github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 15:04:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,859 Commits 702 Branches 79 Tags
5f90883ad378920249160fe2d9c610c362be765c
Commit Graph

4606 Commits

Author SHA1 Message Date
Peter Steinberger
aa17bdbe4a docs(changelog): reorder all unreleased entries by user impact 2026-02-26 16:05:47 +01:00
Peter Steinberger
45b5c23825 docs(changelog): reorder unreleased changes by user interest 2026-02-26 16:03:29 +01:00
Peter Steinberger
0f9c602591 docs(changelog): highlight external secrets management (#26155) 2026-02-26 16:01:23 +01:00
Peter Steinberger
47fc6a0806 fix: stabilize secrets land + docs note (#26155) (thanks @joshavant) 2026-02-26 14:47:22 +00:00
Peter Steinberger
79659b2b14 fix(browser): land PR #11880 decodeURIComponent guardrails 
Guard malformed percent-encoding in relay target routes and browser dispatcher params, add regression tests, and update changelog.
Landed from contributor @Yida-Dev (PR #11880).

Co-authored-by: Yida-Dev <reyifeijun@gmail.com>
 2026-02-26 14:37:48 +00:00
Ayaan Zaidi
22b0f36350 fix: add changelog entry for telegram webhook updates (#25732) (thanks @huntharo) 2026-02-26 20:01:50 +05:30
Peter Steinberger
5416cabdf8 fix(browser): land PR #21277 dedupe concurrent relay init 
Add shared per-port relay initialization dedupe so concurrent callers await a single startup lifecycle, with regression coverage and changelog entry.
Landed from contributor @HOYALIM (PR #21277).

Co-authored-by: Ho Lim <subhoya@gmail.com>
 2026-02-26 14:30:46 +00:00
Peter Steinberger
65d5a91242 fix(browser): land PR #22571 with safe extension handshake handling 
Bind relay WS message handling before onopen and add non-blocking connect.challenge response support without forcing handshake waits on current relay protocol.
Landed from contributor @pandego (PR #22571).

Co-authored-by: pandego <7780875+pandego@users.noreply.github.com>
 2026-02-26 14:26:14 +00:00
Peter Steinberger
ce833cd6de fix(browser): land PR #24142 flush relay pending timers on stop 
Flush pending extension request timers/rejections during relay shutdown and document in changelog.
Landed from contributor @kevinWangSheng (PR #24142).

Co-authored-by: Shawn <118158941+kevinWangSheng@users.noreply.github.com>
 2026-02-26 14:20:43 +00:00
Peter Steinberger
42cf32c386 fix(browser): land PR #26015 query-token auth for /json relay routes 
Align relay HTTP /json auth with websocket auth by accepting query-param tokens, add regression coverage, and update changelog.
Landed from contributor @Sid-Qin (PR #26015).

Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
 2026-02-26 14:17:41 +00:00
Peter Steinberger
4c75eca580 fix(browser): land PR #23962 extension relay CORS fix 
Reworks browser relay CORS handling for extension-origin preflight and JSON responses, adds regression tests, and updates changelog.
Landed from contributor @miloudbelarebia (PR #23962).

Co-authored-by: Miloud Belarebia <miloudbelarebia@users.noreply.github.com>
 2026-02-26 14:14:30 +00:00
Peter Steinberger
96aad965ab fix: land NO_REPLY announce suppression and auth scope assertions 
Landed follow-up for #27535 and aligned shared-auth gateway expectations after #27498.

Co-authored-by: kevinWangSheng <118158941+kevinWangSheng@users.noreply.github.com>
 2026-02-26 13:40:58 +00:00
Peter Steinberger
4b259ab81b fix(models): normalize trailing @profile parsing across resolver paths 
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Marcus Castro <mcaxtr@gmail.com>
Co-authored-by: Brandon Wise <brandonawise@gmail.com>
 2026-02-26 14:34:15 +01:00
Peter Steinberger
00e8e88a7c docs(changelog): note auth-profile alias normalization (#26950) (thanks @byungsker) 2026-02-26 13:32:05 +00:00
Nimrod Gutman
85b075d0cc fix: record ios talk voice directive hint removal (#27543) (thanks @ngutman) 2026-02-26 15:19:07 +02:00
Peter Steinberger
473a27470f fix(auto-reply): gate inline directives on resolved auth (#27248) 
Landed from contributor PR #27248 by @kevinWangSheng.

Co-authored-by: shenghui kevin <shenghuikevin@shenghuideMac-mini.local>
 2026-02-26 13:11:39 +00:00
Peter Steinberger
7d8aeaaf06 fix(gateway): pin paired reconnect metadata for node policy 2026-02-26 14:11:04 +01:00
Peter Steinberger
c397a02c9a fix(queue): harden drain/abort/timeout race handling 
- reject new lane enqueues once gateway drain begins
- always reset lane draining state and isolate onWait callback failures
- persist per-session abort cutoff and skip stale queued messages
- avoid false 600s agentTurn timeout in isolated cron jobs

Fixes #27407
Fixes #27332
Fixes #27427

Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>
Co-authored-by: zjmy <zhangjunmengyang@gmail.com>
Co-authored-by: suko <miha.sukic@gmail.com>
 2026-02-26 13:43:39 +01:00
Peter Steinberger
1aef45bc06 fix: harden boundary-path canonical alias handling 2026-02-26 13:43:29 +01:00
Peter Steinberger
2ca2d5ab1c docs: add changelog note for sandbox alias fix 2026-02-26 13:30:45 +01:00
Peter Steinberger
8b5ebff67b fix(cron): prevent isolated hook session-key double-prefixing (land #27333, @MaheshBhushan) 
Co-authored-by: MaheshBhushan <mkoduri73@gmail.com>
 2026-02-26 12:29:10 +00:00
Peter Steinberger
5df9aacf68 fix(podman): default run-openclaw-podman bind to loopback (land #27491, thanks @robbyczgw-cla) 
Co-authored-by: robbyczgw-cla <robbyczgw@gmail.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
a288f3066f fix(gateway): warn on non-loopback bind at startup (land #25397, thanks @let5sne) 
Co-authored-by: let5sne <let5sne@users.noreply.github.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
327f0526d1 fix(gateway): use loopback for CLI status probe when bind=lan (land #26997, thanks @chikko80) 
Co-authored-by: Manuel Seitz <seitzmanuel0@gmail.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
da53015ef5 fix(onboard): seed Control UI origins for non-loopback binds (land #26157, thanks @stakeswky) 
Co-authored-by: 不做了睡大觉 <stakeswky@users.noreply.github.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
cf4853e2b8 fix: avoid duplicate feishu permission-error dispatch replies (#27381) (thanks @byungsker) 2026-02-26 12:03:41 +00:00
Peter Steinberger
d671d7a0a2 fix: preserve feishu message_id in agent-visible body (#27253) (thanks @xss925175263) 2026-02-26 12:02:00 +00:00
Peter Steinberger
39b5ffdaa6 fix: route feishu doc tools by agent account context (#27338) (thanks @AaronL725) 2026-02-26 12:00:45 +00:00
Peter Steinberger
8bdda7a651 fix(security): keep DM pairing allowlists out of group auth 2026-02-26 12:58:18 +01:00
Peter Steinberger
0ed675b1df fix(security): harden canonical auth matching for plugin channel routes 2026-02-26 12:55:33 +01:00
Peter Steinberger
0231cac957 feat(typing): add TTL safety-net for stuck indicators (land #27428, thanks @Crpdim) 
Co-authored-by: Crpdim <crpdim@users.noreply.github.com>
 2026-02-26 11:48:50 +00:00
Peter Steinberger
3d30ba18a2 fix(slack): gate member and message subtype system events 2026-02-26 12:48:20 +01:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger
b096ad267e fix(telegram): add sendChatAction 401 backoff guard (land #27415, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-26 11:45:57 +00:00
Peter Steinberger
8bf1c9a23a fix(typing): stop keepalive restarts after run completion (land #27413, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-26 11:42:38 +00:00
Peter Steinberger
199ef9f8ea fix(typing): add main-run dispatch idle safety net (land #27250, thanks @Sid-Qin) 
Co-authored-by: Sid Qin <s3734389@gmail.com>
 2026-02-26 11:36:08 +00:00
Peter Steinberger
46003e85bf fix: unify web tool proxy path (#27430) (thanks @kevinWangSheng) 2026-02-26 11:32:43 +00:00
Peter Steinberger
9925ac6a2d fix(config): harden include file loading path checks 2026-02-26 12:23:31 +01:00
Peter Steinberger
caace61ba1 chore: bump versions to 2026.2.26 2026-02-26 12:11:02 +01:00
Ayaan Zaidi
4f869b2b76 docs(changelog): thank @emanuelst for telegram preview fix (#27449) 2026-02-26 16:24:31 +05:30
Ayaan Zaidi
97fa44dc82 fix: changelog for NO_REPLY streaming fix (#19576) (thanks @aldoeliacim) 2026-02-26 16:04:48 +05:30
Onur Solmaz
a7d56e3554 feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
Gustavo Madeira Santana
a9d9a968ed chore(changelog): move post release entries to unreleased section 2026-02-26 04:59:54 -05:00
Gustavo Madeira Santana
a690b62391 Doctor: ignore slash sessions in transcript integrity check 
Merged via deterministic merge flow.

Prepared head SHA: e5cee7a2ec

Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
 2026-02-26 04:35:08 -05:00
Ayaan Zaidi
0e3ed28950 fix: changelog for telegram group inline callbacks (#27343) (thanks @GodsBoy) 2026-02-26 14:43:11 +05:30
Gustavo Madeira Santana
dfa0b5b4fc Channels: move single-account config into accounts.default (#27334) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 50b5771808
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-26 04:06:03 -05:00
Ayaan Zaidi
da6a96ed33 fix: update changelog for notifications list land (#27344) (thanks @obviyus) 2026-02-26 14:33:14 +05:30
Sid
c289b5ff9f fix(config): preserve agent-level apiKey/baseUrl during models.json merge (#27293) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6b4b37b03d
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-26 03:46:36 -05:00
Gustavo Madeira Santana
4ebefe647a fix(daemon): keep launchd KeepAlive while preserving restart hardening 2026-02-26 02:52:00 -05:00
Frank Yang
b975711429 fix(daemon): stabilize LaunchAgent restart and proxy env passthrough (#27276) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b08797a995
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-26 02:40:48 -05:00