Shadow
6593a57607
fix: improve discord chunk delivery ( #33226 ) (thanks @thewilloftheshadow) ( #33226 )
2026-03-03 10:17:33 -06:00
Mylszd
d89e1e40f9
docs(loop-detection): fix config keys to match schema ( #33182 )
...
Merged via squash.
Prepared head SHA: 612ecc00d323611557+Mylszd@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-03-03 11:02:30 -05:00
Shadow
ca307c3fdf
fix: harden Discord channel resolution ( #33142 ) (thanks @thewilloftheshadow) ( #33142 )
2026-03-03 09:31:26 -06:00
Shadow
4abf398a17
fix: Discord acp inline actions + bound-thread filter ( #33136 ) (thanks @thewilloftheshadow) ( #33136 )
2026-03-03 09:30:21 -06:00
Josh Avant
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-03-03 02:58:20 +00:00
Peter Steinberger
4d04e1a41f
fix(test): harden discord lifecycle status sink typing
2026-03-03 01:15:16 +00:00
Mitch McAlister
17b40c4a59
fix: guard isConnected check against already-aborted signal
...
When abortSignal is already aborted at lifecycle start, onAbort() fires
synchronously and pushes connected: false. Without a lifecycleStopping
guard, the subsequent gateway.isConnected check could push a spurious
connected: true, contradicting the shutdown.
Adds !lifecycleStopping to the isConnected guard and a test verifying
no connected: true is emitted when the signal is pre-aborted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-03 01:10:56 +00:00
Mitch McAlister
d9119f0791
fix(discord): push connected status when gateway is already connected at lifecycle start
...
When the Discord gateway completes its READY handshake before
`runDiscordGatewayLifecycle` registers its debug event listener, the
initial "WebSocket connection opened" event is missed. This leaves
`connected` as undefined in the channel runtime, causing the health
monitor to treat the channel as "stuck" and restart it every check
cycle.
Check `gateway.isConnected` immediately after registering the debug
listener and push the initial connected status if the gateway is
already connected.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-03 01:10:56 +00:00
Peter Steinberger
ef920f2f39
refactor(channels): dedupe monitor message test flows
2026-03-03 01:06:00 +00:00
Peter Steinberger
47083460ea
refactor: unify inbound debounce policy and split gateway/models helpers
2026-03-03 00:54:33 +00:00
Peter Steinberger
d76ddd61ec
fix(discord): add missing accountId to reaction routing params
2026-03-03 00:29:20 +00:00
Peter Steinberger
d7dda4dd1a
refactor: dedupe channel outbound and monitor tests
2026-03-03 00:15:15 +00:00
Peter Steinberger
b8b8a5f314
fix(security): enforce explicit ingress owner context
2026-03-02 23:50:36 +00:00
Peter Steinberger
7eda632324
refactor: split slack/discord/session maintenance helpers
2026-03-02 23:07:20 +00:00
Peter Steinberger
0b5d8e5b47
fix: harden discord audio preflight mention detection ( #32136 ) (thanks @jnMetaCode)
2026-03-02 22:45:41 +00:00
jiangnan
b9b47f5002
fix(discord): use correct content_type property for audio attachment detection
...
The preflight audio transcription detection used camelCase `contentType`
but Discord's APIAttachment type uses snake_case `content_type`. This
caused `hasAudioAttachment` to always be false, preventing voice message
transcription from triggering in guild channels where mention detection
requires audio preflight.
Fixes #30034
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-02 22:45:41 +00:00
ademczuk
0743463b88
fix(webchat): suppress NO_REPLY token in chat transcript rendering ( #32183 )
...
* fix(types): resolve pre-existing TS errors in agent-components and pairing-store
- agent-components.ts: normalizeDiscordAllowList returns {allowAll, ids, names},
not an array — use ids.values().next().value instead of [0] indexing
- pairing-store.ts: add non-null assertions for stat after cache-miss guard
(resolveAllowFromReadCacheOrMissing returns early when stat is null)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
* fix(webchat): suppress NO_REPLY token in chat transcript rendering
Filter assistant NO_REPLY-only entries from chat.history responses at
the gateway API boundary and add client-side defense-in-depth guards in
the UI chat controller so internal silent tokens never render as visible
chat bubbles.
Two-layer fix:
1. Gateway: extractAssistantTextForSilentCheck + isSilentReplyText
filter in sanitizeChatHistoryMessages (entry.text takes precedence
over entry.content to avoid dropping messages with real text)
2. UI: isAssistantSilentReply + isSilentReplyStream guards on all 5
message insertion points in handleChatEvent and loadChatHistory
Fixes #32015
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
* fix(webchat): align isAssistantSilentReply text/content precedence with gateway
* webchat: tighten NO_REPLY transcript and delta filtering
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-03-02 16:39:08 -06:00
Peter Steinberger
f7c658efb9
fix(core): resolve post-rebase type errors
2026-03-02 21:39:43 +00:00
Peter Steinberger
5f0cbd0edc
refactor(gateway): dedupe auth and discord monitor suites
2026-03-02 21:31:36 +00:00
Peter Steinberger
b782ecb7eb
refactor: harden plugin install flow and main DM route pinning
2026-03-02 21:22:38 +00:00
Peter Steinberger
3a08e69a05
refactor: unify queueing and normalize telegram slack flows
2026-03-02 20:55:15 +00:00
SidQin-cyber
479095bcfb
fix(discord): use per-channel message queues to restore parallel agent dispatch
...
Replace the single per-account messageQueue Promise chain in
DiscordMessageListener with per-channel queues. This restores parallel
processing for channel-bound agents that regressed in 2026.3.1.
Messages within the same channel remain serialized to preserve ordering,
while messages to different channels now proceed independently. Completed
queue entries are cleaned up to prevent memory accumulation.
Closes #31530
2026-03-02 20:34:41 +00:00
Peter Steinberger
9d30159fcd
refactor: dedupe channel and gateway surfaces
2026-03-02 19:57:33 +00:00
Peter Steinberger
031bf0c6c0
refactor(security): split safe-regex parse and bounded matching
2026-03-02 16:47:00 +00:00
Peter Steinberger
b1592457fa
perf(security): bound regex input in filters and redaction
2026-03-02 16:37:45 +00:00
Peter Steinberger
6b78544f82
refactor(commands): unify repeated ACP and routing flows
2026-03-02 05:20:19 +00:00
Peter Steinberger
8b05e4091c
fix(discord): prefer names in allowlist resolution logs
2026-03-02 04:31:10 +00:00
Peter Steinberger
619dfa88cb
fix(discord): enrich allowlist resolution logs
2026-03-02 04:19:37 +00:00
SidQin-cyber
6210d2e238
fix(discord): prevent wildcard component registration collisions
...
Assign distinct sentinel registration ids to Discord wildcard handlers while preserving wildcard parser keys, so select/menu/modal handlers no longer get dropped on runtimes that dedupe by raw customId.
2026-03-02 03:08:32 +00:00
Peter Steinberger
c869ca4bbf
fix: harden discord agent cid parsing ( #29013 ) (thanks @Jacky1n7)
2026-03-02 03:07:48 +00:00
李肖然
c14c17403e
style: oxfmt for agent-components
2026-03-02 03:07:48 +00:00
李肖然
e95f96f77a
fix(discord): guard cid decode to avoid URIError
2026-03-02 03:07:48 +00:00
李肖然
9aba8422ca
fix(discord): accept cid in agent component interactions
2026-03-02 03:07:48 +00:00
Peter Steinberger
25b731c34a
fix: harden discord media fallback regressions ( #28906 ) (thanks @Sid-Qin)
2026-03-02 03:05:12 +00:00
SidQin-cyber
0a67033fe3
fix(discord): keep attachment metadata when media fetch is blocked
...
Preserve inbound attachment/sticker metadata in Discord message context when media download fails (for example due to SSRF blocking), so agents still see file references instead of silent drops.
Closes #28816
2026-03-02 03:05:12 +00:00
Glucksberg
a25a73e707
discord: expose EventQueue listenerTimeout as configurable option ( fixes #24458 )
2026-03-02 02:06:24 +00:00
Ash (Bug Lab)
5b64b96c6c
fix(discord): add ackReactionScope channel override + off/none values ( #28268 )
2026-03-02 02:04:39 +00:00
haosenwang1018
60330e011b
fix(discord): log ignored messages from non-allowlisted channels
...
Closes #30676
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-02 02:03:44 +00:00
Peter Steinberger
e7cd4bf1bd
refactor(web): split trusted and strict web tool fetch paths
2026-03-02 01:14:06 +00:00
Peter Steinberger
a95c8077e8
test(discord): type gateway stop mock params
2026-03-02 01:10:03 +00:00
Peter Steinberger
c80f34f0e0
test(discord): type gateway stop mock params
2026-03-02 00:49:27 +00:00
Shakker
4274374297
Tests: type Discord gateway lifecycle wait mock
2026-03-02 00:44:34 +00:00
Peter Steinberger
0c0f556927
fix(discord): unify reconnect watchdog and land #31025/#30530
...
Landed follow-up intent from contributor PR #31025 (@theotarr) and PR #30530 (@liuxiaopai-ai).
Co-authored-by: theotarr <theotarr@users.noreply.github.com >
Co-authored-by: liuxiaopai-ai <liuxiaopai-ai@users.noreply.github.com >
2026-03-02 00:24:15 +00:00
Peter Steinberger
a62d55b283
test(discord): cover DM command decision flow
2026-03-02 00:00:05 +00:00
Peter Steinberger
75596e9370
refactor(discord): unify DM command auth handling
2026-03-02 00:00:05 +00:00
Peter Steinberger
881ac62005
test(discord): stabilize model picker timeout assertions
2026-03-01 23:53:07 +00:00
Peter Steinberger
50e2674dfc
fix(discord): unify dm command auth gating
2026-03-01 23:50:24 +00:00
Peter Steinberger
5056b6438d
fix(discord): harden reconnect recovery and preserve message delivery
...
Landed from contributor PR #29508 by @cgdusek.
Co-authored-by: Charles Dusek <cgdusek@gmail.com >
2026-03-01 23:46:07 +00:00
Sid
39a45121d9
fix(discord,slack): add SSRF policy for media downloads in proxy environments ( #25475 )
...
* fix(discord,slack): add SSRF policy for media downloads in proxy environments
Discord and Slack media downloads (attachments, stickers, forwarded
images) call fetchRemoteMedia without any ssrfPolicy. When running
behind a local transparent proxy (Clash, mihomo, Shadowrocket) in
fake-ip mode, DNS returns virtual IPs in the 198.18.0.0/15 range,
which the SSRF guard blocks.
Add per-channel SSRF policy constants—matching the pattern already
applied to Telegram on main—that allowlist known CDN hostnames and
set allowRfc2544BenchmarkRange: true.
Refs #25355 , #25322
Co-authored-by: Cursor <cursoragent@cursor.com >
* chore(slack): keep raw-fetch allowlist line anchors stable
---------
Co-authored-by: Cursor <cursoragent@cursor.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-03-01 11:30:10 -06:00
Onur Solmaz
a7929abad8
Discord: thread bindings idle + max-age lifecycle ( #27845 ) (thanks @osolmaz)
...
* refactor discord thread bindings to idle and max-age lifecycle
* fix: migrate legacy thread binding expiry and reduce hot-path disk writes
* refactor: remove remaining thread-binding ttl legacy paths
* fix: harden thread-binding lifecycle persistence
* Discord: fix thread binding types in message/reply paths
* Infra: handle win32 unknown inode in file identity checks
* Infra: relax win32 guarded-open identity checks
* Config: migrate threadBindings ttlHours to idleHours
* Revert "Infra: relax win32 guarded-open identity checks"
This reverts commit de9412677196fc5ddfb3#27845 ) (thanks @osolmaz)
---------
Co-authored-by: Onur Solmaz <onur@textcortex.com >
2026-02-27 10:02:39 +01:00
