supports both traditional
API keys and OAuth tokens.
2026-02-16 23:53:21 +01:00
Dinakar Sarbada
1953b938e3
test(heartbeat): update runner tests to match current implementation
2026-02-16 23:51:05 +01:00
smartprogrammer93
6d2e3685d6
feat(tools): add URL allowlist for web_search and web_fetch
...
Add optional urlAllowlist config at tools.web level that restricts which
URLs can be accessed by web tools:
- Config types (types.tools.ts): Add urlAllowlist?: string[] to tools.web
- Zod schema: Add urlAllowlist field to ToolsWebSchema
- Schema help: Add help text for the new config fields
- web_search: Filter Brave search results by allowlist (provider=brave)
- web_fetch: Block URLs not matching allowlist before fetching
- ssrf.ts: Export normalizeHostnameAllowlist and matchesHostnameAllowlist
URL matching supports:
- Exact domain match (example.com)
- Wildcard patterns (*.github.com)
When urlAllowlist is not configured, all URLs are allowed (backwards compatible).
Tests: Add web-tools.url-allowlist.test.ts with 23 tests covering:
- URL allowlist resolution from config
- Wildcard pattern matching
- web_fetch error response format
- Brave search result filtering
2026-02-16 23:50:18 +01:00
Jean Carlos Nunez
c08e8c0359
correct format
2026-02-16 23:49:58 +01:00
Jean Carlos Nunez
a0191426dc
clean code - delete message
2026-02-16 23:49:58 +01:00
Jean Carlos Nunez
f476c8b48b
Fix #12767 : Heartbeat strip responsePrefix before HEARTBEAT_OK suppression
2026-02-16 23:49:58 +01:00
Sk Akram
e5eb5b3e43
feat: add stuck loop detection and exponential backoff infrastructure for agent polling ( #17118 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: eebabf679b179671552+akramcodez@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-16 15:16:35 -05:00
Vignesh Natarajan
1f99d82712
test (heartbeat): relax brittle reply option assertions
2026-02-16 11:57:32 -08:00
