Tak Hoffman
87876a3e36
Fix env proxy bootstrap for model traffic ( #43248 )
...
* Fix env proxy bootstrap for model traffic
* Address proxy dispatcher review followups
* Fix proxy env precedence for empty lowercase vars
2026-03-11 10:21:35 -05:00
Peter Steinberger
a0d5462571
fix(security): pin staged writes and fs mutations
2026-03-11 02:38:00 +00:00
Peter Steinberger
68c674d37c
refactor(security): simplify system.run approval model
2026-03-11 01:43:06 +00:00
Peter Steinberger
7289c19f1a
fix(security): bind system.run approvals to exact argv text
2026-03-11 01:25:31 +00:00
Gustavo Madeira Santana
3ba6491659
Infra: extract backup and plugin path helpers
2026-03-10 20:16:35 -04:00
Josh Avant
36d2ae2a22
SecretRef: harden custom/provider secret persistence and reuse ( #42554 )
...
* Models: gate custom provider keys by usable secret semantics
* Config: project runtime writes onto source snapshot
* Models: prevent stale apiKey preservation for marker-managed providers
* Runner: strip SecretRef marker headers from resolved models
* Secrets: scan active agent models.json path in audit
* Config: guard runtime-source projection for unrelated configs
* Extensions: fix onboarding type errors in CI
* Tests: align setup helper account-enabled expectation
* Secrets audit: harden models.json file reads
* fix: harden SecretRef custom/provider secret persistence (#42554 ) (thanks @joshavant)
2026-03-10 23:55:10 +00:00
Peter Steinberger
20237358d9
refactor: clarify archive staging intent
2026-03-10 23:54:12 +00:00
Peter Steinberger
9c64508822
refactor: rename tar archive preflight checker
2026-03-10 23:52:51 +00:00
Peter Steinberger
6565ae1857
refactor: extract archive staging helpers
2026-03-10 23:52:31 +00:00
Peter Steinberger
658cf4bd94
fix: harden archive extraction destinations
2026-03-10 23:49:35 +00:00
Peter Steinberger
201420a7ee
fix: harden secret-file readers
2026-03-10 23:40:10 +00:00
David Guttman
9f5dee32f6
fix(acp): implicit streamToParent for mode=run without thread ( #42404 )
...
* fix(acp): implicit streamToParent for mode=run without thread
When spawning ACP sessions with mode=run and no thread binding,
automatically route output to parent session instead of Discord.
This enables agent-to-agent supervision patterns where the spawning
agent wants results returned programmatically, not posted as chat.
The change makes sessions_spawn with runtime=acp and thread=false
behave like direct acpx invocation - output goes to the spawning
session, not to Discord.
Fixes the issue where mode=run without thread still posted to Discord
because hasDeliveryTarget was true when called from a Discord context.
* fix: use resolved spawnMode instead of params.mode
Move implicit streamToParent check to after resolveSpawnMode so that
both explicit mode="run" and omitted mode (which defaults to "run"
when thread is false) correctly trigger parent routing.
This fixes the issue where callers that rely on default mode selection
would not get the intended parent streaming behavior.
* fix: tighten implicit ACP parent relay gating (#42404 ) (thanks @davidguttman)
---------
Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com >
2026-03-10 21:42:15 +01:00
Josh Avant
0687e04760
fix: thread runtime config through Discord/Telegram sends ( #42352 ) (thanks @joshavant) ( #42352 )
2026-03-10 13:30:57 -05:00
Teconomix
6d0547dc2e
mattermost: fix DM media upload for unprefixed user IDs ( #29925 )
...
Merged via squash.
Prepared head SHA: 5cffcb072c6959299+teconomix@users.noreply.github.com >
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com >
Reviewed-by: @mukhtharcm
2026-03-10 14:22:24 +05:30
Eugene
45b74fb56c
fix(telegram): move network fallback to resolver-scoped dispatchers ( #40740 )
...
Merged via squash.
Prepared head SHA: a4456d48b44436535+sircrumpet@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-03-10 11:28:51 +05:30
Frank Yang
96e4975922
fix: protect bootstrap files during memory flush ( #38574 )
...
Merged via squash.
Prepared head SHA: a0b9a02e2e4488090+frankekn@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-10 12:44:33 +08:00
Harold Hunt
de49a8b72c
Telegram: exec approvals for OpenCode/Codex ( #37233 )
...
Merged via squash.
Prepared head SHA: f2433790945617868+huntharo@users.noreply.github.com >
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com >
Reviewed-by: @huntharo
2026-03-09 23:04:35 -04:00
Vincent Koc
b48291e01e
Exec: mark child command env with OPENCLAW_CLI ( #41411 )
2026-03-09 19:14:08 -04:00
Charles Dusek
54be30ef89
fix(agents): bound compaction retry wait and drain embedded runs on restart ( #40324 )
...
Merged via squash.
Prepared head SHA: cfd99562d638732970+cgdusek@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-03-09 08:27:29 -07:00
Peter Steinberger
f9706fde6a
build: bump unreleased version to 2026.3.9
2026-03-09 08:33:58 +00:00
Peter Steinberger
66c581c64c
fix: normalize windows runtime shim executables
2026-03-09 07:01:42 +00:00
Peter Steinberger
17599a8ea2
refactor: flatten supervisor marker hints
2026-03-09 06:19:30 +00:00
dimatu
cf796e2a22
fix(gateway): detect launchd supervision via XPC_SERVICE_NAME
...
On macOS, launchd sets XPC_SERVICE_NAME on managed processes but does
not set LAUNCH_JOB_LABEL or LAUNCH_JOB_NAME. Without checking
XPC_SERVICE_NAME, isLikelySupervisedProcess() returns false for
launchd-managed gateways, causing restartGatewayProcessWithFreshPid()
to fork a detached child instead of returning "supervised". The
detached child holds the gateway lock while launchd simultaneously
respawns the original process (KeepAlive=true), leading to an infinite
lock-timeout / restart loop.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 05:57:35 +00:00
Radek Sienkiewicz
4f42c03a49
gateway: fix global Control UI 404s for symlinked wrappers and bundled package roots ( #40385 )
...
Merged via squash.
Prepared head SHA: 567b3ed684126378+velvet-shark@users.noreply.github.com >
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com >
Reviewed-by: @velvet-shark
2026-03-09 01:50:42 +01:00
Peter Steinberger
32a6eae576
refactor: share gateway argv parsing
2026-03-08 23:38:24 +00:00
Peter Steinberger
0692f71c6f
fix: wait for extension relay tab reconnects ( #32461 ) (thanks @AaronWander)
2026-03-08 19:11:58 +00:00
Peter Steinberger
3ada30e670
fix: restore gate after rebase
2026-03-08 18:40:15 +00:00
Peter Steinberger
dd7470730d
test: isolate git commit resolution fallbacks
2026-03-08 18:40:14 +00:00
Vincent Koc
d23d36a2f9
Tests: lower entropy git commit fixtures
2026-03-08 11:16:03 -07:00
yuweuii
6c9b49a10b
fix(sessions): clear stale contextTokens on model switch ( #38044 )
...
Merged via squash.
Prepared head SHA: bac2df4b7f82372187+yuweuii@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-03-08 10:59:16 -07:00
Altay
ca5e352c53
CLI: include commit hash in --version output ( #39712 )
...
* CLI: include commit hash in --version output
* fix(version): harden commit SHA resolution and keep output consistent
* CLI: keep install checks compatible with commit-tagged version output
* fix(cli): include commit hash in root version fast path
* test(cli): allow null commit-hash mocks
* Installer: share version parser across install scripts
* Installer: avoid sourcing helpers from stdin cwd
* CLI: note commit-tagged version output
* CLI: anchor commit hash resolution to module root
* CLI: harden commit hash resolution
* CLI: fix commit hash lookup edge cases
* CLI: prefer live git metadata in dev builds
* CLI: keep git lookup inside package root
* Infra: tolerate invalid moduleUrl hints
* CLI: cache baked commit metadata fallbacks
* CLI: align changelog attribution with prep gate
* CLI: restore changelog contributor credit
---------
Co-authored-by: echoVic <echovic@163.com >
Co-authored-by: echoVic <echoVic@users.noreply.github.com >
2026-03-08 19:10:48 +03:00
daymade
f930fcbd3f
Add regression test and CHANGELOG entry
...
- Add test ensuring launchd path never returns "failed" status
- Add CHANGELOG.md entry documenting the fix with issue/PR references
- Reference ThrottleInterval evolution (#27650 → #29078 → current 1s)
2026-03-08 13:42:50 +00:00
daymade
03aea082d0
chore: condense inline comments per code review
...
Remove redundant rationale from test body (test names already convey it)
and trim the production comment to what/consequence/link (mechanism
details live in #39760 ).
2026-03-08 13:42:50 +00:00
daymade
5f45e76d61
fix(darwin): remove self-kickstart from launchd gateway restart; rely on KeepAlive
...
When the gateway needs a config-triggered restart under launchd, calling
`launchctl kickstart -k` from within the service itself races with
launchd's async bootout state machine:
1. `kickstart -k` initiates a launchd bootout → SIGTERM to self
2. Gateway ignores SIGTERM during shutdown → process doesn't exit
3. 2s `spawnSync` timeout kills the launchctl child, but launchd
continues the bootout asynchronously
4. Fallback `launchctl bootstrap` fails with EIO (service mid-bootout)
5. In-process restart runs on the same PID that launchd will SIGKILL
6. LaunchAgent is permanently unloaded — no auto-restart
Fix: on darwin/launchd, skip `triggerOpenClawRestart()` entirely.
The caller already calls `exitProcess(0)` for supervised mode, and
`KeepAlive=true` (always set in the plist template) restarts the
service within ~1 second.
The schtasks (Windows) path is unchanged — Windows doesn't have an
equivalent KeepAlive mechanism.
2026-03-08 13:42:50 +00:00
Peter Steinberger
2646739d23
refactor: centralize strict numeric parsing
2026-03-08 03:02:25 +00:00
Peter Steinberger
44e7c1142e
refactor(doctor): model legacy file copies as plans
2026-03-08 02:16:03 +00:00
Peter Steinberger
01cff3a7a6
refactor(pairing): share allowFrom path resolution
2026-03-08 02:16:03 +00:00
Peter Steinberger
189cd99377
refactor(discord): require explicit outbound target hints
2026-03-08 01:15:29 +00:00
Peter Steinberger
3987ca4099
refactor(retry): simplify telegram shouldRetry composition
2026-03-08 01:14:16 +00:00
Peter Steinberger
eb09d8dd71
fix(telegram): land #34238 from @hal-crackbot
...
Landed from contributor PR #34238 by @hal-crackbot.
Co-authored-by: Hal Crackbot <hal@crackbot.dev >
2026-03-08 00:56:58 +00:00
Vincent Koc
a56841b98c
Daemon: harden WSL2 systemctl install checks ( #39294 )
...
* Daemon: harden WSL2 systemctl install checks
* Changelog: note WSL2 daemon install hardening
* Daemon: tighten systemctl failure classification
2026-03-07 16:43:19 -08:00
Peter Steinberger
9d2b292998
fix(exec-approvals): honor allow-always for bash script invocations
...
Landed from contributor PR #35137 by @yuweuii.
Co-authored-by: yuweuii <82372187+yuweuii@users.noreply.github.com >
2026-03-08 00:39:54 +00:00
Peter Steinberger
8a469a12b2
test(exec): dedupe wrapper boundary regressions
2026-03-08 00:12:08 +00:00
Peter Steinberger
5f50823abf
refactor(exec): share wrapper depth classification
2026-03-08 00:12:08 +00:00
Peter Steinberger
2fc95a7cfc
fix(exec): close dispatch-wrapper boundary drift
2026-03-07 23:40:38 +00:00
Peter Steinberger
939b18475d
fix(exec): honor shell comments in allow-always analysis
2026-03-07 23:31:25 +00:00
Peter Steinberger
c5bd84309a
refactor: share allowFrom stringification helpers
2026-03-07 23:27:51 +00:00
Peter Steinberger
1d1757b16f
fix(exec): recognize PowerShell encoded commands
2026-03-07 23:15:46 +00:00
Peter Steinberger
5b27b0cecf
refactor(outbound,agents): extract shared payload and queue helpers
2026-03-07 23:07:16 +00:00
Peter Steinberger
7ab49a7fb7
test(regression): cover recent landed fix paths
2026-03-07 23:07:16 +00:00
