github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 05:47:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,239 Commits 702 Branches 79 Tags
e4d80ed5566c028f7cd82205177f3f3e3e934679
Commit Graph

63 Commits

Author SHA1 Message Date
Vincent Koc
e4d80ed556 CI: restore main detect-secrets scan (#38438) 
* Tests: stabilize detect-secrets fixtures

* Tests: fix rebased detect-secrets false positives

* Docs: keep snippets valid under detect-secrets

* Tests: finalize detect-secrets false-positive fixes

* Tests: reduce detect-secrets false positives

* Tests: keep detect-secrets pragmas inline

* Tests: remediate next detect-secrets batch

* Tests: tighten detect-secrets allowlists

* Tests: stabilize detect-secrets formatter drift
 2026-03-07 10:06:35 -08:00
Vincent Koc
bf623a580b Agents: add skill API rate-limit guardrail (#38452) 
* Agents: add rate-limit guardrail for skill API writes

* Changelog: note skill API rate-limit awareness
 2026-03-06 20:20:00 -05:00
Gustavo Madeira Santana
ff97195500 Gateway: add path-scoped config schema lookup (#37266) 
Merged via squash.

Prepared head SHA: 0c4d187f6f
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-06 02:50:48 -05:00
Hinata Kaga (samon)
8c85ad540a fix: remove config.schema from agent gateway tool (#7382) 
Merged via squash.

Prepared head SHA: f34a778069
Co-authored-by: kakuteki <61647657+kakuteki@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 23:53:08 -05:00
Tyler Yust
81b93b9ce0 fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry (#35080) 
Thanks @tyler6204
 2026-03-05 19:20:24 -08:00
Gustavo Madeira Santana
e4b4486a96 Agent: unify bootstrap truncation warning handling (#32769) 
Merged via squash.

Prepared head SHA: 5d6d4ddfa6
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 16:28:38 -05:00
Peter Steinberger
c703aa0fe9 fix(agents): align sandboxed ACP prompt guidance 2026-03-02 23:24:02 +00:00
Bob
ac11f0af73 Security: enforce ACP sandbox inheritance for sessions_spawn (#32254) 
* Security: enforce ACP sandbox inheritance in sessions_spawn

* fix: add changelog attribution for ACP sandbox inheritance (#32254) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-02 23:50:38 +01:00
Peter Steinberger
4c43fccb3e feat(agents): use structured internal completion events 2026-03-01 23:11:48 +00:00
Bob
4fc7ecf088 ACP: force sessions_spawn as the only harness thread creation path (#30957) 
* ACP: enforce sessions_spawn-only thread creation for harness spawns

* skills(acpx): require acp-router preflight for ACP thread spawns

* fix: enforce ACP thread spawn via sessions_spawn only (#30957) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-01 22:41:06 +01:00
Onur Solmaz
a7d56e3554 feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
User
2398b51378 fix: include available_skills in isolated cron agentTurn sessions (closes #24888) 
buildSkillsSection() had an early-return guard on isMinimal that silently
dropped the entire <available_skills> block for any session using
promptMode="minimal" — which includes all isolated cron agentTurn sessions
(isCronSessionKey → promptMode="minimal" in attempt.ts:497-500).

Fix: remove the isMinimal guard from buildSkillsSection so that skills are
emitted whenever a non-empty skillsPrompt is provided, regardless of mode.
Memory, docs, reply-tags, and other verbose sections remain gated on isMinimal.

Tests added:
- "includes skills in minimal prompt mode when skillsPrompt is provided (cron regression)"
- "omits skills in minimal prompt mode when skillsPrompt is absent"
- Updated existing minimal-mode test expectation to match corrected behaviour.

(cherry picked from commit 66af86e7ee)
 2026-02-24 04:20:30 +00:00
Peter Steinberger
bfada9e425 test: move more local agents helper suites out of e2e 2026-02-22 10:55:22 +00:00
Peter Steinberger
9131b22a28 test: migrate suites to e2e coverage layout 2026-02-13 14:28:22 +00:00
0xRain
d8d8109711 fix(agents): guard against undefined path in context file entries (#14903) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 25856b863d
Co-authored-by: 0xRaini <190923101+0xRaini@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 15:27:56 -05:00
Tak Hoffman
1aeaf811b0 Merge branch 'main' into fix/1897-session-status-time-hint 2026-01-31 19:58:05 -06:00
Josh Palmer
7a6c40872d Agents: add system prompt safety guardrails (#5445) 
* 🤖 agents: add system prompt safety guardrails

What:
- add safety guardrails to system prompt
- update system prompt docs
- update prompt tests

Why:
- discourage power-seeking or self-modification behavior
- clarify safety/oversight priority when conflicts arise

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 agents: tighten safety wording for prompt guardrails

What:
- scope safety wording to system prompts/safety/tool policy changes
- document Safety inclusion in minimal prompt mode
- update safety prompt tests

Why:
- avoid blocking normal code changes or PR workflows
- keep prompt mode docs consistent with implementation

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 docs: note safety guardrails are soft

What:
- document system prompt safety guardrails as advisory
- add security note on prompt guardrails vs hard controls

Why:
- clarify threat model and operator expectations
- avoid implying prompt text is an enforcement layer

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)
 2026-01-31 15:50:15 +01:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Conroy Whitney
034d4513d9 fix(system-prompt): hint session_status for date/time instead of embedding it 
The system prompt intentionally excludes the current date/time for cache
stability (see 66eec295b). This leaves agents without date awareness,
causing wrong day-of-week claims (#1897, #1928, #2108).

Instead of reverting the cache optimization, add a one-line hint directing
agents to use session_status when they need the current date/time. This
keeps the prompt stable while teaching frontier models where to look.

Also adds a negative test ensuring the date/time is NOT re-added to the
system prompt, with comments explaining why and pointing to #3658 for the
complementary gateway-level timestamp injection approach.

Refs: #1897, #1928, #3658
 2026-01-28 20:08:31 -05:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
a6ddd82a14 feat: add TTS hint to system prompt 2026-01-24 10:25:42 +00:00
Peter Steinberger
66eec295b8 perf: stabilize system prompt time 2026-01-24 06:24:04 +00:00
Neo
2accb47e4d fix: follow soul.md more closely (#1434) 
* Agents: honor SOUL.md persona guidance

* fix: harden SOUL.md detection (#1434) (thanks @neooriginal)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-23 05:00:13 +00:00
Peter Steinberger
1a8b106f34 style: format agent workspace and prompts 2026-01-22 08:05:55 +00:00
Peter Steinberger
a2981c5a2c feat: add elevated ask/full modes 2026-01-22 05:41:11 +00:00
Peter Steinberger
e0896de2bf feat: surface repo root in runtime prompt 2026-01-22 05:20:42 +00:00
Peter Steinberger
9e22f019db feat: fold gateway service commands into gateway 2026-01-21 17:45:26 +00:00
Peter Steinberger
15e5bb3459 feat: improve /new model hints and reset confirmation 2026-01-20 14:35:20 +00:00
Peter Steinberger
55d034358d refactor: unify system prompt runtime params 2026-01-19 05:27:52 +00:00
Peter Steinberger
0d543dd1ff test: update expectations for session reset behavior 2026-01-18 22:51:37 +00:00
Peter Steinberger
e7e34c442e fix: smooth TUI waiting shimmer (#1196) (thanks @vignesh07) 2026-01-18 22:37:36 +00:00
Peter Steinberger
be6a3d4caf fix: unblock build and slack monitor 2026-01-18 16:35:18 +00:00
Peter Steinberger
b546b2a48d fix: stabilize slack http receiver import 2026-01-18 15:44:17 +00:00
Peter Steinberger
e9a08dc507 feat: enrich system prompt docs guidance 2026-01-18 15:00:36 +00:00
Sash Catanzarite
89bbbe75a6 fix: honor message tool channel for tool dedupe (#1053) 
- Treat message tool `channel` as provider hint for dedupe/suppression.
- Prefer NO_REPLY after message tool sends to avoid duplicate replies.

Co-authored-by: Sash Catanzarite <1166151+thesash@users.noreply.github.com>
 2026-01-17 00:23:51 +00:00
Peter Steinberger
bca5c0d569 refactor: system prompt sections + docs/tests 2026-01-16 00:28:43 +00:00
Peter Steinberger
8b89980a89 feat(date-time): standardize time context and tool timestamps 2026-01-15 22:27:06 +00:00
Peter Steinberger
2b1c26f900 fix: refine telegram reactions (#964) (thanks @bohdanpodvirnyi) 2026-01-15 17:20:17 +00:00
Peter Steinberger
8b48299d8f Merge pull request #953 from roshanasingh4/fix/cli-quick-reference-system-prompt 
Fix system prompt: prevent invented CLI commands
 2026-01-15 16:55:52 +00:00
Roshan Singh
d0455f2683 fix(system-prompt): add CLI quick reference to prevent invented commands 2026-01-15 11:43:22 +00:00
Cash Williams
51e871f9e5 Make timezone and 24 hour clock explicit in system prompt 2026-01-15 06:08:43 +00:00
Peter Steinberger
90342a4f3a refactor!: rename chat providers to channels 2026-01-13 08:40:39 +00:00
Peter Steinberger
98337a14b3 fix: rename bash tool to exec (#748) (thanks @myfunc) 2026-01-12 02:49:55 +00:00
Peter Steinberger
9046296ed3 fix: clarify sub-agent sandbox limits 2026-01-11 05:04:14 +01:00
Peter Steinberger
6d70524aa8 fix: add reasoning visibility hint 2026-01-10 22:24:22 +01:00
Peter Steinberger
46e00ad5e7 fix: describe sandboxed elevated in prompt 2026-01-10 21:37:15 +01:00
Peter Steinberger
8466e53b5d fix: restore Anthropic OAuth tool dispatch 2026-01-10 04:01:00 +01:00
Peter Steinberger
24605379b9 refactor: centralize skills prompt resolution 2026-01-09 21:27:20 +01:00
Peter Steinberger
4861f09f78 fix: inject skills prompt list 2026-01-09 21:20:51 +01:00
Peter Steinberger
6d378ee608 feat(telegram): inline keyboard buttons (#491) 
Co-authored-by: Azade <azade@hey.com>
 2026-01-09 20:47:03 +01:00