negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6593a576074c6bbf376efa6ca5f9f09fa2e8faf9
openclaw/CHANGELOG.md

3579 lines
556 KiB
Markdown
Raw Normal View History

Prepare 0.1.0 changelog and npm-focused quickstart
2025-11-25 12:00:48 +01:00
# Changelog
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
Docs: https://docs.openclaw.ai
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
chore(release): bump to 2026.3.3 and seed changelog
2026-03-03 05:12:23 +00:00
## 2026.3.3
### Changes
chore: Updated Brave documentation (#26860) Merged via squash. Prepared head SHA: f8fc4bf01e0eacfb01f6ee58eea445680f7eeebd Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-03 07:34:15 +01:00
- Docs/Web search: remove outdated Brave free-tier wording and replace prescriptive AI ToS guidance with neutral compliance language in Brave setup docs. (#26860) Thanks @HenryLoenwind.
Diffs: Migrate tool usage guidance from before_prompt_build to a plugin skill (#32630) Merged via squash. Prepared head SHA: 585697a4e1556baa2cd79a7b449b120c4fd87e17 Co-authored-by: sircrumpet <4436535+sircrumpet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-03 16:50:59 +10:00
- Tools/Diffs guidance loading: move diffs usage guidance from unconditional prompt-hook injection to the plugin companion skill path, reducing unrelated-turn prompt noise while keeping diffs tool behavior unchanged. (#32630) thanks @sircrumpet.
feat(tool-truncation): use head+tail strategy to preserve errors during truncation (#20076) Merged via squash. Prepared head SHA: 6edebf22b1666807b1ea5cba5afb614c41dc3dd1 Co-authored-by: jlwestsr <52389+jlwestsr@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman
2026-03-03 10:11:14 -06:00
- Agents/tool-result truncation: preserve important tail diagnostics by using head+tail truncation for oversized tool results while keeping configurable truncation options. (#20076) thanks @jlwestsr.
chore: Updated Brave documentation (#26860) Merged via squash. Prepared head SHA: f8fc4bf01e0eacfb01f6ee58eea445680f7eeebd Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-03 07:34:15 +01:00
chore(release): bump to 2026.3.3 and seed changelog
2026-03-03 05:12:23 +00:00
### Fixes
docs(loop-detection): fix config keys to match schema (#33182) Merged via squash. Prepared head SHA: 612ecc00d36cbbefb0657f0a2ac0898d53a5ed73 Co-authored-by: Mylszd <23611557+Mylszd@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-04 00:02:30 +08:00
- Docs/tool-loop detection config keys: align `docs/tools/loop-detection.md` examples and field names with the current `tools.loopDetection` schema to prevent copy-paste validation failures from outdated keys. (#33182) Thanks @Mylszd.
fix(telegram): prevent duplicate messages in DM draft streaming mode (#32118) * fix(telegram): prevent duplicate messages in DM draft streaming mode When using sendMessageDraft for DM streaming (streaming: 'partial'), the draft bubble auto-converts to the final message. The code was incorrectly falling through to sendPayload() after the draft was finalized, causing a duplicate message. This fix checks if we're in draft preview mode with hasStreamedMessage and skips the sendPayload call, returning "preview-finalized" directly. Key changes: - Use hasStreamedMessage flag instead of previewRevision comparison - Avoids double stopDraftLane calls by returning early - Prevents duplicate messages when final text equals last streamed text Root cause: In lane-delivery.ts, the final message handling logic did not properly handle the DM draft flow where sendMessageDraft creates a transient bubble that doesn't need a separate final send. * fix(telegram): harden DM draft finalization path * fix(telegram): require emitted draft preview for unchanged finals * fix(telegram): require final draft text emission before finalize * fix: update changelog for telegram draft finalization (#32118) (thanks @OpenCils) --------- Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
2026-03-03 20:04:46 +08:00
- Telegram/DM draft finalization reliability: require verified final-text draft emission before treating preview finalization as delivered, and fall back to normal payload send when final draft delivery is not confirmed (preventing missing final responses and preserving media/button delivery). (#32118) Thanks @OpenCils.
docs(loop-detection): fix config keys to match schema (#33182) Merged via squash. Prepared head SHA: 612ecc00d36cbbefb0657f0a2ac0898d53a5ed73 Co-authored-by: Mylszd <23611557+Mylszd@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-04 00:02:30 +08:00
- Discord/audit wildcard warnings: ignore "\*" wildcard keys when counting unresolved guild channels so doctor/status no longer warns on allow-all configs. (#33125) Thanks @thewilloftheshadow.
fix: harden Discord channel resolution (#33142) (thanks @thewilloftheshadow) (#33142)
2026-03-03 09:31:26 -06:00
- Discord/channel resolution: default bare numeric recipients to channels, harden allowlist numeric ID handling with safe fallbacks, and avoid inbound WS heartbeat stalls. (#33142) Thanks @thewilloftheshadow.
fix: improve discord chunk delivery (#33226) (thanks @thewilloftheshadow) (#33226)
2026-03-03 10:17:33 -06:00
- Discord/chunk delivery reliability: preserve chunk ordering when using a REST client and retry chunk sends on 429/5xx using account retry settings. (#33226) Thanks @thewilloftheshadow.
fix(heartbeat): scope exec wake dispatch to session key (#32724) Merged via squash. Prepared head SHA: 563fee0e65af07575f3df540cab2e1e5d5589f06 Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf
2026-03-03 14:47:40 +03:00
- Exec heartbeat routing: scope exec-triggered heartbeat wakes to agent session keys so unrelated agents are no longer awakened by exec events, while preserving legacy unscoped behavior for non-canonical session keys. (#32724) thanks @altaywtf
macOS: add tailscale serve discovery fallback for remote gateways (#32860) * feat(macos): add tailscale serve gateway discovery fallback * fix: add changelog note for tailscale serve discovery fallback (#32860) (thanks @ngutman)
2026-03-03 13:25:36 +02:00
- macOS/Tailscale remote gateway discovery: add a Tailscale Serve fallback peer probe path (`wss://<peer>.ts.net`) when Bonjour and wide-area DNS-SD discovery return no gateways, and refresh both discovery paths from macOS onboarding. (#32860) Thanks @ngutman.
iOS Security Stack 1/5: Keychain Migrations + Tests (#33029) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: da2f8f614155989345d0d3efd0c0f29ef410c187 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-03-03 16:15:20 +00:00
- iOS/Gateway keychain hardening: move gateway metadata and TLS fingerprints to device keychain storage with safer migration behavior and rollback-safe writes to reduce credential loss risk during upgrades. (#33029) thanks @mbelinky.
fix(telegram): warn when accounts.default is missing in multi-account setup (#32544) Merged via squash. Prepared head SHA: 7ebc3f65b21729137d352fa76bc31f2f849934c0 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-03 16:27:19 +08:00
- Telegram/multi-account default routing clarity: warn only for ambiguous (2+) account setups without an explicit default, add `openclaw doctor` warnings for missing/invalid multi-account defaults across channels, and document explicit-default guidance for channel routing and Telegram config. (#32544) thanks @Sid-Qin.
docs: update changelog for telegram message_sent fix (#32649)
2026-03-03 16:55:48 +05:30
- Telegram/plugin outbound hook parity: run `message_sending` + `message_sent` in Telegram reply delivery, include reply-path hook metadata (`mediaUrls`, `threadId`), and report `message_sent.success=false` when hooks blank text and no outbound message is delivered. (#32649) Thanks @KimGLee.
agents: propagate config for embedded skill loading
2026-03-03 02:44:04 -05:00
- Agents/Skills runtime loading: propagate run config into embedded attempt and compaction skill-entry loading so explicitly enabled bundled companion skills are discovered consistently when skill snapshots do not already provide resolved entries. Thanks @gumadeiras.
fix: substitute YYYY-MM-DD at session startup and post-compaction (#32363) (#32381) Merged via squash. Prepared head SHA: aee998a2c1a911d3fef771aa891ac315a2f7dc53 Co-authored-by: chengzhichao-xydt <264300353+chengzhichao-xydt@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman
2026-03-03 22:21:26 +08:00
- Agents/Session startup date grounding: substitute `YYYY-MM-DD` placeholders in startup/post-compaction AGENTS context and append runtime current-time lines for `/new` and `/reset` prompts so daily-memory references resolve correctly. (#32381) Thanks @chengzhichao-xydt.
fix: improve compaction summary instructions to preserve active work (#8903) fix: improve compaction summary instructions to preserve active work Expand staged-summary merge instructions to preserve active task status, batch progress, latest user request, and follow-up commitments so compaction handoffs retain in-flight work context. Co-authored-by: joetomasone <56984887+joetomasone@users.noreply.github.com> Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-03-03 01:36:19 -05:00
- Agents/Compaction continuity: expand staged-summary merge instructions to preserve active task status, batch progress, latest user request, and follow-up commitments so compaction handoffs retain in-flight work context. (#8903) thanks @joetomasone.
Gateway: fix stale self version in status output (#32655) Merged via squash. Prepared head SHA: b9675d1f90ef0eabb7e68c24a72d4b2fb27def22 Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-03 15:41:52 +08:00
- Gateway/status self version reporting: make Gateway self version in `openclaw status` prefer runtime `VERSION` (while preserving explicit `OPENCLAW_VERSION` override), preventing stale post-upgrade app version output. (#32655) thanks @liuxiaopai-ai.
bug: Workaround for QMD upstream bug (#27028) Merged via squash. Prepared head SHA: 939f9f4574fcfe08762407ab9e8d6c85a77a0899 Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-03 07:48:43 +01:00
- Memory/QMD index isolation: set `QMD_CONFIG_DIR` alongside `XDG_CONFIG_HOME` so QMD config state stays per-agent despite upstream XDG handling bugs, preventing cross-agent collection indexing and excess disk/CPU usage. (#27028) thanks @HenryLoenwind.
security(line): synthesize strict LINE auth boundary hardening LINE auth boundary hardening synthesis for inbound webhook authn/z/authz: - account-scoped pairing-store access - strict DM/group allowlist boundary separation - fail-closed webhook auth/runtime behavior - replay and duplicate handling with in-flight continuity for concurrent redeliveries Source PRs: #26701, #26683, #25978, #17593, #16619, #31990, #26047, #30584, #18777 Related continuity context: #21955 Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com> Co-authored-by: davidahmann <46606159+davidahmann@users.noreply.github.com> Co-authored-by: harshang03 <58983401+harshang03@users.noreply.github.com> Co-authored-by: haosenwang1018 <167664334+haosenwang1018@users.noreply.github.com> Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com> Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com>
2026-03-03 00:21:15 -06:00
- LINE/auth boundary hardening synthesis: enforce strict LINE webhook authn/z boundary semantics across pairing-store account scoping, DM/group allowlist separation, fail-closed webhook auth/runtime behavior, and replay/duplication controls (including in-flight replay reservation and post-success dedupe marking). (from #26701, #26683, #25978, #17593, #16619, #31990, #26047, #30584, #18777) Thanks @bmendonca3, @davidahmann, @harshang03, @haosenwang1018, @liuxiaopai-ai, @coygeek, and @Takhoffman.
fix(line): synthesize media/auth/routing webhook regressions (openclaw#32546) thanks @Takhoffman Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 23:47:56 -06:00
- LINE/media download synthesis: fix file-media download handling and M4A audio classification across overlapping LINE regressions. (from #26386, #27761, #27787, #29509, #29755, #29776, #29785, #32240) Thanks @kevinWangSheng, @loiie45e, @carrotRakko, @Sid-Qin, @codeafridi, and @bmendonca3.
- LINE/context and routing synthesis: fix group/room peer routing and command-authorization context propagation, and keep processing later events in mixed-success webhook batches. (from #21955, #24475, #27035, #28286) Thanks @lailoo, @mcaxtr, @jervyclaw, @Glucksberg, and @Takhoffman.
- LINE/status/config/webhook synthesis: fix status false positives from snapshot/config state and accept LINE webhook HEAD probes for compatibility. (from #10487, #25726, #27537, #27908, #31387) Thanks @BlueBirdBack, @stakeswky, @loiie45e, @puritysb, and @mcaxtr.
- LINE cleanup/test follow-ups: fold cleanup/test learnings into the synthesis review path while keeping runtime changes focused on regression fixes. (from #17630, #17289) Thanks @Clawborn and @davidahmann.
chore(release): cut 2026.3.2
2026-03-03 04:35:35 +00:00
## 2026.3.2
docs(changelog): merge post-v2026.2.26 release notes
2026-03-02 03:33:28 +00:00
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:22 +01:00
### Changes
docs(changelog): add SecretRef note for #29580
2026-03-02 21:19:14 -06:00
- Secrets/SecretRef coverage: expand SecretRef support across the full supported user-supplied credential surface (64 targets total), including runtime collectors, `openclaw secrets` planning/apply/audit flows, onboarding SecretInput UX, and related docs; unresolved refs now fail fast on active surfaces while inactive surfaces report non-blocking diagnostics. (#29580) Thanks @joshavant.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Tools/PDF analysis: add a first-class `pdf` tool with native Anthropic and Google PDF provider support, extraction fallback for non-native models, configurable defaults (`agents.defaults.pdfModel`, `pdfMaxBytesMb`, `pdfMaxPages`), and docs/tests covering routing, validation, and registration. (#31319) Thanks @tyler6204.
chore: add changelog note for adapter sendPayload rollout (#30144) (thanks @nohat)
2026-03-02 15:35:30 +00:00
- Outbound adapters/plugins: add shared `sendPayload` support across direct-text-media, Discord, Slack, WhatsApp, Zalo, and Zalouser with multi-media iteration and chunk-aware text fallback. (#30144) Thanks @nohat.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Models/MiniMax: add first-class `MiniMax-M2.5-highspeed` support across built-in provider catalogs, onboarding flows, and MiniMax OAuth plugin defaults, while keeping legacy `MiniMax-M2.5-Lightning` compatibility for existing configs.
sessions_spawn: inline attachments with redaction, lifecycle cleanup, and docs (#16761) Add inline file attachment support for sessions_spawn (subagent runtime only): - Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint - Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json - Validation: strict base64 decode, filename checks, size limits, duplicate detection - Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts - Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check - Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep) - Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord - ACP rejection: attachments rejected for runtime=acp with clear error message - Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md - Tests: 85 new/updated tests across 5 test files Fixes: - Guard fs.rm in materialization catch block with try/catch (review concern #1) - Remove unreachable fallback in safeRemoveAttachmentsDir (review concern #7) - Move attachment cleanup out of retry path to avoid timing issues with announce loop Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: napetrov <napetrov@users.noreply.github.com>
2026-03-01 21:33:51 -08:00
- Sessions/Attachments: add inline file attachment support for `sessions_spawn` (subagent runtime only) with base64/utf8 encoding, transcript content redaction, lifecycle cleanup, and configurable limits via `tools.sessions_spawn.attachments`. (#16761) Thanks @napetrov.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Telegram/Streaming defaults: default `channels.telegram.streaming` to `partial` (from `off`) so new Telegram setups get live preview streaming out of the box, with runtime fallback to message-edit preview when native drafts are unavailable.
docs(changelog): add telegram dm streaming note (#31824)
2026-03-02 21:59:19 +05:30
- Telegram/DM streaming: use `sendMessageDraft` for private preview streaming, keep reasoning/answer preview lanes separated in DM reasoning-stream mode. (#31824) Thanks @obviyus.
fix: wire telegram disableAudioPreflight config validation and precedence tests (#23067) (thanks @yangnim21029)
2026-03-02 22:26:30 +00:00
- Telegram/voice mention gating: add optional `disableAudioPreflight` on group/topic config to skip mention-detection preflight transcription for inbound voice notes where operators want text-only mention checks. (#23067) Thanks @yangnim21029.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- CLI/Config validation: add `openclaw config validate` (with `--json`) to validate config files before gateway startup, and include detailed invalid-key paths in startup invalid-config errors. (#31220) thanks @Sid-Qin.
Diffs: extend image quality configs and add PDF as a format option (#31342) Merged via squash. Prepared head SHA: cc12097851d7b63f1f5f2f754c23cfb1c3faff9b Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-03-02 04:38:50 -05:00
- Tools/Diffs: add PDF file output support and rendering quality customization controls (`fileQuality`, `fileScale`, `fileMaxWidth`) for generated diff artifacts, and document PDF as the preferred option when messaging channels compress images. (#31342) Thanks @gumadeiras.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Memory/Ollama embeddings: add `memorySearch.provider = "ollama"` and `memorySearch.fallback = "ollama"` support, honor `models.providers.ollama` settings for memory embedding requests, and document Ollama embedding usage. (#26349) Thanks @nico-hoff.
- Zalo Personal plugin (`@openclaw/zalouser`): rebuilt channel runtime to use native `zca-js` integration in-process, removing external CLI transport usage and keeping QR/login + send/listen flows fully inside OpenClaw.
- Plugin SDK/channel extensibility: expose `channelRuntime` on `ChannelGatewayContext` so external channel plugins can access shared runtime helpers (reply/routing/session/text/media/commands) without internal imports. (#25462) Thanks @guxiaobo.
- Plugin runtime/STT: add `api.runtime.stt.transcribeAudioFile(...)` so extensions can transcribe local audio files through OpenClaw's configured media-understanding audio providers. (#22402) Thanks @benthecarman.
- Plugin hooks/session lifecycle: include `sessionKey` in `session_start`/`session_end` hook events and contexts so plugins can correlate lifecycle callbacks with routing identity. (#26394) Thanks @tempeste.
- Hooks/message lifecycle: add internal hook events `message:transcribed` and `message:preprocessed`, plus richer outbound `message:sent` context (`isGroup`, `groupId`) for group-conversation correlation and post-transcription automations. (#9859) Thanks @Drickon.
- Media understanding/audio echo: add optional `tools.media.audio.echoTranscript` + `echoFormat` to send a pre-agent transcript confirmation message to the originating chat, with echo disabled by default. (#32150) Thanks @AytuncYildizli.
- Plugin runtime/system: expose `runtime.system.requestHeartbeatNow(...)` so extensions can wake targeted sessions immediately after enqueueing system events. (#19464) Thanks @AustinEral.
- Plugin runtime/events: expose `runtime.events.onAgentEvent` and `runtime.events.onSessionTranscriptUpdate` for extension-side subscriptions, and isolate transcript-listener failures so one faulty listener cannot break the entire update fanout. (#16044) Thanks @scifantastic.
- CLI/Banner taglines: add `cli.banner.taglineMode` (`random` | `default` | `off`) to control funny tagline behavior in startup output, with docs + FAQ guidance and regression tests for config override behavior.
docs(changelog): merge post-v2026.2.26 release notes
2026-03-02 03:33:28 +00:00
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
### Breaking
feat(onboarding)!: default tools profile to messaging
2026-03-02 18:12:03 +00:00
- **BREAKING:** Onboarding now defaults `tools.profile` to `messaging` for new local installs (interactive + non-interactive). New setups no longer start with broad coding/system tools unless explicitly configured.
feat(acp): enable dispatch by default
2026-03-03 00:47:25 +00:00
- **BREAKING:** ACP dispatch now defaults to enabled unless explicitly disabled (`acp.dispatch.enabled=false`). If you need to pause ACP turn routing while keeping `/acp` controls, set `acp.dispatch.enabled=false`. Docs: https://docs.openclaw.ai/tools/acp-agents
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- **BREAKING:** Plugin SDK removed `api.registerHttpHandler(...)`. Plugins must register explicit HTTP routes via `api.registerHttpRoute({ path, auth, match, handler })`, and dynamic webhook lifecycles should use `registerPluginHttpRoute(...)`.
- **BREAKING:** Zalo Personal plugin (`@openclaw/zalouser`) no longer depends on external `zca`-compatible CLI binaries (`openzca`, `zca-cli`) for runtime send/listen/login; operators should use `openclaw channels login --channel zalouser` after upgrade to refresh sessions in the new JS-native path.
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:22 +01:00
### Fixes
fix(feishu): validate outbound renderMode routing with tests (#31562) Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 12:41:01 +08:00
- Feishu/Outbound render mode: respect Feishu account `renderMode` in outbound sends so card mode (and auto-detected markdown tables/code blocks) uses markdown card delivery instead of always sending plain text. (#31562) Thanks @arkyu2077.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Plugin command/runtime hardening: validate and normalize plugin command name/description at registration boundaries, and guard Telegram native menu normalization paths so malformed plugin command specs cannot crash startup (`trim` on undefined). (#31997) Fixes #31944. Thanks @liuxiaopai-ai.
- Telegram: guard duplicate-token checks and gateway startup token normalization when account tokens are missing, preventing `token.trim()` crashes during status/start flows. (#31973) Thanks @ningding97.
- Discord/lifecycle startup status: push an immediate `connected` status snapshot when the gateway is already connected before lifecycle debug listeners attach, with abort-guarding to avoid contradictory status flips during pre-aborted startup. (#32336) Thanks @mitchmcalister.
fix(feishu): normalize all mentions in inbound agent context (#30252) * fix(feishu): normalize all mentions in inbound agent context Convert Feishu mention placeholders to explicit <at user_id="..."> tags (including bot mentions), add mention semantics hints for the model, and remove unused mentionMessageBody parsing to keep context handling consistent. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): use replacer callback and escape only < > in normalizeMentions Switch String.replace to a function replacer to prevent $ sequences in display names from being interpolated as replacement patterns. Narrow escaping to < and > only — & does not need escaping in LLM prompt tag bodies and escaping it degrades readability (e.g. R&D → R&amp;D). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): only use open_id in normalizeMentions tag, drop user_id fallback When a mention has no open_id, degrade to @name instead of emitting <at user_id="uid_...">. This keeps the tag user_id space exclusively open_id, so the bot self-reference hint (which uses botOpenId) is always consistent with what appears in the tags. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): register mention strip pattern for <at> tags in channel dock Add mentions.stripPatterns to feishuPlugin so that normalizeCommandBody receives a slash-clean string after normalizeMentions replaces Feishu placeholders with <at user_id="...">name</at> tags. Without this, group slash commands like @Bot /help had their leading / obscured by the tag prefix and no longer triggered command handlers. Pattern mirrors the approach used by Slack (<@[^>]+>) and Discord (<@!?\d+>). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): strip bot mention in p2p to preserve DM slash commands In p2p messages the bot mention is a pure addressing prefix; converting it to <at user_id="..."> breaks slash commands because buildCommandContext skips stripMentions for DMs. Extend normalizeMentions with a stripKeys set and populate it with bot mention keys in p2p, so @Bot /help arrives as /help. Non-bot mentions (mention-forward targets) are still normalized to <at> tags in both p2p and group contexts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Changelog: note Feishu inbound mention normalization --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 12:40:17 +08:00
- Feishu/inbound mention normalization: preserve all inbound mention semantics by normalizing Feishu mention placeholders into explicit `<at user_id=\"...\">name</at>` tags (instead of stripping them), improving multi-mention context fidelity in agent prompts while retaining bot/self mention disambiguation. (#30252) Thanks @Lanfei.
fix(feishu): guard against false-positive @mentions in multi-app groups (#30315) * fix(feishu): guard against false-positive @mentions in multi-app groups When multiple Feishu bot apps share a group chat, Feishu's WebSocket event delivery remaps the open_id in mentions[] per-app. This causes checkBotMentioned() to return true for ALL bots when only one was actually @mentioned, making requireMention ineffective. Add a botName guard: if the mention's open_id matches this bot but the mention's display name differs from this bot's configured botName, treat it as a false positive and skip. botName is already available via account.config.botName (set during onboarding). Closes #24249 * fix(feishu): support @all mention in multi-bot groups When a user sends @all (@_all in Feishu message content), treat it as mentioning every bot so all agents respond when requireMention is true. Feishu's @all does not populate the mentions[] array, so this needs explicit content-level detection. * fix(feishu): auto-fetch bot display name from API for reliable mention matching Instead of relying on the manually configured botName (which may differ from the actual Feishu bot display name), fetch the bot's display name from the Feishu API at startup via probeFeishu(). This ensures checkBotMentioned() always compares against the correct display name, even when the config botName doesn't match (e.g. config says 'Wanda' but Feishu shows '绯红女巫'). Changes: - monitor.ts: fetchBotOpenId → fetchBotInfo (returns both openId and name) - monitor.ts: store botNames map, pass botName to handleFeishuMessage - bot.ts: accept botName from params, prefer it over config fallback * Changelog: note Feishu multi-app mention false-positive guard --------- Co-authored-by: Teague Xiao <teaguexiao@TeaguedeMac-mini.local> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 12:27:35 +08:00
- Feishu/multi-app mention routing: guard mention detection in multi-bot groups by validating mention display name alongside bot `open_id`, preventing false-positive self-mentions from Feishu WebSocket remapping so only the actually mentioned bot responds under `requireMention`. (#30315) Thanks @teaguexiao.
fix: add session-memory hook support for Feishu provider (#31437) * fix: add session-memory hook support for Feishu provider Issue #31275: Session-memory hook not triggered when using /new command in Feishu - Added command handler to Feishu provider - Integrated with OpenClaw's before_reset hook system - Ensures session memory is saved when /new or /reset commands are used * Changelog: note Feishu session-memory hook parity --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 12:19:24 +08:00
- Feishu/session-memory hook parity: trigger the shared `before_reset` session-memory hook path when Feishu `/new` and `/reset` commands execute so reset flows preserve memory behavior consistent with other channels. (#31437) Thanks @Linux2010.
feishu, line: pass per-group systemPrompt to inbound context (#31713) * feishu: pass per-group systemPrompt to inbound context The Feishu extension schema supports systemPrompt in per-group config (channels.feishu.accounts.<id>.groups.<groupId>.systemPrompt) but the value was never forwarded to the inbound context as GroupSystemPrompt. This means per-group system prompts configured for Feishu had no effect, unlike IRC, Discord, Slack, Telegram, Matrix, and other channels that already pass this field correctly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * line: pass per-group systemPrompt to inbound context Same issue as feishu: the Line config schema defines systemPrompt in per-group config but the value was never forwarded as GroupSystemPrompt in the inbound context payload. Added resolveLineGroupSystemPrompt helper that mirrors the existing resolveLineGroupConfig lookup logic (groupId > roomId > wildcard). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Changelog: note Feishu and LINE group systemPrompt propagation --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 12:07:35 +08:00
- Feishu/LINE group system prompts: forward per-group `systemPrompt` config into inbound context `GroupSystemPrompt` for Feishu and LINE group/room events so configured group-specific behavior actually applies at dispatch time. (#31713) Thanks @whiskyboy.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Mentions/Slack formatting hardening: add null-safe guards for runtime text normalization paths so malformed/undefined text payloads do not crash mention stripping or mrkdwn conversion. (#31865) Thanks @stone-jin.
- Feishu/Plugin sdk compatibility: add safe webhook default fallbacks when loading Feishu monitor state so mixed-version installs no longer crash if older `openclaw/plugin-sdk` builds omit webhook default constants. (#31606)
feat(feishu): add broadcast support for multi-agent groups (#29575) * feat(feishu): add broadcast support for multi-agent group observation When multiple agents share a Feishu group chat, only the @mentioned agent receives the message. This prevents observer agents from building session memory of group activity they weren't directly addressed in. Adds broadcast support (reusing the same cfg.broadcast schema as WhatsApp) so all configured agents receive every group message in their session transcripts. Only the @mentioned agent responds on Feishu; observer agents process silently via no-op dispatchers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): guard sequential broadcast dispatch against single-agent failure Wrap each dispatchForAgent() call in the sequential loop with try/catch so one agent's dispatch failure doesn't abort delivery to remaining agents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): avoid duplicate messages in broadcast observer mode and normalize agent IDs - Skip recordPendingHistoryEntryIfEnabled for broadcast groups when not mentioned, since the message is dispatched directly to all agents. Previously the message appeared twice in the agent prompt. - Normalize agent IDs with toLowerCase() before membership checks so config casing mismatches don't silently skip valid agents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): set WasMentioned per-agent and normalize broadcast IDs - buildCtxPayloadForAgent now takes a wasMentioned parameter so active agents get WasMentioned=true and observers get false (P1 fix) - Normalize broadcastAgents to lowercase at resolution time and lowercase activeAgentId so all comparisons and session key generation use canonical IDs regardless of config casing (P2 fix) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): canonicalize broadcast agent IDs with normalizeAgentId * fix(feishu): match ReplyDispatcher sync return types for noop dispatcher The upstream ReplyDispatcher changed sendToolResult/sendBlockReply/ sendFinalReply to synchronous (returning boolean). Update the broadcast observer noop dispatcher to match. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): deduplicate broadcast agent IDs after normalization Config entries like "Main" and "main" collapse to the same canonical ID after normalizeAgentId but were dispatched multiple times. Use Set to deduplicate after normalization. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): honor requireMention=false when selecting broadcast responder When requireMention is false, the routed agent should be active (reply on Feishu) even without an explicit @mention. Previously activeAgentId was null whenever ctx.mentionedBot was false, so all agents got the noop dispatcher and no reply was sent — silently breaking groups that disabled mention gating. Hoist requireMention out of the if(isGroup) block so it's accessible in the dispatch code. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): cross-account broadcast dedup to prevent duplicate dispatches In multi-account Feishu setups, the same message event is delivered to every bot account in a group. Without cross-account dedup, each account independently dispatches broadcast agents, causing 2×N dispatches instead of N (where N = number of broadcast agents). Two changes: 1. requireMention=true + bot not mentioned: return early instead of falling through to broadcast. The mentioned bot's handler will dispatch for all agents. Non-mentioned handlers record to history. 2. Add cross-account broadcast dedup using a shared 'broadcast' namespace (tryRecordMessagePersistent). The first handler to reach the broadcast block claims the message; subsequent accounts skip. This handles the requireMention=false multi-account case. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): strip CommandAuthorized from broadcast observer contexts Broadcast observer agents inherited CommandAuthorized from the sender, causing slash commands (e.g. /reset) to silently execute on every observer session. Now only the active agent retains CommandAuthorized; observers have it stripped before dispatch. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): use actual mention state for broadcast WasMentioned The active broadcast agent's WasMentioned was set to true whenever requireMention=false, even when the bot was not actually @mentioned. Now uses ctx.mentionedBot && agentId === activeAgentId, consistent with the single-agent path which passes ctx.mentionedBot directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): skip history buffer for broadcast accounts and log parallel failures 1. In requireMention groups with broadcast, non-mentioned accounts no longer buffer pending history — the mentioned handler's broadcast dispatch already writes turns into all agent sessions. Buffering caused duplicate replay via buildPendingHistoryContextFromMap. 2. Parallel broadcast dispatch now inspects Promise.allSettled results and logs rejected entries, matching the sequential path's per-agent error logging. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Changelog: note Feishu multi-agent broadcast dispatch * Changelog: restore author credit for Feishu broadcast entry --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 11:38:46 +08:00
- Feishu/group broadcast dispatch: add configurable multi-agent group broadcast dispatch with observer-session isolation, cross-account dedupe safeguards, and non-mention history buffering rules that avoid duplicate replay in broadcast/topic workflows. (#29575) Thanks @ohmyskyhigh.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Gateway/Subagent TLS pairing: allow authenticated local `gateway-client` backend self-connections to skip device pairing while still requiring pairing for non-local/direct-host paths, restoring `sessions_spawn` with `gateway.tls.enabled=true` in Docker/LAN setups. Fixes #30740. Thanks @Sid-Qin and @vincentkoc.
- Browser/CDP startup diagnostics: include Chrome stderr output and a Linux no-sandbox hint in startup timeout errors so failed launches are easier to diagnose. (#29312) Thanks @veast.
- Synology Chat/webhook ingress hardening: enforce bounded body reads (size + timeout) via shared request-body guards to prevent unauthenticated slow-body hangs before token validation. (#25831) Thanks @bmendonca3.
- Feishu/Dedup restart resilience: warm persistent dedup state into memory on monitor startup so retry events after gateway restart stay suppressed without requiring initial on-disk probe misses. (#31605)
- Voice-call/runtime lifecycle: prevent `EADDRINUSE` loops by resetting failed runtime promises, making webhook `start()` idempotent with the actual bound port, and fully cleaning up webhook/tunnel/tailscale resources after startup failures. (#32395) Thanks @scoootscooob.
- Gateway/Security hardening: tie loopback-origin dev allowance to actual local socket clients (not Host header claims), add explicit warnings/metrics when `gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback` accepts websocket origins, harden safe-regex detection for quantified ambiguous alternation patterns (for example `(a|aa)+`), and bound large regex-evaluation inputs for session-filter and log-redaction paths.
- Gateway/Plugin HTTP hardening: require explicit `auth` for plugin route registration, add route ownership guards for duplicate `path+match` registrations, centralize plugin path matching/auth logic into dedicated modules, and share webhook target-route lifecycle wiring across channel monitors to avoid stale or conflicting registrations. Thanks @tdjackey for reporting.
- Browser/Profile defaults: prefer `openclaw` profile over `chrome` in headless/no-sandbox environments unless an explicit `defaultProfile` is configured. (#14944) Thanks @BenediktSchackenberg.
- Gateway/WS security: keep plaintext `ws://` loopback-only by default, with explicit break-glass private-network opt-in via `OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1`; align onboarding/client/call validation and tests to this strict-default policy. (#28670) Thanks @dashed, @vincentkoc.
- OpenAI Codex OAuth/TLS prerequisites: add an OAuth TLS cert-chain preflight with actionable remediation for cert trust failures, and gate doctor TLS prerequisite probing to OpenAI Codex OAuth-configured installs (or explicit `doctor --deep`) to avoid unconditional outbound probe latency. (#32051) Thanks @alexfilatov.
- Security/Webhook request hardening: enforce auth-before-body parsing for BlueBubbles and Google Chat webhook handlers, add strict pre-auth body/time budgets for webhook auth paths (including LINE signature verification), and add shared in-flight/request guardrails plus regression tests/lint checks to prevent reintroducing unauthenticated slow-body DoS patterns. Thanks @GCXWLP for reporting.
- CLI/Config validation and routing hardening: dedupe `openclaw config validate` failures to a single authoritative report, expose allowed-values metadata/hints across core Zod and plugin AJV validation (including `--json` fields), sanitize terminal-rendered validation text, and make command-path parsing root-option-aware across preaction/route/lazy registration (including routed `config get/unset` with split root options). Thanks @gumadeiras.
- Browser/Extension relay reconnect tolerance: keep `/json/version` and `/cdp` reachable during short MV3 worker disconnects when attached targets still exist, and retain clients across reconnect grace windows. (#30232) Thanks @Sid-Qin.
- CLI/Browser start timeout: honor `openclaw browser --timeout <ms> start` and stop by removing the fixed 15000ms override so slower Chrome startups can use caller-provided timeouts. (#22412, #23427) Thanks @vincentkoc.
- Synology Chat/gateway lifecycle: keep `startAccount` pending until abort for inactive and active account paths to prevent webhook route restart loops under gateway supervision. (#23074) Thanks @druide67.
- Exec approvals/allowlist matching: escape regex metacharacters in path-pattern literals (while preserving glob wildcards), preventing crashes on allowlisted executables like `/usr/bin/g++` and correctly matching mixed wildcard/literal token paths. (#32162) Thanks @stakeswky.
- Synology Chat/webhook compatibility: accept JSON and alias payload fields, allow token resolution from body/query/header sources, and ACK webhook requests with `204` to avoid persistent `Processing...` states in Synology Chat clients. (#26635) Thanks @memphislee09-source.
- Voice-call/Twilio signature verification: retry signature validation across deterministic URL port variants (with/without port) to handle mixed Twilio signing behavior behind reverse proxies and non-standard ports. (#25140) Thanks @drvoss.
- Slack/Bolt startup compatibility: remove invalid `message.channels` and `message.groups` event registrations so Slack providers no longer crash on startup with Bolt 4.6+; channel/group traffic continues through the unified `message` handler (`channel_type`). (#32033) Thanks @mahopan.
fix: fail fast on non-recoverable slack auth errors (#32377) (thanks @scoootscooob)
2026-03-03 01:59:31 +00:00
- Slack/socket auth failure handling: fail fast on non-recoverable auth errors (`account_inactive`, `invalid_auth`, etc.) during startup and reconnect instead of retry-looping indefinitely, including `unable_to_socket_mode_start` error payload propagation. (#32377) Thanks @scoootscooob.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Gateway/macOS LaunchAgent hardening: write `Umask=077` in generated gateway LaunchAgent plists so npm upgrades preserve owner-only default file permissions for gateway-created state files. (#31919) Fixes #31905. Thanks @liuxiaopai-ai.
- macOS/LaunchAgent security defaults: write `Umask=63` (octal `077`) into generated gateway launchd plists so post-update service reinstalls keep owner-only file permissions by default instead of falling back to system `022`. (#32022) Fixes #31905. Thanks @liuxiaopai-ai.
- Media understanding/provider HTTP proxy routing: pass a proxy-aware fetch function from `HTTPS_PROXY`/`HTTP_PROXY` env vars into audio/video provider calls (with graceful malformed-proxy fallback) so transcription/video requests honor configured outbound proxies. (#27093) Thanks @mcaxtr.
- Sandbox/workspace mount permissions: make primary `/workspace` bind mounts read-only whenever `workspaceAccess` is not `rw` (including `none`) across both core sandbox container and sandbox browser create flows. (#32227) Thanks @guanyu-zhang.
- Tools/fsPolicy propagation: honor `tools.fs.workspaceOnly` for image/pdf local-root allowlists so non-sandbox media paths outside workspace are rejected when workspace-only mode is enabled. (#31882) Thanks @justinhuangcode.
- Daemon/Homebrew runtime pinning: resolve Homebrew Cellar Node paths to stable Homebrew-managed symlinks (including versioned formulas like `node@22`) so gateway installs keep the intended runtime across brew upgrades. (#32185) Thanks @scoootscooob.
- Browser/Security output boundary hardening: replace check-then-rename output commits with root-bound fd-verified writes, unify install/skills canonical path-boundary checks, and add regression coverage for symlink-rebind race paths across browser output and shared fs-safe write flows. Thanks @tdjackey for reporting.
- Gateway/Security canonicalization hardening: decode plugin route path variants to canonical fixpoint (with bounded depth), fail closed on canonicalization anomalies, and enforce gateway auth for deeply encoded `/api/channels/*` variants to prevent alternate-path auth bypass through plugin handlers. Thanks @tdjackey for reporting.
- Browser/Gateway hardening: preserve env credentials for `OPENCLAW_GATEWAY_URL` / `CLAWDBOT_GATEWAY_URL` while treating explicit `--url` as override-only auth, and make container browser hardening flags optional with safer defaults for Docker/LXC stability. (#31504) Thanks @vincentkoc.
- Gateway/Control UI basePath webhook passthrough: let non-read methods under configured `controlUiBasePath` fall through to plugin routes (instead of returning Control UI 405), restoring webhook handlers behind basePath mounts. (#32311) Thanks @ademczuk.
fix(gateway): flush throttled delta before emitChatFinal (#24856) * fix(gateway): flush throttled delta before emitChatFinal The 150ms throttle in emitChatDelta can suppress the last text chunk before emitChatFinal fires, causing streaming clients (e.g. ACP) to receive truncated responses. The final event carries the complete text, but clients that build responses incrementally from deltas miss the tail end. Flush one last unthrottled delta with the complete buffered text immediately before sending the final event. This ensures all streaming consumers have the full response without needing to reconcile deltas against the final payload. * fix(gateway): avoid duplicate delta flush when buffer unchanged Track the text length at the time of the last broadcast. The flush in emitChatFinal now only sends a delta if the buffer has grown since the last broadcast, preventing duplicate sends when the final delta passed the 150ms throttle and was already broadcast. * fix(gateway): honor heartbeat suppression in final delta flush * test(gateway): add final delta flush and dedupe coverage * fix(gateway): skip final flush for silent lead fragments * docs(changelog): note gateway final-delta flush fix credits --------- Co-authored-by: Jonathan Taylor <visionik@pobox.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 23:45:46 -05:00
- Gateway/Webchat streaming finalization: flush throttled trailing assistant text before `final` chat events so streaming consumers do not miss tail content, while preserving duplicate suppression and heartbeat/silent lead-fragment guards. (#24856) Thanks @visionik and @vincentkoc.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Control UI/Legacy browser compatibility: replace `toSorted`-dependent cron suggestion sorting in `app-render` with a compatibility helper so older browsers without `Array.prototype.toSorted` no longer white-screen. (#31775) Thanks @liuxiaopai-ai.
- macOS/PeekabooBridge: add compatibility socket symlinks for legacy `clawdbot`, `clawdis`, and `moltbot` Application Support socket paths so pre-rename clients can still connect. (#6033) Thanks @lumpinif and @vincentkoc.
fix(gateway): harden message action channel fallback and startup grace Take the safe, tested subset from #32367:\n- per-channel startup connect grace in health monitor\n- tool-context channel-provider fallback for message actions\n\nCo-authored-by: Munem Hashmi <munem.hashmi@gmail.com>
2026-03-03 01:17:07 +00:00
- Gateway/message tool reliability: avoid false `Unknown channel` failures when `message.*` actions receive platform-specific channel ids by falling back to `toolContext.currentChannelProvider`, and prevent health-monitor restart thrash for channels that just (re)started by adding a per-channel startup-connect grace window. (from #32367) Thanks @MunemHashmi.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Windows/Spawn canonicalization: unify non-core Windows spawn handling across ACP client, QMD/mcporter memory paths, and sandbox Docker execution using the shared wrapper-resolution policy, with targeted regression coverage for `.cmd` shim unwrapping and shell fallback behavior. (#31750) Thanks @Takhoffman.
- Security/ACP sandbox inheritance: enforce fail-closed runtime guardrails for `sessions_spawn` with `runtime="acp"` by rejecting ACP spawns from sandboxed requester sessions and rejecting `sandbox="require"` for ACP runtime, preventing sandbox-boundary bypass via host-side ACP initialization. (#32254) Thanks @tdjackey for reporting, and @dutifulbob for the fix.
- Security/Web tools SSRF guard: keep DNS pinning for untrusted `web_fetch` and citation-redirect URL checks when proxy env vars are set, and require explicit dangerous opt-in before env-proxy routing can bypass pinned dispatch for trusted/operator-controlled endpoints. Thanks @tdjackey for reporting.
fix: guard gemini schema null properties (#32332) (thanks @webdevtodayjason)
2026-03-03 01:11:51 +00:00
- Gemini schema sanitization: coerce malformed JSON Schema `properties` values (`null`, arrays, primitives) to `{}` before provider validation, preventing downstream strict-validator crashes on invalid plugin/tool schemas. (#32332) Thanks @webdevtodayjason.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Media understanding/malformed attachment guards: harden attachment selection and decision summary formatting against non-array or malformed attachment payloads to prevent runtime crashes on invalid inbound metadata shapes. (#28024) Thanks @claw9267.
- Browser/Extension navigation reattach: preserve debugger re-attachment when relay is temporarily disconnected by deferring relay attach events until reconnect/re-announce, reducing post-navigation tab loss. (#28725) Thanks @stone-jin.
- Browser/Extension relay stale tabs: evict stale cached targets from `/json/list` when extension targets are destroyed/crashed or commands fail with missing target/session errors. (#6175) Thanks @vincentkoc.
- Browser/CDP startup readiness: wait for CDP websocket readiness after launching Chrome and cleanly stop/reset when readiness never arrives, reducing follow-up `PortInUseError` races after `browser start`/`open`. (#29538) Thanks @AaronWander.
fix(agents): harden openai ws tool call id handling
2026-03-03 00:43:24 +00:00
- OpenAI/Responses WebSocket tool-call id hygiene: normalize blank/whitespace streamed tool-call ids before persistence, and block empty `function_call_output.call_id` payloads in the WS conversion path to avoid OpenAI 400 errors (`Invalid 'input[n].call_id': empty string`), with regression coverage for both inbound stream normalization and outbound payload guards.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Security/Nodes camera URL downloads: bind node `camera.snap`/`camera.clip` URL payload downloads to the resolved node host, enforce fail-closed behavior when node `remoteIp` is unavailable, and use SSRF-guarded fetch with redirect host/protocol checks to prevent off-node fetch pivots. Thanks @tdjackey for reporting.
- Config/backups hardening: enforce owner-only (`0600`) permissions on rotated config backups and clean orphan `.bak.*` files outside the managed backup ring, reducing credential leakage risk from stale or permissive backup artifacts. (#31718) Thanks @YUJIE2002.
- Telegram/inbound media filenames: preserve original `file_name` metadata for document/audio/video/animation downloads (with fetch/path fallbacks), so saved inbound attachments keep sender-provided names instead of opaque Telegram file paths. (#31837) Thanks @Kay-051.
- Gateway/OpenAI chat completions: honor `x-openclaw-message-channel` when building `agentCommand` input for `/v1/chat/completions`, preserving caller channel identity instead of forcing `webchat`. (#30462) Thanks @bmendonca3.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Plugin SDK/runtime hardening: add package export verification in CI/release checks to catch missing runtime exports before publish-time regressions. (#28575) Thanks @bmendonca3.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Media/MIME normalization: normalize parameterized/case-variant MIME strings in `kindFromMime` (for example `Audio/Ogg; codecs=opus`) so WhatsApp voice notes are classified as audio and routed through transcription correctly. (#32280) Thanks @Lucenx9.
- Discord/audio preflight mentions: detect audio attachments via Discord `content_type` and gate preflight transcription on typed text (not media placeholders), so guild voice-note mentions are transcribed and matched correctly. (#32136) Thanks @jnMetaCode.
fix: Discord acp inline actions + bound-thread filter (#33136) (thanks @thewilloftheshadow) (#33136)
2026-03-03 09:30:21 -06:00
- Discord/acp inline actions: prefer autocomplete for `/acp` action inline values and ignore bound-thread bot system messages to prevent ACP loops. (#33136) Thanks @thewilloftheshadow.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Feishu/topic session routing: use `thread_id` as topic session scope fallback when `root_id` is absent, keep first-turn topic keys stable across thread creation, and force thread replies when inbound events already carry topic/thread context. (#29788) Thanks @songyaolun.
- Gateway/Webchat NO_REPLY streaming: suppress assistant lead-fragment deltas that are prefixes of `NO_REPLY` and keep final-message buffering in sync, preventing partial `NO` leaks on silent-response runs while preserving legitimate short replies. (#32073) Thanks @liuxiaopai-ai.
- Telegram/models picker callbacks: keep long model buttons selectable by falling back to compact callback payloads and resolving provider ids on selection (with provider re-prompt on ambiguity), avoiding Telegram 64-byte callback truncation failures. (#31857) Thanks @bmendonca3.
Agents: add context metadata warmup retry backoff
2026-03-02 21:34:48 -05:00
- Context-window metadata warmup: add exponential config-load retry backoff (1s -> 2s -> 4s, capped at 60s) so transient startup failures recover automatically without hot-loop retries.
fix: land external Twilio outbound-api webhook calls (#31181) (thanks @scoootscooob)
2026-03-02 23:56:31 +00:00
- Voice-call/Twilio external outbound: auto-register webhook-first `outbound-api` calls (initiated outside OpenClaw) so media streams are accepted and call direction metadata stays accurate. (#31181) Thanks @scoootscooob.
Feishu: reply to topic roots (#29968) * Feishu: reply to topic roots * Changelog: note Feishu topic-root reply targeting --------- Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 16:41:36 -07:00
- Feishu/topic root replies: prefer `root_id` as outbound `replyTargetMessageId` when present, and parse millisecond `message_create_time` values correctly so topic replies anchor to the root message in grouped thread flows. (#29968) Thanks @bmendonca3.
fix(feishu): restore private chat pairing replies in Lark/Feishu (openclaw#31403) thanks @stakeswky Verified: - pnpm test -- extensions/feishu/src/bot.test.ts - pnpm build Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 07:27:39 +08:00
- Feishu/DM pairing reply target: send pairing challenge replies to `chat:<chat_id>` instead of `user:<sender_open_id>` so Lark/Feishu private chats with user-id-only sender payloads receive pairing messages reliably. (#31403) Thanks @stakeswky.
fix(feishu): support Lark private chats as direct messages (openclaw#31400) thanks @stakeswky Verified: - pnpm test -- extensions/feishu/src/bot.checkBotMentioned.test.ts - pnpm build - pnpm check (blocked by unrelated baseline lint errors in untouched files) - pnpm test:macmini (not run after pnpm check blocked) Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 07:04:42 +08:00
- Feishu/Lark private DM routing: treat inbound `chat_type: "private"` as direct-message context for pairing/mention-forward/reaction synthetic handling so Lark private chats behave like Feishu p2p DMs. (#31400) Thanks @stakeswky.
fix: enforce sandbox workspace mount mode (#32227) (thanks @guanyu-zhang)
2026-03-02 22:58:02 +00:00
- Signal/message actions: allow `react` to fall back to `toolContext.currentMessageId` when `messageId` is omitted, matching Telegram behavior and unblocking agent-initiated reactions on inbound turns. (#32217) Thanks @dunamismax.
fix(channels): normalize MIME kind parsing and reaction fallbacks
2026-03-02 23:48:00 +00:00
- Discord/message actions: allow `react` to fall back to `toolContext.currentMessageId` when `messageId` is omitted, matching Telegram/Signal reaction ergonomics in inbound turns.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Synology Chat/reply delivery: resolve webhook usernames to Chat API `user_id` values for outbound chatbot replies, avoiding mismatches between webhook user IDs and `method=chatbot` recipient IDs in multi-account setups. (#23709) Thanks @druide67.
- Slack/thread context payloads: only inject thread starter/history text on first thread turn for new sessions while preserving thread metadata, reducing repeated context-token bloat on long-lived thread sessions. (#32133) Thanks @sourman.
- Slack/session routing: keep top-level channel messages in one shared session when `replyToMode=off`, while preserving thread-scoped keys for true thread replies and non-off modes. (#32193) Thanks @bmendonca3.
- Voice-call/webhook routing: require exact webhook path matches (instead of prefix matches) so lookalike paths cannot reach provider verification/dispatch logic. (#31930) Thanks @afurm.
- Zalo/Pairing auth tests: add webhook regression coverage asserting DM pairing-store reads/writes remain account-scoped, preventing cross-account authorization bleed in multi-account setups. (#26121) Thanks @bmendonca3.
- Zalouser/Pairing auth tests: add account-scoped DM pairing-store regression coverage (`monitor.account-scope.test.ts`) to prevent cross-account allowlist bleed in multi-account setups. (#26672) Thanks @bmendonca3.
- Feishu/Send target prefixes: normalize explicit `group:`/`dm:` send targets and preserve explicit receive-id routing hints when resolving outbound Feishu targets. (#31594) Thanks @liuxiaopai-ai.
- Webchat/Feishu session continuation: preserve routable `OriginatingChannel`/`OriginatingTo` metadata from session delivery context in `chat.send`, and prefer provider-normalized channel when deciding cross-channel route dispatch so Webchat replies continue on the selected Feishu session instead of falling back to main/internal session routing. (#31573)
- Telegram/implicit mention forum handling: exclude Telegram forum system service messages (`forum_topic_*`, `general_forum_topic_*`) from reply-chain implicit mention detection so `requireMention` does not get bypassed inside bot-created topic lifecycle events. (#32262) Thanks @scoootscooob.
- Slack/inbound debounce routing: isolate top-level non-DM message debounce keys by message timestamp to avoid cross-thread collisions, preserve DM batching, and flush pending top-level buffers before immediate non-debounce follow-ups to keep ordering stable. (#31951) Thanks @scoootscooob.
- Feishu/Duplicate replies: suppress same-target reply dispatch when message-tool sends use generic provider metadata (`provider: "message"`) and normalize `lark`/`feishu` provider aliases during duplicate-target checks, preventing double-delivery in Feishu sessions. (#31526)
- Webchat/silent token leak: filter assistant `NO_REPLY`-only transcript entries from `chat.history` responses and add client-side defense-in-depth guards in the chat controller so internal silent tokens never render as visible chat bubbles. (#32015) Consolidates overlap from #32183, #32082, #32045, #32052, #32172, and #32112. Thanks @ademczuk, @liuxiaopai-ai, @ningding97, @bmendonca3, and @x4v13r1120.
- Doctor/local memory provider checks: stop false-positive local-provider warnings when `provider=local` and no explicit `modelPath` is set by honoring default local model fallback while still warning when gateway probe reports local embeddings not ready. (#32014) Fixes #31998. Thanks @adhishthite.
fix: support parakeet-mlx output-dir transcript parsing (#9177) (thanks @mac-110)
2026-03-02 22:21:57 +00:00
- Media understanding/parakeet CLI output parsing: read `parakeet-mlx` transcripts from `--output-dir/<media-basename>.txt` when txt output is requested (or default), with stdout fallback for non-txt formats. (#9177) Thanks @mac-110.
fix: apply missed media/runtime follow-ups from merged PRs
2026-03-02 21:45:29 +00:00
- Media understanding/audio transcription guard: skip tiny/empty audio files (<1024 bytes) before provider/CLI transcription to avoid noisy invalid-audio failures and preserve clean fallback behavior. (#8388) Thanks @Glucksberg.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Gateway/Plugin HTTP route precedence: run explicit plugin HTTP routes before the Control UI SPA catch-all so registered plugin webhook/custom paths remain reachable, while unmatched paths still fall through to Control UI handling. (#31885) Thanks @Sid-Qin.
- Gateway/Node browser proxy routing: honor `profile` from `browser.request` JSON body when query params omit it, while preserving query-profile precedence when both are present. (#28852) Thanks @Sid-Qin.
- Gateway/Control UI basePath POST handling: return 405 for `POST` on exact basePath routes (for example `/openclaw`) instead of redirecting, and add end-to-end regression coverage that root-mounted webhook POST paths still pass through to plugin handlers. (#31349) Thanks @Sid-Qin.
- Browser/default profile selection: default `browser.defaultProfile` behavior now prefers `openclaw` (managed standalone CDP) when no explicit default is configured, while still auto-provisioning the `chrome` relay profile for explicit opt-in use. (#32031) Fixes #31907. Thanks @liuxiaopai-ai.
- Sandbox/mkdirp boundary checks: allow existing in-boundary directories to pass mkdirp boundary validation when directory open probes return platform-specific I/O errors, with regression coverage for directory-safe fallback behavior. (#31547) Thanks @stakeswky.
- Models/config env propagation: apply `config.env.vars` before implicit provider discovery in models bootstrap so config-scoped credentials are visible to implicit provider resolution paths. (#32295) Thanks @hsiaoa.
- Models/Codex usage labels: infer weekly secondary usage windows from reset cadence when API window seconds are ambiguously reported as 24h, so `openclaw models status` no longer mislabels weekly limits as daily. (#31938) Thanks @bmendonca3.
- Gateway/Heartbeat model reload: treat `models.*` and `agents.defaults.model` config updates as heartbeat hot-reload triggers so heartbeat picks up model changes without a full gateway restart. (#32046) Thanks @stakeswky.
- Memory/LanceDB embeddings: forward configured `embedding.dimensions` into OpenAI embeddings requests so vector size and API output dimensions stay aligned when dimensions are explicitly configured. (#32036) Thanks @scotthuang.
- Gateway/Control UI method guard: allow POST requests to non-UI routes to fall through when no base path is configured, and add POST regression coverage for fallthrough and base-path 405 behavior. (#23970) Thanks @tyler6204.
- Browser/CDP status accuracy: require a successful `Browser.getVersion` response over the CDP websocket (not just socket-open) before reporting `cdpReady`, so stale idle command channels are surfaced as unhealthy. (#23427) Thanks @vincentkoc.
- Daemon/systemd checks in containers: treat missing `systemctl` invocations (including `spawn systemctl ENOENT`/`EACCES`) as unavailable service state during `is-enabled` checks, preventing container flows from failing with `Gateway service check failed` before install/status handling can continue. (#26089) Thanks @sahilsatralkar and @vincentkoc.
fix: revalidate approval cwd before system.run execution
2026-03-02 23:42:03 +00:00
- Security/Node exec approvals: revalidate approval-bound `cwd` identity immediately before execution/forwarding and fail closed with an explicit denial when `cwd` drifts after approval hardening.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Security audit/skills workspace hardening: add `skills.workspace.symlink_escape` warning in `openclaw security audit` when workspace `skills/**/SKILL.md` resolves outside the workspace root (for example symlink-chain drift), plus docs coverage in the security glossary.
- Security/Node exec approvals: preserve shell/dispatch-wrapper argv semantics during approval hardening so approved wrapper commands (for example `env sh -c ...`) cannot drift into a different runtime command shape, and add regression coverage for both approval-plan generation and approved runtime execution paths. Thanks @tdjackey for reporting.
fix: harden fs-safe write boundary checks
2026-03-02 23:36:19 +00:00
- Security/fs-safe write hardening: make `writeFileWithinRoot` use same-directory temp writes plus atomic rename, add post-write inode/hardlink revalidation with security warnings on boundary drift, and avoid truncating existing targets when final rename fails.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- Security/Skills archive extraction: unify tar extraction safety checks across tar.gz and tar.bz2 install flows, enforce tar compressed-size limits, and fail closed if tar.bz2 archives change between preflight and extraction to prevent bypasses of entry-type/size guardrails. Thanks @GCXWLP for reporting.
- Security/Prompt spoofing hardening: stop injecting queued runtime events into user-role prompt text, route them through trusted system-prompt context, and neutralize inbound spoof markers like `[System Message]` and line-leading `System:` in untrusted message content. (#30448)
Config: newline-join sandbox setupCommand arrays (#31953)
2026-03-03 02:11:32 +08:00
- Sandbox/Docker setup command parsing: accept `agents.*.sandbox.docker.setupCommand` as either a string or a string array, and normalize arrays to newline-delimited shell scripts so multi-step setup commands no longer concatenate without separators. (#31953) Thanks @liuxiaopai-ai.
fix(security): harden workspace bootstrap boundary reads
2026-03-02 17:07:26 +00:00
- Sandbox/Bootstrap context boundary hardening: reject symlink/hardlink alias bootstrap seed files that resolve outside the source workspace and switch post-compaction `AGENTS.md` context reads to boundary-verified file opens, preventing host file content from being injected via workspace aliasing. Thanks @tdjackey for reporting.
chore: normalize changelog credit for #31841 (thanks @liuxiaopai-ai)
2026-03-02 19:56:06 +00:00
- Agents/Sandbox workdir mapping: map container workdir paths (for example `/workspace`) back to the host workspace before sandbox path validation so exec requests keep the intended directory in containerized runs instead of falling back to an unavailable host path. (#31841) Thanks @liuxiaopai-ai.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Docker/Sandbox bootstrap hardening: make `OPENCLAW_SANDBOX` opt-in parsing explicit (`1|true|yes|on`), support custom Docker socket paths via `OPENCLAW_DOCKER_SOCKET`, defer docker.sock exposure until sandbox prerequisites pass, and reset/roll back persisted sandbox mode to `off` when setup is skipped or partially fails to avoid stale broken sandbox state. (#29974) Thanks @jamtujest and @vincentkoc.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Hooks/webhook ACK compatibility: return `200` (instead of `202`) for successful `/hooks/agent` requests so providers that require `200` (for example Forward Email) accept dispatched agent hook deliveries. (#28204) Thanks @AIflow-Labs.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- Feishu/Run channel fallback: prefer `Provider` over `Surface` when inferring queued run `messageProvider` fallback (when `OriginatingChannel` is missing), preventing Feishu turns from being mislabeled as `webchat` in mixed relay metadata contexts. (#31880) Fixes #31859. Thanks @liuxiaopai-ai.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Skills/sherpa-onnx-tts: run the `sherpa-onnx-tts` bin under ESM (replace CommonJS `require` imports) and add regression coverage to prevent `require is not defined in ES module scope` startup crashes. (#31965) Thanks @bmendonca3.
- Inbound metadata/direct relay context: restore direct-channel conversation metadata blocks for external channels (for example WhatsApp) while preserving webchat-direct suppression, so relay agents recover sender/message identifiers without reintroducing internal webchat metadata noise. (#31969) Fixes #29972. Thanks @Lucenx9.
- Slack/Channel message subscriptions: register explicit `message.channels` and `message.groups` monitor handlers (alongside generic `message`) so channel/group event subscriptions are consumed even when Slack dispatches typed message event names. Fixes #31674.
- Hooks/session-scoped memory context: expose ephemeral `sessionId` in embedded plugin tool contexts and `before_tool_call`/`after_tool_call` hook contexts (including compaction and client-tool wiring) so plugins can isolate per-conversation state across `/new` and `/reset`. Related #31253 and #31304. Thanks @Sid-Qin and @Servo-AIpex.
- Voice-call/Twilio inbound greeting: run answered-call initial notify greeting for Twilio instead of skipping the manager speak path, with regression coverage for both Twilio and Plivo notify flows. (#29121) Thanks @xinhuagu.
- Voice-call/stale call hydration: verify active calls with the provider before loading persisted in-progress calls so stale locally persisted records do not block or misroute new call handling after restarts. (#4325) Thanks @garnetlyx.
- Feishu/File upload filenames: percent-encode non-ASCII/special-character `file_name` values in Feishu multipart uploads so Chinese/symbol-heavy filenames are sent as proper attachments instead of plain text links. (#31179) Thanks @Kay-051.
- Media/MIME channel parity: route Telegram/Signal/iMessage media-kind checks through normalized `kindFromMime` so mixed-case/parameterized MIME values classify consistently across message channels.
- WhatsApp/inbound self-message context: propagate inbound `fromMe` through the web inbox pipeline and annotate direct self messages as `(self)` in envelopes so agents can distinguish owner-authored turns from contact turns. (#32167) Thanks @scoootscooob.
- Webchat/stream finalization: persist streamed assistant text when final events omit `message`, while keeping final payload precedence and skipping empty stream buffers to prevent disappearing replies after tool turns. (#31920) Thanks @Sid-Qin.
fix(feishu): serialize message handling per chat to prevent skipped messages (openclaw#31807) thanks @Sid-Qin Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check (fails on unrelated pre-existing TypeScript error in src/browser/chrome.ts) Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 07:14:00 +08:00
- Feishu/Inbound ordering: serialize message handling per chat while preserving cross-chat concurrency to avoid same-chat race drops under bursty inbound traffic. (#31807)
fix(feishu): skip typing indicator keepalive re-adds to prevent notification spam (#31580) * fix(feishu): skip typing indicator keepalive re-adds to prevent notification spam The typing keepalive loop calls addTypingIndicator() every 3 seconds, which creates a new messageReaction.create API call each time. Feishu treats each re-add as a new reaction event and fires a push notification, causing users to receive repeated notifications while waiting for a response. Unlike Telegram/Discord where typing status expires after a few seconds, Feishu reactions persist until explicitly removed. Skip the keepalive re-add when a reaction already exists (reactionId is set) since there is no need to refresh it. Closes #28660 * Changelog: note Feishu typing keepalive suppression --------- Co-authored-by: yuxh1996 <yuxh1996@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 09:11:47 +08:00
- Feishu/Typing notification suppression: skip typing keepalive reaction re-adds when the indicator is already active, preventing duplicate notification pings from repeated identical emoji adds. (#31580)
Feishu: cache failing probes (#29970) * Feishu: cache failing probes * Changelog: add Feishu probe failure backoff note --------- Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 18:37:07 -07:00
- Feishu/Probe failure backoff: cache API and timeout probe failures for one minute per account key while preserving abort-aware probe timeouts, reducing repeated health-check retries during transient credential/network outages. (#29970)
fix(feishu): preserve block streaming text when final payload is missing (#30663) * fix(feishu): preserve block streaming text when final payload is missing When Feishu card streaming receives block payloads without matching final/partial callbacks, keep block text in stream state so onIdle close still publishes the reply instead of an empty message. Add a regression test for block-only streaming. Closes #30628 * Feishu: preserve streaming block fallback when final text is missing --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 11:26:21 +08:00
- Feishu/Streaming block fallback: preserve markdown block stream text as final streaming-card content when final payload text is missing, while still suppressing non-card internal block chunk delivery. (#30663)
refactor(feishu): unify Lark SDK error handling with LarkApiError (#31450) * refactor(feishu): unify Lark SDK error handling with LarkApiError - Add LarkApiError class with code, api, and context fields for better diagnostics - Add ensureLarkSuccess helper to replace 9 duplicate error check patterns - Update tool registration layer to return structured error info (code, api, context) This improves: - Observability: errors now include API name and request context for easier debugging - Maintainability: single point of change for error handling logic - Extensibility: foundation for retry strategies, error classification, etc. Affected APIs: - wiki.space.getNode - bitable.app.get - bitable.app.create - bitable.appTableField.list - bitable.appTableField.create - bitable.appTableRecord.list - bitable.appTableRecord.get - bitable.appTableRecord.create - bitable.appTableRecord.update * Changelog: note Feishu bitable error handling unification --------- Co-authored-by: echoVic <echovic@163.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 11:44:40 +08:00
- Feishu/Bitable API errors: unify Feishu Bitable tool error handling with structured `LarkApiError` responses and consistent API/context attribution across wiki/base metadata, field, and record operations. (#31450)
fix(feishu): correct invalid scope name in permission grant URL (#32509) * fix(feishu): correct invalid scope name in permission grant URL The Feishu API returns error code 99991672 with an authorization URL containing the non-existent scope `contact:contact.base:readonly` when the `contact.user.get` endpoint is called without the correct permission. The valid scope is `contact:user.base:readonly`. Add a scope correction map that replaces known incorrect scope names in the extracted grant URL before presenting it to the user/agent, so the authorization link actually works. Closes #31761 * chore(changelog): note feishu scope correction --------- Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
2026-03-02 22:06:42 -06:00
- Feishu/Missing-scope grant URL fix: rewrite known invalid scope aliases (`contact:contact.base:readonly`) to valid scope names in permission grant links, so remediation URLs open with correct Feishu consent scopes. (#31943)
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- BlueBubbles/Message metadata: harden send response ID extraction, include sender identity in DM context, and normalize inbound `message_id` selection to avoid duplicate ID metadata. (#23970) Thanks @tyler6204.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- WebChat/markdown tables: ensure GitHub-flavored markdown table parsing is explicitly enabled at render time and add horizontal overflow handling for wide tables, with regression coverage for table-only and mixed text+table content. (#32365) Thanks @BlueBirdBack.
- Feishu/default account resolution: always honor explicit `channels.feishu.defaultAccount` during outbound account selection (including top-level-credential setups where the preferred id is not present in `accounts`), instead of silently falling back to another account id. (#32253) Thanks @bmendonca3.
- Feishu/Sender lookup permissions: suppress user-facing grant prompts for stale non-existent scope errors (`contact:contact.base:readonly`) during best-effort sender-name resolution so inbound messages continue without repeated false permission notices. (#31761)
- Discord/dispatch + Slack formatting: restore parallel outbound dispatch across Discord channels with per-channel queues while preserving in-channel ordering, and run Slack preview/stream update text through mrkdwn normalization for consistent formatting. (#31927) Thanks @Sid-Qin.
- Feishu/Inbound debounce: debounce rapid same-chat sender bursts into one ordered dispatch turn, skip already-processed retries when composing merged text, and preserve bot-mention intent across merged entries to reduce duplicate or late inbound handling. (#31548)
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- Tests/Sandbox + archive portability: use junction-compatible directory-link setup on Windows and explicit file-symlink platform guards in symlink escape tests where unprivileged file symlinks are unavailable, reducing false Windows CI failures while preserving traversal checks on supported paths. (#28747) Thanks @arosstale.
docs: reorder unreleased changelog by user interest
2026-03-03 03:00:30 +00:00
- Browser/Extension re-announce reliability: keep relay state in `connecting` when re-announce forwarding fails and extend debugger re-attach retries after navigation to reduce false attached states and post-nav disconnect loops. (#27630) Thanks @markmusson.
- Browser/Act request compatibility: accept legacy flattened `action="act"` params (`kind/ref/text/...`) in addition to `request={...}` so browser act calls no longer fail with `request required`. (#15120) Thanks @vincentkoc.
- OpenRouter/x-ai compatibility: skip `reasoning.effort` injection for `x-ai/*` models (for example Grok) so OpenRouter requests no longer fail with invalid-arguments errors on unsupported reasoning params. (#32054) Thanks @scoootscooob.
- Models/openai-completions developer-role compatibility: force `supportsDeveloperRole=false` for non-native endpoints, treat unparseable `baseUrl` values as non-native, and add regression coverage for empty/malformed baseUrl plus explicit-true override behavior. (#29479) thanks @akramcodez.
- Browser/Profile attach-only override: support `browser.profiles.<name>.attachOnly` (fallback to global `browser.attachOnly`) so loopback proxy profiles can skip local launch/port-ownership checks without forcing attach-only mode for every profile. (#20595) Thanks @unblockedgamesstudio and @vincentkoc.
- Sessions/Lock recovery: detect recycled Linux PIDs by comparing lock-file `starttime` with `/proc/<pid>/stat` starttime, so stale `.jsonl.lock` files are reclaimed immediately in containerized PID-reuse scenarios while preserving compatibility for older lock files. (#26443) Fixes #27252. Thanks @HirokiKobayashi-R and @vincentkoc.
- Cron/isolated delivery target fallback: remove early unresolved-target return so cron delivery can flow through shared outbound target resolution (including per-channel `resolveDefaultTo` fallback) when `delivery.to` is omitted. (#32364) Thanks @hclsys.
- OpenAI media capabilities: include `audio` in the OpenAI provider capability list so audio transcription models are eligible in media-understanding provider selection. (#12717) Thanks @openjay.
- Browser/Managed tab cap: limit loopback managed `openclaw` page tabs to 8 via best-effort cleanup after tab opens to reduce long-running renderer buildup while preserving attach-only and remote profile behavior. (#29724) Thanks @pandego.
- Docker/Image health checks: add Dockerfile `HEALTHCHECK` that probes gateway `GET /healthz` so container runtimes can mark unhealthy instances without requiring auth credentials in the probe command. (#11478) Thanks @U-C4N and @vincentkoc.
- Gateway/Node dangerous-command parity: include `sms.send` in default onboarding node `denyCommands`, share onboarding deny defaults with the gateway dangerous-command source of truth, and include `sms.send` in phone-control `/phone arm writes` handling so SMS follows the same break-glass flow as other dangerous node commands. Thanks @zpbrent.
- Pairing/AllowFrom account fallback: handle omitted `accountId` values in `readChannelAllowFromStore` and `readChannelAllowFromStoreSync` as `default`, while preserving legacy unscoped allowFrom merges for default-account flows. Thanks @Sid-Qin and @vincentkoc.
- Browser/Remote CDP ownership checks: skip local-process ownership errors for non-loopback remote CDP profiles when HTTP is reachable but the websocket handshake fails, and surface the remote websocket attach/retry path instead. (#15582) Landed from contributor (#28780) Thanks @stubbi, @bsormagec, @unblockedgamesstudio and @vincentkoc.
- Browser/CDP proxy bypass: force direct loopback agent paths and scoped `NO_PROXY` expansion for localhost CDP HTTP/WS connections when proxy env vars are set, so browser relay/control still works behind global proxy settings. (#31469) Thanks @widingmarcus-cyber.
- Sessions/idle reset correctness: preserve existing `updatedAt` during inbound metadata-only writes so idle-reset boundaries are not unintentionally refreshed before actual user turns. (#32379) Thanks @romeodiaz.
- Sessions/lock recovery: reclaim orphan legacy same-PID lock files missing `starttime` when no in-process lock ownership exists, avoiding false lock timeouts after PID reuse while preserving active lock safety checks. (#32081) Thanks @bmendonca3.
- Sessions/store cache invalidation: reload cached session stores when file size changes within the same mtime tick by keying cache validation on a single file-stat snapshot (`mtimeMs` + `sizeBytes`), with regression coverage for same-tick rewrites. (#32191) Thanks @jalehman.
- Agents/Subagents `sessions_spawn`: reject malformed `agentId` inputs before normalization (for example error-message/path-like strings) to prevent unintended synthetic agent IDs and ghost workspace/session paths; includes strict validation regression coverage. (#31381) Thanks @openperf.
- CLI/installer Node preflight: enforce Node.js `v22.12+` consistently in both `openclaw.mjs` runtime bootstrap and installer active-shell checks, with actionable nvm recovery guidance for mismatched shell PATH/defaults. (#32356) Thanks @jasonhargrove.
- Web UI/config form: support SecretInput string-or-secret-ref unions in map `additionalProperties`, so provider API key fields stay editable instead of being marked unsupported. (#31866) Thanks @ningding97.
- Auto-reply/inline command cleanup: preserve newline structure when stripping inline `/status` and extracting inline slash commands by collapsing only horizontal whitespace, preventing paragraph flattening in multi-line replies. (#32224) Thanks @scoootscooob.
- Config/raw redaction safety: preserve non-sensitive literals during raw redaction round-trips, scope SecretRef redaction to secret IDs (not structural fields like `source`/`provider`), and fall back to structured raw redaction when text replacement cannot restore the original config shape. (#32174) Thanks @bmendonca3.
- Hooks/runtime stability: keep the internal hook handler registry on a `globalThis` singleton so hook registration/dispatch remains consistent when bundling emits duplicate module copies. (#32292) Thanks @Drickon.
- Hooks/after_tool_call: include embedded session context (`sessionKey`, `agentId`) and fire the hook exactly once per tool execution by removing duplicate adapter-path dispatch in embedded runs. (#32201) Thanks @jbeno, @scoootscooob, @vincentkoc.
- Hooks/tool-call correlation: include `runId` and `toolCallId` in plugin tool hook payloads/context and scope tool start/adjusted-param tracking by run to prevent cross-run collisions in `before_tool_call` and `after_tool_call`. (#32360) Thanks @vincentkoc.
- Plugins/install diagnostics: reject legacy plugin package shapes without `openclaw.extensions` and return an explicit upgrade hint with troubleshooting docs for repackaging. (#32055) Thanks @liuxiaopai-ai.
- Hooks/plugin context parity: ensure `llm_input` hooks in embedded attempts receive the same `trigger` and `channelId`-aware `hookCtx` used by the other hook phases, preserving channel/trigger-scoped plugin behavior. (#28623) Thanks @davidrudduck and @vincentkoc.
- Plugins/hardlink install compatibility: allow bundled plugin manifests and entry files to load when installed via hardlink-based package managers (`pnpm`, `bun`) while keeping hardlink rejection enabled for non-bundled plugin sources. (#32119) Fixes #28175, #28404, #29455. Thanks @markfietje.
- Cron/session reaper reliability: move cron session reaper sweeps into `onTimer` `finally` and keep pruning active even when timer ticks fail early (for example cron store parse failures), preventing stale isolated run sessions from accumulating indefinitely. (#31996) Fixes #31946. Thanks @scoootscooob.
- Cron/HEARTBEAT_OK summary leak: suppress fallback main-session enqueue for heartbeat/internal ack summaries in isolated announce mode so `HEARTBEAT_OK` noise never appears in user chat while real summaries still forward. (#32093) Thanks @scoootscooob.
- Authentication: classify `permission_error` as `auth_permanent` for profile fallback. (#31324) Thanks @Sid-Qin.
- Agents/host edit reliability: treat host edit-tool throws as success only when on-disk post-check confirms replacement likely happened (`newText` present and `oldText` absent), preventing false failure reports while avoiding pre-write false positives. (#32383) Thanks @polooooo.
- Plugins/install fallback safety: resolve bare install specs to bundled plugin ids before npm lookup (for example `diffs` -> bundled `@openclaw/diffs`), keep npm fallback limited to true package-not-found errors, and continue rejecting non-plugin npm packages that fail manifest validation. (#32096) Thanks @scoootscooob.
- Web UI/inline code copy fidelity: disable forced mid-token wraps on inline `<code>` spans so copied UUID/hash/token strings preserve exact content instead of inserting line-break spaces. (#32346) Thanks @hclsys.
- Restart sentinel formatting: avoid duplicate `Reason:` lines when restart message text already matches `stats.reason`, keeping restart notifications concise for users and downstream parsers. (#32083) Thanks @velamints2.
- Auto-reply/followup queue: avoid stale callback reuse across idle-window restarts by caching the followup runner only when a drain actually starts, preserving enqueue ordering after empty-finalize paths. (#31902) Thanks @Lanfei.
- Agents/tool-result guard: always clear pending tool-call state on interruptions even when synthetic tool results are disabled, preventing orphaned tool-use transcripts that cause follow-up provider request failures. (#32120) Thanks @jnMetaCode.
- Failover/error classification: treat HTTP `529` (provider overloaded, common with Anthropic-compatible APIs) as `rate_limit` so model failover can engage instead of misclassifying the error path. (#31854) Thanks @bugkill3r.
- Logging: use local time for logged timestamps instead of UTC, aligning log output with documented local timezone behavior and avoiding confusion during local diagnostics. (#28434) Thanks @liuy.
- Agents/Subagent announce cleanup: keep completion-message runs pending while descendants settle, add a 30 minute hard-expiry backstop to avoid indefinite pending state, and keep retry bookkeeping resumable across deferred wakes. (#23970) Thanks @tyler6204.
- Secrets/exec resolver timeout defaults: use provider `timeoutMs` as the default inactivity (`noOutputTimeoutMs`) watchdog for exec secret providers, preventing premature no-output kills for resolvers that start producing output after 2s. (#32235) Thanks @bmendonca3.
- Auto-reply/reminder guard note suppression: when a turn makes reminder-like commitments but schedules no new cron jobs, suppress the unscheduled-reminder warning note only if an enabled cron already exists for the same session; keep warnings for unrelated sessions, disabled jobs, or unreadable cron store paths. (#32255) Thanks @scoootscooob.
- Cron/isolated announce heartbeat suppression: treat multi-payload runs as skippable when any payload is a heartbeat ack token and no payload has media, preventing internal narration + trailing `HEARTBEAT_OK` from being delivered to users. (#32131) Thanks @adhishthite.
- Cron/store migration: normalize legacy cron jobs with string `schedule` and top-level `command`/`timeout` fields into canonical schedule/payload/session-target shape on load, preventing schedule-error loops on old persisted stores. (#31926) Thanks @bmendonca3.
- Tests/Windows backup rotation: skip chmod-only backup permission assertions on Windows while retaining compose/rotation/prune coverage across platforms to avoid false CI failures from Windows non-POSIX mode semantics. (#32286) Thanks @jalehman.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- Tests/Subagent announce: set `OPENCLAW_TEST_FAST=1` before importing `subagent-announce` format suites so module-level fast-mode constants are captured deterministically on Windows CI, preventing timeout flakes in nested completion announce coverage. (#31370) Thanks @zwffff.
## 2026.3.1
### Changes
- OpenAI/Streaming transport: make `openai` Responses WebSocket-first by default (`transport: "auto"` with SSE fallback), add shared OpenAI WS stream/connection runtime wiring with per-session cleanup, and preserve server-side compaction payload mutation (`store` + `context_management`) on the WS path.
- Gateway/Container probes: add built-in HTTP liveness/readiness endpoints (`/health`, `/healthz`, `/ready`, `/readyz`) for Docker/Kubernetes health checks, with fallback routing so existing handlers on those paths are not shadowed. (#31272) Thanks @vincentkoc.
- Android/Nodes: add `camera.list`, `device.permissions`, `device.health`, and `notifications.actions` (`open`/`dismiss`/`reply`) on Android nodes, plus first-class node-tool actions for the new device/notification commands. (#28260) Thanks @obviyus.
- Discord/Thread bindings: replace fixed TTL lifecycle with inactivity (`idleHours`, default 24h) plus optional hard `maxAgeHours` lifecycle controls, and add `/session idle` + `/session max-age` commands for focused thread-bound sessions. (#27845) Thanks @osolmaz.
- Telegram/DM topics: add per-DM `direct` + topic config (allowlists, `dmPolicy`, `skills`, `systemPrompt`, `requireTopic`), route DM topics as distinct inbound/outbound sessions, and enforce topic-aware authorization/debounce for messages, callbacks, commands, and reactions. Landed from contributor PR #30579 by @kesor. Thanks @kesor.
- Android/Gateway capability refresh: add live Android capability integration coverage and node canvas capability refresh wiring, plus runtime hardening for A2UI readiness retries, scoped canvas URL normalization, debug diagnostics JSON, and JavaScript MIME delivery. (#28388) Thanks @obviyus.
- Android/Nodes parity: add `system.notify`, `photos.latest`, `contacts.search`/`contacts.add`, `calendar.events`/`calendar.add`, and `motion.activity`/`motion.pedometer`, with motion sensor-aware command gating and improved activity sampling reliability. (#29398) Thanks @obviyus.
- Agents/Thinking defaults: set `adaptive` as the default thinking level for Anthropic Claude 4.6 models (including Bedrock Claude 4.6 refs) while keeping other reasoning-capable models at `low` unless explicitly configured.
- Web UI/Cron i18n: localize cron page labels, filters, form help text, and validation/error messaging in English and zh-CN. (#29315) Thanks @BUGKillerKing.
- CLI/Config: add `openclaw config file` to print the active config file path resolved from `OPENCLAW_CONFIG_PATH` or the default location. (#26256) thanks @cyb1278588254.
- Feishu/Docx tables + uploads: add `feishu_doc` actions for Docx table creation/cell writing (`create_table`, `write_table_cells`, `create_table_with_values`) and image/file uploads (`upload_image`, `upload_file`) with stricter create/upload error handling for missing `document_id` and placeholder cleanup failures. (#20304) Thanks @xuhao1.
- Feishu/Reactions: add inbound `im.message.reaction.created_v1` handling, route verified reactions through synthetic inbound turns, and harden verification with timeout + fail-closed filtering so non-bot or unverified reactions are dropped. (#16716) Thanks @schumilin.
- Feishu/Chat tooling: add `feishu_chat` tool actions for chat info and member queries, with configurable enablement under `channels.feishu.tools.chat`. (#14674) Thanks @liuweifly.
- Feishu/Doc permissions: support optional owner permission grant fields on `feishu_doc` create and report permission metadata only when the grant call succeeds, with regression coverage for success/failure/omitted-owner paths. (#28295) Thanks @zhoulongchao77.
- Web UI/i18n: add German (`de`) locale support and auto-render language options from supported locale constants in Overview settings. (#28495) thanks @dsantoreis.
- Tools/Diffs: add a new optional `diffs` plugin tool for read-only diff rendering from before/after text or unified patches, with gateway viewer URLs for canvas and PNG image output. Thanks @gumadeiras.
- Memory/LanceDB: support custom OpenAI `baseUrl` and embedding dimensions for LanceDB memory. (#17874) Thanks @rish2jain and @vincentkoc.
- ACP/ACPX streaming: pin ACPX plugin support to `0.1.15`, add configurable ACPX command/version probing, and streamline ACP stream delivery (`final_only` default + reduced tool-event noise) with matching runtime and test updates. (#30036) Thanks @osolmaz.
- Shell env markers: set `OPENCLAW_SHELL` across shell-like runtimes (`exec`, `acp`, `acp-client`, `tui-local`) so shell startup/config rules can target OpenClaw contexts consistently, and document the markers in env/exec/acp/TUI docs. Thanks @vincentkoc.
- Cron/Heartbeat light bootstrap context: add opt-in lightweight bootstrap mode for automation runs (`--light-context` for cron agent turns and `agents.*.heartbeat.lightContext` for heartbeat), keeping only `HEARTBEAT.md` for heartbeat runs and skipping bootstrap-file injection for cron lightweight runs. (#26064) Thanks @jose-velez.
- OpenAI/WebSocket warm-up: add optional OpenAI Responses WebSocket warm-up (`response.create` with `generate:false`), enable it by default for `openai/*`, and expose `params.openaiWsWarmup` for per-model enable/disable control.
- Agents/Subagents runtime events: replace ad-hoc subagent completion system-message handoff with typed internal completion events (`task_completion`) that are rendered consistently across direct and queued announce paths, with gateway/CLI plumbing for structured `internalEvents`.
### Breaking
- **BREAKING:** Node exec approval payloads now require `systemRunPlan`. `host=node` approval requests without that plan are rejected.
- **BREAKING:** Node `system.run` execution now pins path-token commands to the canonical executable path (`realpath`) in both allowlist and approval execution flows. Integrations/tests that asserted token-form argv (for example `tr`) must now accept canonical paths (for example `/usr/bin/tr`).
### Fixes
fix(feishu): non-blocking WS ACK and preserve full streaming card content (#29616) * fix(feishu): non-blocking ws ack and preserve streaming card full content * fix(feishu): preserve fragmented streaming text without newline artifacts --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 12:17:15 +08:00
- Feishu/Streaming card text fidelity: merge throttled/fragmented partial updates without dropping content and avoid newline injection when stitching chunk-style deltas so card-stream output matches final reply text. (#29616) Thanks @HaoHuaqing.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- Security/Feishu webhook ingress: bound unauthenticated webhook rate-limit state with stale-window pruning and a hard key cap to prevent unbounded pre-auth memory growth from rotating source keys. (#26050) Thanks @bmendonca3.
- Security/Compaction audit: remove the post-compaction audit injection message. (#28507) Thanks @fuller-stack-dev and @vincentkoc.
- Web tools/RFC2544 fake-IP compatibility: allow RFC2544 benchmark range (`198.18.0.0/15`) for trusted web-tool fetch endpoints so proxy fake-IP networking modes do not trigger false SSRF blocks. Landed from contributor PR #31176 by @sunkinux. Thanks @sunkinux.
Feishu: normalize group announce targets to chat ids (openclaw#31546) thanks @liuxiaopai-ai Verified: - pnpm build - pnpm check (fails on unrelated existing main-branch lint violations in ui/src/ui/views/agents-utils.ts and src/pairing/pairing-store.ts) - pnpm test:macmini Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-03 06:50:55 +08:00
- Feishu/Sessions announce group targets: normalize `group:` and `channel:` Feishu targets to `chat_id` routing so `sessions_send` announce delivery no longer sends group chat IDs via `user_id` API params. Fixes #31426.
fix(windows): land #31147 plugin install spawn EINVAL (@codertony) Landed from contributor PR #31147 by @codertony. Co-authored-by: codertony <codertony@users.noreply.github.com>
2026-03-02 02:23:42 +00:00
- Windows/Plugin install: avoid `spawn EINVAL` on Windows npm/npx invocations by resolving to `node` + npm CLI scripts instead of spawning `.cmd` directly. Landed from contributor PR #31147 by @codertony. Thanks @codertony.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- Web UI/Cron: include configured agent model defaults/fallbacks in cron model suggestions so scheduled-job model autocomplete reflects configured models. (#29709) Thanks @Sid-Qin.
- Cron/Delivery: disable the agent messaging tool when `delivery.mode` is `"none"` so cron output is not sent to Telegram or other channels. (#21808) Thanks @lailoo.
- CLI/Cron: clarify `cron list` output by renaming `Agent` to `Agent ID` and adding a `Model` column for isolated agent-turn jobs. (#26259) Thanks @openperf.
- Gateway/Control UI origins: honor `gateway.controlUi.allowedOrigins: ["*"]` wildcard entries (including trimmed values) and lock behavior with regression tests. Landed from contributor PR #31058 by @byungsker. Thanks @byungsker.
- Agents/Sessions list transcript paths: handle missing/non-string/relative `sessions.list.path` values and per-agent `{agentId}` templates when deriving `transcriptPath`, so cross-agent session listings resolve to concrete agent session files instead of workspace-relative paths. (#24775) Thanks @martinfrancois.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Gateway/Control UI CSP: allow required Google Fonts origins in Control UI CSP. (#29279) Thanks @vincentkoc.
docs(changelog): fix 2026.3.1 split and dedupe entries
2026-03-02 21:40:53 +00:00
- CLI/Install: add an npm-link fallback to fix CLI startup `Permission denied` failures (`exit 127`) on affected installs. (#17151) Thanks @sskyu and @vincentkoc.
- Plugins/NPM spec install: fix npm-spec plugin installs when `npm pack` output is empty by detecting newly created `.tgz` archives in the pack directory. (#21039) Thanks @graysurf and @vincentkoc.
- Plugins/Install: clear stale install errors when an npm package is not found so follow-up install attempts report current state correctly. (#25073) Thanks @dalefrieswthat.
- Gateway/macOS supervised restart: actively `launchctl kickstart -k` during intentional supervised restarts to bypass LaunchAgent `ThrottleInterval` delays, and fall back to in-process restart when kickstart fails. Landed from contributor PR #29078 by @cathrynlavery. Thanks @cathrynlavery.
- Sessions/Internal routing: preserve established external `lastTo`/`lastChannel` routes for internal/non-deliverable turns, with added coverage for no-fallback internal routing behavior. Landed from contributor PR #30941 by @graysurf. Thanks @graysurf.
- Auto-reply/NO_REPLY: strip `NO_REPLY` token from mixed-content messages instead of leaking raw control text to end users. Landed from contributor PR #31080 by @scoootscooob. Thanks @scoootscooob.
- Inbound metadata/Multi-account routing: include `account_id` in trusted inbound metadata so multi-account channel sessions can reliably disambiguate the receiving account in prompt context. Landed from contributor PR #30984 by @Stxle2. Thanks @Stxle2.
- Cron/Delivery mode none: send explicit `delivery: { mode: "none" }` from cron editor for both add and update flows so previous announce delivery is actually cleared. Landed from contributor PR #31145 by @byungsker. Thanks @byungsker.
- Cron editor viewport: make the sticky cron edit form independently scrollable with viewport-bounded height so lower fields/actions are reachable on shorter screens. Landed from contributor PR #31133 by @Sid-Qin. Thanks @Sid-Qin.
- Agents/Thinking fallback: when providers reject unsupported thinking levels without enumerating alternatives, retry with `think=off` to avoid hard failure during model/provider fallback chains. Landed from contributor PR #31002 by @yfge. Thanks @yfge.
- Agents/Failover reason classification: avoid false rate-limit classification from incidental `tpm` substrings by matching TPM as a standalone token/phrase and keeping auth-context errors on the auth path. Landed from contributor PR #31007 by @HOYALIM. Thanks @HOYALIM.
- Gateway/WS: close repeated post-handshake `unauthorized role:*` request floods per connection and sample duplicate rejection logs, preventing a single misbehaving client from degrading gateway responsiveness. (#20168) Thanks @acy103, @vibecodooor, and @vincentkoc.
- Gateway/Auth: improve device-auth v2 migration diagnostics so operators get clearer guidance when legacy clients connect. (#28305) Thanks @vincentkoc.
- CLI/Ollama config: allow `config set` for Ollama `apiKey` without predeclared provider config. (#29299) Thanks @vincentkoc.
- Agents/Ollama: demote empty-discovery logging from `warn` to `debug` to reduce noisy warnings in normal edge-case discovery flows. (#26379) Thanks @byungsker.
- Sandbox/Browser Docker: pass `OPENCLAW_BROWSER_NO_SANDBOX=1` to sandbox browser containers and bump sandbox browser security hash epoch so existing containers are recreated and pick up the env on upgrade. (#29879) Thanks @Lukavyi.
- Tools/Edit workspace boundary errors: preserve the real `Path escapes workspace root` failure path instead of surfacing a misleading access/file-not-found error when editing outside workspace roots. Landed from contributor PR #31015 by @haosenwang1018. Thanks @haosenwang1018.
- Browser/Open & navigate: accept `url` as an alias parameter for `open` and `navigate`. (#29260) Thanks @vincentkoc.
- Sandbox/mkdirp boundary checks: allow directory-safe boundary validation for existing in-boundary subdirectories, preventing false `cannot create directories` failures in sandbox write mode. (#30610) Thanks @glitch418x.
- Android/Nodes reliability: reject `facing=both` when `deviceId` is set to avoid mislabeled duplicate captures, allow notification `open`/`reply` on non-clearable entries while still gating dismiss, trigger listener rebind before notification actions, and scale invoke-result ack timeout to invoke budget for large clip payloads. (#28260) Thanks @obviyus.
fix(line): land #31151 M4A voice MIME detection (@scoootscooob) Landed from contributor PR #31151 by @scoootscooob. Co-authored-by: scoootscooob <scoootscooob@users.noreply.github.com>
2026-03-02 02:26:41 +00:00
- LINE/Voice transcription: classify M4A voice media as `audio/mp4` (not `video/mp4`) by checking the MPEG-4 `ftyp` major brand (`M4A ` / `M4B `), restoring voice transcription for LINE voice messages. Landed from contributor PR #31151 by @scoootscooob. Thanks @scoootscooob.
fix(slack): land #31028 from @taw0002 Co-authored-by: taw0002 <webmaster@sodsolutions.com>
2026-03-02 01:03:39 +00:00
- Slack/Announce target account routing: enable session-backed announce-target lookup for Slack so multi-account announces resolve the correct `accountId` instead of defaulting to bot-token context. Landed from contributor PR #31028 by @taw0002. Thanks @taw0002.
docs(changelog): add #29521 voice tts entry (thanks @gregmousseau)
2026-03-01 20:02:43 +05:30
- Android/Voice screen TTS: stream assistant speech via ElevenLabs WebSocket in Talk Mode, stop cleanly on speaker mute/barge-in, and ignore stale out-of-order stream events. (#29521) Thanks @gregmousseau.
fix(android): align lint gates and photo permission handling
2026-03-02 04:27:33 +00:00
- Android/Photos permissions: declare Android 14+ selected-photo access permission (`READ_MEDIA_VISUAL_USER_SELECTED`) and align Android permission/settings paths with current minSdk behavior for more reliable permission state handling.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Feishu/Reply media attachments: send Feishu reply `mediaUrl`/`mediaUrls` payloads as attachments alongside text/streamed replies in the reply dispatcher, including legacy fallback when `mediaUrls` is empty. (#28959) Thanks @icesword0760.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Slack/User-token resolution: normalize Slack account user-token sourcing through resolved account metadata (`SLACK_USER_TOKEN` env + config) so monitor reads, Slack actions, directory lookups, onboarding allow-from resolution, and capabilities probing consistently use the effective user token. (#28103) Thanks @chilu18.
fix(feishu): Remove incorrect oc_ prefix assumption in resolveFeishuSession (#10407) * fix(feishu): remove incorrect oc_ prefix assumption in resolveFeishuSession - Feishu oc_ is a generic chat_id that can represent both groups and DMs - Must use chat_mode field from API to distinguish, not ID prefix - Only ou_/on_ prefixes reliably indicate user IDs (always DM) - Fixes session misrouting for DMs with oc_ chat IDs This bug caused DM messages with oc_ chat_ids to be incorrectly created as group sessions, breaking session isolation and routing. * docs: update Feishu ID format comment to reflect oc_ ambiguity The previous comment incorrectly stated oc_ is always a group chat. This update clarifies that oc_ chat_ids can be either groups or DMs, and explicit prefixes (dm:/group:) should be used to distinguish. * feishu: add regression coverage for oc session routing --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 12:16:20 +08:00
- Feishu/Outbound session routing: stop assuming bare `oc_` identifiers are always group chats, honor explicit `dm:`/`group:` prefixes for `oc_` chat IDs, and default ambiguous bare `oc_` targets to direct routing to avoid DM session misclassification. (#10407) Thanks @Bermudarat.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Feishu/Group session routing: add configurable group session scopes (`group`, `group_sender`, `group_topic`, `group_topic_sender`) with legacy `topicSessionMode=enabled` compatibility so Feishu group conversations can isolate sessions by sender/topic as configured. (#17798) Thanks @yfge.
- Feishu/Reply-in-thread routing: add `replyInThread` config (`disabled|enabled`) for group replies, propagate `reply_in_thread` across text/card/media/streaming sends, and align topic-scoped session routing so newly created reply threads stay on the same session root. (#27325) Thanks @kcinzgg.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Feishu/Probe status caching: cache successful `probeFeishu()` bot-info results for 10 minutes (bounded cache with per-account keying) to reduce repeated status/onboarding probe API calls, while bypassing cache for failures and exceptions. (#28907) Thanks @hou-rong.
- Feishu/Opus media send type: send `.opus` attachments with `msg_type: "audio"` (instead of `"media"`) so Feishu voice messages deliver correctly while `.mp4` remains `msg_type: "media"` and documents remain `msg_type: "file"`. (#28269) Thanks @PinoHouse.
fix(feishu): handle message_type "media" for video downloads (openclaw#25502) thanks @4ier Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: 4ier <5648066+4ier@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 12:28:37 +08:00
- Feishu/Mobile video media type: treat inbound `message_type: "media"` as video-equivalent for media key extraction, placeholder inference, and media download resolution so mobile-app video sends ingest correctly. (#25502) Thanks @4ier.
feishu: fall back to user_id for inbound sender identity (openclaw#26703) thanks @NewdlDewdl Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: NewdlDewdl <230946873+NewdlDewdl@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 22:59:42 -06:00
- Feishu/Inbound sender fallback: fall back to `sender_id.user_id` when `sender_id.open_id` is missing on inbound events, and use ID-type-aware sender lookup so mobile-delivered messages keep stable sender identity/routing. (#26703) Thanks @NewdlDewdl.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Feishu/Reply context metadata: include inbound `parent_id` and `root_id` as `ReplyToId`/`RootMessageId` in inbound context, and parse interactive-card quote bodies into readable text when fetching replied messages. (#18529) Thanks @qiangu.
feat(feishu): extract embedded video/media from post (rich text) messages (#21786) * feat(feishu): extract embedded video/media from post (rich text) messages Previously, parsePostContent() only extracted embedded images (img tags) from rich text posts, ignoring embedded video/audio (media tags). Users sending post messages with embedded videos would not have the media downloaded or forwarded to the agent. Changes: - Extend parsePostContent() to also collect media tags with file_key - Return new mediaKeys array alongside existing imageKeys - Update resolveFeishuMediaList() to download embedded media files from post messages using the messageResource API - Add appropriate logging for embedded media discovery and download * Feishu: keep embedded post media payloads type-safe * Feishu: format post parser after media tag extraction --------- Co-authored-by: laopuhuluwa <laopuhuluwa@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 13:39:24 +08:00
- Feishu/Post embedded media: extract `media` tags from inbound rich-text (`post`) messages and download embedded video/audio files alongside existing embedded-image handling, with regression coverage. (#21786) Thanks @laopuhuluwa.
fix(feishu): propagate mediaLocalRoots for local file sends (#27884) (openclaw#27928) thanks @joelnishanth Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: joelnishanth <140015627+joelnishanth@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 15:43:57 -08:00
- Feishu/Local media sends: propagate `mediaLocalRoots` through Feishu outbound media sending into `loadWebMedia` so local path attachments work with post-CVE local-root enforcement. (#27884) Thanks @joelnishanth.
fix(feishu): honor wildcard group config for reply policy (#29456) ## Summary - honor Feishu wildcard group policy fallback via `channels.feishu.groups["*"]` when no explicit group entry matches - keep exact and case-insensitive explicit group matches higher precedence than wildcard fallback - add changelog credit and TypeScript-safe test assertions ## Verification - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Wayne Pika <262095977+WaynePika@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 23:22:38 -06:00
- Feishu/Group wildcard policy fallback: honor `channels.feishu.groups["*"]` when no explicit group match exists so unmatched groups inherit wildcard reply-policy settings instead of falling back to global defaults. (#29456) Thanks @WaynePika.
test(feishu): add regression for audio download resource type=file (openclaw#16311) thanks @Yaxuan42 Verified: - pnpm build - pnpm check - pnpm vitest run --config vitest.extensions.config.ts extensions/feishu/src/bot.test.ts extensions/feishu/src/media.test.ts Co-authored-by: Yaxuan42 <184813557+Yaxuan42@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 12:49:05 +08:00
- Feishu/Inbound media regression coverage: add explicit tests for message resource type mapping (`image` stays `image`, non-image maps to `file`) to prevent reintroducing unsupported Feishu `type=audio` fetches. (#16311, #8746) Thanks @Yaxuan42.
fix(tts): use opus format and enable voice bubbles for feishu and whatsapp (#27366) * fix(tts): use opus format and enable voice bubbles for feishu and whatsapp Previously only Telegram received opus output and had `shouldVoice=true`. Feishu and WhatsApp also support voice-bubble playback and require opus audio, but were falling back to mp3 with `audioAsVoice=false`. - Extract VOICE_BUBBLE_CHANNELS set (telegram, feishu, whatsapp) - resolveOutputFormat: return TELEGRAM_OUTPUT (opus) for all voice-bubble channels - shouldVoice: enable for all voice-bubble channels, not just telegram - Update test to cover feishu and whatsapp cases * Changelog: add TTS voice-bubble channel coverage note --------- Co-authored-by: Ning Hu <ninghu@Nings-MacBook-Pro.local> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 13:41:22 +08:00
- TTS/Voice bubbles: use opus output and enable `audioAsVoice` routing for Feishu and WhatsApp (in addition to Telegram) so supported channels receive voice-bubble playback instead of file-style audio attachments. (#27366) Thanks @smthfoxy.
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:22 +01:00
- Telegram/Reply media context: include replied media files in inbound context when replying to media, defer reply-media downloads to debounce flush, gate reply-media fetch behind DM authorization, and preserve replied media when non-vision sticker fallback runs (including cached-sticker paths). (#28488) Thanks @obviyus.
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
- Android/Nodes notification wake flow: enable Android `system.notify` default allowlist, emit `notifications.changed` events for posted/removed notifications (excluding OpenClaw app-owned notifications), canonicalize notification session keys before enqueue/wake routing, and skip heartbeat wakes when consecutive notification summaries dedupe. (#29440) Thanks @obviyus.
- Telegram/Voice fallback reply chunking: apply reply reference, quote text, and inline buttons only to the first fallback text chunk when voice delivery is blocked, preventing over-quoted multi-chunk replies. Landed from contributor PR #31067 by @xdanger. Thanks @xdanger.
- Feishu/Multi-account + reply reliability: add `channels.feishu.defaultAccount` outbound routing support with schema validation, keep quoted-message extraction text-first (post/interactive/file placeholders instead of raw JSON), route Feishu video sends as `msg_type: "file"`, and avoid websocket event blocking by using non-blocking event handling in monitor dispatch. Landed from contributor PRs #29610, #30432, #30331, and #29501. Thanks @hclsys, @bmendonca3, @patrick-yingxi-pan, and @zwffff.
- Feishu/Inbound rich-text parsing: preserve `share_chat` payload summaries when available and add explicit parsing for rich-text `code`/`code_block`/`pre` tags so forwarded and code-heavy messages keep useful context in agent input. (#28591) Thanks @kevinWangSheng.
- Feishu/Post markdown parsing: parse rich-text `post` payloads through a shared markdown-aware parser with locale-wrapper support, preserved mention/image metadata extraction, and inline/fenced code fidelity for agent input rendering. (#12755) Thanks @WilsonLiu95.
docs: update changelog for telegram outbound chunking (#29342) (thanks @obviyus)
2026-02-28 08:13:42 +05:30
- Telegram/Outbound chunking: route oversize splitting through the shared outbound pipeline (including subagents), retry Telegram sends when escaped HTML exceeds limits, and preserve boundary whitespace when retry re-splitting rendered chunks so plain-text/transcript fidelity is retained. (#29342, #27317; follow-up to #27461) Thanks @obviyus.
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
- Slack/Native commands: register Slack native status as `/agentstatus` (Slack-reserved `/status`) so manifest slash command registration stays valid while text `/status` still works. Landed from contributor PR #29032 by @maloqab. Thanks @maloqab.
- Android/Camera clip: remove `camera.clip` HTTP-upload fallback to base64 so clip transport is deterministic and fail-loud, and reject non-positive `maxWidth` values so invalid inputs fall back to the safe resize default. (#28229) Thanks @obviyus.
- Android/Gateway canvas capability refresh: send `node.canvas.capability.refresh` with object `params` (`{}`) from Android node runtime so gateway object-schema validation accepts refresh retries and A2UI host recovery works after scoped capability expiry. (#28413) Thanks @obviyus.
fix(onboard): increase verification timeout and reduce max_tokens for custom provider probes (#27380) * fix(onboard): increase verification timeout and reduce max_tokens for custom provider probes The onboard wizard sends a chat-completion request to verify custom providers. With max_tokens: 1024 and a 10 s timeout, large local models (e.g. Qwen3.5-27B on llama.cpp) routinely time out because the server needs to load the model and generate up to 1024 tokens before responding. Changes: - Raise VERIFY_TIMEOUT_MS from 10 s to 30 s - Lower max_tokens from 1024 to 1 (verification only needs a single token to confirm the API is reachable and the model ID is valid) - Add explicit stream: false to both OpenAI and Anthropic probes Closes #27346 Made-with: Cursor * Changelog: note custom-provider onboarding verification fix --------- Co-authored-by: Philipp Spiess <hello@philippspiess.com>
2026-02-28 05:51:58 +08:00
- Onboarding/Custom providers: improve verification reliability for slower local endpoints (for example Ollama) during setup. (#27380) Thanks @Sid-Qin.
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
- Daemon/macOS TLS certs: default LaunchAgent service env `NODE_EXTRA_CA_CERTS` to `/etc/ssl/cert.pem` (while preserving explicit overrides) so HTTPS clients no longer fail with local-issuer errors under launchd. (#27915) Thanks @Lukavyi.
- Discord/Components wildcard handlers: use distinct internal registration sentinel IDs and parse those sentinels as wildcard keys so select/user/role/channel/mentionable/modal interactions are not dropped by raw customId dedupe paths. Landed from contributor PR #29459 by @Sid-Qin. Thanks @Sid-Qin.
- Feishu/Reaction notifications: add `channels.feishu.reactionNotifications` (`off | own | all`, default `own`) so operators can disable reaction ingress or allow all verified reaction events (not only bot-authored message reactions). (#28529) Thanks @cowboy129.
- Feishu/Typing backoff: re-throw Feishu typing add/remove rate-limit and quota errors (`429`, `99991400`, `99991403`) and detect SDK non-throwing backoff responses so the typing keepalive circuit breaker can stop retries instead of looping indefinitely. (#28494) Thanks @guoqunabc.
- Feishu/Zalo runtime logging: replace direct `console.log/error` usage in Feishu typing-indicator paths and Zalo monitor paths with runtime-gated logger calls so verbosity controls are respected while preserving typing backoff behavior. (#18841) Thanks @Clawborn.
- Feishu/Group sender allowlist fallback: add global `channels.feishu.groupSenderAllowFrom` sender authorization for group chats, with per-group `groups.<id>.allowFrom` precedence and regression coverage for allow/block/precedence behavior. (#29174) Thanks @1MoreBuild.
- Feishu/Docx append/write ordering: insert converted Docx blocks sequentially (single-block creates) so Feishu append/write preserves markdown block order instead of returning shuffled sections in asynchronous batch inserts. (#26172, #26022) Thanks @echoVic.
- Feishu/Docx convert fallback chunking: recursively split oversized markdown chunks (including long no-heading sections) when `document.convert` hits content limits, while keeping fenced-code-aware split boundaries whenever possible. (#14402) Thanks @lml2468.
- Feishu/API quota controls: add `typingIndicator` and `resolveSenderNames` config flags (top-level and per-account) so operators can disable typing reactions and sender-name lookup requests while keeping default behavior unchanged. (#10513) Thanks @BigUncle.
- Feishu/System preview prompt leakage: stop enqueuing inbound Feishu message previews as system events so user preview text is not injected into later turns as trusted `System:` context. Landed from contributor PR #31209 by @stakeswky. Thanks @stakeswky.
- Feishu/Typing replay suppression: skip typing indicators for stale replayed inbound messages after compaction using message-age checks with second/millisecond timestamp normalization, preventing old-message reaction floods while preserving typing for fresh messages. Landed from contributor PR #30709 by @arkyu2077. Thanks @arkyu2077.
- Control UI/Debug log layout: render Debug Event Log payloads at full width to prevent payload JSON from being squeezed into a narrow side column. Landed from contributor PR #30978 by @stozo04. Thanks @stozo04.
- Install/npm: fix npm global install deprecation warnings. (#28318) Thanks @vincentkoc.
- Update/Global npm: fallback to `--omit=optional` when global `npm update` fails so optional dependency install failures no longer abort update flows. (#24896) Thanks @xinhuagu and @vincentkoc.
- Model directives/Auth profiles: split `/model` profile suffixes at the first `@` after the last slash so email-based auth profile IDs (for example OAuth profile IDs) resolve correctly. Landed from contributor PR #30932 by @haosenwang1018. Thanks @haosenwang1018.
- Ollama/Embedded runner base URL precedence: prioritize configured provider `baseUrl` over model defaults for embedded Ollama runs so Docker and remote-host setups avoid localhost fetch failures. (#30964) Thanks @stakeswky.
docs: missing changelog itesm (#29281) * Changelog: add LanceDB custom baseUrl + dimensions entry (#17874) * Changelog: add Ollama autodiscovery hardening entry (#29201) * Changelog: add Ollama context-window unification entry (#29205) * Changelog: add compaction audit injection removal entry (#28507) * Changelog: add browser url alias entry (#29260) * Changelog: add codex weekly usage label entry (#26267)
2026-02-27 17:31:09 -08:00
- Ollama/Autodiscovery: harden autodiscovery and warning behavior. (#29201) Thanks @marcodelpin and @vincentkoc.
- Ollama/Context window: unify context window handling across discovery, merge, and OpenAI-compatible transport paths. (#29205) Thanks @Sid-Qin, @jimmielightner, and @vincentkoc.
Changelog: add model fallback reasoning fix (#29285)
2026-02-27 17:42:21 -08:00
- fix(model): preserve reasoning in provider fallback resolution. (#29285) Fixes #25636. Thanks @vincentkoc.
fix(docker): harden /app/extensions permissions to 755 (#30191) * fix(docker): harden /app/extensions permissions to 755 Bundled extension directories shipped as world-writable (mode 777) in the Docker image. The plugin security scanner blocks any world- writable path with: WARN: blocked plugin candidate: world-writable path (/app/extensions/memory-core, mode=777) Add chmod -R 755 /app/extensions in the final USER root RUN step so all bundled extensions are readable but not world-writable. This runs as root before switching back to the node user, matching the pattern already used for chmod 755 /app/openclaw.mjs. Fixes #30139 * fix(docker): normalize plugin and agent path permissions * docs(changelog): add docker permissions entry for #30191 * Update CHANGELOG.md --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 00:45:21 +01:00
- Docker/Image permissions: normalize `/app/extensions`, `/app/.agent`, and `/app/.agents` to directory mode `755` and file mode `644` during image build so plugin discovery does not block inherited world-writable paths. (#30191) Fixes #30139. Thanks @edincampara.
fix(agents): auto-enable OpenAI Responses server-side compaction (#16930, #22441, #25088) Landed from contributor PRs #16930, #22441, and #25088. Co-authored-by: liweiguang <codingpunk@gmail.com> Co-authored-by: EdwardWu7 <wuzhiyuan7@gmail.com> Co-authored-by: MoerAI <friendnt@g.skku.edu>
2026-02-27 16:14:49 +00:00
- OpenAI Responses/Compaction: rewrite and unify the OpenAI Responses store patches to treat empty `baseUrl` as non-direct, honor `compat.supportsStore=false`, and auto-inject server-side compaction `context_management` for compatible direct OpenAI models (with per-model opt-out/threshold overrides). Landed from contributor PRs #16930 (@OiPunk), #22441 (@EdwardWu7), and #25088 (@MoerAI). Thanks @OiPunk, @EdwardWu7, and @MoerAI.
Compaction/Safeguard: preserve recent turns verbatim (#25554) Merged via squash. Prepared head SHA: 7fb33c411c4aaea2795e490fcd0e647cf7ea6fb8 Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman
2026-03-03 12:00:49 -03:00
- Agents/Compaction safeguard: preserve recent turns verbatim with stable user/assistant pairing, keep multimodal and tool-result hints in preserved tails, and avoid empty-history fallback text in compacted output. (#25554) thanks @rodrigouroz.
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
- Usage normalization: clamp negative prompt/input token values to zero (including `prompt_tokens` alias inputs) so `/usage` and TUI usage displays cannot show nonsensical negative counts. Landed from contributor PR #31211 by @scoootscooob. Thanks @scoootscooob.
- Secrets/Auth profiles: normalize inline SecretRef `token`/`key` values to canonical `tokenRef`/`keyRef` before persistence, and keep explicit `keyRef` precedence when inline refs are also present. Landed from contributor PR #31047 by @minupla. Thanks @minupla.
- Codex/Usage window: label weekly usage window as `Week` instead of `Day`. (#26267) Thanks @Sid-Qin.
fix(signal): land #31138 syncMessage presence filtering (@Sid-Qin) Landed from contributor PR #31138 by @Sid-Qin. Co-authored-by: Sid-Qin <sidqin0410@gmail.com>
2026-03-02 03:28:25 +00:00
- Signal/Sync message null-handling: treat `syncMessage` presence (including `null`) as sync envelope traffic so replayed sentTranscript payloads cannot bypass loop guards after daemon restart. Landed from contributor PR #31138 by @Sid-Qin. Thanks @Sid-Qin.
docs: reorder unreleased changelog by user impact
2026-03-02 04:19:05 +00:00
- Infra/fs-safe: sanitize directory-read failures so raw `EISDIR` text never leaks to messaging surfaces, with regression tests for both root-scoped and direct safe reads. Landed from contributor PR #31205 by @polooooo. Thanks @polooooo.
style(changelog): apply oxfmt
2026-03-02 04:30:05 +00:00
fix(feishu): harden target routing, dedupe, and reply fallback
2026-03-02 03:41:07 +00:00
## Unreleased
### Fixes
- Feishu/Multi-account + reply reliability: add `channels.feishu.defaultAccount` outbound routing support with schema validation, prevent inbound preview text from leaking into prompt system events, keep quoted-message extraction text-first (post/interactive/file placeholders instead of raw JSON), route Feishu video sends as `msg_type: "file"`, and avoid websocket event blocking by using non-blocking event handling in monitor dispatch. Landed from contributor PRs #31209, #29610, #30432, #30331, and #29501. Thanks @stakeswky, @hclsys, @bmendonca3, @patrick-yingxi-pan, and @zwffff.
- Feishu/Target routing + replies + dedupe: normalize provider-prefixed targets (`feishu:`/`lark:`), prefer configured `channels.feishu.defaultAccount` for tool execution, honor Feishu outbound `renderMode` in adapter text/caption sends, fall back to normal send when reply targets are withdrawn/deleted, and add synchronous in-memory dedupe guard for concurrent duplicate inbound events. Landed from contributor PRs #30428, #30438, #29958, #30444, and #29463. Thanks @bmendonca3 and @Yaxuan42.
fix(channels): add optional defaultAccount routing
2026-03-02 04:03:13 +00:00
- Channels/Multi-account default routing: add optional `channels.<channel>.defaultAccount` default-selection support across message channels so omitted `accountId` routes to an explicit configured account instead of relying on implicit first-entry ordering (fallback behavior unchanged when unset).
fix(googlechat): land #30965 thread reply option support (@novan) Landed from contributor PR #30965 by @novan. Co-authored-by: novan <novan@users.noreply.github.com>
2026-03-02 03:16:48 +00:00
- Google Chat/Thread replies: set `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD` on threaded sends so replies attach to existing threads instead of silently failing thread placement. Landed from contributor PR #30965 by @novan. Thanks @novan.
fix(mattermost): land #30891 route private channels as group (@BlueBirdBack) Landed from contributor PR #30891 by @BlueBirdBack. Co-authored-by: BlueBirdBack <BlueBirdBack@users.noreply.github.com>
2026-03-02 03:14:17 +00:00
- Mattermost/Private channel policy routing: map Mattermost private channel type `P` to group chat type so `groupPolicy`/`groupAllowFrom` gates apply correctly instead of being treated as open public channels. Landed from contributor PR #30891 by @BlueBirdBack. Thanks @BlueBirdBack.
fix(models): land #31202 normalize custom provider keys (@stakeswky) Landed from contributor PR #31202 by @stakeswky. Co-authored-by: stakeswky <stakeswky@users.noreply.github.com>
2026-03-02 03:11:48 +00:00
- Models/Custom provider keys: trim custom provider map keys during normalization so image-capable models remain discoverable when provider keys are configured with leading/trailing whitespace. Landed from contributor PR #31202 by @stakeswky. Thanks @stakeswky.
fix: harden discord agent cid parsing (#29013) (thanks @Jacky1n7)
2026-03-02 03:07:30 +00:00
- Discord/Agent component interactions: accept Components v2 `cid` payloads alongside legacy `componentId`, and safely decode percent-encoded IDs without throwing on malformed `%` sequences. Landed from contributor PR #29013 by @Jacky1n7. Thanks @Jacky1n7.
fix(matrix): land #31201 preserve room ID casing (@williamos-dev) Landed from contributor PR #31201 by @williamos-dev. Co-authored-by: williamos-dev <williamos-dev@users.noreply.github.com>
2026-03-02 03:09:00 +00:00
- Matrix/Directory room IDs: preserve original room-ID casing for direct `!roomId` group lookups (without `:server`) so allowlist checks do not fail on case-sensitive IDs. Landed from contributor PR #31201 by @williamos-dev. Thanks @williamos-dev.
fix: harden discord media fallback regressions (#28906) (thanks @Sid-Qin)
2026-03-02 03:04:56 +00:00
- Discord/Inbound media fallback: preserve attachment and sticker metadata when Discord CDN fetch/save fails by keeping URL-based media entries in context, with regression coverage for save failures and mixed success/failure ordering. Landed from contributor PR #28906 by @Sid-Qin. Thanks @Sid-Qin.
fix(auto-reply): normalize block-reply callback to Promise for timeout path (#31200) * Auto-reply: wrap block reply callback in Promise.resolve for timeout safety * Build: add strict smoke build script for CI regression gating * CI: gate strict TS smoke build in check workflow * docs(changelog): add auto-reply block reply timeout fix under Unreleased * docs(changelog): credit original #19779 contributor and vincentkoc
2026-03-01 19:23:38 -08:00
- Auto-reply/Block reply timeout path: normalize `onBlockReply(...)` execution through `Promise.resolve(...)` before timeout wrapping so mixed sync/async callbacks keep deterministic timeout behavior across strict TypeScript build paths. (#19779) Thanks @dalefrieswthat and @vincentkoc.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Cron/One-shot reschedule re-arm: allow completed `at` jobs to run again when rescheduled to a later time than `lastRunAtMs`, while keeping completed non-rescheduled one-shot jobs inactive. (#28915) Thanks @arosstale.
Docs(Docker): clarify official GHCR image usage and setup flow (#31180) * Add pre built images to docker docs * Docs(Docker): clarify official GHCR image guidance * Changelog: document Docker docs image clarification * Update CHANGELOG.md --------- Co-authored-by: Ken <ken@ipl31.net>
2026-03-01 18:31:20 -08:00
- Docs/Docker images: clarify the official GHCR image source and tag guidance (`main`, `latest`, `<version>`), and document that `OPENCLAW_IMAGE` skips local image builds but still uses the repo-local compose/setup flow. (#27214, #31180) Fixes #15655. Thanks @ipl31.
docs(gateway): document Docker bridge networking and loopback bind caveat (#28001) * docs(gateway): document Docker bridge networking and loopback bind caveat The default loopback bind makes the gateway unreachable with Docker bridge networking because port-forwarded traffic arrives on eth0, not lo. Add a note in both the Dockerfile and the configuration reference explaining the workarounds (--network host or bind: lan). Fixes #27950 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(docker): note legacy gateway.bind alias migration * docs(gateway): clarify legacy bind alias auto-migration * docs(docker): require bind mode values in gateway.bind * docs(gateway): avoid bind alias auto-migration claim * changelog: add #28001 docker bind docs credit --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 09:15:27 +05:30
- Docs/Gateway Docker bind guidance: clarify bridge-network loopback behavior and require bind mode values (`auto`/`loopback`/`lan`/`tailnet`/`custom`) instead of host aliases in `gateway.bind`. (#28001) Thanks @Anandesh-Sharma and @vincentkoc.
Docker: add OCI base-image labels and document base-image metadata (#31196) * Docker: add OCI base image labels * Docs(Docker): document base image metadata context * Changelog: note Docker base annotation docs update * Changelog: add author credit for Docker base annotations * Update docker.md * Docker: add OCI source and docs labels * CI(Docker): publish OCI revision/version labels * Docs(Docker): list OCI image annotations * Changelog: expand OCI annotation coverage note * Docker: set OCI license annotation to MIT * Docs(Docker): align OCI license annotation to MIT * Docker: note docs sync path for OCI annotations * Docker: normalize OCI label block indentation
2026-03-01 19:22:44 -08:00
- Docker/Image base annotations: add OCI labels for base image plus source/documentation/license metadata, include revision/version/created labels in Docker release builds, and document annotation keys/release context in install docs. Fixes #27945. Thanks @vincentkoc.
fix: add changelog for #19077 (thanks @ayanesakura)
2026-03-02 02:08:12 +00:00
- Agents/Model fallback: classify additional network transport errors (`ECONNREFUSED`, `ENETUNREACH`, `EHOSTUNREACH`, `ENETRESET`, `EAI_AGAIN`) as failover-worthy so fallback chains advance when primary providers are unreachable. Landed from contributor PR #19077 by @ayanesakura. Thanks @ayanesakura.
fix: add changelog for #8805 (thanks @Arthur742Ramos)
2026-03-02 02:09:21 +00:00
- Agents/Copilot token refresh: refresh GitHub Copilot runtime API tokens after auth-expiry failures and re-run with the renewed token so long-running embedded/subagent turns do not fail on mid-session 401 expiry. Landed from contributor PR #8805 by @Arthur742Ramos. Thanks @Arthur742Ramos.
fix: harden sessions_spawn delivery params and telegram account routing (#31000, #31110)
2026-03-02 02:35:26 +00:00
- Agents/Subagents delivery params: reject unsupported `sessions_spawn` channel-delivery params (`target`, `channel`, `to`, `threadId`, `replyTo`, `transport`) with explicit input errors so delivery intent does not silently leak output to the parent conversation. (#31000)
- Telegram/Multi-account fallback isolation: fail closed for non-default Telegram accounts when route resolution falls back to `matchedBy=default`, preventing cross-account DM/session contamination without explicit account bindings. (#31110)
docs(changelog): add entries for recent landed Discord PRs
2026-03-02 02:10:51 +00:00
- Discord/Allowlist diagnostics: add debug logs for guild/channel allowlist drops so operators can quickly identify ignored inbound messages and required allowlist entries. Landed from contributor PR #30966 by @haosenwang1018. Thanks @haosenwang1018.
- Discord/Ack reactions: add Discord-account-level `ackReactionScope` override and support explicit `off`/`none` values in shared config schemas to disable ack reactions per account. Landed from contributor PR #30400 by @BlueBirdBack. Thanks @BlueBirdBack.
- Discord/Forum thread tags: support `appliedTags` on Discord thread-create actions and map to `applied_tags` for forum/media starter posts, with targeted thread-creation regression coverage. Landed from contributor PR #30358 by @pushkarsingh32. Thanks @pushkarsingh32.
- Discord/Application ID fallback: parse bot application IDs from token prefixes without numeric precision loss and use token fallback only on transport/timeout failures when probing `/oauth2/applications/@me`. Landed from contributor PR #29695 by @dhananjai1729. Thanks @dhananjai1729.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Discord/EventQueue timeout config: expose per-account `channels.discord.accounts.<id>.eventQueue.listenerTimeout` (and related queue options) so long-running handlers can avoid Carbon listener timeout drops. Landed from contributor PR #24270 by @pdd-cli. Thanks @pdd-cli.
fix(cli): set cron run exit code from run outcome (land #31121 by @Sid-Qin) Landed-from: #31121 Contributor: @Sid-Qin Co-authored-by: Sid <sidqin0410@gmail.com>
2026-03-02 01:58:25 +00:00
- CLI/Cron run exit code: return exit code `0` only when `cron run` reports `{ ok: true, ran: true }`, and `1` for non-run/error outcomes so scripting/debugging reflects actual execution status. Landed from contributor PR #31121 by @Sid-Qin. Thanks @Sid-Qin.
feat(cron): add failure destination support to failed cron jobs (#31059) * feat(cron): add failure destination support with webhook mode and bestEffort handling Extends PR #24789 failure alerts with features from PR #29145: - Add webhook delivery mode for failure alerts (mode: 'webhook') - Add accountId support for multi-account channel configurations - Add bestEffort handling to skip alerts when job has bestEffort=true - Add separate failureDestination config (global + per-job in delivery) - Add duplicate prevention (prevents sending to same as primary delivery) - Add CLI flags: --failure-alert-mode, --failure-alert-account-id - Add UI fields for new options in web cron editor * fix(cron): merge failureAlert mode/accountId and preserve failureDestination on updates - Fix mergeCronFailureAlert to merge mode and accountId fields - Fix mergeCronDelivery to preserve failureDestination on updates - Fix isSameDeliveryTarget to use 'announce' as default instead of 'none' to properly detect duplicates when delivery.mode is undefined * fix(cron): validate webhook mode requires URL in resolveFailureDestination When mode is 'webhook' but no 'to' URL is provided, return null instead of creating an invalid plan that silently fails later. * fix(cron): fail closed on webhook mode without URL and make failureDestination fields clearable - sendCronFailureAlert: fail closed when mode is webhook but URL is missing - mergeCronDelivery: use per-key presence checks so callers can clear nested failureDestination fields via cron.update Note: protocol:check shows missing internalEvents in Swift models - this is a pre-existing issue unrelated to these changes (upstream sync needed). * fix(cron): use separate schema for failureDestination and fix type cast - Create CronFailureDestinationSchema excluding after/cooldownMs fields - Fix type cast in sendFailureNotificationAnnounce to use CronMessageChannel * fix(cron): merge global failureDestination with partial job overrides When job has partial failureDestination config, fall back to global config for unset fields instead of treating it as a full override. * fix(cron): avoid forcing announce mode and clear inherited to on mode change - UI: only include mode in patch if explicitly set to non-default - delivery.ts: clear inherited 'to' when job overrides mode, since URL semantics differ between announce and webhook modes * fix(cron): preserve explicit to on mode override and always include mode in UI patches - delivery.ts: preserve job-level explicit 'to' when overriding mode - UI: always include mode in failureAlert patch so users can switch between announce/webhook * fix(cron): allow clearing accountId and treat undefined global mode as announce - UI: always include accountId in patch so users can clear it - delivery.ts: treat undefined global mode as announce when comparing for clearing inherited 'to' * Cron: harden failure destination routing and add regression coverage * Cron: resolve failure destination review feedback * Cron: drop unrelated timeout assertions from conflict resolution * Cron: format cron CLI regression test * Cron: align gateway cron test mock types --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 17:27:41 +02:00
- Cron/Failure delivery routing: add `failureAlert.mode` (`announce|webhook`) and `failureAlert.accountId` support, plus `cron.failureDestination` and per-job `delivery.failureDestination` routing with duplicate-target suppression, best-effort skip behavior, and global+job merge semantics. Landed from contributor PR #31059 by @kesor. Thanks @kesor.
fix(cli): preserve json stdout while keeping doctor migration (#24368) (thanks @altaywtf)
2026-03-02 03:09:23 +00:00
- CLI/JSON preflight output: keep `--json` command stdout machine-readable by suppressing doctor preflight note output while still running legacy migration/config doctor flow. (#24368) Thanks @altaywtf.
fix(nodes): cap screen_record duration to 5 minutes (land #31106 by @BlueBirdBack) Landed-from: #31106 Contributor: @BlueBirdBack Co-authored-by: BlueBirdBack <126304167+BlueBirdBack@users.noreply.github.com>
2026-03-02 01:53:07 +00:00
- Nodes/Screen recording guardrails: cap `nodes` tool `screen_record` `durationMs` to 5 minutes at both schema-validation and runtime invocation layers to prevent long-running blocking captures from unbounded durations. Landed from contributor PR #31106 by @BlueBirdBack. Thanks @BlueBirdBack.
docs: credit telegram empty-final regression coverage (#30746)
2026-03-02 02:58:57 +00:00
- Telegram/Empty final replies: skip outbound send for null/undefined final text payloads without media so Telegram typing indicators do not linger on `text must be non-empty` errors, with added regression coverage for undefined final payload dispatch. Landed from contributor PRs #30969 by @haosenwang1018 and #30746 by @rylena. Thanks @haosenwang1018 and @rylena.
docs: backfill telegram changelog credits for merged PRs
2026-03-02 02:13:49 +00:00
- Telegram/Proxy dispatcher preservation: preserve proxy-aware global undici dispatcher behavior in Telegram network workarounds so proxy-backed Telegram + model traffic is not broken by dispatcher replacement. Landed from contributor PR #30367 by @Phineas1500. Thanks @Phineas1500.
telegram: retry media fetch with IPv4 fallback on connect errors (#30554) * telegram: retry fetch once with IPv4 fallback on connect errors * test(telegram): format fetch fallback test * style(telegram): apply oxfmt for fetch test * fix(telegram): retry ipv4 fallback per request * test: harden telegram ipv4 fallback coverage (#30554) --------- Co-authored-by: root <root@vultr.guest> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-02 12:00:33 +09:00
- Telegram/Media fetch IPv4 fallback: retry Telegram media fetches once with IPv4-first dispatcher settings when dual-stack connect errors (`ETIMEDOUT`/`ENETUNREACH`/`EHOSTUNREACH`) occur, improving reliability on broken IPv6 routes. Landed from contributor PR #30554 by @bosuksh. Thanks @bosuksh.
docs: add missing changelog entry for #31064
2026-03-02 03:04:10 +00:00
- Telegram/DM topic session isolation: scope DM topic thread session keys by chat ID (`<chatId>:<threadId>`) and parse scoped thread IDs in outbound recovery so parallel DMs cannot collide on shared topic IDs. Landed from contributor PR #31064 by @0xble. Thanks @0xble.
docs: backfill telegram changelog credits for merged PRs
2026-03-02 02:13:49 +00:00
- Telegram/Group allowlist ordering: evaluate chat allowlist before sender allowlist enforcement so explicitly allowlisted groups are not fail-closed by empty sender allowlists. Landed from contributor PR #30680 by @openperf. Thanks @openperf.
- Telegram/Multi-account group isolation: prevent channel-level `groups` config from leaking across Telegram accounts in multi-account setups, avoiding cross-account group routing drops. Landed from contributor PR #30677 by @YUJIE2002. Thanks @YUJIE2002.
- Telegram/Voice caption overflow fallback: recover from `sendVoice` caption length errors by re-sending voice without caption and delivering text separately so replies are not lost. Landed from contributor PR #31131 by @Sid-Qin. Thanks @Sid-Qin.
fix(telegram): replyToMode 'first' now only applies reply-to to first chunk The `replyToMessageIdForPayload` was computed once outside the chunk and media loops, so all chunks received the same reply-to ID even when replyToMode was set to "first". This replaces the static binding with a lazy `resolveReplyTo()` function that checks `hasReplied` at each send site, and updates `hasReplied` immediately after the first successful send. Fixes #31039 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 15:49:22 -08:00
- Telegram/Reply `first` chunking: apply `replyToMode: "first"` reply targets only to the first Telegram text/media/fallback chunk, avoiding multi-chunk over-quoting in split replies. Landed from contributor PR #31077 by @scoootscooob. Thanks @scoootscooob.
security(feishu): bind doc create grants to trusted requester context (#31184) Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 20:51:45 -06:00
- Feishu/Doc create permissions: remove caller-controlled owner fields from `feishu_doc` create and bind optional grant behavior to trusted Feishu requester context (`grant_to_requester`), preventing principal selection via tool arguments. (#31184) Thanks @Takhoffman.
fix(routing): treat group/channel peer.kind as equivalent (land #31135 by @Sid-Qin) Landed-from: #31135 Contributor: @Sid-Qin Co-authored-by: Sid <sidqin0410@gmail.com>
2026-03-02 01:46:46 +00:00
- Routing/Binding peer-kind parity: treat `peer.kind` `group` and `channel` as equivalent for binding scope matching (while keeping `direct` separate) so Slack/public channel bindings do not silently fall through. Landed from contributor PR #31135 by @Sid-Qin. Thanks @Sid-Qin.
fix(cron): retry rename on EBUSY and fall back to copyFile on Windows Landed from contributor PR #16932 with additional changelog alignment and verification.
2026-03-02 10:02:24 +08:00
- Cron/Store EBUSY fallback: retry `rename` on `EBUSY` and use `copyFile` fallback on Windows when replacing cron store files so busy-file contention no longer causes false write failures. (#16932) Thanks @sudhanva-chakra.
fix(cron): skip isError payloads when picking summary/delivery content (#21454) * fix(cron): skip isError payloads when picking summary/delivery content buildEmbeddedRunPayloads appends isError warnings as the last payload. Three functions in helpers.ts iterate last-to-first and pick the error over real agent output. Use two-pass selection: prefer non-error payloads, fall back to error-only when no real content exists. Fixes: pickSummaryFromPayloads, pickLastNonEmptyTextFromPayloads, pickLastDeliverablePayload — all now accept and filter isError. * Changelog: note cron payload isError filtering (#21454) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 08:38:05 -05:00
- Cron/Isolated payload selection: ignore `isError` payloads when deriving summary/output/delivery payload fallbacks, while preserving error-only fallback behavior when no non-error payload exists. (#21454) Thanks @Diaspar4u.
fix(fs): honor unset tools.fs.workspaceOnly default (land #31128 by @SaucePackets) Landed-from: #31128 Contributor: @SaucePackets Co-authored-by: SaucePackets <33006469+SaucePackets@users.noreply.github.com>
2026-03-02 01:43:50 +00:00
- Agents/FS workspace default: honor documented host file-tool default `tools.fs.workspaceOnly=false` when unset so host `write`/`edit` calls are not incorrectly workspace-restricted unless explicitly enabled. Landed from contributor PR #31128 by @SaucePackets. Thanks @SaucePackets.
fix(cron): prevent armTimer tight loop when job has stuck runningAtMs (openclaw#29853) thanks @FlamesCN Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: FlamesCN <12966659+FlamesCN@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 09:58:58 +08:00
- Cron/Timer hot-loop guard: enforce a minimum timer re-arm delay when stale past-due jobs would otherwise trigger repeated `setTimeout(0)` loops, preventing event-loop saturation and log-flood behavior. (#29853) Thanks @FlamesCN.
docs(changelog): add entries for PRs #31090 #31105 #31093 #31088
2026-03-02 01:28:47 +00:00
- Gateway/CLI session recovery: handle expired CLI session IDs gracefully by clearing stale session state and retrying without crashing gateway runs. Landed from contributor PR #31090 by @frankekn. Thanks @frankekn.
Fix onboard ignoring OPENCLAW_GATEWAY_TOKEN env var (#22658) * Fix onboard ignoring OPENCLAW_GATEWAY_TOKEN env var When running onboard via docker-setup.sh, the QuickStart wizard generates its own 48-char token instead of using the 64-char token already set in OPENCLAW_GATEWAY_TOKEN. This causes a token mismatch that breaks all CLI commands after setup. Check process.env.OPENCLAW_GATEWAY_TOKEN before falling back to randomToken() in both the interactive QuickStart path and the non-interactive path. Closes #22638 Co-authored-by: Clawborn <tianrun.yang103@gmail.com> * Tests: cover quickstart env token fallback * Changelog: note docker onboarding token parity fix * Tests: restore env var after non-interactive token fallback test * Update CHANGELOG.md --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 11:40:40 +08:00
- Onboarding/Docker token parity: use `OPENCLAW_GATEWAY_TOKEN` as the default gateway token in interactive and non-interactive onboarding when `--gateway-token` is not provided, so `docker-setup.sh` token env/config values stay aligned. (#22658) Fixes #22638. Thanks @Clawborn and @vincentkoc.
docs(changelog): add entries for PRs #31090 #31105 #31093 #31088
2026-03-02 01:28:47 +00:00
- Slack/Subagent completion delivery: stop forcing bound conversation IDs into `threadId` so Slack completion announces do not send invalid `thread_ts` for DMs/top-level channels. Landed from contributor PR #31105 by @stakeswky. Thanks @stakeswky.
- Signal/Loop protection: evaluate own-account detection before sync-message filtering (including UUID-only `accountUuid` configs) so `sentTranscript` sync events cannot bypass loop protection and self-reply loops. Landed from contributor PR #31093 by @kevinWangSheng. Thanks @kevinWangSheng.
- Gateway/Control UI origins: support wildcard `"*"` in `gateway.controlUi.allowedOrigins` for trusted remote access setups. Landed from contributor PR #31088 by @frankekn. Thanks @frankekn.
Cron: fix 1/3 timeout on fresh isolated CLI runs (openclaw#30140) thanks @ningding97 Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: ningding97 <17723822+ningding97@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 09:34:18 +08:00
- Cron/Isolated CLI timeout ratio: avoid reusing persisted CLI session IDs on fresh isolated cron runs so the fresh watchdog profile is used and jobs do not abort at roughly one-third of configured `timeoutSeconds`. (#30140) Thanks @ningding97.
fix(cron): reject sessionTarget "main" for non-default agents at creation time (openclaw#30217) thanks @liaosvcaf Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: liaosvcaf <51533973+liaosvcaf@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 17:54:53 -08:00
- Cron/Session target guardrail: reject creating or patching `sessionTarget: "main"` cron jobs when `agentId` is not the default agent, preventing invalid cross-agent main-session bindings at write time. (#30217) Thanks @liaosvcaf.
docs(changelog): note security audit and slack download scope hardening
2026-03-02 02:23:17 +00:00
- Security/Audit: flag `gateway.controlUi.allowedOrigins=["*"]` as a high-risk configuration (severity based on bind exposure), and add a Feishu doc-tool warning that `owner_open_id` on `feishu_doc` create can grant document permissions.
- Slack/download-file scoping: thread/channel-aware `download-file` actions now propagate optional scope context and reject downloads when Slack metadata definitively shows the file is outside the requested channel/thread, while preserving legacy behavior when share metadata is unavailable.
fix: harden sandbox media reads against TOCTOU escapes
2026-03-02 01:03:40 +00:00
- Security/Sandbox media reads: eliminate sandbox media TOCTOU symlink-retarget escapes by enforcing root-scoped boundary-safe reads at attachment/image load time and consolidating shared safe-read helpers across sandbox media callsites. This ships in the next npm release. Thanks @tdjackey for reporting.
fix(security): harden sandbox media staging destination writes
2026-03-02 16:34:59 +00:00
- Security/Sandbox media staging: block destination symlink escapes in `stageSandboxMedia` by replacing direct destination copies with root-scoped safe writes for both local and SCP-staged attachments, preventing out-of-workspace file overwrite through `media/inbound` alias traversal. This ships in the next npm release (`2026.3.2`). Thanks @tdjackey for reporting.
Node install: persist gateway token in service env (#31122) * Node daemon: persist gateway token env * changelog: add credits for node gateway token fix * changelog: credit byungsker for node token service fix --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 09:35:24 +08:00
- Node host/service auth env: include `OPENCLAW_GATEWAY_TOKEN` in `openclaw node install` service environments (with `CLAWDBOT_GATEWAY_TOKEN` compatibility fallback) so installed node services keep remote gateway token auth across restart/reboot. Fixes #31041. Thanks @OneStepAt4time for reporting, @byungsker, @liuxiaopai-ai, and @vincentkoc.
fix(security): enforce sandbox inheritance for sessions_spawn
2026-03-02 01:10:39 +00:00
- Security/Subagents sandbox inheritance: block sandboxed sessions from spawning cross-agent subagents that would run unsandboxed, preventing runtime sandbox downgrade via `sessions_spawn agentId`. Thanks @tdjackey for reporting.
build: bump versions to 2026.3.2
2026-03-02 04:55:44 +00:00
- Security/Workspace safe writes: harden `writeFileWithinRoot` against symlink-retarget TOCTOU races by opening existing files without truncation, creating missing files with exclusive create, deferring truncation until post-open identity+boundary validation, and removing out-of-root create artifacts on blocked races; added regression tests for truncate/create race paths. This ships in the next npm release (`2026.3.2`). Thanks @tdjackey for reporting.
Control UI/Cron: persist delivery mode none on edit (openclaw#31114) thanks @liuxiaopai-ai Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 09:58:13 +08:00
- Control UI/Cron editor: include `{ mode: "none" }` in `cron.update` patches when editing an existing job and selecting “Result delivery = None (internal)”, so saved jobs no longer keep stale announce delivery mode. Fixes #31075.
docs: backfill telegram changelog credits for merged PRs
2026-03-02 02:13:49 +00:00
- Telegram/Restart polling teardown: stop the Telegram bot instance when a polling cycle exits so in-process SIGUSR1 restarts fully tear down old long-poll loops before restart, reducing post-restart `getUpdates` 409 conflict storms. Fixes #31107. Landed from contributor PR #31141 by @liuxiaopai-ai. Thanks @liuxiaopai-ai.
fix(gateway): harden node metadata policy classification
2026-03-02 00:15:21 +00:00
- Security/Node metadata policy: harden node platform classification against Unicode confusables and switch unknown platform defaults to a conservative allowlist that excludes `system.run`/`system.which` unless explicitly allowlisted, preventing metadata canonicalization drift from broadening node command permissions. Thanks @tdjackey for reporting.
fix(plugins): prioritize bundled duplicates in auto-discovery Landed from contributor PR #29710 by @Sid-Qin. Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
2026-03-01 23:48:30 +00:00
- Plugins/Discovery precedence: load bundled plugins before auto-discovered global extensions so bundled channel plugins win duplicate-ID resolution by default (explicit `plugins.load.paths` overrides remain highest precedence), with loader regression coverage. Landed from contributor PR #29710 by @Sid-Qin. Thanks @Sid-Qin.
fix(discord): harden reconnect recovery and preserve message delivery Landed from contributor PR #29508 by @cgdusek. Co-authored-by: Charles Dusek <cgdusek@gmail.com>
2026-03-01 23:45:34 +00:00
- Discord/Reconnect integrity: release Discord message listener lane immediately while preserving serialized handler execution, add HELLO-stall resume-first recovery with bounded fresh-identify fallback after repeated stalls, and extend lifecycle/listener regression coverage for forced reconnect scenarios. Landed from contributor PR #29508 by @cgdusek. Thanks @cgdusek.
fix: harden matrix startup errors + add regressions (#31023) (thanks @efe-arv)
2026-03-02 00:14:46 +00:00
- Matrix/Conduit compatibility: avoid blocking startup on non-resolving Matrix sync start, preserve startup error propagation, prevent duplicate monitor listener registration, remove unreliable 2-member DM heuristics, accept `!room` IDs without alias resolution, and add matrix monitor/client regression coverage. Landed from contributor PR #31023 by @efe-arv. Thanks @efe-arv.
fix(discord): unify reconnect watchdog and land #31025/#30530 Landed follow-up intent from contributor PR #31025 (@theotarr) and PR #30530 (@liuxiaopai-ai). Co-authored-by: theotarr <theotarr@users.noreply.github.com> Co-authored-by: liuxiaopai-ai <liuxiaopai-ai@users.noreply.github.com>
2026-03-02 00:23:07 +00:00
- Discord/Reconnect watchdog: add a shared armable transport stall-watchdog and wire Discord gateway lifecycle force-stop semantics for silent close/reconnect zombies, with gateway/lifecycle watchdog regression coverage and runtime status liveness updates. Follow-up to contributor PR #31025 by @theotarr and PR #30530 by @liuxiaopai-ai. Thanks @theotarr and @liuxiaopai-ai.
docs(changelog): note skills security hardening
2026-03-01 23:45:35 +00:00
- Security/Skills: harden skill installer metadata parsing by rejecting unsafe installer specs (brew/node/go/uv/download) and constrain plugin-declared skill directories to the plugin root (including symlink-escape checks), with regression coverage.
fix(discord): unify dm command auth gating
2026-03-01 23:50:17 +00:00
- Discord/DM command auth: unify DM allowlist + pairing-store authorization across message preflight and native command interactions so DM command gating is consistent for `open`/`pairing`/`allowlist` policies.
docs(changelog): record session lifecycle and diagnostics fixes
2026-03-02 00:07:16 +00:00
- Sessions/Usage accounting: persist `cacheRead`/`cacheWrite` from the latest call snapshot (`lastCallUsage`) instead of accumulated multi-call totals, preventing inflated token/cost reporting in long tool/compaction runs. (#31005)
- Sessions/Followup queue: always schedule followup drain even when unexpected runtime exceptions escape `runReplyAgent`, preventing silent stuck followup backlogs after failed turns. (#30627)
fix(session): retire stale dm main route after dmScope migration (#31010)
2026-03-02 00:33:40 +00:00
- Sessions/DM scope migration: when `session.dmScope` is non-`main`, retire stale `agent:*:main` delivery routing metadata once the matching direct-chat peer session is active, preventing duplicate Telegram/DM announce deliveries from legacy main sessions after scope migration. (#31010)
docs(changelog): record session lifecycle and diagnostics fixes
2026-03-02 00:07:16 +00:00
- Sessions/Compaction safety: add transcript-size forced pre-compaction memory flush (`agents.defaults.compaction.memoryFlush.forceFlushTranscriptBytes`, default 2MB) so long sessions recover without manual transcript deletion when token snapshots are stale. (#30655)
- Diagnostics/Stuck session signal: add configurable stuck-session warning threshold via `diagnostics.stuckSessionWarnMs` (default 120000ms) to reduce false-positive warnings on long multi-tool turns. (#31032)
ACP: force sessions_spawn as the only harness thread creation path (#30957) * ACP: enforce sessions_spawn-only thread creation for harness spawns * skills(acpx): require acp-router preflight for ACP thread spawns * fix: enforce ACP thread spawn via sessions_spawn only (#30957) (thanks @dutifulbob) --------- Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
2026-03-01 22:41:06 +01:00
- ACP/Harness thread spawn routing: force ACP harness thread creation through `sessions_spawn` (`runtime: "acp"`, `thread: true`) and explicitly forbid `message action=thread-create` for ACP harness requests, avoiding misrouted `Unknown channel` errors. (#30957) Thanks @dutifulbob.
fix: align ACP permission docs defaults (#31044) (thanks @barronlroth)
2026-03-01 23:30:06 +00:00
- Docs/ACP permissions: document the correct `permissionMode` default (`approve-reads`) and clarify non-interactive permission failure behavior/troubleshooting guidance. (#31044) Thanks @barronlroth.
fix(security): harden clawlog command execution
2026-03-01 23:32:53 +00:00
- Security/Logging utility hardening: remove `eval`-based command execution from `scripts/clawlog.sh`, switch to argv-safe command construction, and escape predicate literals for user-supplied search/category filters to block local command/predicate injection paths.
fix(acpx): default strict windows wrapper policy on windows
2026-03-02 01:31:23 +00:00
- Security/ACPX Windows spawn hardening: resolve `.cmd/.bat` wrappers via PATH/PATHEXT and execute unwrapped Node/EXE entrypoints without shell parsing when possible, and enable strict fail-closed handling (`strictWindowsCmdWrapper`) by default for unresolvable wrappers on Windows (with explicit opt-out for compatibility). This ships in the next npm release. Thanks @tdjackey for reporting.
chore(changelog): note internal events and ingress hardening
2026-03-01 23:11:31 +00:00
- Security/Inbound metadata stripping: tighten sentinel matching and JSON-fence validation for inbound metadata stripping so user-authored lookalike lines no longer trigger unintended metadata removal.
fix(security): harden webhook memory guards across channels
2026-03-02 00:11:49 +00:00
- Security/Zalo webhook memory hardening: bound webhook security tracking state and normalize security keying to matched webhook paths (excluding attacker query-string churn) to prevent unauthenticated memory growth pressure on reachable webhook endpoints. Thanks @Somet2mes.
fix(security): block private-network web_search citation redirects
2026-03-02 01:05:05 +00:00
- Security/Web search citation redirects: enforce strict SSRF defaults for Gemini citation redirect resolution so redirects to localhost/private/internal targets are blocked. Thanks @tdjackey for reporting.
chore(changelog): note internal events and ingress hardening
2026-03-01 23:11:31 +00:00
- Channels/Command parsing parity: align command-body parsing fields with channel command-gating text for Slack, Signal, Microsoft Teams, Mattermost, and BlueBubbles to avoid mention-strip mismatches and inconsistent command detection.
Changelog: credit startup performance reports
2026-03-01 12:42:48 -08:00
- CLI/Startup (Raspberry Pi + small hosts): speed up startup by avoiding unnecessary plugin preload on fast routes, adding root `--version` fast-path bootstrap bypass, parallelizing status JSON/non-JSON scans where safe, and enabling Node compile cache at startup with env override compatibility (`NODE_COMPILE_CACHE`, `NODE_DISABLE_COMPILE_CACHE`). (#5871) Thanks @BookCatKid and @vincentkoc for raising startup reports, and @lupuletic for related startup work in #27973.
doctor: warn on macOS cloud-synced state directories (#31004) * Doctor: detect macOS cloud-synced state directories * Doctor tests: cover cloud-synced macOS state detection * Docs: note cloud-synced state warning in doctor guide * Docs: recommend local macOS state dir placement * Changelog: add macOS cloud-synced state dir warning * Changelog: credit macOS cloud state warning PR * Doctor state: anchor cloud-sync roots to macOS home * Doctor tests: cover OPENCLAW_HOME cloud-sync override * Doctor state: prefer resolved target for cloud detection * Doctor tests: cover local-target cloud symlink case
2026-03-01 14:35:46 -08:00
- Doctor/macOS state-dir safety: warn when OpenClaw state resolves inside iCloud Drive (`~/Library/Mobile Documents/com~apple~CloudDocs/...`) or `~/Library/CloudStorage/...`, because sync-backed paths can cause slower I/O and lock/sync races. (#31004) Thanks @vincentkoc.
Doctor: warn when Linux state dir is on SD/eMMC mounts (#31033) * Doctor state: warn on Linux SD or eMMC state mounts * Doctor tests: cover Linux SD or eMMC state mount detection * Docs doctor: document Linux SD or eMMC state warning * Changelog: add Linux SD or eMMC doctor warning * Update CHANGELOG.md * Doctor: escape mountinfo control chars in SD warning * Doctor tests: cover escaped mountinfo control chars
2026-03-01 16:36:01 -08:00
- Doctor/Linux state-dir safety: warn when OpenClaw state resolves to an `mmcblk*` mount source (SD or eMMC), because random I/O can be slower and media wear can increase under session and credential writes. (#31033) Thanks @vincentkoc.
CLI: add root --help fast path and lazy channel option resolution (#30975) * CLI argv: add strict root help invocation guard * Entry: add root help fast-path bootstrap bypass * CLI context: lazily resolve channel options * CLI context tests: cover lazy channel option resolution * CLI argv tests: cover root help invocation detection * Changelog: note additional startup path optimizations * Changelog: split startup follow-up into #30975 entry * CLI channel options: load precomputed startup metadata * CLI channel options tests: cover precomputed metadata path * Build: generate CLI startup metadata during build * Build script: invoke CLI startup metadata generator * CLI routes: preload plugins for routed health * CLI routes tests: assert health plugin preload * CLI: add experimental bundled entry and snapshot helper * Tools: compare CLI startup entries in benchmark script * Docs: add startup tuning notes for Pi and VM hosts * CLI: drop bundled entry runtime toggle * Build: remove bundled and snapshot scripts * Tools: remove bundled-entry benchmark shortcut * Docs: remove bundled startup bench examples * Docs: remove Pi bundled entry mention * Docs: remove VM bundled entry mention * Changelog: remove bundled startup follow-up claims * Build: remove snapshot helper script * Build: remove CLI bundle tsdown config * Doctor: add low-power startup optimization hints * Doctor: run startup optimization hint checks * Doctor tests: cover startup optimization host targeting * Doctor tests: mock startup optimization note export * CLI argv: require strict root-only help fast path * CLI argv tests: cover mixed root-help invocations * CLI channel options: merge metadata with runtime catalog * CLI channel options tests: assert dynamic catalog merge * Changelog: align #30975 startup follow-up scope * Docs tests: remove secondary-entry startup bench note * Docs Pi: add systemd recovery reference link * Docs VPS: add systemd recovery reference link
2026-03-01 14:23:46 -08:00
- CLI/Startup follow-up: add root `--help` fast-path bootstrap bypass with strict root-only matching, lazily resolve CLI channel options only when commands need them, merge build-time startup metadata (`dist/cli-startup-metadata.json`) with runtime catalog discovery so dynamic catalogs are preserved, and add low-power Linux doctor hints for compile-cache placement and respawn tuning. (#30975) Thanks @vincentkoc.
fix: allow docker cli container to connect to gateway (#12504) * Docker: route CLI through gateway network namespace * Tests: assert Docker Compose CLI namespace wiring * Changelog: add Docker Compose CLI connectivity fix * Docker: pin docker setup gateway mode and bind * Tests: cover docker setup mode and bind sync * Docs: clarify Docker LAN vs loopback gateway targeting * Changelog: expand Docker #12504 targeting note * Docker: default optional CLAUDE compose vars to empty * Docs(Docker): document non-interactive compose runs * Changelog: note docker compose env-noise reduction * Docker: restore onboarding Tailscale guidance * Docker: simplify onboarding output and clarify Tailscale * Docker: harden shared-namespace CLI container * Docs(Docker): document shared-namespace trust boundary * Changelog: note docker shared-namespace hardening --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 08:28:35 +07:00
- Docker/Compose gateway targeting: run `openclaw-cli` in the `openclaw-gateway` service network namespace, require gateway startup ordering, pin Docker setup to `gateway.mode=local`, sync `gateway.bind` from `OPENCLAW_GATEWAY_BIND`, default optional `CLAUDE_*` compose vars to empty values to reduce automation warning noise, and harden `openclaw-cli` with `cap_drop` (`NET_RAW`, `NET_ADMIN`) + `no-new-privileges`. Docs now call out the shared trust boundary explicitly. (#12504) Thanks @bvanderdrift and @vincentkoc.
fix(telegram): preserve HTTP proxy env in global dispatcher workaround (#29940) * fix(telegram): preserve HTTP proxy env in global dispatcher workaround * telegram: document request-scoped proxy dispatcher constraint * telegram: assert proxy path never mutates global dispatcher * changelog: credit telegram proxy env regression fix --------- Co-authored-by: Rylen Anil <rylen.anil@gmail.com>
2026-03-01 13:21:01 -08:00
- Telegram/Outbound API proxy env: keep the Node 22 `autoSelectFamily` global-dispatcher workaround while restoring env-proxy support by using `EnvHttpProxyAgent` so `HTTP_PROXY`/`HTTPS_PROXY` continue to apply to outbound requests. (#26207) Thanks @qsysbio-cjw for reporting and @rylena and @vincentkoc for work.
fix(browser): fail closed browser auth bootstrap
2026-03-01 21:39:39 +00:00
- Browser/Security: fail closed on browser-control auth bootstrap errors; if auto-auth setup fails and no explicit token/password exists, browser control server startup now aborts instead of starting unauthenticated. This ships in the next npm release. Thanks @ijxpwastaken.
fix(security): harden sandbox novnc observer flow
2026-03-01 22:44:15 +00:00
- Sandbox/noVNC hardening: increase observer password entropy, shorten observer token lifetime, and replace noVNC token redirect with a bootstrap page that keeps credentials out of `Location` query strings and adds strict no-cache/no-referrer headers.
Fixes minor security vulnerability (#30948) (#30951) Merged via squash. Prepared head SHA: cfbe5fe8301370d751b3c62d908533f00d583933 Co-authored-by: benediktjohannes <253604130+benediktjohannes@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
2026-03-02 01:38:01 +01:00
- Security/External content marker folding: expand Unicode angle-bracket homoglyph normalization in marker sanitization so additional guillemet, double-angle, tortoise-shell, flattened-parenthesis, and ornamental variants are folded before boundary replacement. (#30951) Thanks @benediktjohannes.
docs(slack): add missing DM scopes to manifest (openclaw#29999) thanks @JcMinarro Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: JcMinarro <4047514+JcMinarro@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 18:25:52 +01:00
- Docs/Slack manifest scopes: add missing DM/group-DM bot scopes (`im:read`, `im:write`, `mpim:read`, `mpim:write`) to the Slack app manifest example so DM setup guidance is complete. (#29999) Thanks @JcMinarro.
Slack onboarding: improve token help note with manifest option (openclaw#30846) thanks @yzhong52 Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: yzhong52 <3712071+yzhong52@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 11:57:30 -06:00
- Slack/Onboarding token help: update setup text to include the “From manifest” app-creation path and current install wording for obtaining the `xoxb-` bot token. (#30846) Thanks @yzhong52.
fix(telegram): retry DM thread sends without message_thread_id [AI-assisted]
2026-03-02 02:51:14 +08:00
- Telegram/Thread fallback safety: when Telegram returns `message thread not found`, retry without `message_thread_id` only for DM-thread sends (not forum topics), and suppress first-attempt danger logs when retry succeeds. Landed from contributor PR #30892 by @liuxiaopai-ai. Thanks @liuxiaopai-ai.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Slack/Bot attachment-only messages: when `allowBots: true`, bot messages with empty `text` now include non-forwarded attachment `text`/`fallback` content so webhook alerts are not silently dropped. (#27616) Thanks @lailoo.
- Slack/Inbound media auth + HTML guard: keep Slack auth headers on forwarded shared attachment image downloads, and reject login/error HTML payloads (while allowing expected `.html` uploads) when resolving Slack media so auth failures do not silently pass as files. (#18642) Thanks @tumf.
Slack: harden slash and interactions ingress checks (openclaw#29091) thanks @Solvely-Colin Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Solvely-Colin <211764741+Solvely-Colin@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 10:40:57 -05:00
- Slack/Security ingress mismatch guard: drop slash-command and interaction payloads when app/team identifiers do not match the active Slack account context (including nested `team.id` interaction payloads), preventing cross-app or cross-workspace payload injection into system-event handling. (#29091) Thanks @Solvely-Colin.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Cron/Failure alerts: add configurable repeated-failure alerting with per-job overrides and Web UI cron editor support (`inherit|disabled|custom` with threshold/cooldown/channel/target fields). (#24789) Thanks @0xbrak.
fix(cron): respect subagents.model in isolated cron sessions (#11474) * fix(cron): respect subagents.model in isolated cron sessions * fix(cron): enforce model allowlist for subagents.model * Cron: fix isolated subagent model gate regressions --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 19:24:09 +05:30
- Cron/Isolated model defaults: resolve isolated cron `subagents.model` (including object-form `primary`) through allowlist-aware model selection so isolated cron runs honor subagent model defaults unless explicitly overridden by job payload model. (#11474) Thanks @AnonO6.
fix(cron): handle sessions list cron model override (openclaw#21279) thanks @altaywtf Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 16:32:20 +03:00
- Cron/Isolated sessions list: persist the intended pre-run model/provider on isolated cron session entries so `sessions_list` reflects payload/session model overrides even when runs fail before post-run telemetry persistence. (#21279) Thanks @altaywtf.
fix(cron): recover flat patch params for update action and fix schema (openclaw#23221) thanks @charojo Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: charojo <4084797+charojo@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 20:50:51 -05:00
- Cron tool/update flat params: recover top-level update patch fields when models omit the `patch` wrapper, and allow flattened update keys through tool input schema validation so `cron.update` no longer fails with `patch required` for valid flat payloads. (#23221)
fix(cron): treat announce delivery failure as ok when execution succeeded (#31082) * cron: treat announce delivery failure as ok when agent execution succeeded * fix: set delivered:false and error on announce delivery failure paths * Changelog: note cron announce delivery status handling (#31082) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 22:27:57 +09:00
- Cron/Announce delivery status: keep isolated cron runs in `ok` state when execution succeeds but announce delivery fails (for example transient `pairing required`), while preserving `delivered=false` and delivery error context for visibility. (#31082) Thanks @YuzuruS.
fix(agents): land #20840 cross-channel message-tool actions from @altaywtf Include scoped cross-channel action/description behavior, regression tests, changelog note, and make Ollama discovery tests URL-scoped to avoid env-dependent fetch interference. Co-authored-by: Altay <altay@hey.com>
2026-03-01 23:37:27 +00:00
- Agents/Message tool scoping: include other configured channels in scoped `message` tool action enum + description so isolated/cron runs can discover and invoke cross-channel actions without schema validation failures. Landed from contributor PR #20840 by @altaywtf. Thanks @altaywtf.
feat(ui): add hide-cron toggle to chat session selector (#26976) * feat(ui): add hide-cron toggle to chat session selector Adds a clock icon toggle button in the chat controls bar that filters cron sessions out of the session dropdown. Default: hidden (true). Why: cron sessions (key prefix `cron:`) accumulate fast — a job running every 15 min produces 48 entries/day. They pollute the session selector on small screens and devices like the Rabbit R1. Changes: - app-render.helpers.ts - isCronSessionKey() — exported helper (exported for tests) - countHiddenCronSessions() — counts filterable crons, skips active key - resolveSessionOptions() — new hideCron param; skips cron: keys unless that key is the currently active session (never drop it) - renderCronFilterIcon() — clock SVG with optional badge count - renderChatControls() — reads state.sessionsHideCron (default true), passes hideCron to resolveSessionOptions, adds toggle button at the end of the controls bar showing hidden count as a badge - app-view-state.ts — adds sessionsHideCron: boolean to AppViewState - app.ts — @state() sessionsHideCron = true (persists across re-renders) - app-render.helpers.node.test.ts — tests for isCronSessionKey * fix(ui): harden cron session filtering and i18n labels --------- Co-authored-by: FLUX <flux@openclaw.ai> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 06:24:14 -08:00
- Web UI/Chat sessions: add a cron-session visibility toggle in the session selector, fix cron-key detection across `cron:*` and `agent:*:cron:*` formats, and localize the new control labels/tooltips. (#26976) Thanks @ianderrington.
Control UI: add cron jobs schedule/status filters with reset (#9510) Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 06:49:11 -08:00
- Web UI/Cron jobs: add schedule-kind and last-run-status filters to the Jobs list, with reset control and client-side filtering over loaded results. (#9510) Thanks @guxu11.
fix(control-ui): include basePath in default WebSocket URL (#30228) Merged via squash. Prepared head SHA: a56d8d441cd5a0dc035b30a33109f2cfd2c1d467 Co-authored-by: gittb <8284364+gittb@users.noreply.github.com> Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com> Reviewed-by: @velvet-shark
2026-03-01 15:01:43 -05:00
- Web UI/Control UI WebSocket defaults: include normalized `gateway.controlUi.basePath` (or inferred nested route base path) in the default `gatewayUrl` so first-load dashboard connections work behind path-based reverse proxies. (#30228) Thanks @gittb.
fix(gateway): prevent /api/* routes from returning SPA HTML when basePath is empty (#30333) Merged via squash. Prepared head SHA: 12591f304e5db80b0a49d44b3adeecace5ce228c Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com> Reviewed-by: @velvet-shark
2026-03-02 05:23:54 +08:00
- Gateway/Control UI API routing: when `gateway.controlUi.basePath` is unset (default), stop serving Control UI SPA HTML for `/api` and `/api/*` so API paths fall through to normal gateway handlers/404 responses instead of `index.html`. (#30333) Fixes #30295. thanks @Sid-Qin.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Cron/One-shot reliability: retry transient one-shot failures with bounded backoff and configurable retry policy before disabling. (#24435) Thanks @hugenshen.
- Gateway/Cron auditability: add gateway info logs for successful cron create, update, and remove operations. (#25090) Thanks @MoerAI.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Gateway/Tailscale onboarding origin allowlist: auto-add the detected Tailnet HTTPS origin during interactive configure/onboarding flows (including IPv6-safe origin formatting and binary-path reuse), so Tailscale serve/funnel Control UI access works without manual `allowedOrigins` edits. Landed from contributor PR #26157 by @stakeswky. Thanks @stakeswky.
fix(gateway): land access/auth/config migration cluster Land #28960 by @Glucksberg (Tailscale origin auto-allowlist). Land #29394 by @synchronic1 (allowedOrigins upgrade migration). Land #29198 by @Mariana-Codebase (plugin HTTP auth guard + route precedence). Land #30910 by @liuxiaopai-ai (tailscale bind/config.patch guard). Co-authored-by: Glucksberg <markuscontasul@gmail.com> Co-authored-by: synchronic1 <synchronic1@users.noreply.github.com> Co-authored-by: Mariana Sinisterra <mariana.data@outlook.com> Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
2026-03-02 00:05:48 +00:00
- Gateway/Upgrade migration for Control UI origins: seed `gateway.controlUi.allowedOrigins` on startup for legacy non-loopback configs (`lan`/`tailnet`/`custom`) when origins are missing or blank, preventing post-upgrade crash loops while preserving explicit existing policy. Landed from contributor PR #29394 by @synchronic1. Thanks @synchronic1.
- Gateway/Plugin HTTP auth hardening: require gateway auth for protected plugin paths and explicit `registerHttpRoute` paths (while preserving wildcard-handler behavior for signature-auth webhooks), and run plugin handlers after built-in handlers for deterministic route precedence. Landed from contributor PR #29198 by @Mariana-Codebase. Thanks @Mariana-Codebase.
- Gateway/Config patch guard: reject `config.patch` updates that set non-loopback `gateway.bind` while `gateway.tailscale.mode` is `serve`/`funnel`, preventing restart crash loops from invalid bind/tailscale combinations. Landed from contributor PR #30910 by @liuxiaopai-ai. Thanks @liuxiaopai-ai.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Cron/Schedule errors: notify users when a job is auto-disabled after repeated schedule computation failures. (#29098) Thanks @ningding97.
fix(config): normalize gateway bind host aliases during migration (#30855) * fix(config): normalize gateway bind host aliases during migration [AI-assisted] * config(legacy): detect gateway.bind host aliases as legacy * config(legacy): sanitize bind alias migration log output * test(config): cover bind alias legacy detection and log escaping * config(legacy): add source-literal gate to legacy rules * config(legacy): make issue detection source-aware * config(legacy): require source-literal gateway.bind alias detection * config(io): pass parsed source to legacy issue detection * test(config): cover resolved-only gateway.bind alias legacy detection * changelog: format after #30855 rebase conflict resolution --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 11:53:00 +08:00
- Config/Legacy gateway bind aliases: normalize host-style `gateway.bind` values (`0.0.0.0`/`::`/`127.0.0.1`/`localhost`) to supported bind modes (`lan`/`loopback`) during legacy migration so older configs recover without manual edits. (#30080) Thanks @liuxiaopai-ai and @vincentkoc.
feat: expand ~ (tilde) to home directory in file tools (read/write/edit) (openclaw#29779) thanks @Glucksberg Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 09:00:52 -04:00
- File tools/tilde paths: expand `~/...` against the user home directory before workspace-root checks in host file read/write/edit paths, while preserving root-boundary enforcement so outside-root targets remain blocked. (#29779) Thanks @Glucksberg.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Slack/HTTP mode startup: treat Slack HTTP accounts as configured when `botToken` + `signingSecret` are present (without requiring `appToken`) in channel config/runtime status so webhook mode is not silently skipped. (#30567) Thanks @liuxiaopai-ai.
- Slack/Transient request errors: classify Slack request-error messages like `Client network socket disconnected before secure TLS connection was established` as transient in unhandled-rejection fatal detection, preventing temporary network drops from crash-looping the gateway. (#23169) Thanks @graysurf.
fix(slack): wrap session key in backticks to prevent emoji shortcode parsing (openclaw#30266) thanks @pushkarsingh32 Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: pushkarsingh32 <29558481+pushkarsingh32@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 20:53:50 +05:30
- Slack/Usage footer formatting: wrap session keys in inline code in full response-usage footers so Slack does not parse colon-delimited session segments as emoji shortcodes. (#30258) Thanks @pushkarsingh32.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Slack/Thread session isolation: route channel/group top-level messages into thread-scoped sessions (`:thread:<ts>`) and read inbound `previousTimestamp` from the resolved thread session key, preventing cross-thread context bleed and stale timestamp lookups. (#10686) Thanks @pablohrcarvalho.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Slack/Socket Mode slash startup: treat `app.options()` registration as best-effort and fall back to static arg menus when listener registration fails, preventing Slack monitor startup crash loops on receiver init edge cases. (#21715) Thanks @AIflow-Labs.
fix(slack): map legacy streaming=false to off (openclaw#26020) thanks @chilu18 Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: chilu18 <7957943+chilu18@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 16:21:25 +00:00
- Slack/Legacy streaming config: map boolean `channels.slack.streaming=false` to unified streaming mode `off` (with `nativeStreaming=false`) so legacy configs correctly disable draft preview/native streaming instead of defaulting to `partial`. (#25990) Thanks @chilu18.
fix(slack): reconnect socket mode after disconnect (#27232) * fix(slack): reconnect socket mode after disconnect * fix(slack): avoid orphaned disconnect waiters on start failure * docs(changelog): record slack socket reconnect reliability fix --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 17:42:45 +01:00
- Slack/Socket reconnect reliability: reconnect Socket Mode after disconnect/start failures using bounded exponential backoff with abort-aware waits, while preserving clean shutdown behavior and adding disconnect/error helper tests. (#27232) Thanks @pandego.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Memory/QMD update+embed output cap: discard captured stdout for `qmd update` and `qmd embed` runs (while keeping stderr diagnostics) so large index progress output no longer fails sync with `produced too much output` during boot/refresh. (#28900; landed from contributor PR #23311 by @haitao-sjsu) Thanks @haitao-sjsu.
Onboarding: enforce custom model context minimum
2026-02-28 13:37:21 -08:00
- Onboarding/Custom providers: raise default custom-provider model context window to the runtime hard minimum (16k) and auto-heal existing custom model entries below that threshold during reconfiguration, preventing immediate `Model context window too small (4096 tokens)` failures. (#21653) Thanks @r4jiv007.
Web UI: strip relevant-memories scaffolding
2026-02-28 13:20:50 -08:00
- Web UI/Assistant text: strip internal `<relevant-memories>...</relevant-memories>` scaffolding from rendered assistant messages (while preserving code-fence literals), preventing memory-context leakage in chat output for models that echo internal blocks. (#29851) Thanks @Valkster70.
Gateway: allow control-ui session deletion
2026-02-28 13:00:05 -08:00
- Dashboard/Sessions: allow authenticated Control UI clients to delete and patch sessions while still blocking regular webchat clients from session mutation RPCs, fixing Dashboard session delete failures. (#21264) Thanks @jskoiz.
TUI: sync /model status immediately
2026-02-28 14:02:56 -08:00
- TUI/Session model status: clear stale runtime model identity when model overrides change so `/model` updates are reflected immediately in `sessions.patch` responses and `sessions.list` status surfaces. (#28619) Thanks @lejean2000.
docs: add changelog entry for session_status levels (#30129)
2026-03-01 14:45:12 +05:30
- Agents/Session status: read thinking/verbose/reasoning levels from persisted session state in `session_status` output when resolved levels are not provided, so status reflects runtime toggles correctly. (#30129) Thanks @YuzuruS.
fix(agents): harden tool-name normalization and transcript repair Landed from contributor PRs #30620 and #30735 by @Sid-Qin, plus #30881 by @liuxiaopai-ai. Co-authored-by: SidQin-cyber <sidqin0410@gmail.com> Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
2026-03-01 23:51:43 +00:00
- Agents/Tool-name recovery chain: normalize streamed alias/case tool names against the allowed set, preserve whitespace-only streamed placeholders to avoid collapsing to empty names, and repair/guard persisted blank `toolResult.toolName` values from matching tool calls to reduce repeated `Tool not found` loops in long sessions. Landed from contributor PRs #30620 and #30735 by @Sid-Qin, plus #30881 by @liuxiaopai-ai. Thanks @Sid-Qin and @liuxiaopai-ai.
TUI: guard SIGTERM shutdown against setRawMode EBADF
2026-02-28 14:56:01 -08:00
- TUI/SIGTERM shutdown: ignore `setRawMode EBADF` teardown errors during `SIGTERM` exit so long-running TUI sessions do not crash on terminal shutdown races, while still rethrowing unrelated stop errors. (#29430) Thanks @Cormazabal.
Memory: keep keyword hits when hybrid vector misses
2026-02-28 14:18:24 -08:00
- Memory/Hybrid recall: when strict hybrid scoring yields no hits, preserve keyword-backed matches using a text-weight floor so freshly indexed lexical canaries no longer disappear behind `minScore` filtering. (#29112) Thanks @ceo-nada.
docs(changelog): note android notify auth-race fix (#30726)
2026-03-01 20:31:54 +05:30
- Android/Notifications auth race: return `NOT_AUTHORIZED` when `POST_NOTIFICATIONS` is revoked between authorization precheck and delivery, instead of returning success while dropping the notification. (#30726) Thanks @obviyus.
Cron: preserve session scope for main-target reminders
2026-02-28 14:53:10 -08:00
- Cron/Reminder session routing: preserve `job.sessionKey` for `sessionTarget="main"` runs so queued reminders wake and deliver in the originating scoped session/channel instead of being forced to the agent main session.
test(cron): add Asia/Shanghai year-regression coverage [AI-assisted] (openclaw#30565) thanks @liuxiaopai-ai Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-02 09:46:06 +08:00
- Cron/Timezone regression guard: add explicit schedule coverage for `0 8 * * *` with `Asia/Shanghai` to ensure `nextRunAtMs` never rolls back to a past year and always advances to the next valid occurrence. (#30351)
Sessions: fix sessions_list transcriptPath path resolution
2026-02-28 14:42:14 -08:00
- Agents/Sessions list transcript paths: resolve `sessions_list` `transcriptPath` via agent-aware session path options and ignore combined-store sentinel paths (`(multiple)`) so listed transcript paths always point to the state directory. (#28379) Thanks @fafuzuoluo.
chore(changelog): add missing entry for #26414
2026-02-28 09:46:05 -08:00
- Podman/Quadlet setup: fix `sed` escaping and UID mismatch in Podman Quadlet setup. (#26414) Thanks @KnHack and @vincentkoc.
chore(changelog): add missing entry for #25326
2026-02-28 09:46:16 -08:00
- Browser/Navigate: resolve the correct `targetId` in navigate responses after renderer swaps. (#25326) Thanks @stone-jin and @vincentkoc.
chore(changelog): add missing entry for #28827
2026-02-28 09:46:26 -08:00
- Agents/Ollama discovery: skip Ollama discovery when explicit models are configured. (#28827) Thanks @Kansodata and @vincentkoc.
Issues: unify bug form and subtype auto-labeling (openclaw#30733) thanks @Takhoffman Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 09:20:57 -06:00
- Issues/triage labeling: consolidate bug intake to a single bug issue form with required bug-type classification (regression/crash/behavior), auto-apply matching subtype labels from issue form content, and retire the separate regression template to reduce misfiled issue types and improve queue filtering. Thanks @vincentkoc.
fix: land android onboarding and voice reliability updates (#29796)
2026-02-28 20:05:45 +05:30
- Android/Onboarding + voice reliability: request per-toggle onboarding permissions, update pairing guidance to `openclaw devices list/approve`, restore assistant speech playback in mic capture flow, cancel superseded in-flight speech (mute + per-reply token rotation), and keep `talk.config` loads retryable after transient failures. (#29796) Thanks @obviyus.
fix: harden feishu startup probe sequencing (#29941) (thanks @bmendonca3)
2026-03-02 03:58:34 +00:00
- Feishu/Startup probes: serialize multi-account bot-info probes during monitor startup so large Feishu account sets do not burst `/open-apis/bot/v3/info`, bound startup probe latency/abort handling to avoid head-of-line stalls, and avoid triggering rate limits. (#26685, #29941) Thanks @bmendonca3.
fix: clarify outside-workspace fs-safe errors (#29715) (thanks @YuzuruS)
2026-02-28 18:07:52 +05:30
- FS/Sandbox workspace boundaries: add a dedicated `outside-workspace` safe-open error code for root-escape checks, and propagate specific outside-workspace messages across edit/browser/media consumers instead of generic not-found/invalid-path fallbacks. (#29715) Thanks @YuzuruS.
fix(doctor): detect groupPolicy=allowlist with empty groupAllowFrom (#28477) * fix(doctor): detect groupPolicy=allowlist with empty groupAllowFrom The existing `detectEmptyAllowlistPolicy` check only covers `dmPolicy="allowlist"` with empty `allowFrom`. After the .26 security hardening (`resolveDmGroupAccessDecision` fails closed on empty allowlists), `groupPolicy="allowlist"` without `groupAllowFrom` or `allowFrom` silently drops all group/channel messages with only a verbose-level log. Add a parallel check: when `groupPolicy` is `"allowlist"` and neither `groupAllowFrom` nor `allowFrom` has entries, surface a doctor warning with remediation steps. Closes #27552 * fix: align empty-array semantics with runtime resolveGroupAllowFromSources The runtime treats groupAllowFrom: [] as unset and falls back to allowFrom, but the doctor check used ?? which treats [] as authoritative. This caused a false warning when groupAllowFrom was explicitly empty but allowFrom had entries. Match runtime behavior: treat empty groupAllowFrom arrays as unset before falling back to allowFrom. * fix: scope group allowlist check to sender-based channels only * fix: align doctor group allowlist semantics (#28477) (thanks @tonydehnke) --------- Co-authored-by: mukhtharcm <mukhtharcm@gmail.com>
2026-02-28 16:15:10 +07:00
- Config/Doctor group allowlist diagnostics: align `groupPolicy: "allowlist"` warnings with per-channel runtime semantics by excluding Google Chat sender-list checks and by warning when no-fallback channels (for example iMessage) omit `groupAllowFrom`, with regression coverage. (#28477) Thanks @tonydehnke.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Slack/Disabled channel startup: skip Slack monitor socket startup entirely when `channels.slack.enabled=false` (including configs that still contain valid tokens), preventing disabled accounts from opening websocket connections. (#30586) Thanks @liuxiaopai-ai.
fix: harden azure custom-provider verification coverage (#29421) (thanks @kunalk16)
2026-02-28 15:57:57 +05:30
- Onboarding/Custom providers: use Azure OpenAI-specific verification auth/payload shape (`api-key`, deployment-path chat completions payload) when probing Azure endpoints so valid Azure custom-provider setup no longer fails preflight. (#29421) Thanks @kunalk16.
feat(feishu): add markdown tables, positional insert, color_text, and table ops (#29411) * feat(feishu): add markdown tables, insert, color_text, table ops, and image fixes Extends feishu_doc on top of #20304 with capabilities that are not yet covered: Markdown → native table rendering: - write/append now use the Descendant API instead of Children API, enabling GFM markdown tables (block_type 31/32) to render as native Feishu tables automatically - Adaptive column widths calculated from cell content (CJK chars 2x weight) - Batch insertion for large documents (>1000 blocks, docx-batch-insert.ts) New actions: - insert: positional markdown insertion after a given block_id - color_text: apply color/bold to a text block via [red]...[/red] markup - insert_table_row / insert_table_column: add rows or columns to a table - delete_table_rows / delete_table_columns: remove rows or columns - merge_table_cells: merge a rectangular cell range Image upload fixes (affects write, append, and upload_image): - upload_image now accepts data URI and plain base64 in addition to url/file_path, covering DALL-E b64_json, canvas screenshots, etc. - Fix: pass Buffer directly to drive.media.uploadAll instead of Readable.from(), which caused Content-Length mismatch for large images - Fix: same Readable bug fixed in upload_file - Fix: pass drive_route_token via extra field for correct multi-datacenter routing (per API docs: required when parent_node is a document block ID) * fix(feishu): add documentBlockDescendant mock to docx.test.ts write/append now use the Descendant API (documentBlockDescendant.create) instead of Children API. The existing test mock was missing this SDK method, causing processImages to never be reached and fetchRemoteMedia to go uncalled. Added blockDescendantCreateMock returning an image block so the 'skips image upload when markdown image URL is blocked' test flows through processImages as expected. * fix(feishu): address bot review feedback - resolveUploadInput: remove length < 1024 guard on file path detection. Prefix patterns (isAbsolute / ~ / ./ / ../) already correctly distinguish file paths from base64 strings at any length. The old guard caused file paths ≥1024 chars to fall through to the base64 branch incorrectly. - parseColorMarkup: add comment clarifying that mismatched closing tags (e.g. [red]text[/green]) are intentional — opening tag style is applied, closing tag is consumed regardless of name. * fix(feishu): address second-round codex bot review feedback P1 - Reject single oversized subtrees in batch insert (docx-batch-insert.ts): A first-level block whose descendant count exceeds BATCH_SIZE (1000) cannot be split atomically (e.g. a very large table). Previously such a block was silently added to the current batch and sent as an oversized request, violating the API limit. Now throws a descriptive error so callers know to reduce the content size. P2 - Preserve unmatched brackets in color markup parser (docx-color-text.ts): Text like 'Revenue [Q1] up' contains a bracket pair with no matching '[/...]' closer. The original regex dropped the '[' character in this case, silently corrupting the text. Fixed by appending '|\[' to the plain-text alternative so any '[' that does not open a complete tag is captured as literal text. * fix(feishu): address third-round codex bot review feedback P2 - Throw ENOENT for non-existing absolute image paths (docx.ts): Previously a non-existing absolute path like /tmp/missing.png fell through to Buffer.from(..., 'base64') and uploaded garbage bytes. Now throws a descriptive ENOENT error and hints at data URI format for callers intending to pass JPEG binary data (which starts with /9j/). P2 - Fail clearly when insert anchor block is not found (docx.ts): insertDoc previously set insertIndex to -1 (append) when after_block_id was absent from the parent's child list, silently inserting at the wrong position. Two fixes: 1. Paginate through all children (documentBlockChildren.get returns up to 200 per page) before searching for the anchor. 2. Throw a descriptive error if after_block_id is still not found after full pagination, instead of silently falling back to append. * fix(feishu): address fourth-round codex bot review feedback - Enforce mutual exclusivity across all three upload sources (url, file_path, image): throw immediately when more than one is provided, instead of silently preferring the image branch and ignoring the others. - Validate plain base64 payloads before decoding: reject strings that contain characters outside the standard base64 alphabet ([A-Za-z0-9+/=]) so that malformed inputs fail fast with a clear error rather than decoding to garbage bytes and producing an opaque Feishu API failure downstream. Also throw if the decoded buffer is empty. * fix(feishu): address fifth-round codex bot review feedback - parseColorMarkup: restrict opening tag regex to known colour/style names (bg:*, bold, red, orange, yellow, green, blue, purple, grey/gray) so that ordinary bracket tokens like [Q1] can no longer consume a subsequent real closing tag ([/red]) and corrupt the surrounding styled spans. Unknown tags now fall through to the plain-text alternatives and are emitted literally. - resolveUploadInput: estimate decoded byte count from base64 input length (ceil(len * 3 / 4)) BEFORE allocating the full Buffer, preventing oversized payloads from spiking memory before the maxBytes limit is enforced. Applies to both the data-URI branch and the plain-base64 branch. * fix(feishu): address sixth-round codex bot review feedback - docx-table-ops: apply MIN/MAX_COLUMN_WIDTH clamping in the empty-table branch so tables with 15+ columns don't produce sub-50 widths that Feishu rejects as invalid column_width values. - docx.ts (data URI branch): validate the ';base64' marker before decoding so plain/URL-encoded data URIs are rejected with a clear error; also validate the payload against the base64 alphabet (same guard already applied in the plain-base64 branch) so malformed inputs fail fast rather than producing opaque downstream Feishu errors. * Feishu: align docx descendant insertion tests and changelog --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 23:58:56 +08:00
- Feishu/Docx editing tools: add `feishu_doc` positional insert, table row/column operations, table-cell merge, and color-text updates; switch markdown write/append/insert to Descendant API insertion with large-document batching; and harden image uploads for data URI/base64/local-path inputs with strict validation and routing-safe upload metadata. (#29411) Thanks @Elarwei001.
fix(doctor): detect groupPolicy=allowlist with empty groupAllowFrom (#28477) * fix(doctor): detect groupPolicy=allowlist with empty groupAllowFrom The existing `detectEmptyAllowlistPolicy` check only covers `dmPolicy="allowlist"` with empty `allowFrom`. After the .26 security hardening (`resolveDmGroupAccessDecision` fails closed on empty allowlists), `groupPolicy="allowlist"` without `groupAllowFrom` or `allowFrom` silently drops all group/channel messages with only a verbose-level log. Add a parallel check: when `groupPolicy` is `"allowlist"` and neither `groupAllowFrom` nor `allowFrom` has entries, surface a doctor warning with remediation steps. Closes #27552 * fix: align empty-array semantics with runtime resolveGroupAllowFromSources The runtime treats groupAllowFrom: [] as unset and falls back to allowFrom, but the doctor check used ?? which treats [] as authoritative. This caused a false warning when groupAllowFrom was explicitly empty but allowFrom had entries. Match runtime behavior: treat empty groupAllowFrom arrays as unset before falling back to allowFrom. * fix: scope group allowlist check to sender-based channels only * fix: align doctor group allowlist semantics (#28477) (thanks @tonydehnke) --------- Co-authored-by: mukhtharcm <mukhtharcm@gmail.com>
2026-02-28 16:15:10 +07:00
chore(release): cut 2026.2.26
2026-02-27 00:58:10 +01:00
## 2026.2.26
CI: shard Windows test lane for faster CI critical path (#27234) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: f7c41089e0d5c36f59addd643d2038502bafe933 Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant
2026-02-26 00:33:36 -06:00
Agents: add account-scoped bind and routing commands (#27195) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: ad35a458a55427614a35c9d0713a7386172464ad Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-26 02:36:56 -05:00
### Changes
docs(changelog): highlight external secrets management (#26155)
2026-02-26 16:01:08 +01:00
- Highlight: External Secrets Management introduces a full `openclaw secrets` workflow (`audit`, `configure`, `apply`, `reload`) with runtime snapshot activation, strict `secrets apply` target-path validation, safer migration scrubbing, ref-only auth-profile support, and dedicated docs. (#26155) Thanks @joshavant.
docs(changelog): reorder unreleased changes by user interest
2026-02-26 16:03:29 +01:00
- ACP/Thread-bound agents: make ACP agents first-class runtimes for thread sessions with `acp` spawn/send dispatch integration, acpx backend bridging, lifecycle controls, startup reconciliation, runtime cleanup, and coalesced thread replies. (#23580) thanks @osolmaz.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Agents/Routing CLI: add `openclaw agents bindings`, `openclaw agents bind`, and `openclaw agents unbind` for account-scoped route management, including channel-only to account-scoped binding upgrades, role-aware binding identity handling, plugin-resolved binding account IDs, and optional account-binding prompts in `openclaw channels add`. (#27195) thanks @gumadeiras.
- Codex/WebSocket transport: make `openai-codex` WebSocket-first by default (`transport: "auto"` with SSE fallback), keep explicit per-model/runtime transport overrides, and add regression coverage + docs for transport selection.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Onboarding/Plugins: let channel plugins own interactive onboarding flows with optional `configureInteractive` and `configureWhenConfigured` hooks while preserving the generic fallback path. (#27191) thanks @gumadeiras.
Changelog: include Gemini OAuth PRs #16683 and #16684 (#27987)
2026-02-26 17:50:53 -05:00
- Auth/Onboarding: add an explicit account-risk warning and confirmation gate before starting Gemini CLI OAuth, and document the caution in provider docs and the Gemini CLI auth plugin README. (#16683) Thanks @vincentkoc.
docs: add changelog for android device node commands (#27664) (thanks @obviyus)
2026-02-26 21:25:42 +05:30
- Android/Nodes: add Android `device` capability plus `device.status` and `device.info` node commands, including runtime handler wiring and protocol/registry coverage for device status/info payloads. (#27664) Thanks @obviyus.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Android/Nodes: add `notifications.list` support on Android nodes and expose `nodes notifications_list` in agent tooling for listing active device notifications. (#27344) thanks @obviyus.
fix: add nimrod gutman maintainer profile (#27840) (thanks @ngutman)
2026-02-26 20:46:08 +02:00
- Docs/Contributing: add Nimrod Gutman to the maintainer roster in `CONTRIBUTING.md`. (#27840) Thanks @ngutman.
Agents: add account-scoped bind and routing commands (#27195) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: ad35a458a55427614a35c9d0713a7386172464ad Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-26 02:36:56 -05:00
CI: shard Windows test lane for faster CI critical path (#27234) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: f7c41089e0d5c36f59addd643d2038502bafe933 Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant
2026-02-26 00:33:36 -06:00
### Fixes
fix(tools): honor tools.fs.workspaceOnly=false for host write/edit (#28822) Merged via squash. Prepared head SHA: 83d432961d3e512165ff5caa36decbd92648f5a2 Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com> Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com> Reviewed-by: @velvet-shark
2026-02-28 07:53:20 +08:00
- FS tools/workspaceOnly: honor `tools.fs.workspaceOnly=false` for host write and edit operations so FS tools can access paths outside the workspace when sandbox is off. (#28822) thanks @lailoo. Fixes #28763. Thanks @cjscld for reporting.
fix: enforce dm allowFrom inheritance across account channels (#27936) (thanks @widingmarcus-cyber)
2026-02-26 23:03:36 +01:00
- Telegram/DM allowlist runtime inheritance: enforce `dmPolicy: "allowlist"` `allowFrom` requirements using effective account-plus-parent config across account-capable channels (Telegram, Discord, Slack, Signal, iMessage, IRC, BlueBubbles, WhatsApp), and align `openclaw doctor` checks to the same inheritance logic so DM traffic is not silently dropped after upgrades. (#27936) Thanks @widingmarcus-cyber.
fix: harden delivery recovery backoff eligibility and tests (#27710) (thanks @Jimmy-xuzimo)
2026-02-26 22:25:56 +01:00
- Delivery queue/recovery backoff: prevent retry starvation by persisting `lastAttemptAt` on failed sends and deferring recovery retries until each entry's `lastAttemptAt + backoff` window is eligible, while continuing to recover ready entries behind deferred ones. Landed from contributor PR #27710 by @Jimmy-xuzimo. Thanks @Jimmy-xuzimo.
Changelog: include Gemini OAuth PRs #16683 and #16684 (#27987)
2026-02-26 17:50:53 -05:00
- Gemini OAuth/Auth flow: align OAuth project discovery metadata and endpoint fallback handling for Gemini CLI auth, including fallback coverage for environment-provided project IDs. (#16684) Thanks @vincentkoc.
fix: add googlechat lifecycle regression test (#27384) (thanks @junsuwhy)
2026-02-26 22:48:54 +01:00
- Google Chat/Lifecycle: keep Google Chat `startAccount` pending until abort in webhook mode so startup is no longer interpreted as immediate exit, preventing auto-restart loops and webhook-target churn. (#27384) thanks @junsuwhy.
fix: harden temp dir perms for umask 0002 (landed from #27860 by @stakeswky) Co-authored-by: 不做了睡大觉 <stakeswky@gmail.com>
2026-02-26 21:59:55 +00:00
- Temp dirs/Linux umask: force `0700` permissions after temp-dir creation and self-heal existing writable temp dirs before trust checks so `umask 0002` installs no longer crash-loop on startup. Landed from contributor PR #27860 by @stakeswky. (#27853) Thanks @stakeswky.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Nextcloud Talk/Lifecycle: keep `startAccount` pending until abort and stop the webhook monitor on shutdown, preventing `EADDRINUSE` restart loops when the gateway manages account lifecycle. (#27897) Thanks @steipete.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Microsoft Teams/File uploads: acknowledge `fileConsent/invoke` immediately (`invokeResponse` before upload + file card send) so Teams no longer shows false "Something went wrong" timeout banners while upload completion continues asynchronously; includes updated async regression coverage. Landed from contributor PR #27641 by @scz2011.
- Queue/Drain/Cron reliability: harden lane draining with guaranteed `draining` flag reset on synchronous pump failures, reject new queue enqueues during gateway restart drain windows (instead of silently killing accepted tasks), add `/stop` queued-backlog cutoff metadata with stale-message skipping (while avoiding cross-session native-stop cutoff bleed), and raise isolated cron `agentTurn` outer safety timeout to avoid false 10-minute timeout races against longer agent session timeouts. (#27407, #27332, #27427)
- Typing/Main reply pipeline: always mark dispatch idle in `agent-runner` finalization so typing cleanup runs even when dispatcher `onIdle` does not fire, preventing stuck typing indicators after run completion. (#27250) Thanks @Sid-Qin.
- Typing/TTL safety net: add max-duration guardrails to shared typing callbacks so stuck lifecycle edges auto-stop typing indicators even when explicit idle/cleanup signals are missed. (#27428) Thanks @Crpdim.
- Typing/Cross-channel leakage: unify run-scoped typing suppression for cross-channel/internal-webchat routes, preserve current inbound origin as embedded run message channel context, harden shared typing keepalive with consecutive-failure circuit breaker edge-case handling, and enforce dispatcher completion/idle waits in extension dispatcher callsites (Feishu, Matrix, Mattermost, MSTeams) so typing indicators always clean up on success/error paths. Related: #27647, #27493, #27598. Supersedes/replaces draft PRs: #27640, #27593, #27540.
- Telegram/sendChatAction 401 handling: add bounded exponential backoff + temporary local typing suppression after repeated unauthorized failures to stop unbounded `sendChatAction` retry loops that can trigger Telegram abuse enforcement and bot deletion. (#27415) Thanks @widingmarcus-cyber.
- Telegram/Webhook startup: clarify webhook config guidance, allow `channels.telegram.webhookPort: 0` for ephemeral listener binding, and log both the local listener URL and Telegram-advertised webhook URL with the bound port. (#25732) thanks @huntharo.
fix: repair Telegram allowlist DM migrations (#27936) (thanks @widingmarcus-cyber)
2026-02-26 23:36:33 +01:00
- Config/Doctor allowlist safety: reject `dmPolicy: "allowlist"` configs with empty `allowFrom`, add Telegram account-level inheritance-aware validation, and teach `openclaw doctor --fix` to restore missing `allowFrom` entries from pairing-store files when present, preventing silent DM drops after upgrades. (#27936) Thanks @widingmarcus-cyber.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Browser/Chrome extension handshake: bind relay WS message handling before `onopen` and add non-blocking `connect.challenge` response handling for gateway-style handshake frames, avoiding stuck `…` badge states when challenge frames arrive immediately on connect. Landed from contributor PR #22571 by @pandego. (#22553)
- Browser/Extension relay init: dedupe concurrent same-port relay startup with shared in-flight initialization promises so callers await one startup lifecycle and receive consistent success/failure results. Landed from contributor PR #21277 by @HOYALIM. (Related #20688)
- Browser/Fill relay + CLI parity: accept `act.fill` fields without explicit `type` by defaulting missing/empty `type` to `text` in both browser relay route parsing and `openclaw browser fill` CLI field parsing, so relay calls no longer fail when the model omits field type metadata. Landed from contributor PR #27662 by @Uface11. (#27296) Thanks @Uface11.
- Feishu/Permission error dispatch: merge sender-name permission notices into the main inbound dispatch so one user message produces one agent turn/reply (instead of a duplicate permission-notice turn), with regression coverage. (#27381) thanks @byungsker.
feat(feishu): add support for merge_forward message parsing (openclaw#28707) thanks @tsu-builds Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: tsu-builds <264409075+tsu-builds@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 10:57:18 +08:00
- Feishu/Merged forward parsing: expand inbound `merge_forward` messages by fetching and formatting API sub-messages in order, so merged forwards provide usable content context instead of only a placeholder line. (#28707) Thanks @tsu-builds.
fix: add nodes default-node regression test (#27444) (thanks @carbaj03)
2026-02-26 22:12:26 +01:00
- Agents/Canvas default node resolution: when multiple connected canvas-capable nodes exist and no single `mac-*` candidate is selected, default to the first connected candidate instead of failing with `node required` for implicit-node canvas tool calls. Landed from contributor PR #27444 by @carbaj03. Thanks @carbaj03.
fix: narrow finalize boundary-drop guard (#27711) (thanks @scz2011)
2026-02-26 20:49:23 +01:00
- TUI/stream assembly: preserve streamed text across real tool-boundary drops without keeping stale streamed text when non-text blocks appear only in the final payload. Landed from contributor PR #27711 by @scz2011. (#27674)
fix: forward resolved session key in agent delivery (follow-up #27584 by @qualiobra) Co-authored-by: Lucas Teixeira Campos Araujo <lucas@MacBook-Pro-de-Lucas.local>
2026-02-26 21:14:03 +00:00
- Hooks/Internal `message:sent`: forward `sessionKey` on outbound sends from agent delivery, cron isolated delivery, gateway receipt acks, heartbeat sends, session-maintenance warnings, and restart-sentinel recovery so internal `message:sent` hooks consistently dispatch with session context, including `openclaw agent --deliver` runs resumed via `--session-id` (without explicit `--session-key`). Landed from contributor PR #27584 by @qualiobra. Thanks @qualiobra.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Pi image-token usage: stop re-injecting history image blocks each turn, process image references from the current prompt only, and prune already-answered user-image blocks in stored history to prevent runaway token growth. (#27602) Thanks @steipete.
fix(bluebubbles): allow configured host for attachment SSRF guard Co-authored-by: damaozi <1811866786@qq.com>
2026-02-26 16:40:38 +01:00
- BlueBubbles/SSRF: auto-allowlist the configured `serverUrl` hostname for attachment fetches so localhost/private-IP BlueBubbles setups are no longer false-blocked by default SSRF checks. Landed from contributor PR #27648 by @lailoo. (#27599) Thanks @taylorhou for reporting.
fix(agents): harden compaction and reset safety Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com> Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:35:55 +01:00
- Agents/Compaction + onboarding safety: prevent destructive double-compaction by stripping stale assistant usage around compaction boundaries, skipping post-compaction custom metadata writes in the same attempt, and cancelling safeguard compaction when there are no real conversation messages to summarize; harden workspace/bootstrap detection for memory-backed workspaces; and change `openclaw onboard --reset` default scope to `config+creds+sessions` (workspace deletion now requires `--reset-scope full`). (#26458, #27314) Thanks @jaden-clovervnd, @Sid-Qin, and @widingmarcus-cyber for fix direction in #26502, #26529, and #27492.
fix: land NO_REPLY announce suppression and auth scope assertions Landed follow-up for #27535 and aligned shared-auth gateway expectations after #27498. Co-authored-by: kevinWangSheng <118158941+kevinWangSheng@users.noreply.github.com>
2026-02-26 13:40:30 +00:00
- NO_REPLY suppression: suppress `NO_REPLY` before Slack API send and in sub-agent announce completion flow so sentinel text no longer leaks into user channels. Landed from contributor PRs #27529 (by @Sid-Qin) and #27535 (rewritten minimal landing by maintainers). (#27387, #27531)
fix(matrix): preserve sender labels in Matrix BodyForAgent
2026-02-26 20:49:30 +01:00
- Matrix/Group sender identity: preserve sender labels in Matrix group inbound prompt text (`BodyForAgent`) for both channel and threaded messages, and align group envelopes with shared inbound sender-prefix formatting so first-person requests resolve against the current sender. (#27401) thanks @koushikxd.
fix: changelog for NO_REPLY streaming fix (#19576) (thanks @aldoeliacim)
2026-02-26 16:04:31 +05:30
- Auto-reply/Streaming: suppress only exact `NO_REPLY` final replies while still filtering streaming partial sentinel fragments (`NO_`, `NO_RE`, `HEARTBEAT_...`) so substantive replies ending with `NO_REPLY` are delivered and partial silent tokens do not leak during streaming. (#19576) Thanks @aldoeliacim.
docs(changelog): add PR #17017 entry
2026-02-26 17:04:00 +00:00
- Auto-reply/Inbound metadata: add a readable `timestamp` field to conversation info and ignore invalid/out-of-range timestamp values so prompt assembly never crashes on malformed timestamp inputs. (#17017) thanks @liuy.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Typing/Run completion race: prevent post-run keepalive ticks from re-triggering typing callbacks by guarding `triggerTyping()` with `runComplete`, with regression coverage for no-restart behavior during run-complete/dispatch-idle boundaries. (#27413) Thanks @widingmarcus-cyber.
- Typing/Dispatch idle: force typing cleanup when `markDispatchIdle` never arrives after run completion, avoiding leaked typing keepalive loops in cron/announce edges. Landed from contributor PR #27541 by @Sid-Qin. (#27493)
fix: changelog for telegram group inline callbacks (#27343) (thanks @GodsBoy)
2026-02-26 14:42:47 +05:30
- Telegram/Inline buttons: allow callback-query button handling in groups (including `/models` follow-up buttons) when group policy authorizes the sender, by removing the redundant callback allowlist gate that blocked open-policy groups. (#27343) Thanks @GodsBoy.
docs(changelog): thank @emanuelst for telegram preview fix (#27449)
2026-02-26 16:18:16 +05:30
- Telegram/Streaming preview: when finalizing without an existing preview message, prime pending preview text with final answer before stop-flush so users do not briefly see stale 1-2 word fragments (for example `no` before `no problem`). (#27449) Thanks @emanuelst for the original fix direction in #19673.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Browser/Extension relay CORS: handle `/json*` `OPTIONS` preflight before auth checks, allow Chrome extension origins, and return extension-origin CORS headers on relay HTTP responses so extension token validation no longer fails cross-origin. Landed from contributor PR #23962 by @miloudbelarebia. (#23842)
- Browser/Extension relay auth: allow `?token=` query-param auth on relay `/json*` endpoints (consistent with relay WebSocket auth) so curl/devtools-style `/json/version` and `/json/list` probes work without requiring custom headers. Landed from contributor PR #26015 by @Sid-Qin. (#25928)
- Browser/Extension relay shutdown: flush pending extension-request timers/rejections during relay `stop()` before socket/server teardown so in-flight extension waits do not survive shutdown windows. Landed from contributor PR #24142 by @kevinWangSheng.
fix(browser): land PR #27617 relay reconnect resilience
2026-02-26 15:08:26 +00:00
- Browser/Extension relay reconnect resilience: keep CDP clients alive across brief MV3 extension disconnect windows, wait briefly for extension reconnect before failing in-flight CDP commands, and only tear down relay target/client state after reconnect grace expires. Landed from contributor PR #27617 by @davidemanuelDEV.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Browser/Route decode hardening: guard malformed percent-encoding in relay target action routes and browser route-param decoding so crafted `%` paths return `400` instead of crashing/unhandled URI decode failures. Landed from contributor PR #11880 by @Yida-Dev.
fix(browser): harden writable output paths
2026-03-01 23:25:13 +00:00
- Browser/Writable output path hardening: reject existing hardlinked writable targets, and finalize browser download/trace outputs via sibling temp files plus atomic rename to block hardlink-alias overwrite paths under browser temp roots.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Feishu/Inbound message metadata: include inbound `message_id` in `BodyForAgent` on a dedicated metadata line so agents can reliably correlate and act on media/message operations that require message IDs, with regression coverage. (#27253) thanks @xss925175263.
- Feishu/Doc tools: route `feishu_doc` and `feishu_app_scopes` through the active agent account context (with explicit `accountId` override support) so multi-account agents no longer default to the first configured app, with regression coverage for context routing and explicit override behavior. (#27338) thanks @AaronL725.
- LINE/Inline directives auth: gate directive parsing (`/model`, `/think`, `/verbose`, `/reasoning`, `/queue`) on resolved authorization (`command.isAuthorizedSender`) so `commands.allowFrom`-authorized LINE senders are not silently stripped when raw `CommandAuthorized` is unset. Landed from contributor PR #27248 by @kevinWangSheng. (#27240)
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Onboarding/Gateway: seed default Control UI `allowedOrigins` for non-loopback binds during onboarding (`localhost`/`127.0.0.1` plus custom bind host) so fresh non-loopback setups do not fail startup due to missing origin policy. (#26157) thanks @stakeswky.
- Docker/GCP onboarding: reduce first-build OOM risk by capping Node heap during `pnpm install`, reuse existing gateway token during `docker-setup.sh` reruns so `.env` stays aligned with config, auto-bootstrap Control UI allowed origins for non-loopback Docker binds, and add GCP docs guidance for tokenized dashboard links + pairing recovery commands. (#26253) Thanks @pandego.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- CLI/Gateway `--force` in non-root Docker: recover from `lsof` permission failures (`EACCES`/`EPERM`) by falling back to `fuser` kill + probe-based port checks, so `openclaw gateway --force` works for default container `node` user flows. (#27941) Thanks @steipete.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Gateway/Bind visibility: emit a startup warning when binding to non-loopback addresses so operators get explicit exposure guidance in runtime logs. (#25397) thanks @let5sne.
- Sessions cleanup/Doctor: add `openclaw sessions cleanup --fix-missing` to prune store entries whose transcript files are missing, including doctor guidance and CLI coverage. Landed from contributor PR #27508 by @Sid-Qin. (#27422)
- Doctor/State integrity: ignore metadata-only slash routing sessions when checking recent missing transcripts so `openclaw doctor` no longer reports false-positive transcript-missing warnings for `*:slash:*` keys. (#27375) thanks @gumadeiras.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- CLI/Gateway status: force local `gateway status` probe host to `127.0.0.1` for `bind=lan` so co-located probes do not trip non-loopback plaintext WebSocket checks. (#26997) thanks @chikko80.
fix: align gateway run auth modes (#27469) (thanks @s1korrrr)
2026-02-26 19:18:43 +01:00
- CLI/Gateway auth: align `gateway run --auth` parsing/help text with supported gateway auth modes by accepting `none` and `trusted-proxy` (in addition to `token`/`password`) for CLI overrides. (#27469) thanks @s1korrrr.
fix(cli): add TLS daemon-status probe regression coverage
2026-02-26 17:42:34 +00:00
- CLI/Daemon status TLS probe: use `wss://` and forward local TLS certificate fingerprint for TLS-enabled gateway daemon probes so `openclaw daemon status` works with `gateway.bind=lan` + `gateway.tls.enabled=true`. (#24234) thanks @liuy.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Podman/Default bind: change `run-openclaw-podman.sh` default gateway bind from `lan` to `loopback` and document explicit LAN opt-in with Control UI origin configuration. (#27491) thanks @robbyczgw-cla.
- Daemon/macOS launchd: forward proxy env vars into supervised service environments, keep LaunchAgent `KeepAlive=true` semantics, and harden restart sequencing to `print -> bootout -> wait old pid exit -> bootstrap -> kickstart`. (#27276) thanks @frankekn.
docs(changelog): unify gateway restart-loop fixes
2026-02-26 16:27:32 +01:00
- Gateway/macOS restart-loop hardening: detect OpenClaw-managed supervisor markers during SIGUSR1 restart handoff, clean stale gateway PIDs before `/restart` launchctl/systemctl triggers, and set LaunchAgent `ThrottleInterval=60` to bound launchd retry storms during lock-release races. Landed from contributor PRs #27655 (@taw0002), #27448 (@Sid-Qin), and #27650 (@kevinWangSheng). (#27605, #27590, #26904, #26736)
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Models/MiniMax auth header defaults: set `authHeader: true` for both onboarding-generated MiniMax API providers and implicit built-in MiniMax (`minimax`, `minimax-portal`) provider templates so first requests no longer fail with MiniMax `401 authentication_error` due to missing `Authorization` header. Landed from contributor PRs #27622 by @riccoyuanft and #27631 by @kevinWangSheng. (#27600, #15303)
fix(provider): normalize bare gemini-3 Pro model IDs for google-antigravity (#24145) * fix(provider): normalize bare gemini-3 Pro model IDs for google-antigravity The Antigravity Cloud Code Assist API requires a thinking-tier suffix (-low or -high) for all Gemini 3 Pro variants. When a user configures a bare model ID like `gemini-3.1-pro`, the API returns a 404 because it only recognises `gemini-3.1-pro-low` or `gemini-3.1-pro-high`. Add `normalizeAntigravityModelId()` that appends `-low` (the default tier) to bare Pro model IDs, and apply it during provider normalisation for `google-antigravity`. Also refactor the per-provider model normalisation into a shared `normalizeProviderModels()` helper. Closes #24071 Co-authored-by: Cursor <cursoragent@cursor.com> * Tests: cover antigravity model ID normalization * Changelog: note antigravity pro tier normalization * Tests: type antigravity model helper inputs --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-27 07:53:46 +08:00
- Models/Google Antigravity IDs: normalize bare `gemini-3-pro`, `gemini-3.1-pro`, and `gemini-3-1-pro` model IDs to the default `-low` thinking tier so provider requests no longer fail with 404 when the tier suffix is omitted. (#24145) Thanks @byungsker.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Auth/Auth profiles: normalize `auth-profiles.json` alias fields (`mode -> type`, `apiKey -> key`) before credential validation so entries copied from `openclaw.json` auth examples are no longer silently dropped. (#26950) thanks @byungsker.
fix(agents): add forward-compat fallback for google-gemini-cli gemini-3.1-pro/flash-preview (#26570) * fix(agents): add "google" provider to isReasoningTagProvider to prevent reasoning leak The gemini-api-key auth flow creates a profile with provider "google" (e.g. google/gemini-3-pro-preview), but isReasoningTagProvider only matched "google-gemini-cli" (OAuth) and "google-generative-ai". As a result: - reasoningTagHint was false → system prompt omitted <think>/<final> formatting instructions - enforceFinalTag was false → <final> tag filtering was skipped Raw <think> reasoning output was delivered to the end user. Fix: add the bare "google" provider string to the match list and cover it with two new test cases (exact match + case-insensitive). Fixes #26551 * fix(agents): add forward-compat fallback for google-gemini-cli gemini-3.1-pro/flash-preview gemini-3.1-pro-preview and gemini-3.1-flash-preview are not yet present in pi-ai's built-in google-gemini-cli model catalog (only gemini-3-pro-preview and gemini-3-flash-preview are registered). When users configure these models they get "Unknown model" errors even though Gemini CLI OAuth supports them. The codebase already has isGemini31Model() in extra-params.ts, which proves intent to support these models. Add a resolveGoogleGeminiCli31ForwardCompatModel entry to resolveForwardCompatModel following the same clone-template pattern used for zai/glm-5 and anthropic 4.6 models. - gemini-3.1-pro-* clones gemini-3-pro-preview (with reasoning: true) - gemini-3.1-flash-* clones gemini-3-flash-preview (with reasoning: true) Also add test helpers and three test cases to model.forward-compat.test.ts. Fixes #26524 * Changelog: credit Google Gemini provider fallback fixes --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-27 08:39:13 +09:00
- Models/Google Gemini: treat `google` (Gemini API key auth profile) as a reasoning-tag provider to prevent `<think>` leakage, and add forward-compat model fallback for `google-gemini-cli` `gemini-3.1-pro*` / `gemini-3.1-flash*` IDs to avoid false unknown-model errors. (#26551, #26524) Thanks @byungsker.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Models/Profile suffix parsing: centralize trailing `@profile` parsing and only treat `@` as a profile separator when it appears after the final `/`, preserving model IDs like `openai/@cf/...` and `openrouter/@preset/...` across `/model` directive parsing and allowlist model resolution, with regression coverage.
- Models/OpenAI Codex config schema parity: accept `openai-codex-responses` in the config model API schema and TypeScript `ModelApi` union, with regression coverage for config validation. Landed from contributor PR #27501 by @AytuncYildizli. Thanks @AytuncYildizli.
- Agents/Models config: preserve agent-level provider `apiKey` and `baseUrl` during merge-mode `models.json` updates when agent values are present. (#27293) thanks @Sid-Qin.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- Azure OpenAI Responses: force `store=true` for `azure-openai-responses` direct responses API calls to avoid multi-turn 400 failures. Landed from contributor PR #27499 by @polarbear-Yang. (#27497)
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:47 +00:00
- Security/Node exec approvals: require structured `commandArgv` approvals for `host=node`, enforce `systemRunBinding` matching for argv/cwd/session/agent/env context with fail-closed behavior on missing/mismatched bindings, and add `GIT_EXTERNAL_DIFF` to blocked host env keys. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
fix(security): enforce auth for abort triggers and models
2026-03-01 21:17:29 +00:00
- Security/Command authorization: enforce sender authorization for natural-language abort triggers (`stop`-like text) and `/models` listings, preventing unauthorized session aborts and model-auth metadata disclosure. This ships in the next npm release (`2026.2.27`). Thanks @tdjackey for reporting.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Security/Plugin channel HTTP auth: normalize protected `/api/channels` path checks against canonicalized request paths (case + percent-decoding + slash normalization), resolve encoded dot-segment traversal variants, and fail closed on malformed `%`-encoded channel prefixes so alternate-path variants cannot bypass gateway auth. This ships in the next npm release (`2026.2.26`). Thanks @zpbrent for reporting.
- Security/Gateway node pairing: pin paired-device `platform`/`deviceFamily` metadata across reconnects and bind those fields into device-auth signatures, so reconnect metadata spoofing cannot expand node command allowlists without explicit repair pairing. This ships in the next npm release (`2026.2.26`). Thanks @76embiid21 for reporting.
- Security/Sandbox path alias guard: reject broken symlink targets by resolving through existing ancestors and failing closed on out-of-root targets, preventing workspace-only `apply_patch` writes from escaping sandbox/workspace boundaries via dangling symlinks. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Workspace FS boundary aliases: harden canonical boundary resolution for non-existent-leaf symlink aliases while preserving valid in-root aliases, preventing first-write workspace escapes via out-of-root symlink targets. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Config includes: harden `$include` file loading with verified-open reads, reject hardlinked include aliases, and enforce include file-size guardrails so config include resolution remains bounded to trusted in-root files. This ships in the next npm release (`2026.2.26`). Thanks @zpbrent for reporting.
- Security/Node exec approvals hardening: freeze immutable approval-time execution plans (`argv`/`cwd`/`agentId`/`sessionKey`) via `system.run.prepare`, enforce those canonical plan values during approval forwarding/execution, and reject mutable parent-symlink cwd paths during approval-plan building to prevent approval bypass via symlink rebind. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Microsoft Teams media fetch: route Graph message/hosted-content/attachment fetches and auth-scope fallback attachment downloads through shared SSRF-guarded fetch paths, and centralize hostname-suffix allowlist policy helpers in the plugin SDK to remove channel/plugin drift. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Voice Call (Twilio): bind webhook replay + manager dedupe identity to authenticated request material, remove unsigned `i-twilio-idempotency-token` trust from replay/dedupe keys, and thread verified request identity through provider parse flow to harden cross-provider event dedupe. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Exec approvals forwarding: prefer turn-source channel/account/thread metadata when resolving approval delivery targets so stale session routes do not misroute approval prompts.
- Security/Pairing multi-account isolation: enforce account-scoped pairing allowlists and pending-request storage across core + extension message channels while preserving channel-scoped defaults for the default account. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting and @gumadeiras for implementation.
fix(memory): readonly sync recovery (openclaw#25799) thanks @rodrigouroz Verified: - pnpm build - pnpm check - pnpm test:macmini (fails in this environment at src/daemon/launchd.integration.test.ts beforeAll hook timeout; merged with Tak override) Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 15:26:43 -03:00
- Memory/SQLite: deduplicate concurrent memory-manager initialization and auto-reopen stale SQLite handles after atomic reindex swaps, preventing repeated `attempt to write a readonly database` sync failures until gateway restart.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Config/Plugins entries: treat unknown `plugins.entries.*` ids as startup warnings (ignored stale keys) instead of hard validation failures that can crash-loop gateway boot. Landed from contributor PR #27506 by @Sid-Qin. (#27455)
- Telegram native commands: degrade command registration on `BOT_COMMANDS_TOO_MUCH` by retrying with fewer commands instead of crash-looping startup sync. Landed from contributor PR #27512 by @Sid-Qin. (#27456)
- Web tools/Proxy: route `web_search` provider HTTP calls (Brave, Perplexity, xAI, Gemini, Kimi), redirect resolution, and `web_fetch` through a shared proxy-aware SSRF guard path so gateway installs behind `HTTP_PROXY`/`HTTPS_PROXY`/`ALL_PROXY` no longer fail with transport `fetch failed` errors. (#27430) thanks @kevinWangSheng.
fix: update changelog for android invoke distill (#27257) (thanks @obviyus)
2026-02-26 12:17:14 +05:30
- Android/Node invoke: remove native gateway WebSocket `Origin` header to avoid false origin rejections, unify invoke command registry/policy/error parsing paths, and keep command availability checks centralized to reduce dispatcher/advertisement drift. (#27257) Thanks @obviyus.
docs: reorder unreleased 2026.2.26 changelog entries
2026-02-26 22:30:13 +01:00
- Gateway shared-auth scopes: preserve requested operator scopes for shared-token clients when device identity is unavailable, instead of clearing scopes during auth handling. Landed from contributor PR #27498 by @kevinWangSheng. (#27494)
- Cron/Hooks isolated routing: preserve canonical `agent:*` session keys in isolated runs so already-qualified keys are not double-prefixed (for example `agent:main:main` no longer becomes `agent:main:agent:main:main`). Landed from contributor PR #27333 by @MaheshBhushan. (#27289, #27282)
- Channels/Multi-account config: when adding a non-default channel account to a single-account top-level channel setup, move existing account-scoped top-level single-account values into `channels.<channel>.accounts.default` before writing the new account so the original account keeps working without duplicated account values at channel root; `openclaw doctor --fix` now repairs previously mixed channel account shapes the same way. (#27334) thanks @gumadeiras.
docs(changelog): reorder all unreleased entries by user impact
2026-02-26 16:05:47 +01:00
- iOS/Talk mode: stop injecting the voice directive hint into iOS Talk prompts and remove the Voice Directive Hint setting, reducing model bias toward tool-style TTS directives and keeping relay responses text-first by default. (#27543) thanks @ngutman.
CI: shard Windows test lane for faster CI critical path (#27234) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: f7c41089e0d5c36f59addd643d2038502bafe933 Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant
2026-02-26 00:33:36 -06:00
- CI/Windows: shard the Windows `checks-windows` test lane into two matrix jobs and honor explicit shard index overrides in `scripts/test-parallel.mjs` to reduce CI critical-path wall time. (#27234) Thanks @joshavant.
docs: finalize 2026.2.25 release notes and appcast
2026-02-26 05:15:21 +01:00
## 2026.2.25
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
### Changes
docs: add changelog entry for #26079 (thanks @obviyus)
2026-02-25 09:31:41 +05:30
- Android/Chat: improve streaming delivery handling and markdown rendering quality in the native Android chat UI, including better GitHub-flavored markdown behavior. (#26079) Thanks @obviyus.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Android/Startup perf: defer foreground-service startup, move WebView debugging init out of critical startup, and add startup macrobenchmark + low-noise perf CLI scripts for deterministic cold-start tracking. (#26659) Thanks @obviyus.
fix: add changelog for chat compose mobile layout (#11167) (thanks @junyiz)
2026-02-26 08:03:46 +05:30
- UI/Chat compose: add mobile stacked layout for compose action buttons on small screens to improve send/session controls usability. (#11167) Thanks @junyiz.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Heartbeat/Config: replace heartbeat DM toggle with `agents.defaults.heartbeat.directPolicy` (`allow` | `block`; also supported per-agent via `agents.list[].heartbeat.directPolicy`) for clearer delivery semantics.
- Onboarding/Security: clarify onboarding security notices that OpenClaw is personal-by-default (single trusted operator boundary) and shared/multi-user setups require explicit lock-down/hardening.
refactor: replace bot.molt identifiers with ai.openclaw
2026-02-25 05:03:20 +00:00
- Branding/Docs + Apple surfaces: replace remaining `bot.molt` launchd label, bundle-id, logging subsystem, and command examples with `ai.openclaw` across docs, iOS app surfaces, helper scripts, and CLI test fixtures.
Agents: emphasize config.schema usage
2026-02-25 09:45:39 -06:00
- Agents/Config: remind agents to call `config.schema` before config edits or config-field questions to avoid guessing. Thanks @thewilloftheshadow.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Dependencies: update workspace dependency pins and lockfile (Bedrock SDK `3.998.0`, `@mariozechner/pi-*` `0.55.1`, TypeScript native preview `7.0.0-dev.20260225.1`) while keeping `@buape/carbon` pinned.
feat(heartbeat): add directPolicy and restore default direct delivery
2026-02-26 03:56:40 +01:00
### Breaking
- **BREAKING:** Heartbeat direct/DM delivery default is now `allow` again. To keep DM-blocked behavior from `2026.2.24`, set `agents.defaults.heartbeat.directPolicy: "block"` (or per-agent override).
docs: add changelog entry for #26079 (thanks @obviyus)
2026-02-25 09:31:41 +05:30
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
### Fixes
fix(slack): thread agent identity through channel reply path (openclaw#27134) thanks @hou-rong Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: hou-rong <8758438+hou-rong@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 23:25:32 +08:00
- Slack/Identity: thread agent outbound identity (`chat:write.customize` overrides) through the channel reply delivery path so per-agent username, icon URL, and icon emoji are applied to all Slack replies including media messages. (#27134) Thanks @hou-rong.
fix(slack): resolve replyToMode per-message using chat type (#24717) * fix(slack): resolve replyToMode per-message using chat type The Slack monitor resolved replyToMode once at startup from the top-level config, ignoring replyToModeByChatType overrides. This caused DM replies to be threaded even when replyToModeByChatType.direct was set to "off". Now the inbound message handler calls resolveSlackReplyToMode(account, chatType) per-message — the same function already used by the outbound dock and tool threading context — so per-chat-type overrides take effect on the inbound path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Slack: add changelog for per-message replyToMode resolution --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 08:21:01 -08:00
- Slack/Threading: resolve `replyToMode` per incoming message using chat-type-aware account config (`replyToModeByChatType` and legacy `dm.replyToMode`) so DM/channel reply threading honors overrides instead of always using monitor startup defaults. (#24717) Thanks @dbachelder.
feat(slack): track thread participation for auto-reply without @mention (#29165) * feat(slack): track thread participation for auto-reply without @mention * fix(slack): scope thread participation cache by accountId and capture actual reply thread ts * fix(slack): capture reply thread ts from all delivery paths and only after success * Slack: add changelog for thread participation cache behavior --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 12:42:12 -04:00
- Slack/Threading: track bot participation in message threads (per account/channel/thread) so follow-up messages in those threads can be handled without requiring repeated @mentions, while preserving mention-gating behavior for unrelated threads. (#29165) Thanks @luijoc.
fix(slack): honor replyToModeByChatType when ThreadLabel exists (#26251) * fix(slack): honor direct replyToMode when thread label exists ThreadLabel is a session/conversation label, not a reliable indicator of an actual Slack thread reply. Using it to force replyToMode="all" overrides replyToModeByChatType.direct="off" in DMs. Switch to MessageThreadId which indicates a real thread target is available, preserving expected behavior: thread replies stay threaded, normal DMs respect the configured mode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Slack: add changelog for threading tool context fix --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 09:02:06 -08:00
- Slack/Threading: stop forcing tool-call reply mode to `all` based on `ThreadLabel` alone; now force thread reply mode only when an explicit thread target exists (`MessageThreadId`/`ReplyToId`), so DM `replyToModeByChatType.direct` overrides are honored outside real thread replies. (#26251) Thanks @dbachelder.
feat(slack): per-thread session isolation for DM auto-threading (#26849) * feat(slack): create thread sessions for auto-threaded DM messages When replyToMode="all", every top-level message starts a new Slack thread. Previously, only subsequent replies in that thread got an isolated session (via :thread:<threadTs> suffix). The initial message fell back to the base DM session, mixing context across unrelated conversations. Now, when replyToMode="all" and a message is not already a thread reply, the message's own ts is used as the threadId for session key resolution. This gives the initial message AND all subsequent thread replies the same isolated session. This enables per-thread session isolation for Slack DMs — each new message starts its own thread and session, keeping conversations separate. * Slack: fix auto-thread session key mode check and add changelog --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 09:24:45 -08:00
- Slack/Threading: when `replyToMode="all"` auto-threads top-level Slack DMs, seed the thread session key from the message `ts` so the initial message and later replies share the same isolated `:thread:` session instead of falling back to base DM context. (#26849) Thanks @calder-sandy.
refactor(agents): unify subagent announce delivery pipeline Co-authored-by: Smith Labs <SmithLabsLLC@users.noreply.github.com> Co-authored-by: Do Cao Hieu <docaohieu2808@users.noreply.github.com>
2026-02-26 00:30:19 +00:00
- Agents/Subagents delivery: refactor subagent completion announce dispatch into an explicit queue/direct/fallback state machine, recover outbound channel-plugin resolution in cold/stale plugin-registry states across announce/message/gateway send paths, finalize cleanup bookkeeping when announce flow rejects, and treat Telegram sends without `message_id` as delivery failures (instead of false-success `"unknown"` IDs). (#26867, #25961, #26803, #25069, #26741) Thanks @SmithLabsLLC and @docaohieu2808.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Telegram/Webhook: pre-initialize webhook bots, switch webhook processing to callback-mode JSON handling, and preserve full near-limit payload reads under delayed handlers to prevent webhook request hangs and dropped updates. (#26156) Thanks @steipete.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Slack/Session threads: prevent oversized parent-session inheritance from silently bricking new thread sessions, surface embedded context-overflow empty-result failures to users, and add configurable `session.parentForkMaxTokens` (default `100000`, `0` disables). (#26912) Thanks @markshields-tl.
- Cron/Message multi-account routing: honor explicit `delivery.accountId` for isolated cron delivery resolution, and when `message.send` omits `accountId`, fall back to the sending agent's bound channel account instead of defaulting to the global account. (#27015, #26975) Thanks @lbo728 and @stakeswky.
- Gateway/Message media roots: thread `agentId` through gateway `send` RPC and prefer explicit `agentId` over session/default resolution so non-default agent workspace media sends no longer fail with `LocalMediaAccessError`; added regression coverage for agent precedence and blank-agent fallback. (#23249) Thanks @Sid-Qin.
- Followups/Routing: when explicit origin routing fails, allow same-channel fallback dispatch (while still blocking cross-channel fallback) so followup replies do not get dropped on transient origin-adapter failures. (#26109) Thanks @Sid-Qin.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Cron/Announce duplicate guard: track attempted announce/direct delivery separately from confirmed `delivered`, and suppress fallback main-session cron summaries when delivery was already attempted to avoid duplicate end-user sends in uncertain-ack paths. (#27018) Thanks @steipete.
fix: add changelog note for LINE lifecycle fix (#26528) (thanks @Sid-Qin)
2026-02-26 04:16:10 +01:00
- LINE/Lifecycle: keep LINE `startAccount` pending until abort so webhook startup is no longer misread as immediate channel exit, preventing restart-loop storms on LINE provider boot. (#26528) Thanks @Sid-Qin.
Discord: handle early gateway startup errors
2026-02-22 13:43:06 -05:00
- Discord/Gateway: capture and drain startup-time gateway `error` events before lifecycle listeners attach so early `Fatal Gateway error: 4014` closes surface as actionable intent guidance instead of uncaught gateway crashes. (#23832) Thanks @theotarr.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Discord/Inbound text: preserve embed `title` + `description` fallback text in message and forwarded snapshot parsing so embed titles are not silently dropped from agent input. (#26946) Thanks @stakeswky.
- Slack/Inbound media fallback: deliver file-only messages even when Slack media downloads fail by adding a filename placeholder fallback, capping fallback names to the shared media-file limit, and normalizing empty filenames to `file` so attachment-only messages are not silently dropped. (#25181) Thanks @justinhuangcode.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Telegram/Preview cleanup: keep finalized text previews when a later assistant message is media-only (for example mixed text plus voice turns) by skipping finalized preview archival at assistant-message boundaries, preventing cleanup from deleting already-visible final text messages. (#27042) Thanks @steipete.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Telegram/Markdown spoilers: keep valid `||spoiler||` pairs while leaving unmatched trailing `||` delimiters as literal text, avoiding false all-or-nothing spoiler suppression. (#26105) Thanks @Sid-Qin.
- Slack/Allowlist channels: match channel IDs case-insensitively during channel allowlist resolution so lowercase config keys (for example `c0abc12345`) correctly match Slack runtime IDs (`C0ABC12345`) under `groupPolicy: "allowlist"`, preventing silent channel-event drops. (#26878) Thanks @lbo728.
- Discord/Typing indicator: prevent stuck typing indicators by sealing channel typing keepalive callbacks after idle/cleanup and ensuring Discord dispatch always marks typing idle even if preview-stream cleanup fails. (#26295) Thanks @ngutman.
- Channels/Typing indicator: guard typing keepalive start callbacks after idle/cleanup close so post-close ticks cannot re-trigger stale typing indicators. (#26325) Thanks @win4r.
- Followups/Typing indicator: ensure followup turns mark dispatch idle on every exit path (including `NO_REPLY`, empty payloads, and agent errors) so typing keepalive cleanup always runs and channel typing indicators do not get stuck after queued/silent followups. (#26881) Thanks @codexGW.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Voice-call/TTS tools: hide the `tts` tool when the message provider is `voice`, preventing voice-call runs from selecting self-playback TTS and falling into silent no-output loops. (#27025) Thanks @steipete.
- Agents/Tools: normalize non-standard plugin tool results that omit `content` so embedded runs no longer crash with `Cannot read properties of undefined (reading 'filter')` after tool completion (including `tesseramemo_query`). (#27007) Thanks @steipete.
fix(agents): normalize whitespace-padded tool call names before dispatch (#27094) Fix tool-call lookup failures when models emit whitespace-padded names by normalizing both transcript history and live streamed embedded-runner tool calls before dispatch. Co-authored-by: wangchunyue <80630709+openperf@users.noreply.github.com> Co-authored-by: Sid <sidqin0410@gmail.com> Co-authored-by: Philipp Spiess <hello@philippspiess.com>
2026-02-27 18:26:37 +08:00
- Agents/Tool-call dispatch: trim whitespace-padded tool names in both transcript repair and live streamed embedded-runner responses so exact-match tool lookup no longer fails with `Tool ... not found` for model outputs like `" read "`. (#27094) Thanks @openperf and @Sid-Qin.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Cron/Model overrides: when isolated `payload.model` is no longer allowlisted, fall back to default model selection instead of failing the job, while still returning explicit errors for invalid model strings. (#26717) Thanks @Youyou972.
- Agents/Model fallback: keep explicit text + image fallback chains reachable even when `agents.defaults.models` allowlists are present, prefer explicit run `agentId` over session-key parsing for followup fallback override resolution (with session-key fallback), treat agent-level fallback overrides as configured in embedded runner preflight, and classify `model_cooldown` / `cooling down` errors as `rate_limit` so failover continues. (#11972, #24137, #17231)
- Agents/Model fallback: keep same-provider fallback chains active when session model differs from configured primary, infer cooldown reason from provider profile state (instead of `disabledReason` only), keep no-profile fallback providers eligible (env/models.json paths), and only relax same-provider cooldown fallback attempts for `rate_limit`. (#23816) thanks @ramezgaberiel.
- Agents/Model fallback: continue fallback traversal on unrecognized errors when candidates remain, while still throwing the original unknown error on the last candidate. (#26106) Thanks @Sid-Qin.
fix(auth): distinguish revoked API keys from transient auth errors (#25754) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8f9c07a200644284e11adae76368adab40c5fa4e Co-authored-by: rrenamed <87486610+rrenamed@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-26 02:47:16 +02:00
- Models/Auth probes: map permanent auth failover reasons (`auth_permanent`, for example revoked keys) into probe auth status instead of `unknown`, so `openclaw models status --probe` reports actionable auth failures. (#25754) thanks @rrenamed.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Hooks/Inbound metadata: include `guildId` and `channelName` in `message_received` metadata for both plugin and internal hook paths. (#26115) Thanks @davidrudduck.
- Discord/Component auth: evaluate guild component interactions with command-gating authorizers so unauthorized users no longer get `CommandAuthorized: true` on modal/button events. (#26119) Thanks @bmendonca3.
- Security/Gateway auth: require pairing for operator device-identity sessions authenticated with shared token auth so unpaired devices cannot self-assign operator scopes. Thanks @tdjackey for reporting.
chore: bump versions to 2026.2.26
2026-02-26 12:10:08 +01:00
- Security/Gateway WebSocket auth: enforce origin checks for direct browser WebSocket clients beyond Control UI/Webchat, apply password-auth failure throttling to browser-origin loopback attempts (including localhost), and block silent auto-pairing for non-Control-UI browser clients to prevent cross-origin brute-force and session takeover chains. This ships in the next npm release (`2026.2.26`). Thanks @luz-oasis for reporting.
- Security/Gateway trusted proxy: require `operator` role for the Control UI trusted-proxy pairing bypass so unpaired `node` sessions can no longer connect via `client.id=control-ui` and invoke node event methods. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/macOS beta onboarding: remove Anthropic OAuth sign-in and the legacy `oauth.json` onboarding path that exposed the PKCE verifier via OAuth `state`; this impacted the macOS beta onboarding path only. Anthropic subscription auth is now setup-token-only and will ship in the next npm release (`2026.2.26`). Thanks @zdi-disclosures for reporting.
- Security/Microsoft Teams file consent: bind `fileConsent/invoke` upload acceptance/decline to the originating conversation before consuming pending uploads, preventing cross-conversation pending-file upload or cancellation via leaked `uploadId` values; includes regression coverage for match/mismatch invoke handling. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Security/Gateway: harden `agents.files` path handling to block out-of-workspace symlink targets for `agents.files.get`/`agents.files.set`, keep in-workspace symlink targets supported, and add gateway regression coverage for both blocked escapes and allowed in-workspace symlinks. Thanks @tdjackey for reporting.
chore: bump versions to 2026.2.26
2026-02-26 12:10:08 +01:00
- Security/Workspace FS: reject hardlinked workspace file aliases in `tools.fs.workspaceOnly` and `tools.exec.applyPatch.workspaceOnly` boundary checks (including sandbox mount-root guards) to prevent out-of-workspace read/write via in-workspace hardlink paths. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Browser temp paths: harden trace/download output-path handling against symlink-root and symlink-parent escapes with realpath-based write-path checks plus secure fallback tmp-dir validation that fails closed on unsafe fallback links. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Security/Browser uploads: revalidate upload paths at use-time in Playwright file-chooser and direct-input flows so missing/rebound paths are rejected before `setFiles`, with regression coverage for strict missing-path handling.
chore: bump versions to 2026.2.26
2026-02-26 12:10:08 +01:00
- Security/Exec approvals: bind `system.run` approval matching to exact argv identity and preserve argv whitespace in rendered command text, preventing trailing-space executable path swaps from reusing a mismatched approval. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Exec approvals: harden approval-bound `system.run` execution on node hosts by rejecting symlink `cwd` paths and canonicalizing path-like executable argv before spawn, blocking mutable-cwd symlink retarget chains between approval and execution. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Signal: enforce DM/group authorization before reaction-only notification enqueue so unauthorized senders can no longer inject Signal reaction system events under `dmPolicy`/`groupPolicy`; reaction notifications now require channel access checks first. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Discord reactions: enforce DM policy/allowlist authorization before reaction-event system enqueue in direct messages; Discord reaction handling now also honors DM/group-DM enablement and guild `groupPolicy` channel gating to keep reaction ingress aligned with normal message preflight. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
- Security/Slack reactions + pins: gate `reaction_*` and `pin_*` system-event enqueue through shared sender authorization so DM `dmPolicy`/`allowFrom` and channel `users` allowlists are enforced consistently for non-message ingress, with regression coverage for denied/allowed sender paths. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
fix(slack): gate member and message subtype system events
2026-02-26 12:48:10 +01:00
- Security/Slack member + message subtype events: gate `member_*` plus `message_changed`/`message_deleted`/`thread_broadcast` system-event enqueue through shared sender authorization so DM `dmPolicy`/`allowFrom` and channel `users` allowlists are enforced consistently for non-message ingress; message subtype system events now fail closed when sender identity is missing, with regression coverage. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
chore: bump versions to 2026.2.26
2026-02-26 12:10:08 +01:00
- Security/Telegram reactions: enforce `dmPolicy`/`allowFrom` and group allowlist authorization on `message_reaction` events before enqueueing reaction system events, preventing unauthorized reaction-triggered input in DMs and groups; ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
fix: document telegram group allowlist hardening (#25988) (thanks @bmendonca3)
2026-02-26 09:21:31 +05:30
- Security/Telegram group allowlist: fail closed for group sender authorization by removing DM pairing-store fallback from group allowlist evaluation; group sender access now requires explicit `groupAllowFrom` or per-group/per-topic `allowFrom`. (#25988) Thanks @bmendonca3.
fix(security): keep DM pairing allowlists out of group auth
2026-02-26 12:58:06 +01:00
- Security/DM-group allowlist boundaries: keep DM pairing-store approvals DM-only by removing pairing-store inheritance from group sender authorization in LINE and Mattermost message preflight, and by centralizing shared DM/group allowlist composition so group checks never include pairing-store entries. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
chore: bump versions to 2026.2.26
2026-02-26 12:10:08 +01:00
- Security/Slack interactions: enforce channel/DM authorization and modal actor binding (`private_metadata.userId`) before enqueueing `block_action`/`view_submission`/`view_closed` system events, with regression coverage for unauthorized senders and missing/mismatched actor metadata. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
fix(security): harden nextcloud-talk webhook replay handling
2026-02-26 00:18:24 +01:00
- Security/Nextcloud Talk: drop replayed signed webhook events with persistent per-account replay dedupe across restarts, and reject unexpected webhook backend origins when account base URL is configured. Thanks @aristorechina for reporting.
docs(changelog): add missing security PR entries (#26118 #26116 #26112 #26111 #26095)
2026-02-25 04:52:37 +00:00
- Security/Nextcloud Talk: reject unsigned webhook traffic before full body reads, reducing unauthenticated request-body exposure, with auth-order regression coverage. (#26118) Thanks @bmendonca3.
- Security/Nextcloud Talk: stop treating DM pairing-store entries as group allowlist senders, so group authorization remains bounded to configured group allowlists. (#26116) Thanks @bmendonca3.
docs: reorder unreleased changelog by user impact
2026-02-26 04:38:56 +01:00
- Security/LINE: cap unsigned webhook body reads before auth/signature handling to bound unauthenticated body processing. (#26095) Thanks @bmendonca3.
docs(changelog): add missing security PR entries (#26118 #26116 #26112 #26111 #26095)
2026-02-25 04:52:37 +00:00
- Security/IRC: keep pairing-store approvals DM-only and out of IRC group allowlist authorization, with policy regression tests for allowlist resolution. (#26112) Thanks @bmendonca3.
- Security/Microsoft Teams: isolate group allowlist and command authorization from DM pairing-store entries to prevent cross-context authorization bleed. (#26111) Thanks @bmendonca3.
chore: bump versions to 2026.2.26
2026-02-26 12:10:08 +01:00
- Security/SSRF guard: classify IPv6 multicast literals (`ff00::/8`) as blocked/private-internal targets in shared SSRF IP checks, preventing multicast literals from bypassing URL-host preflight and DNS answer validation. This ships in the next npm release (`2026.2.26`). Thanks @zpbrent for reporting.
fix(test): stabilize low-mem parallel runner and cron session mock (#26324) * fix(test): stabilize low-mem parallel lane and cron session mock * feat(android): make QR scanning first-class onboarding * docs(android): update README for native Android workflow * fix(android): stabilize chat composer ime and tab layout * fix(android): stabilize chat ime insets and tab bar * fix(android): remove tab bar gap above system nav * fix(android): harden scanned setup code parsing * test(android): cover non-string setupCode QR payload * fix(test): add changelog note for low-mem test runner (#26324) (thanks @ngutman) --------- Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
2026-02-25 12:16:17 +02:00
- Tests/Low-memory stability: disable Vitest `vmForks` by default on low-memory local hosts (`<64 GiB`), keep low-profile extension lane parallelism at 4 workers, and align cron isolated-agent tests with `setSessionRuntimeModel` usage to avoid deterministic suite failures. (#26324) Thanks @ngutman.
fix(feishu): pass proxy agent to WSClient for proxy environments (#26397) * fix(feishu): pass proxy agent to WSClient for environments behind HTTPS proxy The Lark SDK WSClient uses the `ws` library which does not automatically respect https_proxy/HTTP_PROXY environment variables. This causes WebSocket connection failures in proxy environments (e.g. WSL2 with a local proxy). Detect proxy env vars and pass an HttpsProxyAgent to WSClient via the existing `agent` constructor option. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): add generic type parameter to HttpsProxyAgent return type Fix TS2314: `HttpsProxyAgent<Uri>` requires a type argument. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(feishu): wire ws proxy dependency and coverage * chore(lockfile): resolve axios peer lock entry after rebase --------- Co-authored-by: lirui <lirui@fxiaoke.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 13:15:11 +08:00
- Feishu/WebSocket proxy: pass a proxy agent to Feishu WS clients from standard proxy environment variables and include plugin-local runtime dependency wiring so websocket mode works in proxy-constrained installs. (#26397) Thanks @colin719.
fix(agents): harden model fallback failover paths
2026-02-25 03:46:34 +00:00
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
## 2026.2.24
fix: add mistral to MemorySearchSchema provider/fallback unions (#14934) * fix: add mistral to MemorySearchSchema provider/fallback unions The Mistral embedding provider was added to the runtime code but the Zod config schema was not updated, causing config validation to reject `provider: "mistral"` and `fallback: "mistral"` as invalid input. * Changelog: add unreleased note for Mistral memory schema fix --------- Co-authored-by: Drake (Moltbot Dev) <drake@clawd.bot> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 13:36:53 -05:00
docs(subagents): document default runTimeoutSeconds config (#24594) (thanks @mitchmcalister)
2026-02-24 04:22:25 +00:00
### Changes
Changelog: note exact do not do that stop trigger
2026-02-24 18:49:37 -05:00
- Auto-reply/Abort shortcuts: expand standalone stop phrases (`stop openclaw`, `stop action`, `stop run`, `stop agent`, `please stop`, and related variants), accept trailing punctuation (for example `STOP OPENCLAW!!!`), add multilingual stop keywords (including ES/FR/ZH/HI/AR/JP/DE/PT/RU forms), and treat exact `do not do that` as a stop trigger while preserving strict standalone matching. (#25103) Thanks @steipete and @vincentkoc.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Android/App UX: ship a native four-step onboarding flow, move post-onboarding into a five-tab shell (Connect, Chat, Voice, Screen, Settings), add a full Connect setup/manual mode screen, and refresh Android chat/settings surfaces for the new navigation model.
- Talk/Gateway config: add provider-agnostic Talk configuration with legacy compatibility, and expose gateway Talk ElevenLabs config metadata for setup/status surfaces.
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:04 +00:00
- Security/Audit: add `security.trust_model.multi_user_heuristic` to flag likely shared-user ingress and clarify the personal-assistant trust model, with hardening guidance for intentional multi-user setups (`sandbox.mode="all"`, workspace-scoped FS, reduced tool surface, no personal/private identities on shared runtimes).
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Dependencies: refresh key runtime and tooling packages across the workspace (Bedrock SDK, pi runtime stack, OpenAI, Google auth, and oxlint/oxfmt), while intentionally keeping `@buape/carbon` pinned.
docs(subagents): document default runTimeoutSeconds config (#24594) (thanks @mitchmcalister)
2026-02-24 04:22:25 +00:00
feat(sandbox): block container namespace joins by default
2026-02-24 23:19:48 +00:00
### Breaking
refactor(heartbeat): harden dm delivery classification
2026-02-25 02:12:59 +00:00
- **BREAKING:** Heartbeat delivery now blocks direct/DM targets when destination parsing identifies a direct chat (for example `user:<id>`, Telegram user chat IDs, or WhatsApp direct numbers/JIDs). Heartbeat runs still execute, but direct-message delivery is skipped and only non-DM destinations (for example channel/group targets) can receive outbound heartbeat messages.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- **BREAKING:** Security/Sandbox: block Docker `network: "container:<id>"` namespace-join mode by default for sandbox and sandbox-browser containers. To keep that behavior intentionally, set `agents.defaults.sandbox.docker.dangerouslyAllowContainerNamespaceJoin: true` (break-glass). Thanks @tdjackey for reporting.
feat(sandbox): block container namespace joins by default
2026-02-24 23:19:48 +00:00
docs(changelog): note safeBins exec hardening
2026-02-23 23:58:54 +00:00
### Fixes
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Routing/Session isolation: harden followup routing so explicit cross-channel origin replies never fall back to the active dispatcher on route failure, preserve queued overflow summary routing metadata (`channel`/`to`/`thread`) across followup drain, and prefer originating channel context over internal provider tags for embedded followup runs. This prevents webchat/control-ui context from hijacking Discord-targeted replies in shared sessions. (#25864) Thanks @Gamedesigner.
- Security/Routing: fail closed for shared-session cross-channel replies by binding outbound target resolution to the current turns source channel metadata (instead of stale session route fallbacks), and wire those turn-source fields through gateway + command delivery planners with regression coverage. (#24571) Thanks @brandonwise.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Heartbeat routing: prevent heartbeat leakage/spam into Discord and other direct-message destinations by blocking direct-chat heartbeat delivery targets and keeping blocked-delivery cron/exec prompts internal-only. (#25871) Thanks @steipete.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Heartbeat defaults/prompts: switch the implicit heartbeat delivery target from `last` to `none` (opt-in for external delivery), and use internal-only cron/exec heartbeat prompt wording when delivery is disabled so background checks do not nudge user-facing relay behavior. (#25871, #24638, #25851)
- Auto-reply/Heartbeat queueing: drop heartbeat runs when a session already has an active run instead of enqueueing a stale followup, preventing duplicate heartbeat response branches after queue drain. (#25610, #25606) Thanks @mcaxtr.
- Cron/Heartbeat delivery: stop inheriting cached session `lastThreadId` for heartbeat-mode target resolution unless a thread/topic is explicitly requested, so announce-mode cron and heartbeat deliveries stay on top-level destinations instead of leaking into active conversation threads. (#25730) Thanks @markshields-tl.
- Messaging tool dedupe: treat originating channel metadata as authoritative for same-target `message.send` suppression in proactive runs (heartbeat/cron/exec-event), including synthetic-provider contexts, so `delivery-mirror` transcript entries no longer cause duplicate Telegram sends. (#25835) Thanks @jadeathena84-arch.
- Channels/Typing keepalive: refresh channel typing callbacks on a keepalive interval during long replies and clear keepalive timers on idle/cleanup across core + extension dispatcher callsites so typing indicators do not expire mid-inference. (#25886, #25882) Thanks @stakeswky.
- Agents/Model fallback: when a run is currently on a configured fallback model, keep traversing the configured fallback chain instead of collapsing straight to primary-only, preventing dead-end failures when primary stays in cooldown. (#25922, #25912) Thanks @Taskle.
- Gateway/Models: honor explicit `agents.defaults.models` allowlist refs even when bundled model catalog data is stale, synthesize missing allowlist entries in `models.list`, and allow `sessions.patch`/`/model` selection for those refs without false `model not allowed` errors. (#20291) Thanks @kensipe, @nikolasdehor, and @vincentkoc.
- Control UI/Agents: inherit `agents.defaults.model.fallbacks` in the Overview fallback input when no per-agent model entry exists, while preserving explicit per-agent fallback overrides (including empty lists). (#25729, #25710) Thanks @Suko.
- Automation/Subagent/Cron reliability: honor `ANNOUNCE_SKIP` in `sessions_spawn` completion/direct announce flows (no user-visible token leaks), add transient direct-announce retries for channel unavailability (for example WhatsApp listener reconnect windows), and include `cron` in the `coding` tool profile so `/tools/invoke` can execute cron actions when explicitly allowed by gateway policy. (#25800, #25656, #25842, #25813, #25822, #25821) Thanks @astra-fer, @aaajiao, @dwight11232-coder, @kevinWangSheng, @widingmarcus-cyber, and @stakeswky.
- Discord/Voice reliability: restore runtime DAVE dependency (`@snazzah/davey`), add configurable DAVE join options (`channels.discord.voice.daveEncryption` and `channels.discord.voice.decryptionFailureTolerance`), clean up voice listeners/session teardown, guard against stale connection events, and trigger controlled rejoin recovery after repeated decrypt failures to improve inbound STT stability under DAVE receive errors. (#25861, #25372, #24883, #24825, #23890, #23105, #22961, #23421, #23278, #23032)
- Discord/Block streaming: restore block-streamed reply delivery by suppressing only reasoning payloads (instead of all `block` payloads), fixing missing Discord replies in `channels.discord.streaming=block` mode. (#25839, #25836, #25792) Thanks @pewallin.
- Discord/Proxy + reactions + model picker: thread channel proxy fetch into inbound media/sticker downloads, use proxy-aware gateway metadata fetch for WSL/corporate proxy setups, wire `messages.statusReactions.{emojis,timing}` into Discord reaction lifecycle control, and compact model-picker `custom_id` keys to stay under Discord's 100-char limit while keeping backward-compatible parsing. (#25232, #25507, #25564, #25695) Thanks @openperf, @chilu18, @Yipsh, @lbo728, and @s1korrrr.
- WhatsApp/Web reconnect: treat close status `440` as non-retryable (including string-form status values), stop reconnect loops immediately, and emit operator guidance to relink after resolving session conflicts. (#25858) Thanks @markmusson.
- WhatsApp/Reasoning safety: suppress outbound payloads marked as reasoning and hard-drop text payloads that begin with `Reasoning:` before WhatsApp delivery, preventing hidden thinking blocks from leaking to end users through final-message paths. (#25804, #25214, #24328)
- Matrix/Read receipts: send read receipts as soon as Matrix messages arrive (before handler pipeline work), so clients no longer show long-lived unread/sent states while replies are processing. (#25841, #25840) Thanks @joshjhall.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Telegram/Replies: when markdown formatting renders to empty HTML (for example syntax-only chunks in threaded replies), retry delivery with plain text, and fail loud when both formatted and plain payloads are empty to avoid false delivered states. (#25096, #25091) Thanks @ArsalanShakil.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Telegram/Media fetch: prioritize IPv4 before IPv6 in SSRF pinned DNS address ordering so media downloads still work on hosts with broken IPv6 routing. (#24295, #23975) Thanks @Glucksberg.
- Telegram/Outbound API: replace Node 22's global undici dispatcher when applying Telegram `autoSelectFamily` decisions so outbound `fetch` calls inherit IPv4 fallback instead of staying pinned to stale dispatcher settings. (#25682, #25676) Thanks @lairtonlelis.
- Onboarding/Telegram: keep core-channel onboarding available when plugin registry population is missing by falling back to built-in adapters and continuing wizard setup with actionable recovery guidance. (#25803) Thanks @Suko.
- Android/Gateway auth: preserve Android gateway auth state across onboarding, use the native client id for operator sessions, retry with shared-token fallback after device-token auth failures, and avoid clearing tokens on transient connect errors.
- Slack/DM routing: treat `D*` channel IDs as direct messages even when Slack sends an incorrect `channel_type`, preventing DM traffic from being misclassified as channel/group chats. (#25479) Thanks @mcaxtr.
- Zalo/Group policy: enforce sender authorization for group messages with `groupPolicy` + `groupAllowFrom` (fallback to `allowFrom`), default runtime group behavior to fail-closed allowlist, and block unauthorized non-command group messages before dispatch. Thanks @tdjackey for reporting.
- macOS/Voice input: guard all audio-input startup paths against missing default microphones (Voice Wake, Talk Mode, Push-to-Talk, mic-level monitor, tester) to avoid launch/runtime crashes on mic-less Macs and fail gracefully until input becomes available. (#25817) Thanks @sfo2001.
fix(macos): keep Return for IME marked text commit (#25178) Co-authored-by: jft0m <9837901+bottotl@users.noreply.github.com>
2026-02-25 00:14:00 +00:00
- macOS/IME input: when marked text is active, treat Return as IME candidate confirmation first in both the voice overlay composer and shared chat composer to prevent accidental sends while composing CJK text. (#25178) Thanks @bottotl.
fix(macos): default voice wake forwarding to webchat (#25440) Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com>
2026-02-25 00:12:39 +00:00
- macOS/Voice wake routing: default forwarded voice-wake transcripts to the `webchat` channel (instead of ambiguous `last` routing) so local voice prompts stay pinned to the control chat surface unless explicitly overridden. (#25440) Thanks @chilu18.
fix(macos): prefer openclaw binary while keeping pnpm fallback (#25512) Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com>
2026-02-25 00:11:53 +00:00
- macOS/Gateway launch: prefer an available `openclaw` binary before pnpm/node runtime fallback when resolving local gateway commands, so local startup no longer fails on hosts with broken runtime discovery. (#25512) Thanks @chilu18.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- macOS/Menu bar: stop reusing the injector delegate for the "Usage cost (30 days)" submenu to prevent recursive submenu injection loops when opening cost history. (#25341) Thanks @yingchunbai.
- macOS/WebChat panel: fix rounded-corner clipping by using panel-specific visual-effect blending and matching corner masking on both effect and hosting layers. (#22458) Thanks @apethree and @agisilaos.
- Windows/Exec shell selection: prefer PowerShell 7 (`pwsh`) discovery (Program Files, ProgramW6432, PATH) before falling back to Windows PowerShell 5.1, fixing `&&` command chaining failures on Windows hosts with PS7 installed. (#25684, #25638) Thanks @zerone0x.
- Windows/Media safety checks: align async local-file identity validation with sync-safe-open behavior by treating win32 `dev=0` stats as unknown-device fallbacks (while keeping strict dev checks when both sides are non-zero), fixing false `Local media path is not safe to read` drops for local attachments/TTS/images. (#25708, #21989, #25699, #25878) Thanks @kevinWangSheng.
- iMessage/Reasoning safety: harden iMessage echo suppression with outbound `messageId` matching (plus scoped text fallback), and enforce reasoning-payload suppression on routed outbound delivery paths to prevent hidden thinking text from being sent as user-visible channel messages. (#25897, #1649, #25757) Thanks @rmarr and @Iranb.
Update CHANGELOG.md
2026-02-24 19:11:47 -05:00
- Providers/OpenRouter/Auth profiles: bypass auth-profile cooldown/disable windows for OpenRouter, so provider failures no longer put OpenRouter profiles into local cooldown and stale legacy cooldown markers are ignored in fallback and status selection paths. (#25892) Thanks @alexanderatallah for raising this and @vincentkoc for the fix.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Providers/Google reasoning: sanitize invalid negative `thinkingBudget` payloads for Gemini 3.1 requests by dropping `-1` budgets and mapping configured reasoning effort to `thinkingLevel`, preventing malformed reasoning payloads on `google-generative-ai`. (#25900) Thanks @steipete.
fix(agents): normalize SiliconFlow Pro thinking=off payload (#25435) Land PR #25435 from @Zjianru. Changelog: add 2026.2.24 fix entry with contributor credit. Co-authored-by: codez <codezhujr@gmail.com>
2026-02-25 01:11:20 +00:00
- Providers/SiliconFlow: normalize `thinking="off"` to `thinking: null` for `Pro/*` model payloads to avoid provider-side 400 loops and misleading compaction retries. (#25435) Thanks @Zjianru.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Models/Bedrock auth: normalize additional Bedrock provider aliases (`bedrock`, `aws-bedrock`, `aws_bedrock`, `amazon bedrock`) to canonical `amazon-bedrock`, ensuring auth-mode resolution consistently selects AWS SDK fallback. (#25756) Thanks @fwhite13.
- Models/Providers: preserve explicit user `reasoning` overrides when merging provider model config with built-in catalog metadata, so `reasoning: false` is no longer overwritten by catalog defaults. (#25314) Thanks @lbo728.
- Gateway/Auth: allow trusted-proxy authenticated Control UI websocket sessions to skip device pairing when device identity is absent, preventing false `pairing required` failures behind trusted reverse proxies. (#25428) Thanks @SidQin-cyber.
- CLI/Memory search: accept `--query <text>` for `openclaw memory search` (while keeping positional query support), and emit a clear error when neither form is provided. (#25904, #25857) Thanks @niceysam and @stakeswky.
- CLI/Doctor: correct stale recovery hints to use valid commands (`openclaw gateway status --deep` and `openclaw configure --section model`). (#24485) Thanks @chilu18.
- Doctor/Sandbox: when sandbox mode is enabled but Docker is unavailable, surface a clear actionable warning (including failure impact and remediation) instead of a mild “skip checks” note. (#25438) Thanks @mcaxtr.
- Doctor/Plugins: auto-enable now resolves third-party channel plugins by manifest plugin id (not channel id), preventing invalid `plugins.entries.<channelId>` writes when ids differ. (#25275) Thanks @zerone0x.
- Config/Plugins: treat stale removed `google-antigravity-auth` plugin references as compatibility warnings (not hard validation errors) across `plugins.entries`, `plugins.allow`, `plugins.deny`, and `plugins.slots.memory`, so startup no longer fails after antigravity removal. (#25538, #25862) Thanks @chilu18.
- Config/Meta: accept numeric `meta.lastTouchedAt` timestamps and coerce them to ISO strings, preserving compatibility with agent edits that write `Date.now()` values. (#25491) Thanks @mcaxtr.
- Usage accounting: parse Moonshot/Kimi `cached_tokens` fields (including `prompt_tokens_details.cached_tokens`) into normalized cache-read usage metrics. (#25436) Thanks @Elarwei001.
- Agents/Tool dispatch: await block-reply flush before tool execution starts so buffered block replies preserve message ordering around tool calls. (#25427) Thanks @SidQin-cyber.
- Agents/Billing classification: prevent long assistant/user-facing text from being rewritten as billing failures while preserving explicit `status/code/http 402` detection for oversized structured error payloads. (#25680, #25661) Thanks @lairtonlelis.
- Sessions/Tool-result guard: avoid generating synthetic `toolResult` entries for assistant turns that ended with `stopReason: "aborted"` or `"error"`, preventing orphaned tool-use IDs from triggering downstream API validation errors. (#25429) Thanks @mikaeldiakhate-cell.
- Auto-reply/Reset hooks: guarantee native `/new` and `/reset` flows emit command/reset hooks even on early-return command paths, with dedupe protection to avoid double hook emission. (#25459) Thanks @chilu18.
- Hooks/Slug generator: resolve session slug model from the agents effective model (including defaults/fallback resolution) instead of raw agent-primary config only. (#25485) Thanks @SudeepMalipeddi.
fix: harden sandbox fs dash-path regression coverage (#25891) (thanks @albertlieyingadrian)
2026-02-25 01:39:56 +00:00
- Sandbox/FS bridge tests: add regression coverage for dash-leading basenames to confirm sandbox file reads resolve to absolute container paths (and avoid shell-option misdiagnosis for dashed filenames). (#25891) Thanks @albertlieyingadrian.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Sandbox/FS bridge: build canonical-path shell scripts with newline separators (not `; ` joins) to avoid POSIX `sh` `do;` syntax errors that broke sandbox file/image read-write operations. (#25737, #25824, #25868) Thanks @DennisGoldfinger and @peteragility.
fix: add sandbox bind-override regression coverage (#25410) (thanks @skyer-jian)
2026-02-25 02:09:22 +00:00
- Sandbox/Config: preserve `dangerouslyAllowReservedContainerTargets` and `dangerouslyAllowExternalBindSources` during sandbox docker config resolution so explicit bind-mount break-glass overrides reach runtime validation. (#25410) Thanks @skyer-jian.
docs(changelog): reorder and backfill 2026.2.24 release notes
2026-02-25 02:32:55 +00:00
- Gateway/Security: enforce gateway auth for the exact `/api/channels` plugin root path (plus `/api/channels/` descendants), with regression coverage for query/trailing-slash variants and near-miss paths that must remain plugin-owned. (#25753) Thanks @bmendonca3.
- Exec approvals: treat bare allowlist `*` as a true wildcard for parsed executables, including unresolved PATH lookups, so global opt-in allowlists work as configured. (#25250) Thanks @widingmarcus-cyber.
- iOS/Signing: improve `scripts/ios-team-id.sh` for Xcode 16+ by falling back to Xcode-managed provisioning profiles, add actionable guidance when an Apple account exists but no Team ID can be resolved, and ignore Xcode `xcodebuild` output directories (`apps/ios/build`, `apps/shared/OpenClawKit/build`, `Swabble/build`). (#22773) Thanks @brianleach.
- Control UI/Chat images: route image-click opens through a shared safe-open helper (allowing only safe URL schemes) and open new tabs with opener isolation to block tabnabbing. (#18685, #25444, #25847) Thanks @Mariana-Codebase and @shakkernerd.
- Security/Exec: sanitize inherited host execution environment before merge, canonicalize inherited PATH handling, and strip dangerous keys (`LD_*`, `DYLD_*`, `SSLKEYLOGFILE`, and related injection vectors) from non-sandboxed exec runs. (#25755) Thanks @bmendonca3.
- Security/Hooks: normalize hook session-key classification with trim/lowercase plus Unicode NFKC folding (for example full-width `...`) so external-content wrapping cannot be bypassed by mixed-case or lookalike prefixes. (#25750) Thanks @bmendonca3.
- Security/Voice Call: add Telnyx webhook replay detection and canonicalize replay-key signature encoding (Base64/Base64URL equivalent forms dedupe together), so duplicate signed webhook deliveries no longer re-trigger side effects. (#25832) Thanks @bmendonca3.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Sandbox media: restrict sandbox media tmp-path allowances to OpenClaw-managed tmp roots instead of broad host `os.tmpdir()` trust, and add outbound/channel guardrails (tmp-path lint + media-root smoke tests) to prevent regressions in local media attachment reads. Thanks @tdjackey for reporting.
fix: add changelog thanks for #25820 (thanks @bmendonca3)
2026-02-25 01:40:04 +00:00
- Security/Sandbox media: reject hard-linked OpenClaw tmp media aliases (including symlink-to-hardlink chains) during sandbox media path resolution to prevent out-of-sandbox inode alias reads. (#25820) Thanks @bmendonca3.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Message actions: enforce local media root checks for `sendAttachment` and `setGroupIcon` when `sandboxRoot` is unset, preventing attachment hydration from reading arbitrary host files via local absolute paths. Thanks @GCXWLP for reporting.
- Security/Telegram: enforce DM authorization before media download/write (including media groups) and move telegram inbound activity tracking after DM authorization, preventing unauthorized sender-triggered inbound media disk writes. Thanks @v8hid for reporting.
- Security/Workspace FS: normalize `@`-prefixed paths before workspace-boundary checks (including workspace-only read/write/edit and sandbox mount path guards), preventing absolute-path escape attempts from bypassing guard validation. Thanks @tdjackey for reporting.
fix(synology-chat): land @bmendonca3 fail-closed allowlist follow-up (#25827) Carry fail-closed empty-allowlist guard clarity and changelog attribution for PR #25827. Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local>
2026-02-25 01:19:43 +00:00
- Security/Synology Chat: enforce fail-closed allowlist behavior for DM ingress so `dmPolicy: "allowlist"` with empty `allowedUserIds` rejects all senders instead of allowing unauthorized dispatch. (#25827) Thanks @bmendonca3 for the contribution and @tdjackey for reporting.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Native images: enforce `tools.fs.workspaceOnly` for native prompt image auto-load (including history refs), preventing out-of-workspace sandbox mounts from being implicitly ingested as vision input. Thanks @tdjackey for reporting.
- Security/Exec approvals: bind `system.run` command display/approval text to full argv when shell-wrapper inline payloads carry positional argv values, and reject payload-only `rawCommand` mismatches for those wrapper-carrier forms, preventing hidden command execution under misleading approval text. Thanks @tdjackey for reporting.
- Security/Exec companion host: forward canonical `system.run` display text (not payload-only shell snippets) to the macOS exec host, and enforce rawCommand/argv consistency there for shell-wrapper positional-argv carriers and env-modifier preludes, preventing companion-side approval/display drift. Thanks @tdjackey for reporting.
- Security/Exec approvals: fail closed when transparent dispatch-wrapper unwrapping exceeds the depth cap, so nested `/usr/bin/env` chains cannot bypass shell-wrapper approval gating in `allowlist` + `ask=on-miss` mode. Thanks @tdjackey for reporting.
- Security/Exec: limit default safe-bin trusted directories to immutable system paths (`/bin`, `/usr/bin`) and require explicit opt-in (`tools.exec.safeBinTrustedDirs`) for package-manager/user bin paths (for example Homebrew), add security-audit findings for risky trusted-dir choices, warn at runtime when explicitly trusted dirs are group/world writable, and add doctor hints when configured `safeBins` resolve outside trusted dirs. Thanks @tdjackey for reporting.
fix(tui): resolve wrong provider prefix when session has model without modelProvider (#25874) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: f0953a72845fb3f9e8745cb6ab476cea7a5cd98b Co-authored-by: lbo728 <72309817+lbo728@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-25 14:36:27 +09:00
- Gateway/Sessions: preserve `modelProvider` on `sessions.reset` and avoid incorrect provider prefixes for legacy session models. (#25874) Thanks @lbo728.
Compaction: preserve opaque identifiers in summaries (openclaw#25553) thanks @rodrigouroz Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-27 11:14:05 -03:00
- Agents/Compaction: harden summarization prompts to preserve opaque identifiers verbatim (UUIDs, IDs, tokens, host/IP/port, URLs), reducing post-compaction identifier drift and hallucinated identifier reconstruction.
docs(changelog): credit reporter for sandbox bind-path fix
2026-02-24 14:47:39 +00:00
- Security/Sandbox: canonicalize bind-mount source paths via existing-ancestor realpath so symlink-parent + non-existent-leaf paths cannot bypass allowed-source-roots or blocked-path checks. Thanks @tdjackey.
docs(changelog): note safeBins exec hardening
2026-02-23 23:58:54 +00:00
chore(release): cut 2026.2.23
2026-02-24 05:36:38 +00:00
## 2026.2.23
chore: bump release metadata to 2026.2.20
2026-02-19 18:57:08 +00:00
### Changes
refactor: harden kilocode auth ordering and dedupe provider wiring
2026-02-23 23:37:07 +00:00
- Providers/Kilo Gateway: add first-class `kilocode` provider support (auth, onboarding, implicit provider detection, model defaults, transcript/cache-ttl handling, and docs), with default model `kilocode/anthropic/claude-opus-4.6`. (#20212) Thanks @jrf0110 and @markijbema.
Allow Claude model requests to route through Google Vertex AI (#23985) * feat: add anthropic-vertex provider for Claude via GCP Vertex AI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: sallyom <somalley@redhat.com> * docs: add anthropic-vertex provider guide Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: sallyom <somalley@redhat.com> * Agents: validate Anthropic Vertex project env * Changelog: format update for Vertex entry * Providers: rename Anthropic Vertex to Google Vertex Claude * Providers: remove Vertex Claude provider path * Models: normalize Vercel Claude shorthand refs * Onboarding: default Vercel model to Claude shorthand * Changelog: add @vincentkoc credit for #23985 * Onboarding: keep canonical Vercel default model ref * Tests: expand Vercel model normalization coverage --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 11:04:31 -05:00
- Providers/Vercel AI Gateway: accept Claude shorthand model refs (`vercel-ai-gateway/claude-*`) by normalizing to canonical Anthropic-routed model ids. (#23985) Thanks @sallyom, @markbooch, and @vincentkoc.
docs(reference): add prompt-caching guide and knobs Co-authored-by: Axel Svensson <svenssonaxel@users.noreply.github.com>
2026-02-23 19:06:47 +00:00
- Docs/Prompt caching: add a dedicated prompt-caching reference covering `cacheRetention`, per-agent `params` merge precedence, Bedrock/OpenRouter behavior, and cache-ttl + heartbeat tuning. Thanks @svenssonaxel.
fix(gateway): add HSTS header hardening and docs
2026-02-23 19:47:09 +00:00
- Gateway/HTTP security headers: add optional `gateway.http.securityHeaders.strictTransportSecurity` support to emit `Strict-Transport-Security` for direct HTTPS deployments, with runtime wiring, validation, tests, and hardening docs.
Session/Cron maintenance hardening and cleanup UX (#24753) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7533b85156186863609fee9379cd9aedf74435af Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
2026-02-23 17:39:48 -05:00
- Sessions/Cron: harden session maintenance with `openclaw sessions cleanup`, per-agent store targeting, disk-budget controls (`session.maintenance.maxDiskBytes` / `highWaterBytes`), and safer transcript/archive cleanup + run-log retention behavior. (#24753) thanks @gumadeiras.
chore(release): prep 2026.2.23-beta.1 changelog
2026-02-24 05:02:40 +00:00
- Tools/web_search: add `provider: "kimi"` (Moonshot) support with key/config schema wiring and a corrected two-step `$web_search` tool flow that echoes tool results before final synthesis, including citation extraction from search results. (#16616, #18822) Thanks @adshine.
- Media understanding/Video: add a native Moonshot video provider and include Moonshot in auto video key detection, plus refactor video execution to honor `entry/config/provider` baseUrl+header precedence (matching audio behavior). (#12063) Thanks @xiaoyaner0201.
- Agents/Config: support per-agent `params` overrides merged on top of model defaults (including `cacheRetention`) so mixed-traffic agents can tune cache behavior independently. (#17470, #17112) Thanks @rrenamed.
- Agents/Bootstrap: cache bootstrap file snapshots per session key and clear them on session reset/delete, reducing prompt-cache invalidations from in-session `AGENTS.md`/`MEMORY.md` writes. (#22220) Thanks @anisoptera.
Allow Claude model requests to route through Google Vertex AI (#23985) * feat: add anthropic-vertex provider for Claude via GCP Vertex AI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: sallyom <somalley@redhat.com> * docs: add anthropic-vertex provider guide Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: sallyom <somalley@redhat.com> * Agents: validate Anthropic Vertex project env * Changelog: format update for Vertex entry * Providers: rename Anthropic Vertex to Google Vertex Claude * Providers: remove Vertex Claude provider path * Models: normalize Vercel Claude shorthand refs * Onboarding: default Vercel model to Claude shorthand * Changelog: add @vincentkoc credit for #23985 * Onboarding: keep canonical Vercel default model ref * Tests: expand Vercel model normalization coverage --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 11:04:31 -05:00
Update CHANGELOG.md
2026-02-23 01:44:53 -05:00
### Breaking
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:51:44 +00:00
- **BREAKING:** browser SSRF policy now defaults to trusted-network mode (`browser.ssrfPolicy.dangerouslyAllowPrivateNetwork=true` when unset), and canonical config uses `browser.ssrfPolicy.dangerouslyAllowPrivateNetwork` instead of `browser.ssrfPolicy.allowPrivateNetwork`. `openclaw doctor --fix` migrates the legacy key automatically.
Update CHANGELOG.md
2026-02-23 01:44:53 -05:00
### Fixes
CI/Skills: add Python lint and test harness for skills scripts (#24246) * CI: add skills Python checks job * Chore: add Python lint and test pre-commit hooks * Tests: fix skill-creator package test import path * Chore: add Python tooling config for skills scripts * CI: run all skills Python tests * Chore: run all skills Python tests in pre-commit * Chore: enable pytest discovery for all skills tests * Changelog: note skills Python quality harness
2026-02-23 01:52:00 -05:00
fix(config): redact dynamic catchall secret keys
2026-02-24 00:21:19 +00:00
- Security/Config: redact sensitive-looking dynamic catchall keys in `config.get` snapshots (for example `env.*` and `skills.entries.*.env.*`) and preserve round-trip restore behavior for those redacted sentinels. Thanks @merc1305.
fix: tier local vitest worker defaults by host memory (#24719) (thanks @ngutman)
2026-02-23 21:18:54 +02:00
- Tests/Vitest: tier local parallel worker defaults by host memory, keep gateway serial by default on non-high-memory hosts, and document a low-profile fallback command for memory-constrained land/gate runs to prevent local OOMs. (#24719) Thanks @ngutman.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- WhatsApp/Group policy: fix `groupAllowFrom` sender filtering when `groupPolicy: "allowlist"` is set without explicit `groups` — previously all group messages were blocked even for allowlisted senders. (#24670) Thanks @lailoo.
fix(agents): extend cache-ttl eligibility for moonshot and zai Co-authored-by: lailoo <lailoo@users.noreply.github.com>
2026-02-23 18:16:07 +00:00
- Agents/Context pruning: extend `cache-ttl` eligibility to Moonshot/Kimi and ZAI/GLM providers (including OpenRouter model refs), so `contextPruning.mode: "cache-ttl"` is no longer silently skipped for those sessions. (#24497) Thanks @lailoo.
fix(doctor): use gateway health status for memory search key check (#22327) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 2f02ec94030754a2e2dfeb7d5a80f14747373ab5 Co-authored-by: therk <901920+therk@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-23 14:07:16 -05:00
- Doctor/Memory: query gateway-side default-agent memory embedding readiness during `openclaw doctor` (instead of inferring from generic gateway health), and warn when the gateway memory probe is unavailable or not ready while keeping `openclaw configure` remediation guidance. (#22327) thanks @therk.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Sessions/Store: canonicalize inbound mixed-case session keys for metadata and route updates, and migrate legacy case-variant entries to a single lowercase key to prevent duplicate sessions and missing TUI/WebUI history. (#9561) Thanks @hillghost86.
- Telegram/Reactions: soft-fail reaction action errors (policy/token/emoji/API), accept snake_case `message_id`, and fallback to inbound message-id context when explicit `messageId` is omitted so DM reactions stay stable without regeneration loops. (#20236, #21001) Thanks @PeterShanxin and @vincentkoc.
- Telegram/Polling: scope persisted polling offsets to bot identity and reuse a single awaited runner-stop path on abort/retry, preventing cross-token offset bleed and overlapping pollers during restart/error recovery. (#10850, #11347) Thanks @talhaorak, @anooprdawar, and @vincentkoc.
fix(telegram): suppress reasoning-only leaks when reasoning is off Co-authored-by: avirweb <avirweb@users.noreply.github.com>
2026-02-23 20:05:45 +00:00
- Telegram/Reasoning: when `/reasoning off` is active, suppress reasoning-only delivery segments and block raw fallback resend of suppressed `Reasoning:`/`<think>` text, preventing internal reasoning leakage in legacy sessions while preserving answer delivery. (#24626, #24518)
fix(agents): gate auto reasoning by effective thinking level (openclaw#24335) thanks @Kay-051
2026-02-23 14:58:26 +02:00
- Agents/Reasoning: when model-default thinking is active (for example `thinking=low`), keep auto-reasoning disabled unless explicitly enabled, preventing `Reasoning:` thinking-block leakage in channel replies. (#24335, #24290) thanks @Kay-051.
Changelog: add PR #24593 entry
2026-02-23 12:13:50 -05:00
- Agents/Reasoning: avoid classifying provider reasoning-required errors as context overflows so these failures no longer trigger compaction-style overflow recovery. (#24593) Thanks @vincentkoc.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Agents/Models: codify `agents.defaults.model` / `agents.defaults.imageModel` config-boundary input as `string | {primary,fallbacks}`, split explicit vs effective model resolution, and fix `models status --agent` source attribution so defaults-inherited agents are labeled as `defaults` while runtime selection still honors defaults fallback. (#24210) thanks @bianbiandashen.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Agents/Compaction: pass `agentDir` into manual `/compact` command runs so compaction auth/profile resolution stays scoped to the active agent. (#24133) thanks @miloudbelarebia.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Agents/Compaction: pass model metadata through the embedded runtime so safeguard summarization can run when `ctx.model` is unavailable, avoiding repeated `"Summary unavailable due to context limits"` fallback summaries. (#3479) Thanks @battman21, @hanxiao and @vincentkoc.
- Agents/Compaction: cancel safeguard compaction when summary generation cannot run (missing model/API key or summarization failure), preserving history instead of truncating to fallback `"Summary unavailable"` text. (#10711) Thanks @DukeDeSouth and @vincentkoc.
fix(tools): improve session_status cache-aware usage reporting Co-authored-by: Lucian Feraru <1ucian@users.noreply.github.com>
2026-02-23 19:05:27 +00:00
- Agents/Tools: make `session_status` read transcript-derived usage mid-turn and tail-read session logs for cache-aware context reporting without full-log scans. (#22387) Thanks @1ucian.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Agents/Overflow: detect additional provider context-overflow error shapes (including `input length` + `max_tokens` exceed-context variants) so failures route through compaction/recovery paths instead of leaking raw provider errors to users. (#9951) Thanks @echoVic.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Agents/Overflow: add Chinese context-overflow pattern detection in `isContextOverflowError` so localized provider errors route through overflow recovery paths. (#22855) Thanks @Clawborn.
- Agents/Failover: treat HTTP 502/503/504 errors as failover-eligible transient timeouts so fallback chains can switch providers/models during upstream outages instead of retrying the same failing target. (#20999) Thanks @taw0002 and @vincentkoc.
fix(auto-reply): hide direct-chat metadata without sender-id sentinel (openclaw#24373) thanks @jd316 Co-authored-by: jd316 <138361777+jd316@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
2026-02-23 15:25:31 +05:30
- Auto-reply/Inbound metadata: hide direct-chat `message_id`/`message_id_full` and sender metadata only from normalized chat type (not sender-id sentinels), preserving group metadata visibility and preventing sender-id spoofed direct-mode classification. (#24373) thanks @jd316.
fix(auto-reply): move volatile inbound flags out of system metadata Co-authored-by: aidiffuser <aidiffuser@users.noreply.github.com>
2026-02-23 19:05:57 +00:00
- Auto-reply/Inbound metadata: move dynamic inbound `flags` (reply/forward/thread/history) from system metadata to user-context conversation info, preventing turn-by-turn prompt-cache invalidation from flag toggles. (#21785) Thanks @aidiffuser.
docs(changelog): note /new and /reset auth-label removal (#24409)
2026-02-23 18:30:21 +00:00
- Auto-reply/Sessions: remove auth-key labels from `/new` and `/reset` confirmation messages so session reset notices never expose API key prefixes or env-key labels in chat output. (#24384, #24409) Thanks @Clawborn.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Slack/Group policy: move Slack account `groupPolicy` defaulting to provider-level schema defaults so multi-account configs inherit top-level `channels.slack.groupPolicy` instead of silently overriding inheritance with per-account `allowlist`. (#17579) Thanks @ZetiMente.
- Providers/Anthropic: skip `context-1m-*` beta injection for OAuth/subscription tokens (`sk-ant-oat-*`) while preserving OAuth-required betas, avoiding Anthropic 401 auth failures when `params.context1m` is enabled. (#10647, #20354) Thanks @ClumsyWizardHands and @dcruver.
Providers: disable developer role for DashScope-compatible endpoints (#24675) * Agents: disable developer role for DashScope-compatible endpoints * Agents: test DashScope developer-role compatibility * Gateway: test allowlisted sessions.patch model selection * Changelog: add DashScope role-compat fix note
2026-02-23 19:51:16 -05:00
- Providers/DashScope: mark DashScope-compatible `openai-completions` endpoints as `supportsDeveloperRole=false` so OpenClaw sends `system` instead of unsupported `developer` role on Qwen/DashScope APIs. (#19130) Thanks @Putzhuawa and @vincentkoc.
fix(providers): disable Bedrock prompt caching for non-Anthropic models (#20866) (thanks @pierreeurope)
2026-02-23 18:16:18 +00:00
- Providers/Bedrock: disable prompt-cache retention for non-Anthropic Bedrock models so Nova/Mistral requests do not send unsupported cache metadata. (#20866) Thanks @pierreeurope.
fix(providers): support Bedrock Anthropic cacheRetention defaults/pass-through (#22303) (thanks @snese)
2026-02-23 18:17:50 +00:00
- Providers/Bedrock: apply Anthropic-Claude cacheRetention defaults and runtime pass-through for `amazon-bedrock/*anthropic.claude*` model refs, while keeping non-Anthropic Bedrock models excluded. (#22303) Thanks @snese.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Providers/OpenRouter: remove conflicting top-level `reasoning_effort` when injecting nested `reasoning.effort`, preventing OpenRouter 400 payload-validation failures for reasoning models. (#24120) thanks @tenequm.
Changelog: add entries for PR #12849 and #27585 (#27887)
2026-02-26 14:54:48 -05:00
- Plugins/Install: when npm install returns 404 for bundled channel npm specs, fallback to bundled channel sources and complete install/enable persistence instead of failing plugin install. (#12849) Thanks @vincentkoc.
- Gemini OAuth/Auth: resolve npm global shim install layouts while discovering Gemini CLI credentials, preventing false "Gemini CLI not found" onboarding/auth failures when shim paths are on `PATH`. (#27585) Thanks @ehgamemo and @vincentkoc.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Providers/Groq: avoid classifying Groq TPM limit errors as context overflow so throttling paths no longer trigger overflow recovery logic. (#16176) Thanks @dddabtc.
CLI: fix gateway restart health ownership for child listener pids (#24696) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: d6d4b43f7e0a59856f40d259053cbf653fac3bc2 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-23 13:53:10 -05:00
- Gateway/Restart: treat child listener PIDs as owned by the service runtime PID during restart health checks to avoid false stale-process kills and restart timeouts on launchd/systemd. (#24696) Thanks @gumadeiras.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Config/Write: apply `unsetPaths` with immutable path-copy updates so config writes never mutate caller-provided objects, and harden `openclaw config get/set/unset` path traversal by rejecting prototype-key segments and inherited-property traversal. (#24134) thanks @frankekn.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Channels/WhatsApp: accept `channels.whatsapp.enabled` in config validation to match built-in channel auto-enable behavior, preventing `Unrecognized key: "enabled"` failures during channel setup. (#24263) Thanks @steipete.
fix(security): detect obfuscated commands that bypass allowlist filters (#24287) * security(exec): add obfuscated command detector * test(exec): cover obfuscation detector patterns * security(exec): enforce obfuscation approval on gateway host * security(exec): enforce obfuscation approval on node host * test(exec): prevent obfuscation timeout bypass * chore(changelog): credit obfuscation security fix
2026-02-23 02:50:06 -05:00
- Security/Exec: detect obfuscated commands before exec allowlist decisions and require explicit approval for obfuscation patterns. (#8592) Thanks @CornBrother0x and @vincentkoc.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/ACP: harden ACP client permission auto-approval to require trusted core tool IDs, ignore untrusted `toolCall.kind` hints, and scope `read` auto-approval to the active working directory so unknown tool names and out-of-scope file reads always prompt. Thanks @nedlir for reporting.
Update CHANGELOG.md
2026-02-23 01:44:53 -05:00
- Security/Skills: escape user-controlled prompt, filename, and output-path values in `openai-image-gen` HTML gallery generation to prevent stored XSS in generated `index.html` output. (#12538) Thanks @CornBrother0x.
chore(changelog): credit skill packager hardening follow-up
2026-02-23 02:08:44 -05:00
- Security/Skills: harden `skill-creator` packaging by skipping symlink entries and rejecting files whose resolved paths escape the selected skill root. (#24260, #16959) Thanks @CornBrother0x and @vincentkoc.
Update CHANGELOG.md
2026-02-23 01:44:53 -05:00
- Security/OTEL: redact sensitive values (API keys, tokens, credential fields) from diagnostics-otel log bodies, log attributes, and error/reason span fields before OTLP export. (#12542) Thanks @brandonwise.
Security: enforce pre-commit security checks in hooks and CI (#24265) * chore(pre-commit): add security audit hooks * ci(security): enforce security hooks in ci * docs(changelog): add security hooks and ci attribution
2026-02-23 02:20:00 -05:00
- Security/CI: add pre-commit security hook coverage for private-key detection and production dependency auditing, and enforce those checks in CI alongside baseline secret scanning. Thanks @vincentkoc.
Skills/Python: harden script edge cases and add regression tests (#24277) * Skill creator: skip self-including .skill output * Skill creator tests: cover output-dir-inside-skill case * Skill validator: parse frontmatter robustly across newlines * Skill validator tests: add CRLF and malformed frontmatter coverage * Model usage: require positive --days value * Model usage tests: cover --days validation and filtering * Nano banana: close input image handles after loading * Skill validator: keep type hints compatible with older python * Changelog: credit @vincentkoc for Python skills hardening
2026-02-23 02:34:23 -05:00
- Skills/Python: harden skill script packaging and validation edge cases (self-including `.skill` outputs, CRLF frontmatter parsing, strict `--days` validation, and safer image file loading), with expanded Python regression coverage. Thanks @vincentkoc.
docs(changelog): reorder 2026.2.23 entries by user impact
2026-02-23 18:02:21 +00:00
- Skills/Python: add CI + pre-commit linting (`ruff`) and pytest discovery coverage for Python scripts/tests under `skills/`, including package test execution from repo root. Thanks @vincentkoc.
Update CHANGELOG.md
2026-02-23 01:44:53 -05:00
docs(changelog): align 2026.2.22 release heading with tags
2026-02-23 18:00:34 +00:00
## 2026.2.22
Update CHANGELOG.md
2026-02-23 01:44:53 -05:00
### Changes
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman Verified: - pnpm install --frozen-lockfile - pnpm build - gh pr checks 24199 --watch --fail-fast Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
- Control UI/Agents: make the Tools panel data-driven from runtime `tools.catalog`, add per-tool provenance labels (`core` / `plugin:<id>` + optional marker), and keep a static fallback list when the runtime catalog is unavailable.
[Feature]: Add Gemini (Google Search grounding) as web_search provider (#13075) * feat: add Gemini (Google Search grounding) as web_search provider Add Gemini as a fourth web search provider alongside Brave, Perplexity, and Grok. Uses Gemini's built-in Google Search grounding tool to return search results with citations. - Add runGeminiSearch() with Google Search grounding via tools API - Resolve Gemini's grounding redirect URLs to direct URLs via parallel HEAD requests (5s timeout, graceful fallback) - Add Gemini config block (apiKey, model) with env var fallback - Default model: gemini-2.5-flash (fast, cheap, grounding-capable) - Strip API key from error messages for security - Add config validation tests for Gemini provider - Update docs/tools/web.md with Gemini provider documentation Closes #13074 * feat: auto-detect search provider from available API keys When no explicit provider is configured, resolveSearchProvider now checks for available API keys in priority order (Brave → Gemini → Perplexity → Grok) and selects the first provider with a valid key. - Add auto-detection logic using existing resolve*ApiKey functions - Export resolveSearchProvider via __testing_provider for tests - Add 8 tests covering auto-detection, priority order, and explicit override - Update docs/tools/web.md with auto-detection documentation * fix: merge __testing exports, downgrade auto-detect log to debug * fix: use defaultRuntime.log instead of .debug (not in RuntimeEnv type) * fix: mark gemini apiKey as sensitive in zod schema * fix: address Greptile review — add externalContent to Gemini payload, add Gemini/Grok entries to schema labels/help, remove dead schema-fields.ts * fix(web-search): add JSON parse guard for Gemini API responses Addresses Greptile review comment: add try/catch to handle non-JSON responses from Gemini API gracefully, preventing runtime errors on malformed responses. Note: FIELD_HELP entries for gemini.apiKey and gemini.model were already present in schema.help.ts, and gemini.apiKey was already marked as sensitive in zod-schema.agent-runtime.ts (both fixed in earlier commits). * fix: use structured readResponseText result in Gemini error path readResponseText returns { text, truncated, bytesRead }, not a string. The Gemini error handler was using the result object directly, which would always be truthy and never fall through to res.statusText. Align with Perplexity/xAI/Brave error patterns. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style: fix import order and formatting after rebase onto main * Web search: send Gemini API key via header --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 08:30:51 -06:00
- Web Search/Gemini: add grounded Gemini provider support with provider auto-detection and config/docs updates. (#13075, #13074) Thanks @akoscz.
Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:05:42 -06:00
- Control UI/Cron: add full web cron edit parity (including clone and richer validation/help text), plus all-jobs run history with pagination/search/sort/multi-filter controls and improved cron page layout for cleaner scheduling and failure triage workflows.
docs(changelog): move mistral to top and add synology chat
2026-02-23 01:25:22 +01:00
- Provider/Mistral: add support for the Mistral provider, including memory embeddings and voice support. (#23845) Thanks @vincentkoc.
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:24 +01:00
- Update/Core: add an optional built-in auto-updater for package installs (`update.auto.*`), default-off, with stable rollout delay+jitter and beta hourly cadence.
- CLI/Update: add `openclaw update --dry-run` to preview channel/tag/target/restart actions without mutating config, installing, syncing plugins, or restarting.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Config/UI: add tag-aware settings filtering and broaden config labels/help copy so fields are easier to discover and understand in the dashboard config screen.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Channels/Synology Chat: add a native Synology Chat channel plugin with webhook ingress, direct-message routing, outbound send/media support, per-account config, and DM policy controls. (#23012) Thanks @steipete.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- iOS/Talk: prefetch TTS segments and suppress expected speech-cancellation errors for smoother talk playback. (#22833) Thanks @ngutman.
Memory: add Spanish and Portuguese query expansion stop words (#23710)
2026-02-22 11:26:12 -05:00
- Memory/FTS: add Spanish and Portuguese stop-word filtering for query expansion in FTS-only search mode, improving conversational recall for both languages. Thanks @vincentkoc.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Memory/FTS: add Japanese-aware query expansion tokenization and stop-word filtering (including mixed-script terms like ASCII + katakana) for FTS-only search mode. Thanks @vincentkoc.
- Memory/FTS: add Korean stop-word filtering and particle-aware keyword extraction (including mixed Korean/English stems) for query expansion in FTS-only search mode. (#18899) Thanks @ruypang.
Memory: add Arabic query expansion stop words (#23717)
2026-02-22 12:17:47 -05:00
- Memory/FTS: add Arabic stop-word filtering for query expansion in FTS-only search mode to reduce conversational filler in Arabic memory searches. Thanks @vincentkoc.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Discord/Allowlist: canonicalize resolved Discord allowlist names to IDs and split resolution flow for clearer fail-closed behavior.
- Channels/Config: unify channel preview streaming config handling with a shared resolver and canonical migration path.
- Gateway/Auth: unify call/probe/status/auth credential-source precedence on shared resolver helpers, with table-driven parity coverage across gateway entrypoints.
- Gateway/Auth: refactor gateway credential resolution and websocket auth handshake paths to use shared typed auth contexts, including explicit `auth.deviceToken` support in connect frames and tests.
- Skills: remove bundled `food-order` skill from this repo; manage/install it from ClawHub instead.
- Docs/Subagents: make thread-bound session guidance channel-first instead of Discord-specific, and list thread-supporting channels explicitly. (#23589) Thanks @osolmaz.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
### Breaking
refactor!: remove google-antigravity provider support
2026-02-23 05:20:14 +01:00
- **BREAKING:** removed Google Antigravity provider support and the bundled `google-antigravity-auth` plugin. Existing `google-antigravity/*` model/profile configs no longer work; migrate to `google-gemini-cli` or other supported providers.
docs: document verbose-gated tool error details
2026-02-22 15:25:44 +01:00
- **BREAKING:** tool-failure replies now hide raw error details by default. OpenClaw still sends a failure summary, but detailed error suffixes (for example provider/runtime messages and local path fragments) now require `/verbose on` or `/verbose full`.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- **BREAKING:** CLI local onboarding now sets `session.dmScope` to `per-channel-peer` by default for new/implicit DM scope configuration. If you depend on shared DM continuity across senders, explicitly set `session.dmScope` to `main`. (#23468) Thanks @bmendonca3.
- **BREAKING:** unify channel preview-streaming config to `channels.<channel>.streaming` with enum values `off | partial | block | progress`, and move Slack native stream toggle to `channels.slack.nativeStreaming`. Legacy keys (`streamMode`, Slack boolean `streaming`) are still read and migrated by `openclaw doctor --fix`, but canonical saved config/docs now use the unified names.
- **BREAKING:** remove legacy Gateway device-auth signature `v1`. Device-auth clients must now sign `v2` payloads with the per-connection `connect.challenge` nonce and send `device.nonce`; nonce-less connects are rejected.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
### Fixes
Update CHANGELOG.md
2026-02-24 19:11:47 -05:00
- Sessions/Resilience: ignore invalid persisted `sessionFile` metadata and fall back to the derived safe transcript path instead of aborting session resolution for handlers and tooling. (#16061) Thanks @haoyifan and @vincentkoc.
- Sessions/Paths: resolve symlinked state-dir aliases during transcript-path validation while preserving safe cross-agent/state-root compatibility for valid `agents/<id>/sessions/**` paths. (#18593) Thanks @EpaL and @vincentkoc.
Compaction: count only completed auto-compactions (#24056) * Compaction: count only completed auto-compactions * Compaction: count only non-retry completions * Changelog: note completed-only compaction counting * Agents/Compaction: guard optional compaction increment
2026-02-22 20:16:45 -06:00
- Agents/Compaction: count auto-compactions only after a non-retry `auto_compaction_end`, keeping session `compactionCount` aligned to completed compactions.
security(cli): redact sensitive values in config get output (#23654) * security(cli): redact sensitive values in config get output `runConfigGet()` reads raw config values but never applies redaction before printing. When a user runs `openclaw config get gateway.token` the real credential is printed to the terminal, leaking it into shell history, scrollback buffers, and screenshots. Use the existing `redactConfigObject()` (from redact-snapshot.ts, already used by the Web UI path) to scrub sensitive fields before `getAtPath()` resolves the requested key. Fixes #13683 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * CLI/Config: add redaction regression test and changelog --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 19:37:33 -05:00
- Security/CLI: redact sensitive values in `openclaw config get` output before printing config paths, preventing credential leakage to terminal output/history. (#13683) Thanks @SleuthCo.
fix(agents): map Moonshot developer role compatibility Co-authored-by: Sheng-Fu Chuang <sedernet@gmail.com> # Conflicts: # CHANGELOG.md
2026-02-23 05:19:27 +01:00
- Agents/Moonshot: force `supportsDeveloperRole=false` for Moonshot-compatible `openai-completions` models (provider `moonshot` and Moonshot base URLs), so initial runs no longer send unsupported `developer` roles that trigger `ROLE_UNSPECIFIED` errors. (#21060, #22194) Thanks @ShengFuC.
fix(agents): detect Kimi model-token-limit overflows Co-authored-by: Danilo Falcão <danilo@falcao.org>
2026-02-23 05:15:55 +01:00
- Agents/Kimi: classify Moonshot `Your request exceeded model token limit` failures as context overflows so auto-compaction and user-facing overflow recovery trigger correctly instead of surfacing raw invalid-request errors. (#9562) Thanks @danilofalcao.
fix(models): refresh Moonshot Kimi vision capabilities Co-authored-by: manikv12 <mac1317@live.missouristate.edu>
2026-02-23 05:20:48 +01:00
- Providers/Moonshot: mark Kimi K2.5 as image-capable in implicit + onboarding model definitions, and refresh stale explicit provider capability fields (`input`/`reasoning`/context limits) from implicit catalogs so existing configs pick up Moonshot vision support without manual model rewrites. (#13135, #4459) Thanks @manikv12.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Agents/Transcript: enable consecutive-user turn merging for strict non-OpenAI `openai-completions` providers (for example Moonshot/Kimi), reducing `roles must alternate` ordering failures on OpenAI-compatible endpoints while preserving current OpenRouter/Opencode behavior. (#7693) Thanks @steipete.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Install/Discord Voice: make `@discordjs/opus` an optional dependency so `openclaw` install/update no longer hard-fails when native Opus builds fail, while keeping `opusscript` as the runtime fallback decoder for Discord voice flows. (#23737, #23733, #23703) Thanks @jeadland, @Sheetaa, and @Breakyman.
Docker: precreate identity dir in docker setup
2026-02-22 16:33:02 -08:00
- Docker/Setup: precreate `$OPENCLAW_CONFIG_DIR/identity` during `docker-setup.sh` so CLI commands that need device identity (for example `devices list`) avoid `EACCES ... /home/node/.openclaw/identity` failures on restrictive bind mounts. (#23948) Thanks @ackson-beep.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Exec/Background: stop applying the default exec timeout to background sessions (`background: true` or explicit `yieldMs`) when no explicit timeout is set, so long-running background jobs are no longer terminated at the default timeout boundary. (#23303) Thanks @steipete.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Slack/Threading: sessions: keep parent-session forking and thread-history context active beyond first turn by removing first-turn-only gates in session init, thread-history fetch, and reply prompt context injection. (#23843, #23090) Thanks @vincentkoc and @Taskle.
- Slack/Threading: respect `replyToMode` when Slack auto-populates top-level `thread_ts`, and ignore inline `replyToId` directive tags when `replyToMode` is `off` so thread forcing stays disabled unless explicitly configured. (#23839, #23320, #23513) Thanks @vincentkoc and @dorukardahan.
- Slack/Extension: forward `message read` `threadId` to `readMessages` and use delivery-context `threadId` as outbound `thread_ts` fallback so extension replies/reads stay in the correct Slack thread. (#22216, #22485, #23836) Thanks @vincentkoc, @lan17 and @dorukardahan.
fix(slack): replace files.uploadV2 with 3-step upload flow to fix missing_scope error (#17558) * fix(slack): replace files.uploadV2 with 3-step upload flow files.uploadV2 from @slack/web-api internally calls the deprecated files.upload endpoint, which fails with missing_scope even when files:write is correctly granted in the bot token scopes. Replace with Slack's recommended 3-step upload flow: 1. files.getUploadURLExternal - get presigned URL + file_id 2. fetch(upload_url) - upload file content 3. files.completeUploadExternal - finalize & share to channel/thread This preserves all existing behavior including thread replies via thread_ts and caption via initial_comment. * fix(slack): harden external upload flow and tests --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-01 18:37:18 +01:00
- Slack/Upload: resolve bare user IDs (U-prefix) to DM channel IDs via `conversations.open`, and replace `files.uploadV2` with Slacks external 3-step upload flow (`files.getUploadURLExternal` → presigned upload POST → `files.completeUploadExternal`) to avoid `missing_scope`/`invalid_arguments` upload failures in DM and threaded media replies.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Webchat/Chat: apply assistant `final` payload messages directly to chat state so sent turns render without waiting for a full history refresh cycle. (#14928) Thanks @BradGroux.
- Webchat/Chat: for out-of-band final events (for example tool-call side runs), append provided final assistant payloads directly instead of forcing a transient history reset. (#11139) Thanks @AkshayNavle.
- Webchat/Performance: reload `chat.history` after final events only when the final payload lacks a renderable assistant message, avoiding expensive full-history refreshes on normal turns. (#20588) Thanks @amzzzzzzz.
- Webchat/Sessions: preserve external session routing metadata when internal `chat.send` turns run under `webchat`, so explicit channel-keyed sessions (for example Telegram) no longer get rewritten to `webchat` and misroute follow-up delivery. (#23258) Thanks @binary64.
- Webchat/Sessions: preserve existing session `label` across `/new` and `/reset` rollovers so reset sessions remain discoverable in session history lists. (#23755) Thanks @ThunderStormer.
- Gateway/Chat UI: strip inline reply/audio directive tags from non-streaming final webchat broadcasts (including `chat.inject`) while preserving empty-string message content when tags are the entire reply. (#23298) Thanks @SidQin-cyber.
- Chat/UI: strip inline reply/audio directive tags (`[[reply_to_current]]`, `[[reply_to:<id>]]`, `[[audio_as_voice]]`) from displayed chat history, live chat event output, and session preview snippets so control tags no longer leak into user-visible surfaces.
Gateway/Chat UI: sanitize untrusted wrapper markup in final payloads
2026-02-22 16:53:47 -08:00
- Gateway/Chat UI: sanitize non-streaming final `chat.send`/`chat.inject` payload text with the same envelope/untrusted-context stripping used by `chat.history`, preventing `<<<EXTERNAL_UNTRUSTED_CONTENT...>>>` wrapper markup from rendering in Control UI chat. (#24012) Thanks @mittelaltergouda.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Telegram/Media: send a user-facing Telegram reply when media download fails (non-size errors) instead of silently dropping the message.
- Telegram/Webhook: keep webhook monitors alive until gateway abort signals fire, preventing false channel exits and immediate webhook auto-restart loops.
- Telegram/Polling: retry recoverable setup-time network failures in monitor startup and await runner teardown before retry to avoid overlapping polling sessions.
- Telegram/Polling: clear Telegram webhooks (`deleteWebhook`) before starting long-poll `getUpdates`, including retry handling for transient cleanup failures.
- Telegram/Webhook: add `channels.telegram.webhookPort` config support and pass it through plugin startup wiring to the monitor listener.
- Browser/Extension Relay: refactor the MV3 worker to preserve debugger attachments across relay drops, auto-reconnect with bounded backoff+jitter, persist and rehydrate attached tab state via `chrome.storage.session`, recover from `target_closed` navigation detaches, guard stale socket handlers, enforce per-tab operation locks and per-request timeouts, and add lifecycle keepalive/badge refresh hooks (`alarms`, `webNavigation`). (#15099, #6175, #8468, #9807)
- Browser/Relay: treat extension websocket as connected only when `OPEN`, allow reconnect when a stale `CLOSING/CLOSED` extension socket lingers, and guard stale socket message/close handlers so late events cannot clear active relay state; includes regression coverage for live-duplicate `409` rejection and immediate reconnect-after-close races. (#15099, #18698, #20688)
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Browser/Remote CDP: extend stale-target recovery so `ensureTabAvailable()` now reuses the sole available tab for remote CDP profiles (same behavior as extension profiles) while preserving strict `tab not found` errors when multiple tabs exist; includes remote-profile regression tests. (#15989) Thanks @steipete.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Gateway/Pairing: treat `operator.admin` as satisfying other `operator.*` scope checks during device-auth verification so local CLI/TUI sessions stop entering pairing-required loops for pairing/approval-scoped commands. (#22062, #22193, #21191) Thanks @Botaccess, @jhartshorn, and @ctbritt.
- Gateway/Pairing: auto-approve loopback `scope-upgrade` pairing requests (including device-token reconnects) so local clients do not disconnect on pairing-required scope elevation. (#23708) Thanks @widingmarcus-cyber.
- Gateway/Scopes: include `operator.read` and `operator.write` in default operator connect scope bundles across CLI, Control UI, and macOS clients so write-scoped announce/sub-agent follow-up calls no longer hit `pairing required` disconnects on loopback gateways. (#22582) thanks @YuzuruS.
- Gateway/Pairing: treat operator.admin pairing tokens as satisfying operator.write requests so legacy devices stop looping through scope-upgrade prompts introduced in 2026.2.19. (#23125, #23006) Thanks @vignesh07.
- Gateway/Restart: fix restart-loop edge cases by keeping `openclaw.mjs -> dist/entry.js` bootstrap detection explicit, reacquiring the gateway lock for in-process restart fallback paths, and tightening restart-loop regression coverage. (#23416) Thanks @jeffwnli.
- Gateway/Lock: use optional gateway-port reachability as a primary stale-lock liveness signal (and wire gateway run-loop lock acquisition to the resolved port), reducing false "already running" lockouts after unclean exits. (#23760) Thanks @Operative-001.
- Delivery/Queue: quarantine queue entries immediately on known permanent delivery errors (for example invalid recipients or missing conversation references) by moving them to `failed/` instead of retrying on every restart. (#23794) Thanks @aldoeliacim.
- Cron/Status: split execution outcome (`lastRunStatus`) from delivery outcome (`lastDeliveryStatus`) in persisted cron state, finished events, and run history so failed/unknown announcement delivery is visible without conflating it with run errors.
- Cron/Delivery: route text-only announce jobs with explicit thread/topic targets through direct outbound delivery so forum/thread destinations do not get dropped by intermediary announce turns. (#23841) Thanks @AndrewArto.
- Cron: honor `cron.maxConcurrentRuns` in the timer loop so due jobs can execute up to the configured parallelism instead of always running serially. (#11595) Thanks @Takhoffman.
- Cron/Run: enforce the same per-job timeout guard for manual `cron.run` executions as timer-driven runs, including abort propagation for isolated agent jobs, so forced runs cannot wedge indefinitely. (#23704) Thanks @tkuehnl.
Cron: persist manual run marker before unlock (#23993) * Cron: persist manual run marker before unlock * Cron tests: relax wakeMode now microtask wait after run lock persist
2026-02-22 18:39:37 -06:00
- Cron/Run: persist the manual-run `runningAtMs` marker before releasing the cron lock so overlapping timer ticks cannot start the same job concurrently.
Cron: apply timeout to startup catch-up runs (#23966) * Cron: apply timeout to startup catch-up runs * Changelog: add cron startup timeout catch-up note
2026-02-22 17:04:30 -06:00
- Cron/Startup: enforce per-job timeout guards for startup catch-up replay runs so missed isolated jobs cannot hang indefinitely during gateway boot recovery.
Cron: respect aborts in main wake-now retries (#23967) * Cron: respect aborts in main wake-now retries * Changelog: add main-session cron abort retry fix note * Cron tests: format post-rebase conflict resolution
2026-02-22 17:19:27 -06:00
- Cron/Main session: honor abort/timeout signals while retrying `wakeMode=now` heartbeat contention loops so main-target cron runs stop promptly instead of waiting through the full busy-retry window.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Cron/Schedule: for `every` jobs, prefer `lastRunAtMs + everyMs` when still in the future after restarts, then fall back to anchor scheduling for catch-up windows, so NEXT timing matches the last successful cadence. (#22895) Thanks @SidQin-cyber.
- Cron/Service: execute manual `cron.run` jobs outside the cron lock (while still persisting started/finished state atomically) so `cron.list` and `cron.status` remain responsive during long forced runs. (#23628) Thanks @dsgraves.
- Cron/Timer: keep a watchdog recheck timer armed while `onTimer` is actively executing so the scheduler continues polling even if a due-run tick stalls for an extended period. (#23628) Thanks @dsgraves.
Cron: clean run-log write queue entries (#23968) * Cron: clean run-log write queue entries * Changelog: add cron run-log write-queue cleanup note
2026-02-22 17:16:42 -06:00
- Cron/Run log: clean up settled per-path run-log write queue entries so long-running cron uptime does not retain stale promise bookkeeping in memory.
Gateway: harden cron.runs jobId path handling (openclaw#24038) thanks @Takhoffman Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 19:35:26 -06:00
- Cron/Run log: harden `cron.runs` run-log path resolution by rejecting path-separator `id`/`jobId` inputs and enforcing reads within the per-cron `runs/` directory.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Cron/Announce: when announce delivery target resolution fails (for example multiple configured channels with no explicit target), skip injecting fallback `Cron (error): ...` into the main session so runs fail cleanly without accidental last-route sends. (#24074) Thanks @Takhoffman.
Validate Telegram delivery targets to reject invalid formats (#21930) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 02c9b1c3dd4273988d571d513403e02e3b062e46 Co-authored-by: kesor <7056+kesor@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-23 07:14:46 +02:00
- Cron/Telegram: validate cron `delivery.to` with shared Telegram target parsing and resolve legacy `@username`/`t.me` targets to numeric IDs at send-time for deterministic delivery target writeback. (#21930) Thanks @kesor.
docs(changelog): add telegram topic target fix
2026-02-23 11:41:59 +05:30
- Telegram/Targets: normalize unprefixed topic-qualified targets through the shared parse/normalize path so valid `@channel:topic:<id>` and `<chatId>:topic:<id>` routes are recognized again. (#24166) Thanks @obviyus.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Cron/Isolation: force fresh session IDs for isolated cron runs so `sessionTarget="isolated"` executions never reuse prior run context. (#23470) Thanks @echoVic.
- Plugins/Install: strip `workspace:*` devDependency entries from copied plugin manifests before `npm install --omit=dev`, preventing `EUNSUPPORTEDPROTOCOL` install failures for npm-published channel plugins (including Feishu and MS Teams).
- Feishu/Plugins: restore bundled Feishu SDK availability for global installs and strip `openclaw: workspace:*` from plugin `devDependencies` during plugin-version sync so npm-installed Feishu plugins do not fail dependency install. (#23611, #23645, #23603)
- Config/Channels: auto-enable built-in channels by writing `channels.<id>.enabled=true` (not `plugins.entries.<id>`), and stop adding built-ins to `plugins.allow`, preventing `plugins.entries.telegram: plugin not found` validation failures.
- Config/Channels: when `plugins.allow` is active, auto-enable/enable flows now also allowlist configured built-in channels so `channels.<id>.enabled=true` cannot remain blocked by restrictive plugin allowlists.
- Plugins/Discovery: ignore scanned extension backup/disabled directory patterns (for example `.backup-*`, `.bak`, `.disabled*`) and move updater backup directories under `.openclaw-install-backups`, preventing duplicate plugin-id collisions from archived copies.
- Plugins/CLI: make `openclaw plugins enable` and plugin install/link flows update allowlists via shared plugin-enable policy so enabled plugins are not left disabled by allowlist mismatch. (#23190) Thanks @downwind7clawd-ctrl.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Voice Call: harden media stream WebSocket handling against pre-auth idle-connection DoS by adding strict pre-start timeouts, pending/per-IP connection limits, and total connection caps for streaming endpoints. Thanks @jiseoung for reporting.
docs(changelog): move mistral to top and add synology chat
2026-02-23 01:25:22 +01:00
- Security/Sessions: redact sensitive token patterns from `sessions_history` tool output and surface `contentRedacted` metadata when masking occurs. (#16928) Thanks @aether-ai-agent.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Exec: stop trusting `PATH`-derived directories for safe-bin allowlist checks, add explicit `tools.exec.safeBinTrustedDirs`, and pin safe-bin shell execution to resolved absolute executable paths to prevent binary-shadowing approval bypasses. Thanks @tdjackey for reporting.
- Security/Elevated: match `tools.elevated.allowFrom` against sender identities only (not recipient `ctx.To`), closing a recipient-token bypass for `/elevated` authorization. Thanks @jiseoung for reporting.
- Security/Feishu: enforce ID-only allowlist matching for DM/group sender authorization, normalize Feishu ID prefixes during checks, and ignore mutable display names so display-name collisions cannot satisfy allowlist entries. Thanks @jiseoung for reporting.
- Security/Group policy: harden `channels.*.groups.*.toolsBySender` matching by requiring explicit sender-key types (`id:`, `e164:`, `username:`, `name:`), preventing cross-identifier collisions across mutable/display-name fields while keeping legacy untyped keys on a deprecated ID-only path. Thanks @jiseoung for reporting.
docs: reorder 2026.2.22 changelog by user impact
2026-02-22 23:37:03 +01:00
- Channels/Group policy: fail closed when `groupPolicy: "allowlist"` is set without explicit `groups`, honor account-level `groupPolicy` overrides, and enforce `groupPolicy: "disabled"` as a hard group block. (#22215) Thanks @etereo.
- Telegram/Discord extensions: propagate trusted `mediaLocalRoots` through extension outbound `sendMedia` options so extension direct-send media paths honor agent-scoped local-media allowlists. (#20029, #21903, #23227)
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Agents/Exec: honor explicit agent context when resolving `tools.exec` defaults for runs with opaque/non-agent session keys, so per-agent `host/security/ask` policies are applied consistently. (#11832) Thanks @steipete.
CLI/Sessions: honor default agent for implicit store path
2026-02-22 22:46:59 -08:00
- CLI/Sessions: resolve implicit session-store path templates with the configured default agent ID so named-agent setups do not silently read/write stale `agent:main` session/auth stores. (#22685) Thanks @sene1337.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Doctor/Security: add an explicit warning that `approvals.exec.enabled=false` disables forwarding only, while enforcement remains driven by host-local `exec-approvals.json` policy. (#15047) Thanks @steipete.
- Sandbox/Docker: default sandbox container user to the workspace owner `uid:gid` when `agents.*.sandbox.docker.user` is unset, fixing non-root gateway file-tool permissions under capability-dropped containers. (#20979) Thanks @steipete.
fix(media): enforce agent media roots in plugin send actions Co-authored-by: Oliver Drobnik <333270+odrobnik@users.noreply.github.com> Co-authored-by: thisischappy <257418353+thisischappy@users.noreply.github.com>
2026-02-22 21:17:09 +01:00
- Plugins/Media sandbox: propagate trusted `mediaLocalRoots` through plugin action dispatch (including Discord/Telegram action adapters) so plugin send paths enforce the same agent-scoped local-media sandbox roots as core outbound sends. (#20258, #22718)
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Agents/Workspace guard: map sandbox container-workdir file-tool paths (for example `/workspace/...` and `file:///workspace/...`) to host workspace roots before workspace-only validation, preventing false `Path escapes sandbox root` rejections for sandbox file tools. (#9560) Thanks @steipete.
- Gateway/Exec approvals: expire approval requests immediately when no approval-capable gateway clients are connected and no forwarding targets are available, avoiding delayed approvals after restarts/offline approver windows. (#22144) Thanks @steipete.
docs(changelog): thank ghsa reporter for exec fix
2026-02-22 23:04:13 +01:00
- Security/Exec approvals: when approving wrapper commands with allow-always in allowlist mode, persist inner executable paths for known dispatch wrappers (`env`, `nice`, `nohup`, `stdbuf`, `timeout`) and fail closed (no persisted entry) when wrapper unwrapping is not safe, preventing wrapper-path approval bypasses. Thanks @tdjackey for reporting.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Node/macOS exec host: default headless macOS node `system.run` to local execution and only route through the companion app when `OPENCLAW_NODE_EXEC_HOST=app` is explicitly set, avoiding companion-app filesystem namespace mismatches during exec. (#23547) Thanks @steipete.
fix(sandbox): normalize /workspace media paths to host sandbox root Co-authored-by: echo931 <echo931@users.noreply.github.com>
2026-02-22 20:30:48 +01:00
- Sandbox/Media: map container workspace paths (`/workspace/...` and `file:///workspace/...`) back to the host sandbox root for outbound media validation, preventing false deny errors for sandbox-generated local media. (#23083) Thanks @echo931.
fix(sandbox): honor explicit bind mounts over workspace defaults Co-authored-by: tasaankaeris <tasaankaeris@users.noreply.github.com>
2026-02-22 20:31:40 +01:00
- Sandbox/Docker: apply custom bind mounts after workspace mounts and prioritize bind-source resolution on overlapping paths, so explicit workspace binds are no longer ignored. (#22669) Thanks @tasaankaeris.
fix(exec-approvals): harden forwarding target and resolve delivery paths Co-authored-by: bubmiller <bubmiller@users.noreply.github.com>
2026-02-22 20:32:22 +01:00
- Exec approvals/Forwarding: restore Discord text forwarding when component approvals are not configured, and carry request snapshots through resolve events so resolved notices still forward after cache misses/restarts. (#22988) Thanks @bubmiller.
fix(control-ui): stop websocket client on lifecycle teardown (#23422) Co-authored-by: floatinggball-design <262259579+floatinggball-design@users.noreply.github.com>
2026-02-22 21:09:21 +01:00
- Control UI/WebSocket: stop and clear the browser gateway client on UI teardown so remounts cannot leave orphan websocket clients that create duplicate active connections. (#23422) Thanks @floatinggball-design.
fix(control-ui): send stable websocket instance IDs (#23616) Co-authored-by: zq58855371-ui <248869919+zq58855371-ui@users.noreply.github.com>
2026-02-22 21:17:52 +01:00
- Control UI/WebSocket: send a stable per-tab `instanceId` in websocket connect frames so reconnect cycles keep a consistent client identity for diagnostics and presence tracking. (#23616) Thanks @zq58855371-ui.
fix: add mistral to MemorySearchSchema provider/fallback unions (#14934) * fix: add mistral to MemorySearchSchema provider/fallback unions The Mistral embedding provider was added to the runtime code but the Zod config schema was not updated, causing config validation to reject `provider: "mistral"` and `fallback: "mistral"` as invalid input. * Changelog: add unreleased note for Mistral memory schema fix --------- Co-authored-by: Drake (Moltbot Dev) <drake@clawd.bot> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 13:36:53 -05:00
- Config/Memory: allow `"mistral"` in `agents.defaults.memorySearch.provider` and `agents.defaults.memorySearch.fallback` schema validation. (#14934) Thanks @ThomsenDrake.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Feishu/Commands: in group chats, command authorization now falls back to top-level `channels.feishu.allowFrom` when per-group `allowFrom` is not set, so `/command` no longer gets blocked by an unintended empty allowlist. (#23756) Thanks @steipete.
Dev tooling: prevent CLAUDE symlink newline regressions
2026-02-22 12:32:04 -05:00
- Dev tooling: prevent `CLAUDE.md` symlink target regressions by excluding CLAUDE symlink sentinels from `oxfmt` and marking them `-text` in `.gitattributes`, so formatter/EOL normalization cannot reintroduce trailing-newline targets. Thanks @vincentkoc.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Agents/Compaction: restore embedded compaction safeguard/context-pruning extension loading in production by wiring bundled extension factories into the resource loader instead of runtime file-path resolution. (#22349; landed from contributor PR #5005 by @Diaspar4u) Thanks @Diaspar4u.
docs(changelog): add missing contributor credits for 2026.3.1 (#31079) * changelog: credit @BUGKillerKing for #29315 * changelog: credit @liuweifly for #14674 * changelog: credit @Sid-Qin for #29709 * changelog: credit @lailoo for #21808 * changelog: credit @openperf for #26259 * changelog: credit @icesword0760 for #28959 * changelog: credit @cowboy129 for #28529 * changelog: credit @yfge for #17798 * changelog: credit @kcinzgg for #27325 * changelog: credit @guoqunabc for #28494 * changelog: credit @WilsonLiu95 for #12755 * changelog: credit @qiangu for #18529 * changelog: credit @lailoo for unreleased #27616 * changelog: credit @tumf for unreleased #18642 * changelog: normalize unreleased #24789 credit handle * changelog: fill unreleased #24435 credit * changelog: fill unreleased #25090 credit * changelog: fill unreleased #29098 credit (entry 1) * changelog: fill unreleased #29098 credit (entry 2) * changelog: credit @liuxiaopai-ai for unreleased #30567 * changelog: credit @graysurf for unreleased #23169 * changelog: credit @pablohrcarvalho for unreleased #10686 * changelog: credit @Glucksberg for unreleased #21715 * changelog: credit @liuxiaopai-ai for unreleased #30586 * changelog: add missing credits for 2026.2.26 * changelog: add missing credits for 2026.2.25 * changelog: add missing credits for 2026.2.24 * changelog: add missing credits for 2026.2.23 * changelog: add missing credits for 2026.2.22
2026-03-01 16:04:55 -08:00
- Feishu/Media: for inbound video messages that include both `file_key` (video) and `image_key` (thumbnail), prefer `file_key` when downloading media so video attachments are saved instead of silently failing on thumbnail keys. (#23633) Thanks @steipete.
perf: skip cache-busting for bundled hooks, use mtime for workspace hooks (openclaw#16960) thanks @mudrii Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-23 06:14:51 +08:00
- Hooks/Loader: avoid redundant hook-module recompilation on gateway restart by skipping cache-busting for bundled hooks and using stable file metadata keys (`mtime+size`) for mutable workspace/managed/plugin hook imports. (#16953) Thanks @mudrii.
fix(hooks): suppress main session events for silent/delivered hook turns (#20678) * fix(hooks): suppress main session events for silent/delivered hook turns When a hook agent turn returns NO_REPLY (SILENT_REPLY_TOKEN), mark the result as delivered so the hooks handler skips enqueueSystemEvent and requestHeartbeatNow. Without this, every Gmail notification classified as NO_REPLY still injects a system event into the main agent session, causing context window growth proportional to email volume. Two-part fix: - cron/isolated-agent/run.ts: set delivered:true when synthesizedText matches SILENT_REPLY_TOKEN so callers know no notification is needed - gateway/server/hooks.ts: guard enqueueSystemEvent + requestHeartbeatNow with !result.delivered (addresses duplicate delivery, refs #20196) Refs: https://github.com/openclaw/openclaw/issues/20196 * Changelog: document hook silent-delivery suppression fix --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 09:47:42 -08:00
- Hooks/Cron: suppress duplicate main-session events for delivered hook turns and mark `SILENT_REPLY_TOKEN` (`NO_REPLY`) early exits as delivered to prevent hook context pollution. (#20678) Thanks @JonathanWorks.
fix(auto-reply): preserve OpenRouter @preset model directives (#23769) * Auto-reply: preserve OpenRouter @preset model directives * Changelog: move OpenRouter preset fix into 2026.2.22 unreleased
2026-02-22 12:46:04 -05:00
- Providers/OpenRouter: inject `cache_control` on system prompts for OpenRouter Anthropic models to improve prompt-cache reuse. (#17473) Thanks @rrenamed.
docs(changelog): note installer gum auto-path smoke coverage
2026-02-22 18:47:39 +01:00
- Installer/Smoke tests: remove legacy `OPENCLAW_USE_GUM` overrides from docker install-smoke runs so tests exercise installer auto TTY detection behavior directly.
OpenRouter: allow any model ID instead of restricting to static catalog (#14312) * OpenRouter: allow any model ID instead of restricting to static catalog OpenRouter models were restricted to a hardcoded prefix list in the internal model catalog, preventing use of newly added or less common models. This change makes OpenRouter work as the pass-through proxy it is -- any valid OpenRouter model ID now resolves dynamically. Fixes https://github.com/openclaw/openclaw/issues/5241 Changes: - Add OpenRouter as an implicit provider in resolveImplicitProviders so models.json is populated when an API key is detected (models-config.providers.ts) - Add a pass-through fallback in resolveModel that creates OpenRouter models on-the-fly when they aren't pre-registered in the local catalog ( model.ts ) - Remove the static prefix filter for OpenRouter/opencode in isModernModelRef (live-model-filter.ts) * Apply requested change for maxTokens * Agents: remove dead helper in live model filter * Changelog: note Joly0/main OpenRouter fix * Changelog: fix OpenRouter entry text --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 18:21:20 +01:00
- Providers/OpenRouter: allow pass-through OpenRouter and Opencode model IDs in live model filtering so custom routed model IDs are treated as modern refs. (#14312) Thanks @Joly0.
Default reasoning to on when model has reasoning: true (fix #22456) (#22513) * Default reasoning to on when model has reasoning: true (fix #22456) What: When a model is configured with reasoning: true in openclaw.json (e.g. OpenRouter x-ai/grok-4.1-fast), the session now defaults reasoningLevel to on if the user has not set it via /reasoning or session store. Why: Users expected setting reasoning: true on the model to enable reasoning; previously only session/directive reasoningLevel was used and it always defaulted to off, so Think stayed off despite the model config. * Chore: sync formatted files from main for CI * Changelog: note zwffff/main OpenRouter fix * Changelog: fix OpenRouter entry text * Update msteams.md * Update msteams.md * Update msteams.md --------- Co-authored-by: 曾文锋0668000834 <zeng.wenfeng@xydigit.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 01:19:36 +08:00
- Providers/OpenRouter: default reasoning to enabled when the selected model advertises `reasoning: true` and no session/directive override is set. (#22513) Thanks @zwffff.
fix(openrouter): pass reasoning.effort based on thinking level (#14664) (#17236) * fix(openrouter): pass reasoning.effort to OpenRouter API (#14664) * Agents: pass thinkLevel to extra-params wrapper * Changelog: note fix/openrouter-reasoning-effort-14664 OpenRouter fix * Changelog: fix OpenRouter entry text --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 18:14:12 +01:00
- Providers/OpenRouter: map `/think` levels to `reasoning.effort` in embedded runs while preserving explicit `reasoning.max_tokens` payloads. (#17236) Thanks @robbyczgw-cla.
OpenRouter: allow any model ID instead of restricting to static catalog (#14312) * OpenRouter: allow any model ID instead of restricting to static catalog OpenRouter models were restricted to a hardcoded prefix list in the internal model catalog, preventing use of newly added or less common models. This change makes OpenRouter work as the pass-through proxy it is -- any valid OpenRouter model ID now resolves dynamically. Fixes https://github.com/openclaw/openclaw/issues/5241 Changes: - Add OpenRouter as an implicit provider in resolveImplicitProviders so models.json is populated when an API key is detected (models-config.providers.ts) - Add a pass-through fallback in resolveModel that creates OpenRouter models on-the-fly when they aren't pre-registered in the local catalog ( model.ts ) - Remove the static prefix filter for OpenRouter/opencode in isModernModelRef (live-model-filter.ts) * Apply requested change for maxTokens * Agents: remove dead helper in live model filter * Changelog: note Joly0/main OpenRouter fix * Changelog: fix OpenRouter entry text --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 18:21:20 +01:00
- Providers/OpenRouter: preserve stored session provider when model IDs are vendor-prefixed (for example, `anthropic/...`) so follow-up turns do not incorrectly route to direct provider APIs. (#22753) Thanks @dndodson.
fix(providers): preserve openrouter/ prefix for native models (#12942) * fix(providers): preserve openrouter/ prefix for native models (#12924) OpenRouter-native models like 'openrouter/aurora-alpha' need the full 'openrouter/<name>' as the model ID in API requests. The existing parseModelRef() stripped the prefix, sending just 'aurora-alpha' which OpenRouter rejects with 400. Fix: normalizeProviderModelId() now re-adds the 'openrouter/' prefix for models without a slash (native models), while passing through external provider models (e.g. 'anthropic/claude-sonnet-4-5') as-is. Closes #12924 * Changelog: add OpenRouter note for #12942 --------- Co-authored-by: Luna AI <luna@coredirection.ai> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 22:08:46 +05:00
- Providers/OpenRouter: preserve the required `openrouter/` prefix for OpenRouter-native model IDs during model-ref normalization. (#12942) Thanks @omair445.
Update CHANGELOG.md
2026-02-22 12:12:28 -05:00
- Providers/OpenRouter: pass through provider routing parameters from model params.provider to OpenRouter request payloads for provider selection controls. (#17148) Thanks @carrotRakko.
fix(auto-reply): preserve OpenRouter @preset model directives (#23769) * Auto-reply: preserve OpenRouter @preset model directives * Changelog: move OpenRouter preset fix into 2026.2.22 unreleased
2026-02-22 12:46:04 -05:00
- Providers/OpenRouter: preserve model allowlist entries containing OpenRouter preset paths (for example `openrouter/@preset/...`) by treating `/model ...@profile` auth-profile parsing as a suffix-only override. (#14120) Thanks @NotMainstream.
fix(cron): propagate auth-profile resolution to isolated sessions (#20624) (#20689)
2026-02-23 01:45:03 +08:00
- Cron/Auth: propagate auth-profile resolution to isolated cron sessions so provider API keys are resolved the same way as main sessions, fixing 401 errors when using providers configured via auth-profiles. (#20689) Thanks @lailoo.
fix(cron): pass agentDir into embedded follow-up runs Co-authored-by: seilk <88271769+seilk@users.noreply.github.com>
2026-02-22 21:34:08 +01:00
- Cron/Follow-up: pass resolved `agentDir` through isolated cron and queued follow-up embedded runs so auth/profile lookups stay scoped to the correct agent directory. (#22845) Thanks @seilk.
fix(agents): validate tool-result MEDIA directives with shared parser Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>
2026-02-22 19:51:38 +01:00
- Agents/Media: route tool-result `MEDIA:` extraction through shared parser validation so malformed prose like `MEDIA:-prefixed ...` is no longer treated as a local file path (prevents Telegram ENOENT tool-error overrides). (#18780) Thanks @HOYALIM.
fix(logging): cap file logs with configurable maxFileBytes Co-authored-by: Xinhua Gu <562450+xinhuagu@users.noreply.github.com>
2026-02-22 17:58:51 +01:00
- Logging: cap single log-file size with `logging.maxFileBytes` (default 500 MB) and suppress additional writes after cap hit to prevent disk exhaustion from repeated error storms.
docs(changelog): add memory remote-guard hardening notes
2026-02-22 18:14:15 +01:00
- Memory/Remote HTTP: centralize remote memory HTTP calls behind a shared guarded helper (`withRemoteHttpResponse`) so embeddings and batch flows use one request/release path.
- Memory/Embeddings: apply configured remote-base host pinning (`allowedHostnames`) across OpenAI/Voyage/Gemini embedding requests to keep private/self-hosted endpoints working without cross-host drift. (#18198) Thanks @ianpcook.
- Memory/Batch: route OpenAI/Voyage/Gemini batch upload/create/status/download requests through the same guarded HTTP path for consistent SSRF policy enforcement.
fix(memory): reindex when sources change
2026-02-22 15:12:01 -08:00
- Memory/Index: detect memory source-set changes (for example enabling `sessions` after an existing memory-only index) and trigger a full reindex so existing session transcripts are indexed without requiring `--force`. (#17576) Thanks @TarsAI-Agent.
fix(memory): hard-cap embedding inputs before batch
2026-02-22 15:40:07 -08:00
- Memory/Embeddings: enforce a per-input 8k safety cap before embedding batching and apply a conservative 2k fallback limit for local providers without declared input limits, preventing oversized session/memory chunks from triggering provider context-size failures during sync/indexing. (#6016) Thanks @batumilove.
fix(memory): resolve qmd Windows shim commands
2026-02-22 14:24:42 -08:00
- Memory/QMD: on Windows, resolve bare `qmd`/`mcporter` command names to npm shim executables (`.cmd`) before spawning, so qmd boot updates and mcporter-backed searches no longer fail with `spawn ... ENOENT` on default npm installs. (#23899) Thanks @arcbuilder-ai.
fix(memory): harden qmd collection recovery
2026-02-22 14:39:28 -08:00
- Memory/QMD: parse plain-text `qmd collection list --json` output when older qmd builds ignore JSON mode, and retry memory searches once after re-ensuring managed collections when qmd returns `Collection not found ...`. (#23613) Thanks @leozhucn.
Changelog: add PR 23636 iOS/watch notes
2026-02-22 15:00:36 +00:00
- iOS/Watch: normalize watch quick-action notification payloads, support mirrored indexed actions beyond primary/secondary, and fix iOS test-target signing/compile blockers for watch notify coverage. (#23636) Thanks @mbelinky.
fix: add signal rpc malformed-json regression test (#22995) (thanks @adhitShet)
2026-02-22 15:22:39 +01:00
- Signal/RPC: guard malformed Signal RPC JSON responses with a clear status-scoped error and add regression coverage for invalid JSON responses. (#22995) Thanks @adhitShet.
fix(gateway): guard trim crashes in subagent flow
2026-02-22 13:20:53 +01:00
- Gateway/Subagents: guard gateway and subagent session-key/message trim paths against undefined inputs to prevent early `Cannot read properties of undefined (reading 'trim')` crashes during subagent spawn and wait flows.
fix(utils): guard resolveUserPath for missing workspace input
2026-02-22 13:19:12 +01:00
- Agents/Workspace: guard `resolveUserPath` against undefined/null input to prevent `Cannot read properties of undefined (reading 'trim')` crashes when workspace paths are missing in embedded runner flows.
fix: keep auth-profile cooldown windows immutable in-window (#23536) (thanks @arosstale)
2026-02-22 13:13:33 +01:00
- Auth/Profiles: keep active `cooldownUntil`/`disabledUntil` windows immutable across retries so mid-window failures cannot extend recovery indefinitely; only recompute a backoff window after the previous deadline has expired. This resolves cron/inbound retry loops that could trap gateways until manual `usageStats` cleanup. (#23516, #23536) Thanks @arosstale.
fix: fail closed missing provider group policy across message channels (#23367) (thanks @bmendonca3)
2026-02-22 12:17:44 +01:00
- Channels/Security: fail closed on missing provider group policy config by defaulting runtime group policy to `allowlist` (instead of inheriting `channels.defaults.groupPolicy`) when `channels.<provider>` is absent across message channels, and align runtime + security warnings/docs to the same fallback behavior (Slack, Discord, iMessage, Telegram, WhatsApp, Signal, LINE, Matrix, Mattermost, Google Chat, IRC, Nextcloud Talk, Feishu, and Zalo user flows; plus Discord message/native-command paths). (#23367) Thanks @bmendonca3.
fix: add changelog entry for remote ws onboarding hardening (#23476) (thanks @bmendonca3)
2026-02-22 12:45:56 +01:00
- Gateway/Onboarding: harden remote gateway onboarding defaults and guidance by defaulting discovered direct URLs to `wss://`, rejecting insecure non-loopback `ws://` targets in onboarding validation, and expanding remote-security remediation messaging across gateway client/call/doctor flows. (#23476) Thanks @bmendonca3.
fix(session): resolve agent session path with configured sessions dir Co-authored-by: David Rudduck <david@rudduck.org.au>
2026-02-22 11:35:41 +01:00
- CLI/Sessions: pass the configured sessions directory when resolving transcript paths in `agentCommand`, so custom `session.store` locations resume sessions reliably. Thanks @davidrudduck.
fix: handle intentional signal daemon shutdown on abort (#23379) (thanks @frankekn)
2026-02-22 10:59:06 +01:00
- Signal/Monitor: treat user-initiated abort shutdowns as clean exits when auto-started `signal-cli` is terminated, while still surfacing unexpected daemon exits as startup/runtime failures. (#23379) Thanks @frankekn.
fix: tighten feishu dedupe boundary (#23377) (thanks @SidQin-cyber)
2026-02-22 11:12:21 +01:00
- Channels/Dedupe: centralize plugin dedupe primitives in plugin SDK (memory + persistent), move Feishu inbound dedupe to a namespace-scoped persistent store, and reuse shared dedupe cache logic for Zalo webhook replay + Tlon processed-message tracking to reduce duplicate handling during reconnect/replay paths. (#23377) Thanks @SidQin-cyber.
fix: stop hardcoded channel fallback and auto-pick sole configured channel (#23357) (thanks @lbo728) Co-authored-by: lbo728 <extreme0728@gmail.com>
2026-02-22 11:20:33 +01:00
- Channels/Delivery: remove hardcoded WhatsApp delivery fallbacks; require explicit/session channel context or auto-pick the sole configured channel when unambiguous. (#23357) Thanks @lbo728.
fix: harden ACP gateway startup sequencing (#23390) (thanks @janckerchen)
2026-02-22 10:42:33 +01:00
- ACP/Gateway: wait for gateway hello before opening ACP requests, and fail fast on pre-hello connect failures to avoid startup hangs and early `gateway not connected` request races. (#23390) Thanks @janckerchen.
refactor(gateway): unify auth credential resolution
2026-02-22 18:21:20 +01:00
- Gateway/Auth: preserve `OPENCLAW_GATEWAY_PASSWORD` env override precedence for remote gateway call credentials after shared resolver refactors, preventing stale configured remote passwords from overriding runtime secret rotation.
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
- Gateway/Auth: preserve shared-token `gateway token mismatch` auth errors when `auth.token` fallback device-token checks fail, and reserve `device token mismatch` guidance for explicit `auth.deviceToken` failures.
refactor(gateway): unify credential precedence across entrypoints
2026-02-22 18:54:58 +01:00
- Gateway/Tools: when agent tools pass an allowlisted `gatewayUrl` override, resolve local override tokens from env/config fallback but keep remote overrides strict to `gateway.remote.token`, preventing local token leakage to remote targets.
- Gateway/Client: keep cached device-auth tokens on `device token mismatch` closes when the client used explicit shared token/password credentials, avoiding accidental pairing-token churn during explicit-auth failures.
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
- Node host/Exec: keep strict Windows allowlist behavior for `cmd.exe /c` shell-wrapper runs, and return explicit approval guidance when blocked (`SYSTEM_RUN_DENIED: allowlist miss`).
- Control UI: show pairing-required guidance (commands + mobile tokenized URL reminder) when the dashboard disconnects with `1008 pairing required`.
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:42 +01:00
- Security/Audit: add `openclaw security audit` detection for open group policies that expose runtime/filesystem tools without sandbox/workspace guards (`security.exposure.open_groups_with_runtime_or_fs`).
fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3)
2026-02-22 11:05:27 +01:00
- Security/Audit: make `gateway.real_ip_fallback_enabled` severity conditional for loopback trusted-proxy setups (warn for loopback-only `trustedProxies`, critical when non-loopback proxies are trusted). (#23428) Thanks @bmendonca3.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Exec env: block request-scoped `HOME` and `ZDOTDIR` overrides in host exec env sanitizers (Node + macOS), preventing shell startup-file execution before allowlist-evaluated command bodies. Thanks @tdjackey for reporting.
- Security/Exec env: block `SHELLOPTS`/`PS4` in host exec env sanitizers and restrict shell-wrapper (`bash|sh|zsh ... -c/-lc`) request env overrides to a small explicit allowlist (`TERM`, `LANG`, `LC_*`, `COLORTERM`, `NO_COLOR`, `FORCE_COLOR`) on both node host and macOS companion paths, preventing xtrace prompt command-substitution allowlist bypasses. Thanks @tdjackey for reporting.
WhatsApp: enforce allowFrom for explicit outbound sends (#20921) * whatsapp: enforce allowFrom in explicit outbound mode * Update CHANGELOG.md --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 00:13:23 +01:00
- WhatsApp/Security: enforce `allowFrom` for direct-message outbound targets in all send modes (including `mode: "explicit"`), preventing sends to non-allowlisted numbers. (#20108) Thanks @zahlmann.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Exec approvals: fail closed on shell line continuations (`\\\n`/`\\\r\n`) and treat shell-wrapper execution as approval-required in allowlist mode, preventing `$\\` newline command-substitution bypasses. Thanks @tdjackey for reporting.
docs(security): clarify dangerous control-ui bypass policy
2026-02-22 10:10:57 +01:00
- Security/Gateway: emit a startup security warning when insecure/dangerous config flags are enabled (including `gateway.controlUi.dangerouslyDisableDeviceAuth=true`) and point operators to `openclaw security audit`.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Hooks auth: normalize hook auth rate-limit client IP keys so IPv4 and IPv4-mapped IPv6 addresses share one throttle bucket, preventing dual-form auth-attempt budget bypasses. Thanks @aether-ai-agent for reporting.
- Security/Exec approvals: treat `env` and shell-dispatch wrappers as transparent during allowlist analysis on node-host and macOS companion paths so policy checks match the effective executable/inline shell payload instead of the wrapper binary, blocking wrapper-smuggled allowlist bypasses. Thanks @tdjackey for reporting.
- Security/Exec approvals: require explicit safe-bin profiles for `tools.exec.safeBins` entries in allowlist mode (remove generic safe-bin profile fallback), and add `tools.exec.safeBinProfiles` for safe custom binaries so unprofiled interpreter-style entries cannot be treated as stdin-safe. Thanks @tdjackey for reporting.
refactor(security): unify secure id paths and guard weak patterns
2026-02-22 10:14:55 +01:00
- Security/Channels: harden Slack external menu token handling by switching to CSPRNG tokens, validating token shape, requiring user identity for external option lookups, and avoiding fabricated timestamp `trigger_id` fallbacks; also switch Tlon Urbit channel IDs to CSPRNG UUIDs, centralize secure ID/token generation via shared infra helpers, and add a guardrail test to block new runtime `Date.now()+Math.random()` token/id patterns.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Hooks transforms: enforce symlink-safe containment for webhook transform module paths (including `hooks.transformsDir` and `hooks.mappings[].transform.module`) by resolving existing-path ancestors via realpath before import, while preserving in-root symlink support; add regression coverage for both escape and allow cases. Thanks @aether-ai-agent for reporting.
fix(telegram): disable autoSelectFamily by default on WSL2 (#21916) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 431fd966706e300a378b177b25b00af952eddc8b Co-authored-by: MizukiMachine <185313792+MizukiMachine@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 14:24:49 +09:00
- Telegram/WSL2: disable `autoSelectFamily` by default on WSL2 and memoize WSL2 detection in Telegram network decision logic to avoid repeated sync `/proc/version` probes on fetch/send paths. (#21916) Thanks @MizukiMachine.
fix(telegram): add dnsResultOrder=ipv4first default on Node 22+ to fix fetch failures (#5405) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 71366e9532b6c67f0413b65a9ac8623eae000e9b Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 10:37:51 -04:00
- Telegram/Network: default Node 22+ DNS result ordering to `ipv4first` for Telegram fetch paths and add `OPENCLAW_TELEGRAM_DNS_RESULT_ORDER`/`channels.telegram.network.dnsResultOrder` overrides to reduce IPv6-path fetch failures. (#5405) Thanks @Glucksberg.
Telegram: coalesce forwarded text+media bursts into one inbound turn (#19476) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 09e0b4e9bd1a799c30249f21b87782429a8f8e32 Co-authored-by: napetrov <18015221+napetrov@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 08:11:09 -08:00
- Telegram/Forward bursts: coalesce forwarded text+media updates through a dedicated forward lane debounce window that works with default inbound debounce config, while keeping forwarded control commands immediate. (#19476) thanks @napetrov.
fix: prevent Telegram preview stream cross-edit race (#23202) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 529abf209d56d9f991a7d308f4ecce78ac992e94 Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 10:04:33 +05:30
- Telegram/Streaming: preserve archived draft preview mapping after flush and clean superseded reasoning preview bubbles so multi-message preview finals no longer cross-edit or orphan stale messages under send/rotation races. (#23202) Thanks @obviyus.
fix(replies): keep finals for cross-target messaging sends Co-authored-by: Ion Mudreac <mudreac@gmail.com>
2026-02-22 19:32:06 +01:00
- Telegram/Replies: scope messaging-tool text/media dedupe to same-target sends only, so cross-target tool sends can no longer silently suppress Telegram final replies.
fix(replies): normalize media path variants for dedupe Co-authored-by: Ho Lim <subhoya@gmail.com>
2026-02-22 19:33:10 +01:00
- Telegram/Replies: normalize `file://` and local-path media variants during messaging dedupe so equivalent media paths do not produce duplicate Telegram replies.
fix(telegram): link forwarded messages with comments (#9720) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 5f81061b5f613903422a624d95aab8b0fc04027a Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 12:53:56 -03:00
- Telegram/Replies: extract forwarded-origin context from unified reply targets (`reply_to_message` and `external_reply`) so forward+comment metadata is preserved across partial reply shapes. (#9720) thanks @mcaxtr.
fix(telegram): prevent update offset skipping queued updates (#23284) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 92efaf956bf906a176d1e6c5488ddcb02d89b4e1 Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 02:20:33 -08:00
- Telegram/Polling: persist a safe update-offset watermark bounded by pending updates so crash/restart cannot skip queued lower `update_id` updates after out-of-order completion. (#23284) thanks @frankekn.
fix(telegram): restart stalled polling after unhandled network errors
2026-02-22 17:06:59 +01:00
- Telegram/Polling: force-restart stuck runner instances when recoverable unhandled network rejections escape the polling task path, so polling resumes instead of silently stalling. (#19721) Thanks @jg-noncelogic.
Slack: preserve slash options receiver binding
2026-02-21 20:01:26 -08:00
- Slack/Slash commands: preserve the Bolt app receiver when registering external select options handlers so monitor startup does not crash on runtimes that require bound `app.options` calls. (#23209) Thanks @0xgaia.
fix(slash): persist channel metadata from slash command sessions (#23065) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 29fa20c7d773b2aac62dea912e00e438ce8ba9f6 Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 05:59:06 +01:00
- Slack/Telegram slash sessions: await session metadata persistence before dispatch so first-turn native slash runs do not race session-origin metadata updates. (#23065) thanks @hydro13.
fix(slack): finalize replyToMode off threading behavior (#23799) * fix: make replyToMode 'off' actually prevent threading in Slack Three independent bugs caused Slack replies to always create threads even when replyToMode was set to 'off': 1. Typing indicator created threads via statusThreadTs fallback (#16868) - resolveSlackThreadTargets fell back to messageTs for statusThreadTs - 'is typing...' was posted as thread reply, creating a thread - Fix: remove messageTs fallback, let statusThreadTs be undefined 2. [[reply_to_current]] tags bypassed replyToMode entirely (#16080) - Slack dock had allowExplicitReplyTagsWhenOff: true - Reply tags from system prompt always threaded regardless of config - Fix: set allowExplicitReplyTagsWhenOff to false for Slack 3. Contradictory replyToMode defaults in codebase (#20827) - monitor/provider.ts defaulted to 'all' - accounts.ts defaulted to 'off' (matching docs) - Fix: align provider.ts default to 'off' per documentation Fixes: openclaw/openclaw#16868, openclaw/openclaw#16080, openclaw/openclaw#20827 * fix(slack): respect replyToMode in DMs even with typing indicator thread When replyToMode is 'off' in DMs, replies should stay in the main conversation even when the typing indicator creates a thread context. Previously, when incomingThreadTs was set (from the typing indicator's thread), replyToMode was forced to 'all', causing all replies to go into the thread. Now, for direct messages, the user's configured replyToMode is always respected. For channels/groups, the existing behavior is preserved (stay in thread if already in one). This fix: - Keeps the typing indicator working (statusThreadTs fallback preserved) - Prevents DM replies from being forced into threads - Maintains channel thread continuity Fixes #16868 * refactor(slack): eliminate redundant resolveSlackThreadContext call - Add isThreadReply to resolveSlackThreadTargets return value - Remove duplicate call in dispatch.ts - Addresses greptile review feedback with cleaner DRY approach * docs(slack): add JSDoc to resolveSlackThreadTargets Document return values including isThreadReply distinction between genuine user thread replies vs bot status message thread context. * docs(changelog): record Slack replyToMode off threading fixes --------- Co-authored-by: James <jamesrp13@gmail.com> Co-authored-by: theoseo <suhong.seo@gmail.com>
2026-02-22 13:27:50 -05:00
- Slack/Queue routing: preserve string `thread_ts` values through collect-mode queue drain and DM `deliveryContext` updates so threaded follow-ups do not leak to the main channel when Slack thread IDs are strings. (#11934) Thanks @sandieman2 and @vincentkoc.
fix(telegram): set provider on native command context Co-authored-by: Serhii Panchyshyn <panchyshyn.serhii@gmail.com>
2026-02-22 19:18:50 +01:00
- Telegram/Native commands: set `ctx.Provider="telegram"` for native slash-command context so elevated gate checks resolve provider correctly (fixes `provider (ctx.Provider)` failures in `/elevated` flows). (#23748) Thanks @serhii12.
Agents: preserve unsafe integer tool args in Ollama stream
2026-02-21 19:08:31 -08:00
- Agents/Ollama: preserve unsafe integer tool-call arguments as exact strings during NDJSON parsing, preventing large numeric IDs from being rounded before tool execution. (#23170) Thanks @BestJoester.
Cron: keep list/status responsive during startup catch-up
2026-02-21 19:13:04 -08:00
- Cron/Gateway: keep `cron.list` and `cron.status` responsive during startup catch-up by avoiding a long-held cron lock while missed jobs execute. (#23106) Thanks @jayleekr.
Gateway: deep-compare array config paths for reload diff
2026-02-21 19:17:46 -08:00
- Gateway/Config reload: compare array-valued config paths structurally during diffing so unchanged `memory.qmd.paths` and `memory.qmd.scope.rules` no longer trigger false restart-required reloads. (#23185) Thanks @rex05ai.
fix: retry missing config snapshots before skip (#23343) (thanks @lbo728)
2026-02-22 15:34:11 +01:00
- Gateway/Config reload: retry short-lived missing config snapshots during reload before skipping, preventing atomic-write unlink windows from triggering restart loops. (#23343) Thanks @lbo728.
Cron: guard missing expr in schedule parsing
2026-02-21 20:18:11 -08:00
- Cron/Scheduling: validate runtime cron expressions before schedule/stagger evaluation so malformed persisted jobs report a clear `invalid cron schedule: expr is required` error instead of crashing with `undefined.trim` failures and auto-disable churn. (#23223) Thanks @asimons81.
Memory/QMD: migrate legacy unscoped collections
2026-02-21 20:31:12 -08:00
- Memory/QMD: migrate legacy unscoped collection bindings (for example `memory-root`) to per-agent scoped names (for example `memory-root-main`) during startup when safe, so QMD-backed `memory_search` no longer fails with `Collection not found` after upgrades. (#23228, #20727) Thanks @JLDynamics and @AaronFaby.
Memory/QMD: normalize Han-script BM25 search queries
2026-02-22 01:53:00 -08:00
- Memory/QMD: normalize Han-script BM25 search queries before invoking `qmd search` so mixed CJK+Latin prompts no longer return empty results due to tokenizer mismatch. (#23426) Thanks @LunaLee0130.
TUI: coalesce multiline paste submits on macOS terminals
2026-02-21 19:19:55 -08:00
- TUI/Input: enable multiline-paste burst coalescing on macOS Terminal.app and iTerm so pasted blocks no longer submit line-by-line as separate messages. (#18809) Thanks @fwends.
TUI: preserve RTL text order in terminal output
2026-02-22 01:09:51 -08:00
- TUI/RTL: isolate right-to-left script lines (Arabic/Hebrew ranges) with Unicode bidi isolation marks in TUI text sanitization so RTL assistant output no longer renders in reversed visual order in terminal chat panes. (#21936) Thanks @Asm3r96.
TUI: render sending and waiting indicators immediately
2026-02-21 19:28:42 -08:00
- TUI/Status: request immediate renders after setting `sending`/`waiting` activity states so in-flight runs always show visible progress indicators instead of appearing idle until completion. (#21549) Thanks @13Guinness.
TUI: make Ctrl+C exit behavior reliably responsive
2026-02-22 01:28:48 -08:00
- TUI/Input: arm Ctrl+C exit timing when clearing non-empty composer text and add a SIGINT fallback path so double Ctrl+C exits remain responsive during active runs instead of requiring an extra press or appearing stuck. (#23407) Thanks @tinybluedev.
Agents: classify Anthropic api_error internal server failures for fallback
2026-02-21 19:22:16 -08:00
- Agents/Fallbacks: treat JSON payloads with `type: "api_error"` + `"Internal server error"` as transient failover errors so Anthropic 500-style failures trigger model fallback. (#23193) Thanks @jarvis-lane.
fix: harden flaky tests and cover native google thought signatures (#23457) (thanks @echoVic)
2026-02-22 12:22:38 +01:00
- Agents/Google: sanitize non-base64 `thought_signature`/`thoughtSignature` values from assistant replay transcripts for native Google Gemini requests while preserving valid signatures and tool-call order. (#23457) Thanks @echoVic.
Agents: validate persisted tool-call names
2026-02-21 23:06:44 -08:00
- Agents/Transcripts: validate assistant tool-call names (syntax/length + registered tool allowlist) before transcript persistence and during replay sanitization so malformed failover tool names no longer poison sessions with repeated provider HTTP 400 errors. (#23324) Thanks @johnsantry.
fix: sanitize tool call IDs in agent loop for Mistral strict9 format (#23595) (#23698) * fix: sanitize tool call IDs in agent loop for Mistral strict9 format (#23595) Mistral requires tool call IDs to be exactly 9 alphanumeric characters ([a-zA-Z0-9]{9}). The existing sanitizeToolCallIdsForCloudCodeAssist mechanism only ran on historical messages at attempt start via sanitizeSessionHistory, but the pi-agent-core agent loop's internal tool call → tool result cycles bypassed that path entirely. Changes: - Wrap streamFn (like dropThinkingBlocks) so every outbound request sees sanitized tool call IDs when the transcript policy requires it - Replace call_${Date.now()} in pendingToolCalls with a 9-char hex ID generated from crypto.randomBytes - Add Mistral tool call ID error pattern to ERROR_PATTERNS.format so the error is correctly classified for retry/rotation * Changelog: document Mistral strict9 tool-call ID fix --------- Co-authored-by: echoVic <AkiraVic@outlook.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 02:37:12 +08:00
- Agents/Mistral: sanitize tool-call IDs in the embedded agent loop and generate strict provider-safe pending tool-call IDs, preventing Mistral strict9 `HTTP 400` failures on tool continuations. (#23698) Thanks @echoVic.
Agents: drop stale pre-compaction usage snapshots
2026-02-21 23:47:06 -08:00
- Agents/Compaction: strip stale assistant usage snapshots from pre-compaction turns when replaying history after a compaction summary so context-token estimation no longer reuses pre-compaction totals and immediately re-triggers destructive follow-up compactions. (#19127) Thanks @tedwatson.
docs(changelog): move mistral to top and add synology chat
2026-02-23 01:25:22 +01:00
- Agents/Replies: emit a default completion acknowledgement (`✅ Done.`) only for direct/private tool-only completions with no final assistant text, while suppressing synthetic acknowledgements for channel/group sessions and runs that already delivered output via messaging tools. (#22834) Thanks @Oldshue.
Agents/Subagents: honor subagent alsoAllow grants
2026-02-22 00:39:16 -08:00
- Agents/Subagents: honor `tools.subagents.tools.alsoAllow` and explicit subagent `allow` entries when resolving built-in subagent deny defaults, so explicitly granted tools (for example `sessions_send`) are no longer blocked unless re-denied in `tools.subagents.tools.deny`. (#23359) Thanks @goren-beehero.
fix(subagents): restore configurable announce timeout Co-authored-by: Valadon <20071960+Valadon@users.noreply.github.com>
2026-02-22 21:36:43 +01:00
- Agents/Subagents: make announce call timeouts configurable via `agents.defaults.subagents.announceTimeoutMs` and restore a 60s default to prevent false timeout failures on slower announce paths. (#22719) Thanks @Valadon.
Agents: log lifecycle error text for embedded run failures
2026-02-21 19:24:45 -08:00
- Agents/Diagnostics: include resolved lifecycle error text in `embedded run agent end` warnings so UI/TUI “Connection error” runs expose actionable provider failure reasons in gateway logs. (#23054) Thanks @Raize.
Agent: resolve resumed session agent scope before run
2026-02-22 22:37:54 -08:00
- Agents/Auth profiles: resolve `agentCommand` session scope before choosing `agentDir`/workspace so resumed runs no longer read auth from `agents/main/agent` when the resolved session belongs to a different/default agent (for example `agent:exec:*` sessions). (#24016) Thanks @abersonFAC.
fix: align timeout cooldown behavior docs/tests (#22622) (thanks @vageeshkumar)
2026-02-22 15:33:40 +01:00
- Agents/Auth profiles: skip auth-profile cooldown writes for timeout failures in embedded runner rotation so model/network timeouts do not poison same-provider fallback model selection while still allowing in-turn account rotation. (#22622) Thanks @vageeshkumar.
Plugins/Hooks: avoid duplicate before_agent_start executions
2026-02-21 22:31:51 -08:00
- Plugins/Hooks: run legacy `before_agent_start` once per agent turn and reuse that result across model-resolve and prompt-build compatibility paths, preventing duplicate hook side effects (for example duplicate external API calls). (#23289) Thanks @ksato8710.
Models/Config: default missing Anthropic model api fields
2026-02-21 22:50:43 -08:00
- Models/Config: default missing Anthropic provider/model `api` fields to `anthropic-messages` during config validation so custom relay model entries are preserved instead of being dropped by runtime model registry validation. (#23332) Thanks @bigbigmonkey123.
Gateway: preserve token scopes on scope-less repair approvals
2026-02-21 19:37:15 -08:00
- Gateway/Pairing: preserve existing approved token scopes when processing repair pairings that omit `scopes`, preventing empty-scope token regressions on reconnecting clients. (#21906) Thanks @paki81.
docs(changelog): credit nicole-luxe for mcporter QMD work
2026-02-21 17:30:42 -08:00
- Memory/QMD: add optional `memory.qmd.mcporter` search routing so QMD `query/search/vsearch` can run through mcporter keep-alive flows (including multi-collection paths) to reduce cold starts, while keeping searches on agent-scoped QMD state for consistent recall. (#19617) Thanks @nicole-luxe and @vignesh07.
fix(infra): treat undici fetch failed as transient unhandled rejection
2026-02-22 17:05:20 +01:00
- Infra/Network: classify undici `TypeError: fetch failed` as transient in unhandled-rejection detection even when nested causes are unclassified, preventing avoidable gateway crash loops on flaky networks. (#14345) Thanks @Unayung.
fix(telegram): classify undici fetch errors as recoverable for retry (#16699) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 67b5bce44f7014c8cbefc00eed0731e61d6300b9 Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 06:46:11 -04:00
- Telegram/Retry: classify undici `TypeError: fetch failed` as recoverable in both polling and send retry paths so transient fetch failures no longer fail fast. (#16699) thanks @Glucksberg.
docs(telegram): align Node22 network defaults and setup guidance
2026-02-22 17:09:06 +01:00
- Docs/Telegram: correct Node 22+ network defaults (`autoSelectFamily`, `dnsResultOrder`) and clarify Telegram setup does not use positional `openclaw channels login telegram`. (#23609) Thanks @ryanbastic.
docs(changelog): credit BlueBubbles DM history fix (#23095)
2026-02-21 20:03:17 -05:00
- BlueBubbles/DM history: restore DM backfill context with account-scoped rolling history, bounded backfill retries, and safer history payload limits. (#20302) Thanks @Ryan-Haines.
fix: align BlueBubbles private-api null fallback + warning (#23459) (thanks @echoVic)
2026-02-22 11:47:17 +01:00
- BlueBubbles/Private API cache: treat unknown (`null`) private-API cache status as disabled for send/attachment/reply flows to avoid stale-cache 500s, and log a warning when reply/effect features are requested while capability is unknown. (#23459) Thanks @echoVic.
BlueBubbles: accept webhook payloads with missing handles
2026-02-21 22:10:19 -08:00
- BlueBubbles/Webhooks: accept inbound/reaction webhook payloads when BlueBubbles omits `handle` but provides DM `chatGuid`, and harden payload extraction for array/string-wrapped message bodies so valid webhook events no longer get rejected as unparseable. (#23275) Thanks @toph31.
fix(security): harden gateway command/audit guardrails
2026-02-22 08:44:12 +01:00
- Security/Audit: add `openclaw security audit` finding `gateway.nodes.allow_commands_dangerous` for risky `gateway.nodes.allowCommands` overrides, with severity upgraded to critical on remote gateway exposure.
- Gateway/Control plane: reduce cross-client write limiter contention by adding `connId` fallback keying when device ID and client IP are both unavailable.
fix: harden config prototype-key guards (#22968) (thanks @Clawborn)
2026-02-22 00:24:54 +01:00
- Security/Config: block prototype-key traversal during config merge patch and legacy migration merge helpers (`__proto__`, `constructor`, `prototype`) to prevent prototype pollution during config mutation flows. (#22968) Thanks @Clawborn.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Shell env: validate login-shell executable paths for shell-env fallback (`/etc/shells` + trusted prefixes), block `SHELL`/`HOME`/`ZDOTDIR` in config env ingestion before fallback execution, and sanitize fallback shell exec env to pin `HOME` to the real user home while dropping `ZDOTDIR` and other dangerous startup vars. Thanks @tdjackey for reporting.
fix(net): enable family fallback for pinned SSRF dispatcher
2026-02-22 17:08:29 +01:00
- Network/SSRF: enable `autoSelectFamily` on pinned undici dispatchers (with attempt timeout) so IPv6-unreachable environments can quickly fall back to IPv4 for guarded fetch paths. (#19950) Thanks @ENAwareness.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
- Security/Config: make parsed chat allowlist checks fail closed when `allowFrom` is empty, restoring expected DM/pairing gating.
- Security/Exec: in non-default setups that manually add `sort` to `tools.exec.safeBins`, block `sort --compress-program` so allowlist-mode safe-bin checks cannot bypass approval. Thanks @tdjackey for reporting.
Security/Exec: persist inner commands for shell-wrapper approvals
2026-02-21 21:26:06 -08:00
- Security/Exec approvals: when users choose `allow-always` for shell-wrapper commands (for example `/bin/zsh -lc ...`), persist allowlist patterns for the inner executable(s) instead of the wrapper shell binary, preventing accidental broad shell allowlisting in moderate mode. (#23276) Thanks @xrom2863.
fix(exec): restore sandbox as implicit host default
2026-02-23 01:48:09 +01:00
- Security/Exec: fail closed when `tools.exec.host=sandbox` is configured/requested but sandbox runtime is unavailable. (#23398) Thanks @bmendonca3.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/macOS app beta: enforce path-only `system.run` allowlist matching (drop basename matches like `echo`), migrate legacy basename entries to last resolved paths when available, and harden shell-chain handling to fail closed on unsafe parse/control syntax (including quoted command substitution/backticks). This is an optional allowlist-mode feature; default installs remain deny-by-default. Thanks @tdjackey for reporting.
- Security/Agents: auto-generate and persist a dedicated `commands.ownerDisplaySecret` when `commands.ownerDisplay=hash`, remove gateway token fallback from owner-ID prompt hashing across CLI and embedded agent runners, and centralize owner-display secret resolution in one shared helper. Thanks @aether-ai-agent for reporting.
- Security/SSRF: expand IPv4 fetch guard blocking to include RFC special-use/non-global ranges (including benchmarking, TEST-NET, multicast, and reserved/broadcast blocks), centralize range checks into a single CIDR policy table, and reuse one shared host/IP classifier across literal + DNS checks to reduce classifier drift. Thanks @princeeismond-dot for reporting.
fix(network): normalize SSRF IP parsing and monitor typing
2026-02-22 18:55:12 +01:00
- Security/SSRF: block RFC2544 benchmarking range (`198.18.0.0/15`) across direct and embedded-IP paths, and normalize IPv6 dotted-quad transition literals (for example `::127.0.0.1`, `64:ff9b::8.8.8.8`) in shared IP parsing/classification.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
- Security/Archive: block zip symlink escapes during archive extraction.
fix: harden sandbox tmp media validation (#17892) (thanks @dashed)
2026-02-22 00:23:55 +01:00
- Security/Media sandbox: keep tmp media allowance for absolute tmp paths only and enforce symlink-escape checks before sandbox-validated reads, preventing tmp symlink exfiltration and relative `../` sandbox escapes when sandboxes live under tmp. (#17892) Thanks @dashed.
Browser: accept canonical upload paths for symlinked roots
2026-02-21 21:54:57 -08:00
- Browser/Upload: accept canonical in-root upload paths when the configured uploads directory is a symlink alias (for example `/tmp` -> `/private/tmp` on macOS), so browser upload validation no longer rejects valid files during client->server revalidation. (#23300, #23222, #22848) Thanks @bgaither4, @parkerati, and @Nabsku.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
- Security/Discord: add `openclaw security audit` warnings for name/tag-based Discord allowlist entries (DM allowlists, guild/channel `users`, and pairing-store entries), highlighting slug-collision risk while keeping name-based matching supported, and canonicalize resolved Discord allowlist names to IDs at runtime without rewriting config files. Thanks @tdjackey for reporting.
- Security/Gateway: block node-role connections when device identity metadata is missing.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Media: enforce inbound media byte limits during download/read across Discord, Telegram, Zalo, Microsoft Teams, and BlueBubbles to prevent oversized payload memory spikes before rejection. Thanks @tdjackey for reporting.
Media: preserve PDF MIME classification in file extraction
2026-02-21 20:50:17 -08:00
- Media/Understanding: preserve `application/pdf` MIME classification during text-like file heuristics so PDF uploads use PDF extraction paths instead of being inlined as raw text. (#23191) Thanks @claudeplay2026-byte.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Control UI: block symlink-based out-of-root static file reads by enforcing realpath containment and file-identity checks when serving Control UI assets and SPA fallback `index.html`. Thanks @tdjackey for reporting.
- Security/Gateway avatars: block symlink traversal during local avatar `data:` URL resolution by enforcing realpath containment and file-identity checks before reads. Thanks @tdjackey for reporting.
fix(security): harden avatar validation and size limits
2026-02-22 08:35:23 +01:00
- Security/Control UI: centralize avatar URL/path validation across gateway/config helpers and enforce a 2 MB max size for local agent avatar files before `/avatar` resolution, reducing oversized-avatar memory risk without changing supported avatar formats.
docs(changelog): remove next-release shipping sentence
2026-02-25 00:10:29 +00:00
- Security/Control UI avatars: harden `/avatar/:agentId` local avatar serving by rejecting symlink paths and requiring fd-level file identity + size checks before reads. Thanks @tdjackey for reporting.
- Security/MSTeams media: enforce allowlist checks for SharePoint reference attachment URLs and redirect targets during Graph-backed media fetches so redirect chains cannot escape configured media host boundaries. Thanks @tdjackey for reporting.
fix(msteams): add SSRF protection to attachment downloads via redirect and DNS validation (#23598) * fix(msteams): add SSRF protection to attachment downloads via redirect and DNS validation The attachment download flow in fetchWithAuthFallback() followed redirects automatically on the initial fetch without any allowlist or IP validation. This allowed DNS rebinding attacks where an allowlisted domain (e.g. evil.trafficmanager.net) could redirect or resolve to a private IP like 169.254.169.254, bypassing the hostname allowlist entirely (issue #11811). This commit adds three layers of SSRF protection: 1. safeFetch() in shared.ts: a redirect-safe fetch wrapper that uses redirect: "manual" and validates every redirect hop against the hostname allowlist AND DNS-resolved IP before following it. 2. isPrivateOrReservedIP() + resolveAndValidateIP() in shared.ts: rejects RFC 1918, loopback, link-local, and IPv6 private ranges for both initial URLs and redirect targets. 3. graph.ts SharePoint redirect handling now also uses redirect: "manual" and validates resolved IPs, not just hostnames. The initial fetch in fetchWithAuthFallback now goes through safeFetch instead of a bare fetch(), ensuring redirects are never followed without validation. Includes 38 new tests covering IP validation, DNS resolution checks, redirect following, DNS rebinding attacks, redirect loops, and protocol downgrade blocking. * fix: address review feedback on SSRF protection - Replace hand-rolled isPrivateOrReservedIP with SDK's isPrivateIpAddress which handles IPv4-mapped IPv6, expanded notation, NAT64, 6to4, Teredo, octal IPv4, and fails closed on parse errors - Add redirect: "manual" to auth retry redirect fetch in download.ts to prevent chained redirect attacks bypassing SSRF checks - Add redirect: "manual" to SharePoint redirect fetch in graph.ts to prevent the same chained redirect bypass - Update test expectations for SDK's fail-closed behavior on malformed IPs - Add expanded IPv6 loopback (0:0:0:0:0:0:0:1) test case * fix: type fetchMock as typeof fetch to fix TS tuple index error * msteams: harden attachment auth and graph redirect fetch flow * changelog(msteams): credit redirect-safeFetch hardening contributors --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-22 23:00:54 +00:00
- Security/MSTeams media: route attachment auth-retry and Graph SharePoint download redirects through shared `safeFetch` so each hop is validated with allowlist + DNS/IP checks across the full redirect chain. (#23598) Thanks @Asm3r96 and @lewiswigmore.
fix: document msteams auth redirect scoping hardening (#25045) (thanks @bmendonca3)
2026-03-02 20:44:20 +00:00
- Security/MSTeams auth redirect scoping: strip bearer auth on redirect hops outside `authAllowHosts` and gate SharePoint Graph auth-header injection by auth allowlist to prevent token bleed across redirect targets. (#25045) Thanks @bmendonca3.
fix: harden msteams revoked-context fallback delivery (#27224) (thanks @openperf)
2026-03-02 20:48:34 +00:00
- MSTeams/reply reliability: when Bot Framework revokes thread turn-context proxies (for example debounced flush paths), fall back to proactive messaging/typing and continue pending sends without duplicating already delivered messages. (#27224) Thanks @openperf.
fix: clear stale remote discovery endpoints (#21618) (thanks @bmendonca3)
2026-02-21 23:52:38 +01:00
- Security/macOS discovery: fail closed for unresolved discovery endpoints by clearing stale remote selection values, use resolved service host only for SSH target derivation, and keep remote URL config aligned with resolved endpoint availability. (#21618) Thanks @bmendonca3.
docs(changelog): keep 2026.2.22 split from 2026.2.21
2026-02-21 20:10:44 +01:00
- Chat/Usage/TUI: strip synthetic inbound metadata blocks (including `Conversation info` and trailing `Untrusted context` channel metadata wrappers) from displayed conversation history so internal prompt context no longer leaks into user-visible logs.
fix: restore CI checks after #23012 (thanks @druide67)
2026-02-22 00:15:44 +01:00
- CI/Tests: fix TypeScript case-table typing and lint assertion regressions so `pnpm check` passes again after Synology Chat landing. (#23012) Thanks @druide67.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
- Security/Browser relay: harden extension relay auth token handling for `/extension` and `/cdp` pathways.
- Cron: persist `delivered` state in cron job records so delivery failures remain visible in status and logs. (#19174) Thanks @simonemacario.
- Config/Doctor: only repair the OAuth credentials directory when affected channels are configured, avoiding fresh-install noise.
fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre)
2026-02-22 10:40:49 +01:00
- Config/Channels: whitelist `channels.modelByChannel` in config validation and exclude it from plugin auto-enable channel detection so model overrides no longer trigger `unknown channel id` validation errors or bogus `modelByChannel` plugin enables. (#23412) Thanks @ProspectOre.
fix: add bindings comment regression test (#23458) (thanks @echoVic)
2026-02-22 11:46:34 +01:00
- Config/Bindings: allow optional `bindings[].comment` in strict config validation so annotated binding entries no longer fail load. (#23458) Thanks @echoVic.
docs(changelog): split 2026.2.21 release entries
2026-02-21 20:06:57 +01:00
- Usage/Pricing: correct MiniMax M2.5 pricing defaults to fix inflated cost reporting. (#22755) Thanks @miloudbelarebia.
- Gateway/Daemon: verify gateway health after daemon restart.
- Agents/UI text: stop rewriting normal assistant billing/payment language outside explicit error contexts. (#17834) Thanks @niceysam.
## 2026.2.21
### Changes
feat(models): add Gemini 3.1 support
2026-02-21 15:07:38 +01:00
- Models/Google: add Gemini 3.1 support (`google/gemini-3.1-pro-preview`).
fix: finish volcengine/byteplus landing polish (#7967) (thanks @funmore123)
2026-02-21 15:04:28 +01:00
- Providers/Onboarding: add Volcano Engine (Doubao) and BytePlus providers/models (including coding variants), wire onboarding auth choices for interactive + non-interactive flows, and align docs to `volcengine-api-key`. (#7967) Thanks @funmore123.
Feature/default messenger delivery target (openclaw#16985) thanks @KirillShchetinin Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: KirillShchetinin <13061871+KirillShchetinin@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-19 23:37:19 -05:00
- Channels/CLI: add per-account/channel `defaultTo` outbound routing fallback so `openclaw agent --deliver` can send without explicit `--reply-to` when a default target is configured. (#16985) Thanks @KirillShchetinin.
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- Channels: allow per-channel model overrides via `channels.modelByChannel` and note them in /status. Thanks @thewilloftheshadow.
refactor: simplify Telegram preview streaming to single boolean (#22012) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: a4017d3b9469d0c25c6ab3f4d9be06b98445474e Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-21 15:19:13 +05:30
- Telegram/Streaming: simplify preview streaming config to `channels.telegram.streaming` (boolean), auto-map legacy `streamMode` values, and remove block-vs-partial preview branching. (#22012) thanks @obviyus.
Discord: implement stream preview mode (#22111) * Discord: implement stream preview mode * Changelog: note Discord stream preview mode * Tests: type discord draft stream mocks * Docs: document Discord stream preview
2026-02-20 12:37:15 -06:00
- Discord/Streaming: add stream preview mode for live draft replies with partial/block options and configurable chunking. Thanks @thewilloftheshadow. Inspiration @neoagentic-ship-it.
Status reactions: fix stall timers and gating (#22190) * feat: add shared status reaction controller * feat: add statusReactions config schema * feat: wire status reactions for Discord and Telegram * fix: restore original 10s/30s stall defaults for Discord compatibility * Status reactions: fix stall timers and gating * Format status reaction imports --------- Co-authored-by: Matt <mateus.carniatto@gmail.com>
2026-02-20 15:27:42 -06:00
- Discord/Telegram: add configurable lifecycle status reactions for queued/thinking/tool/done/error phases with a shared controller and emoji/timing overrides. Thanks @wolly-tundracube and @thewilloftheshadow.
Discord VC: voice channels, transcription, and TTS (#18774)
2026-02-20 16:06:07 -06:00
- Discord/Voice: add voice channel join/leave/status via `/vc`, plus auto-join configuration for realtime voice conversations. Thanks @thewilloftheshadow.
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- Discord: add configurable ephemeral defaults for slash-command responses. (#16563) Thanks @wei.
feat(discord): support forum tag edits via channel-edit (#12070) (thanks @xiaoyaner0201)
2026-02-20 21:14:27 -06:00
- Discord: support updating forum `available_tags` via channel edit actions for forum tag management. (#12070) Thanks @xiaoyaner0201.
Discord: add trusted channel topics on new sessions
2026-02-20 18:22:13 -06:00
- Discord: include channel topics in trusted inbound metadata on new sessions. Thanks @thewilloftheshadow.
feat: thread-bound subagents on Discord (#21805) * docs: thread-bound subagents plan * docs: add exact thread-bound subagent implementation touchpoints * Docs: prioritize auto thread-bound subagent flow * Docs: add ACP harness thread-binding extensions * Discord: add thread-bound session routing and auto-bind spawn flow * Subagents: add focus commands and ACP/session binding lifecycle hooks * Tests: cover thread bindings, focus commands, and ACP unbind hooks * Docs: add plugin-hook appendix for thread-bound subagents * Plugins: add subagent lifecycle hook events * Core: emit subagent lifecycle hooks and decouple Discord bindings * Discord: handle subagent bind lifecycle via plugin hooks * Subagents: unify completion finalizer and split registry modules * Add subagent lifecycle events module * Hooks: fix subagent ended context key * Discord: share thread bindings across ESM and Jiti * Subagents: add persistent sessions_spawn mode for thread-bound sessions * Subagents: clarify thread intro and persistent completion copy * test(subagents): stabilize sessions_spawn lifecycle cleanup assertions * Discord: add thread-bound session TTL with auto-unfocus * Subagents: fail session spawns when thread bind fails * Subagents: cover thread session failure cleanup paths * Session: add thread binding TTL config and /session ttl controls * Tests: align discord reaction expectations * Agent: persist sessionFile for keyed subagent sessions * Discord: normalize imports after conflict resolution * Sessions: centralize sessionFile resolve/persist helper * Discord: harden thread-bound subagent session routing * Rebase: resolve upstream/main conflicts * Subagents: move thread binding into hooks and split bindings modules * Docs: add channel-agnostic subagent routing hook plan * Agents: decouple subagent routing from Discord * Discord: refactor thread-bound subagent flows * Subagents: prevent duplicate end hooks and orphaned failed sessions * Refactor: split subagent command and provider phases * Subagents: honor hook delivery target overrides * Discord: add thread binding kill switches and refresh plan doc * Discord: fix thread bind channel resolution * Routing: centralize account id normalization * Discord: clean up thread bindings on startup failures * Discord: add startup cleanup regression tests * Docs: add long-term thread-bound subagent architecture * Docs: split session binding plan and dedupe thread-bound doc * Subagents: add channel-agnostic session binding routing * Subagents: stabilize announce completion routing tests * Subagents: cover multi-bound completion routing * Subagents: suppress lifecycle hooks on failed thread bind * tests: fix discord provider mock typing regressions * docs/protocol: sync slash command aliases and delete param models * fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc) --------- Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-21 16:14:55 +01:00
- Discord/Subagents: add thread-bound subagent sessions on Discord with per-thread focus/list controls and thread-bound continuation routing for spawned helper agents. (#21805) Thanks @onutc.
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- iOS/Chat: clean chat UI noise by stripping inbound untrusted metadata/timestamp prefixes, formatting tool outputs into concise summaries/errors, compacting the composer while typing, and supporting tap-to-dismiss keyboard in chat view. (#22122) thanks @mbelinky.
- iOS/Watch: bridge mirrored watch prompt notification actions into iOS quick-reply handling, including queued action handoff until app model initialization. (#22123) thanks @mbelinky.
- iOS/Gateway: stabilize background wake and reconnect behavior with background reconnect suppression/lease windows, BGAppRefresh wake fallback, location wake hook throttling, and APNs wake retry+nudge instrumentation. (#21226) thanks @mbelinky.
- Auto-reply/UI: add model fallback lifecycle visibility in verbose logs, /status active-model context with fallback reason, and cohesive WebUI fallback indicators. (#20704) Thanks @joshavant.
- MSTeams: dedupe sent-message cache storage by removing duplicate per-message Set storage and using timestamps Map keys as the single membership source. (#22514) Thanks @TaKO8Ki.
- Agents/Subagents: default subagent spawn depth now uses shared `maxSpawnDepth=2`, enabling depth-1 orchestrator spawning by default while keeping depth policy checks consistent across spawn and prompt paths. (#22223) Thanks @tyler6204.
- Security/Agents: make owner-ID obfuscation use a dedicated HMAC secret from configuration (`ownerDisplaySecret`) and update hashing behavior so obfuscation is decoupled from gateway token handling for improved control. (#7343) Thanks @vincentkoc.
- Security/Infra: switch gateway lock and tool-call synthetic IDs from SHA-1 to SHA-256 with unchanged truncation length to strengthen hash basis while keeping deterministic behavior and lock key format. (#7343) Thanks @vincentkoc.
- Dependencies/Tooling: add non-blocking dead-code scans in CI via Knip/ts-prune/ts-unused-exports to surface unused dependencies and exports earlier. (#22468) Thanks @vincentkoc.
- Dependencies/Unused Dependencies: remove or scope unused root and extension deps (`@larksuiteoapi/node-sdk`, `signal-utils`, `ollama`, `lit`, `@lit/context`, `@lit-labs/signals`, `@microsoft/agents-hosting-express`, `@microsoft/agents-hosting-extensions-teams`, and plugin-local `openclaw` devDeps in `extensions/open-prose`, `extensions/lobster`, and `extensions/llm-task`). (#22471, #22495) Thanks @vincentkoc.
- Dependencies/A2UI: harden dependency resolution after root cleanup (resolve `lit`, `@lit/context`, `@lit-labs/signals`, and `signal-utils` from workspace/root) and simplify bundling fallback behavior, including `pnpm dlx rolldown` compatibility. (#22481, #22507) Thanks @vincentkoc.
iOS/Gateway: stabilize background wake and reconnect behavior (#21226) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7705a7741e06335197a2015593355a7f4f9170ab Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-19 20:20:28 +00:00
chore: bump release metadata to 2026.2.20
2026-02-19 18:57:08 +00:00
### Fixes
fix(agents): skip bootstrap files with undefined path (#22698) * fix(agents): skip bootstrap files with undefined path buildBootstrapContextFiles() called file.path.replace() without checking that path was defined. If a hook pushed a bootstrap file using 'filePath' instead of 'path', the function threw TypeError and crashed every agent session — not just the misconfigured hook. Fix: add a null-guard before the path.replace() call. Files with undefined path are skipped with a warning so one bad hook can't take down all agents. Also adds a test covering the undefined-path case. Fixes #22693 * fix: harden bootstrap path validation and report guards (#22698) (thanks @arosstale) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-22 13:17:07 +01:00
- Agents/Bootstrap: skip malformed bootstrap files with missing/invalid paths instead of crashing agent sessions; hooks using `filePath` (or non-string `path`) are skipped with a warning. (#22693, #22698) Thanks @arosstale.
fix(agents): raise dynamic retry cap budget
2026-02-21 15:41:03 +01:00
- Security/Agents: cap embedded Pi runner outer retry loop with a higher profile-aware dynamic limit (32-160 attempts) and return an explicit `retry_limit` error payload when retries never converge, preventing unbounded internal retry cycles (`GHSA-76m6-pj3w-v7mf`).
fix(telegram): guard duplicate bot token accounts
2026-02-21 15:40:38 +01:00
- Telegram: detect duplicate bot-token ownership across Telegram accounts at startup/status time, mark secondary accounts as not configured with an explicit fix message, and block duplicate account startup before polling to avoid endless `getUpdates` conflict loops.
fix(agents): include filenames in image resize logs
2026-02-21 13:16:23 +00:00
- Agents/Tool images: include source filenames in `agents/tool-images` resize logs so compression events can be traced back to specific files.
fix(oauth): harden refresh token refresh-response validation
2026-02-21 13:44:04 +01:00
- Providers/OAuth: harden Qwen and Chutes refresh handling by validating refresh response expiry values and preserving prior refresh tokens when providers return empty refresh token fields, with regression coverage for empty-token responses.
fix(models): add kimi-coding implicit provider template (openclaw#22526) thanks @lailoo Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-21 21:35:09 +08:00
- Models/Kimi-Coding: add missing implicit provider template for `kimi-coding` with correct `anthropic-messages` API type and base URL, fixing 403 errors when using Kimi for Coding. (#22409)
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- Auto-reply/Tools: forward `senderIsOwner` through embedded queued/followup runner params so owner-only tools remain available for authorized senders. (#22296) thanks @hcoj.
- Discord: restore model picker back navigation when a provider is missing and document the Discord picker flow. (#21458) Thanks @pejmanjohn and @thewilloftheshadow.
Memory/QMD: harden multi-collection search and embed scheduling
2026-02-20 19:41:13 -08:00
- Memory/QMD: respect per-agent `memorySearch.enabled=false` during gateway QMD startup initialization, split multi-collection QMD searches into per-collection queries (`search`/`vsearch`/`query`) to avoid sparse-term drops, prefer collection-hinted doc resolution to avoid stale-hash collisions, retry boot updates on transient lock/timeout failures, skip `qmd embed` in BM25-only `search` mode (including `memory index --force`), and serialize embed runs globally with failure backoff to prevent CPU storms on multi-agent hosts. (#20581, #21590, #20513, #20001, #21266, #21583, #20346, #19493) Thanks @danielrevivo, @zanderkrause, @sunyan034-cmd, @tilleulenspiegel, @dae-oss, @adamlongcreativellc, @jonathanadams96, and @kiliansitel.
Memory: fix async sync close race
2026-02-20 19:55:03 -08:00
- Memory/Builtin: prevent automatic sync races with manager shutdown by skipping post-close sync starts and waiting for in-flight sync before closing SQLite, so `onSearch`/`onSessionStart` no longer fail with `database is not open` in ephemeral CLI flows. (#20556, #7464) Thanks @FuzzyTG and @henrybottter.
fix: sanitize thinking blocks for GitHub Copilot Claude models (openclaw#19459) thanks @jackheuberger Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: jackheuberger <12731288+jackheuberger@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-20 19:48:09 -06:00
- Providers/Copilot: drop persisted assistant `thinking` blocks for Claude models (while preserving turn structure/tool blocks) so follow-up requests no longer fail on invalid `thinkingSignature` payloads. (#19459) Thanks @jackheuberger.
Add Claude Sonnet 4.6 and 4.5 to GitHub Copilot model catalog (openclaw#20270) thanks @Clawborn Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Clawborn <261310391+Clawborn@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-20 11:54:52 +08:00
- Providers/Copilot: add `claude-sonnet-4.6` and `claude-sonnet-4.5` to the default GitHub Copilot model catalog and add coverage for model-list/definition helpers. (#20270, fixes #20091) Thanks @Clawborn.
fix: prevent whatsapp fallback for webchat sessions (#21534) (thanks @lbo728)
2026-02-19 18:41:27 -08:00
- Auto-reply/WebChat: avoid defaulting inbound runtime channel labels to unrelated providers (for example `whatsapp`) for webchat sessions so channel-specific formatting guidance stays accurate. (#21534) Thanks @lbo728.
feat: surface cached token counts in /status output (openclaw#21248) thanks @vishaltandale00 Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: vishaltandale00 <9222298+vishaltandale00@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-19 22:06:13 -05:00
- Status: include persisted `cacheRead`/`cacheWrite` in session summaries so compact `/status` output consistently shows cache hit percentages from real session data.
Sessions: persist prompt-token totals without usage
2026-02-21 23:37:27 -08:00
- Sessions/Usage: persist `totalTokens` from `promptTokens` snapshots even when providers omit structured usage payloads, so session history/status no longer regress to `unknown` token utilization for otherwise successful runs. (#21819) Thanks @zymclaw.
chore: add CHANGELOG entry
2026-02-19 19:34:30 -05:00
- Heartbeat/Cron: restore interval heartbeat behavior so missing `HEARTBEAT.md` no longer suppresses runs (only effectively empty files skip), preserving prompt-driven and tagged-cron execution paths.
fix(cron/whatsapp): route implicit delivery to allowlisted recipients (openclaw#21533) thanks @Takhoffman Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-19 20:33:37 -06:00
- WhatsApp/Cron/Heartbeat: enforce allowlisted routing for implicit scheduled/system delivery by merging pairing-store + configured `allowFrom` recipients, selecting authorized recipients when last-route context points to a non-allowlisted chat, and preventing heartbeat fan-out to recent unauthorized chats.
fix(heartbeat): constrain 24-hour sentinel to 24:00 only in regex (#21410) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7b8fe757389d61d339f48772fc27244ff004d17f Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-20 04:52:38 +04:00
- Heartbeat/Active hours: constrain active-hours `24` sentinel parsing to `24:00` in time validation so invalid values like `24:30` are rejected early. (#21410) thanks @adhitShet.
fix(heartbeat): return false for zero-width active-hours window (#21408) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 993860bd0393fe9f48022f36c950c069863b4a61 Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-20 05:03:57 +04:00
- Heartbeat: treat `activeHours` windows with identical `start`/`end` times as zero-width (always outside the window) instead of always-active. (#21408) thanks @adhitShet.
CLI: default pairing channel for pairing commands
2026-02-20 19:59:54 -08:00
- CLI/Pairing: default `pairing list` and `pairing approve` to the sole available pairing channel when omitted, so TUI-only setups can recover from `pairing required` without guessing channel arguments. (#21527) Thanks @losts1.
TUI: guide pairing-required recovery in disconnect state
2026-02-20 20:04:19 -08:00
- TUI/Pairing: show explicit pairing-required recovery guidance after gateway disconnects that return `pairing required`, including approval steps to unblock quickstart TUI hatching on fresh installs. (#21841) Thanks @nicolinux.
TUI: dedupe duplicate backspace events in input
2026-02-20 20:10:22 -08:00
- TUI/Input: suppress duplicate backspace events arriving in the same input burst window so SSH sessions no longer delete two characters per backspace press in the composer. (#19318) Thanks @eheimer.
TUI: filter model picker to allowlisted models
2026-02-21 19:03:05 -08:00
- TUI/Models: scope `models.list` to the configured model allowlist (`agents.defaults.models`) so `/model` picker no longer floods with unrelated catalog entries by default. (#18816) Thanks @fwends.
Gateway/TUI: filter heartbeat ACK noise in chat events
2026-02-20 20:23:17 -08:00
- TUI/Heartbeat: suppress heartbeat ACK/prompt noise in chat streaming when `showOk` is disabled, while still preserving non-ACK heartbeat alerts in final output. (#20228) Thanks @bhalliburton.
TUI: bound chat-log growth to prevent render overflows
2026-02-20 20:27:58 -08:00
- TUI/History: cap chat-log component growth and prune stale render nodes/references so large default history loads no longer overflow render recursion with `RangeError: Maximum call stack size exceeded`. (#18068) Thanks @JaniJegoroff.
Memory/QMD: diversify mixed-source search results
2026-02-20 20:13:24 -08:00
- Memory/QMD: diversify mixed-source search ranking when both session and memory collections are present so session transcript hits no longer crowd out durable memory-file matches in top results. (#19913) Thanks @alextempr.
Memory: surface explicit memory_search unavailable status
2026-02-20 20:30:52 -08:00
- Memory/Tools: return explicit `unavailable` warnings/actions from `memory_search` when embedding/provider failures occur (including quota exhaustion), so disabled memory does not look like an empty recall result. (#21894) Thanks @XBS9.
Session: enforce startup sequence on bare reset greeting
2026-02-20 20:38:42 -08:00
- Session/Startup: require the `/new` and `/reset` greeting path to run Session Startup file-reading instructions before responding, so daily memory startup context is not skipped on fresh-session greetings. (#22338) Thanks @armstrong-pv.
fix(auth): bidirectional mode/type compat + sync OAuth to all agents (#12692) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 2dee8e1174e637e50d10bf7020f1de2990b804dc Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-20 18:31:09 +08:00
- Auth/Onboarding: align OAuth profile-id config mapping with stored credential IDs for OpenAI Codex and Chutes flows, preventing `provider:default` mismatches when OAuth returns email-scoped credentials. (#12692) thanks @mudrii.
chore: update changelog for merged fixes 7734 and 21086 (#21254)
2026-02-19 13:00:40 -08:00
- Provider/HTTP: treat HTTP 503 as failover-eligible for LLM provider errors. (#21086) Thanks @Protocol-zero-0.
docs(changelog): credit prior Slack recipient-id groundwork for 20988 (#21434)
2026-02-19 14:48:29 -08:00
- Slack: pass `recipient_team_id` / `recipient_user_id` through Slack native streaming calls so `chat.startStream`/`appendStream`/`stopStream` work reliably across DMs and Slack Connect setups, and disable block streaming when native streaming is active. (#20988) Thanks @Dithilli. Earlier recipient-ID groundwork was contributed in #20377 by @AsserAl1012.
fix(config-cli): correct misleading --json flag description (#21332) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: b6c8d1edfa82a44c9e7e398ac549c8a5e8029599 Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-20 05:09:17 +04:00
- CLI/Config: add canonical `--strict-json` parsing for `config set` and keep `--json` as a legacy alias to reduce help/behavior drift. (#21332) thanks @adhitShet.
CLI/Config: keep explicitly unset keys removed
2026-02-21 21:07:50 -08:00
- CLI/Config: preserve explicitly unset config paths in persisted JSON after writes so `openclaw config unset <path>` no longer re-introduces defaulted keys (for example `commands.ownerDisplay`) through schema normalization. (#22984) Thanks @aronchick.
fix(cli): correct --verbose / -v option syntax in acp commands (#21303) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 20d058dcf524765f53681b601f605b0d4b3129f3 Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-20 06:04:22 +04:00
- CLI: keep `openclaw -v` as a root-only version alias so subcommand `-v, --verbose` flags (for example ACP/hooks/skills) are no longer intercepted globally. (#21303) thanks @adhitShet.
fix: memory ENOENT handling (#20680) (thanks @pahdo)
2026-02-19 23:15:48 -08:00
- Memory: return empty snippets when `memory_get`/QMD read files that have not been created yet, and harden memory indexing/session helpers against ENOENT races so missing Markdown no longer crashes tools. (#20680) Thanks @pahdo.
fix(telegram): prevent silent message loss across all streamMode settings (#19041) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 82898339f02ae08ab9eaa2eabb679326a8469ca1 Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-20 13:16:55 +08:00
- Telegram/Streaming: always clean up draft previews even when dispatch throws before fallback handling, preventing orphaned preview messages during failed runs. (#19041) thanks @mudrii.
fix: split telegram reasoning and answer draft streams (#20774) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7458444144b49c84a26030c1f3a886235c76e869 Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-20 11:14:39 +05:30
- Telegram/Streaming: split reasoning and answer draft preview lanes to prevent cross-lane overwrites, and ignore literal `<think>` tags inside inline/fenced code snippets so sample markup is not misrouted as reasoning. (#20774) Thanks @obviyus.
fix(telegram): split streaming preview per assistant block (#22613) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 26f35f4411e65cf14587efeedc4e326a71d54ee0 Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-21 18:05:23 +05:30
- Telegram/Streaming: restore 30-char first-preview debounce and scope `NO_REPLY` prefix suppression to partial sentinel fragments so normal `No...` text is not filtered. (#22613) thanks @obviyus.
Status reactions: fix stall timers and gating (#22190) * feat: add shared status reaction controller * feat: add statusReactions config schema * feat: wire status reactions for Discord and Telegram * fix: restore original 10s/30s stall defaults for Discord compatibility * Status reactions: fix stall timers and gating * Format status reaction imports --------- Co-authored-by: Matt <mateus.carniatto@gmail.com>
2026-02-20 15:27:42 -06:00
- Telegram/Status reactions: refresh stall timers on repeated phase updates and honor ack-reaction scope when lifecycle reactions are enabled, preventing false stall emojis and unwanted group reactions. Thanks @wolly-tundracube and @thewilloftheshadow.
fix: preselect Telegram-supported status reaction variants (#22380) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 018fcd6e2e141604c7e18a249d15b994367ccda3 Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-21 09:20:20 +05:30
- Telegram/Status reactions: keep lifecycle reactions active when available-reactions lookup fails by falling back to unrestricted variant selection instead of suppressing reaction updates. (#22380) thanks @obviyus.
fix: await DiscordMessageListener handler for queued messages (#22396) Co-authored-by: Irene <huangxiyan2311@gmail.com>
2026-02-22 00:41:46 +01:00
- Discord/Events: await `DiscordMessageListener` message handlers so regular `MESSAGE_CREATE` traffic is processed through queue ordering/timeout flow instead of fire-and-forget drops. (#22396) Thanks @sIlENtbuffER.
Discord: keep DM component sessions
2026-02-20 17:33:28 -06:00
- Discord/Streaming: apply `replyToMode: first` only to the first Discord chunk so block-streamed replies do not spam mention pings. (#20726) Thanks @thewilloftheshadow for the report.
- Discord/Components: map DM channel targets back to user-scoped component sessions so button/select interactions stay in the main DM session. Thanks @thewilloftheshadow.
fix: lazy-load Discord allowlist guilds (#20208) (thanks @zhangjunmengyang)
2026-02-20 20:25:35 -06:00
- Discord/Allowlist: lazy-load guild lists when resolving Discord user allowlists so ID-only entries resolve even if guild fetch fails. (#20208) Thanks @zhangjunmengyang.
Discord: handle gateway 4014 close
2026-02-19 13:47:28 -06:00
- Discord/Gateway: handle close code 4014 (missing privileged gateway intents) without crashing the gateway. Thanks @thewilloftheshadow.
Discord: ingest inbound stickers
2026-02-20 16:40:27 -06:00
- Discord: ingest inbound stickers as media so sticker-only messages and forwarded stickers are visible to agents. Thanks @thewilloftheshadow.
Changelog: add auto-reply run-start fix (#21165) (thanks @shakkernerd)
2026-02-19 19:14:14 +00:00
- Auto-reply/Runner: emit `onAgentRunStart` only after agent lifecycle or tool activity begins (and only once per run), so fallback preflight errors no longer mark runs as started. (#21165) Thanks @shakkernerd.
fix: serialize tool result delivery to preserve message ordering (#21231) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 68adbf58c8ec92d32e6183b0c6432963b2b4f9d8 Co-authored-by: ahdernasr <44983175+ahdernasr@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant
2026-02-20 01:23:23 +00:00
- Auto-reply/Tool results: serialize tool-result delivery and keep the delivery chain progressing after individual failures so concurrent tool outputs preserve user-visible ordering. (#21231) thanks @ahdernasr.
Changelog: move prompt caching fix to unreleased
2026-02-19 19:22:46 +00:00
- Auto-reply/Prompt caching: restore prefix-cache stability by keeping inbound system metadata session-stable and moving per-message IDs (`message_id`, `message_id_full`, `reply_to_id`, `sender_id`) into untrusted conversation context. (#20597) Thanks @anisoptera.
iOS/watch: add actionable watch approvals and quick replies (#21996) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 3c2a01f903c94207bec4de6865305ce33c3abdb7 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-20 16:39:13 +00:00
- iOS/Watch: add actionable watch approval/reject controls and quick-reply actions so watch-originated approvals and responses can be sent directly from notification flows. (#21996) Thanks @mbelinky.
iOS: refresh phone/watch app icons with lobster assets (#21997) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: d41caeff388ae14555543d42ca9cbf40582a23f7 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-20 16:41:41 +00:00
- iOS/Watch: refresh iOS and watch app icon assets with the lobster icon set to keep phone/watch branding aligned. (#21997) Thanks @mbelinky.
Docs: record PR #21336 anthropic onboarding fix
2026-02-19 15:05:54 -08:00
- CLI/Onboarding: fix Anthropic-compatible custom provider verification by normalizing base URLs to avoid duplicate `/v1` paths during setup checks. (#21336) Thanks @17jmumford.
iOS/Gateway: harden pairing resolution and settings-driven capability refresh (#22120) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 55b8a93a999b7458c98f9d3b31abbd3665929b31 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-20 18:57:04 +00:00
- iOS/Gateway/Tools: prefer uniquely connected node matches when duplicate display names exist, surface actionable `nodes invoke` pairing-required guidance with request IDs, and refresh active iOS gateway registration after location-capability setting changes so capability updates apply immediately. (#22120) thanks @mbelinky.
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- Gateway/Auth: require `gateway.trustedProxies` to include a loopback proxy address when `auth.mode="trusted-proxy"` and `bind="loopback"`, preventing same-host proxy misconfiguration from silently blocking auth. (#22082, follow-up to #20097) thanks @mbelinky.
- Gateway/Auth: allow trusted-proxy mode with loopback bind for same-host reverse-proxy deployments, while still requiring configured `gateway.trustedProxies`. (#20097) thanks @xinhuagu.
- Gateway/Auth: allow authenticated clients across roles/scopes to call `health` while preserving role and scope enforcement for non-health methods. (#19699) thanks @Nachx639.
- Gateway/Hooks: include transform export name in hook-transform cache keys so distinct exports from the same module do not reuse the wrong cached transform function. (#13855) thanks @mcaxtr.
- Gateway/Control UI: return 404 for missing static-asset paths instead of serving SPA fallback HTML, while preserving client-route fallback behavior for extensionless and non-asset dotted paths. (#12060) thanks @mcaxtr.
- Gateway/Pairing: prevent device-token rotate scope escalation by enforcing an approved-scope baseline, preserving approved scopes across metadata updates, and rejecting rotate requests that exceed approved role scope implications. (#20703) thanks @coygeek.
- Gateway/Pairing: clear persisted paired-device state when the gateway client closes with `device token mismatch` (`1008`) so reconnect flows can cleanly re-enter pairing. (#22071) Thanks @mbelinky.
- Gateway/Config: allow `gateway.customBindHost` in strict config validation when `gateway.bind="custom"` so valid custom bind-host configurations no longer fail startup. (#20318, fixes #20289) Thanks @MisterGuy420.
- Gateway/Pairing: tolerate legacy paired devices missing `roles`/`scopes` metadata in websocket upgrade checks and backfill metadata on reconnect. (#21447, fixes #21236) Thanks @joshavant.
- Gateway/Pairing/CLI: align read-scope compatibility in pairing/device-token checks and add local `openclaw devices` fallback recovery for loopback `pairing required` deadlocks, with explicit fallback notice to unblock approval bootstrap flows. (#21616) Thanks @shakkernerd.
- Agents/Subagents: restore announce-chain delivery to agent injection, defer nested announce output until descendant follow-up content is ready, and prevent descendant deferrals from consuming announce retry budget so deep chains do not drop final completions. (#22223) Thanks @tyler6204.
- Agents/System Prompt: label allowlisted senders as authorized senders to avoid implying ownership. Thanks @thewilloftheshadow.
- Agents/Tool display: fix exec cwd suffix inference so `pushd ... && popd ... && <command>` does not keep stale `(in <dir>)` context in summaries. (#21925) Thanks @Lukavyi.
fix: flatten nested anyOf/oneOf in Gemini schema cleaning (openclaw#22825) thanks @Oceanswave Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Oceanswave <760674+Oceanswave@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-21 14:09:42 -05:00
- Agents/Google: flatten residual nested `anyOf`/`oneOf` unions in Gemini tool-schema cleanup so Cloud Code Assist no longer rejects unsupported union keywords that survive earlier simplification. (#22825) Thanks @Oceanswave.
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- Tools/web_search: handle xAI Responses API payloads that emit top-level `output_text` blocks (without a `message` wrapper) so Grok web_search no longer returns `No response` for those results. (#20508) Thanks @echoVic.
- Agents/Failover: treat non-default override runs as direct fallback-to-configured-primary (skip configured fallback chain), normalize default-model detection for provider casing/whitespace, and add regression coverage for override/auth error paths. (#18820) Thanks @Glucksberg.
- Docker/Build: include `ownerDisplay` in `CommandsSchema` object-level defaults so Docker `pnpm build` no longer fails with `TS2769` during plugin SDK d.ts generation. (#22558) Thanks @obviyus.
fix(docker): install Playwright Chromium into node cache (#22585) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 84dc9ffccd27a51a5c9b8793e55d44abfc7ee520 Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-21 15:48:27 +05:30
- Docker/Browser: install Playwright Chromium into `/home/node/.cache/ms-playwright` and set `node:node` ownership so browser binaries are available to the runtime user in browser-enabled images. (#22585) thanks @obviyus.
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
- Hooks/Session memory: trigger bundled `session-memory` persistence on both `/new` and `/reset` so reset flows no longer skip markdown transcript capture before archival. (#21382) Thanks @mofesolapaul.
- Dependencies/Agents: bump embedded Pi SDK packages (`@mariozechner/pi-agent-core`, `@mariozechner/pi-ai`, `@mariozechner/pi-coding-agent`, `@mariozechner/pi-tui`) to `0.54.0`. (#21578) Thanks @Takhoffman.
- Config/Agents: expose Pi compaction tuning values `agents.defaults.compaction.reserveTokens` and `agents.defaults.compaction.keepRecentTokens` in config schema/types and apply them in embedded Pi runner settings overrides with floor enforcement via `reserveTokensFloor`. (#21568) Thanks @Takhoffman.
- Docker: pin base images to SHA256 digests in Docker builds to prevent mutable tag drift. (#7734) Thanks @coygeek.
- Docker: run build steps as the `node` user and use `COPY --chown` to avoid recursive ownership changes, trimming image size and layer churn. Thanks @huntharo.
- Config/Memory: restore schema help/label metadata for hybrid `mmr` and `temporalDecay` settings so configuration surfaces show correct names and guidance. (#18786) Thanks @rodrigouroz.
- Skills/SonosCLI: add troubleshooting guidance for `sonos discover` failures on macOS direct mode (`sendto: no route to host`) and sandbox network restrictions (`bind: operation not permitted`). (#21316) Thanks @huntharo.
- macOS/Build: default release packaging to `BUNDLE_ID=ai.openclaw.mac` in `scripts/package-mac-dist.sh`, so Sparkle feed URL is retained and auto-update no longer fails with an empty appcast feed. (#19750) thanks @loganprit.
- Signal/Outbound: preserve case for Base64 group IDs during outbound target normalization so cross-context routing and policy checks no longer break when group IDs include uppercase characters. (#5578) Thanks @heyhudson.
- Anthropic/Agents: preserve required pi-ai default OAuth beta headers when `context1m` injects `anthropic-beta`, preventing 401 auth failures for `sk-ant-oat-*` tokens. (#19789, fixes #19769) Thanks @minupla.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Security/Exec: block unquoted heredoc body expansion tokens in shell allowlist analysis, reject unterminated heredocs, and require explicit approval for allowlisted heredoc execution on gateway hosts to prevent heredoc substitution allowlist bypass. Thanks @torturado for reporting.
fix(security): block zip symlink escape in archive extraction
2026-02-21 19:42:11 +01:00
- macOS/Security: evaluate `system.run` allowlists per shell segment in macOS node runtime and companion exec host (including chained shell operators), fail closed on shell/process substitution parsing, and require explicit approval on unsafe parse cases to prevent allowlist bypass via `rawCommand` chaining. Thanks @tdjackey for reporting.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- WhatsApp/Security: enforce allowlist JID authorization for reaction actions so authenticated callers cannot target non-allowlisted chats by forging `chatJid` + valid `messageId` pairs. Thanks @aether-ai-agent for reporting.
- ACP/Security: escape control and delimiter characters in ACP `resource_link` title/URI metadata before prompt interpolation to prevent metadata-driven prompt injection through resource links. Thanks @aether-ai-agent for reporting.
- TTS/Security: make model-driven provider switching opt-in by default (`messages.tts.modelOverrides.allowProvider=false` unless explicitly enabled), while keeping voice/style overrides available, to reduce prompt-injection-driven provider hops and unexpected TTS cost escalation. Thanks @aether-ai-agent for reporting.
- Security/Agents: keep overflow compaction retry budgeting global across tool-result truncation recovery so successful truncation cannot reset the overflow retry counter and amplify retry/cost cycles. Thanks @aether-ai-agent for reporting.
docs: prune low-signal changelog entries
2026-02-21 15:02:10 +01:00
- BlueBubbles/Security: require webhook token authentication for all BlueBubbles webhook requests (including loopback/proxied setups), removing passwordless webhook fallback behavior. Thanks @zpbrent.
docs(changelog): reorder unreleased fixes by user impact
2026-02-21 14:37:06 +01:00
- iOS/Security: force `https://` for non-loopback manual gateway hosts during iOS onboarding to block insecure remote transport URLs. (#21969) Thanks @mbelinky.
- Gateway/Security: remove shared-IP fallback for canvas endpoints and require token or session capability for canvas access. Thanks @thewilloftheshadow.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Gateway/Security: require secure context and paired-device checks for Control UI auth even when `gateway.controlUi.allowInsecureAuth` is set, and align audit messaging with the hardened behavior. (#20684) Thanks @coygeek and @Vasco0x4 for reporting.
- Gateway/Security: scope tokenless Tailscale forwarded-header auth to Control UI websocket auth only, so HTTP gateway routes still require token/password even on trusted hosts. Thanks @zpbrent for reporting.
docs(changelog): reorder unreleased fixes by user impact
2026-02-21 14:37:06 +01:00
- Docker/Security: run E2E and install-sh test images as non-root by adding appuser directives. Thanks @thewilloftheshadow.
- Skills/Security: sanitize skill env overrides to block unsafe runtime injection variables and only allow sensitive keys when declared in skill metadata, with warnings for suspicious values. Thanks @thewilloftheshadow.
- Security/Commands: block prototype-key injection in runtime `/debug` overrides and require own-property checks for gated command flags (`bash`, `config`, `debug`) so inherited prototype values cannot enable privileged commands. Thanks @tdjackey for reporting.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Security/Browser: block non-network browser navigation protocols (including `file:`, `data:`, and `javascript:`) while preserving `about:blank`, preventing local file reads via browser tool navigation. Thanks @q1uf3ng for reporting.
- Security/Exec: block shell startup-file env injection (`BASH_ENV`, `ENV`, `BASH_FUNC_*`, `LD_*`, `DYLD_*`) across config env ingestion, node-host inherited environment sanitization, and macOS exec host runtime to prevent pre-command execution from attacker-controlled environment variables. Thanks @tdjackey.
- Security/Exec (Windows): canonicalize `cmd.exe /c` command text across validation, approval binding, and audit/event rendering to prevent trailing-argument approval mismatches in `system.run`. Thanks @tdjackey for reporting.
docs(changelog): reorder unreleased fixes by user impact
2026-02-21 14:37:06 +01:00
- Security/Gateway/Hooks: block `__proto__`, `constructor`, and `prototype` traversal in webhook template path resolution to prevent prototype-chain payload data leakage in `messageTemplate` rendering. (#22213) Thanks @SleuthCo.
- Security/OpenClawKit/UI: prevent injected inbound user context metadata blocks from leaking into chat history in TUI, webchat, and macOS surfaces by stripping all untrusted metadata prefixes at display boundaries. (#22142) Thanks @Mellowambience, @vincentkoc.
- Security/OpenClawKit/UI: strip inbound metadata blocks from user messages in TUI rendering while preserving user-authored content. (#22345) Thanks @kansodata, @vincentkoc.
- Security/OpenClawKit/UI: prevent inbound metadata leaks and reply-tag streaming artifacts in TUI rendering by stripping untrusted metadata prefixes at display boundaries. (#22346) Thanks @akramcodez, @vincentkoc.
- Security/Agents: restrict local MEDIA tool attachments to core tools and the OpenClaw temp root to prevent untrusted MCP tool file exfiltration. Thanks @NucleiAv and @thewilloftheshadow.
- Security/Net: strip sensitive headers (`Authorization`, `Proxy-Authorization`, `Cookie`, `Cookie2`) on cross-origin redirects in `fetchWithSsrFGuard` to prevent credential forwarding across origin boundaries. (#20313) Thanks @afurm.
- Security/Systemd: reject CR/LF in systemd unit environment values and fix argument escaping so generated units cannot be injected with extra directives. Thanks @thewilloftheshadow.
- Security/Tools: add per-wrapper random IDs to untrusted-content markers from `wrapExternalContent`/`wrapWebContent`, preventing marker spoofing from escaping content boundaries. (#19009) Thanks @Whoaa512.
- Shared/Security: reject insecure deep links that use `ws://` non-loopback gateway URLs to prevent plaintext remote websocket configuration. (#21970) Thanks @mbelinky.
- macOS/Security: reject non-loopback `ws://` remote gateway URLs in macOS remote config to block insecure plaintext websocket endpoints. (#21971) Thanks @mbelinky.
- Browser/Security: block upload path symlink escapes so browser upload sources cannot traverse outside the allowed workspace via symlinked paths. (#21972) Thanks @mbelinky.
- Security/Dependencies: bump transitive `hono` usage to `4.11.10` to incorporate timing-safe authentication comparison hardening for `basicAuth`/`bearerAuth` (`GHSA-gq3j-xvxp-8hrf`). Thanks @vincentkoc.
- Security/Gateway: parse `X-Forwarded-For` with trust-preserving semantics when requests come from configured trusted proxies, preventing proxy-chain spoofing from influencing client IP classification and rate-limit identity. Thanks @AnthonyDiSanti and @vincentkoc.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Security/Sandbox: remove default `--no-sandbox` for the browser container entrypoint, add explicit opt-in via `OPENCLAW_BROWSER_NO_SANDBOX` / `CLAWDBOT_BROWSER_NO_SANDBOX`, and add security-audit checks for stale/missing sandbox browser Docker hash labels. Thanks @TerminalsandCoffee and @vincentkoc.
- Security/Sandbox Browser: require VNC password auth for noVNC observer sessions in the sandbox browser entrypoint, plumb per-container noVNC passwords from runtime, and emit short-lived noVNC observer token URLs while keeping loopback-only host port publishing. Thanks @TerminalsandCoffee for reporting.
- Security/Sandbox Browser: default browser sandbox containers to a dedicated Docker network (`openclaw-sandbox-browser`), add optional CDP ingress source-range restrictions, auto-create missing dedicated networks, and warn in `openclaw security --audit` when browser sandboxing runs on bridge without source-range limits. Thanks @TerminalsandCoffee for reporting.
Changelog: add auto-reply run-start fix (#21165) (thanks @shakkernerd)
2026-02-19 19:14:14 +00:00
chore: bump release metadata to 2026.2.20
2026-02-19 18:57:08 +00:00
## 2026.2.19
chore: bump version to 2026.2.15
2026-02-15 04:50:19 +01:00
### Changes
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- iOS/Watch: add an Apple Watch companion MVP with watch inbox UI, watch notification relay handling, and gateway command surfaces for watch status/send flows. (#20054) Thanks @mbelinky.
iOS/Gateway: wake disconnected iOS nodes via APNs before invoke (#20332) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7751f9c5311484ce05ab9529b450b7937646c68f Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-18 21:00:17 +00:00
- iOS/Gateway: wake disconnected iOS nodes via APNs before `nodes.invoke` and auto-reconnect gateway sessions on silent push wake to reduce invoke failures while the app is backgrounded. (#20332) Thanks @mbelinky.
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- Gateway/CLI: add paired-device hygiene flows with `device.pair.remove`, plus `openclaw devices remove` and guarded `openclaw devices clear --yes [--pending]` commands for removing paired entries and optionally rejecting pending requests. (#20057) Thanks @mbelinky.
feat(mattermost): add native slash command support (refresh) (#32467) Merged via squash. Prepared head SHA: 989126574ead75c0eedc185293659eb0d4fc6844 Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Reviewed-by: @mukhtharcm
2026-03-03 12:39:18 +05:30
- Mattermost: add opt-in native slash command support with registration lifecycle, callback route/token validation, multi-account token routing, and callback URL/path configuration (`channels.mattermost.commands.*`). (#16515) Thanks @echo931.
- Mattermost: harden native slash callback auth-bypass behavior for configurable callback paths, add callback validation coverage, and clarify callback reachability/allowlist docs. (#32467) Thanks @mukhtharcm and @echo931.
iOS: add APNs registration and notification signing config (#20308) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 614180020e80de3d91b3ac5353cdd6f5f28e621c Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-18 19:37:03 +00:00
- iOS/APNs: add push registration and notification-signing configuration for node delivery. (#20308) Thanks @mbelinky.
Gateway: add APNs push test pipeline (#20307) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 6a1c4422079b075fb7900890fa09819f41aee8b1 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-18 19:32:42 +00:00
- Gateway/APNs: add a push-test pipeline for APNs delivery validation in gateway flows. (#20307) Thanks @mbelinky.
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:45 +01:00
- Security/Audit: add `gateway.http.no_auth` findings when `gateway.auth.mode="none"` leaves Gateway HTTP APIs reachable, with loopback warning and remote-exposure critical severity, plus regression coverage and docs updates.
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- Skills: harden coding-agent skill guidance by removing shell-command examples that interpolate untrusted issue text directly into command strings.
- Dev tooling: align `oxfmt` local/CI formatting behavior. (#12579) Thanks @vincentkoc.
Gateway/CLI: add paired-device remove and clear flows (#20057) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 26523f8a38148073412cf24590176be9a6ab1237 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-18 13:27:31 +00:00
fix: serialize sandbox registry writes
2026-02-18 04:44:23 +01:00
### Fixes
security(web_fetch): strip hidden content to prevent indirect prompt injection (#21074) * security(web_fetch): strip hidden content to prevent indirect prompt injection Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * security(web_fetch): address review feedback and credit author * chore(changelog): credit reporter for web_fetch security fix --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-02-23 00:10:26 +01:00
- Security: strip hidden text from `web_fetch` extracted content to prevent indirect prompt injection, covering CSS-hidden elements, class-based hiding (sr-only, d-none, etc.), invisible Unicode, color:transparent, offscreen transforms, and non-content tags. (#8027, #21074) Thanks @hydro13 for the fix and @LucasAIBuilder for reporting.
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- Agents/Streaming: keep assistant partial streaming active during reasoning streams, handle native `thinking_*` stream events consistently, dedupe mixed reasoning-end signals, and clear stale mutating tool errors after same-target retry success. (#20635) Thanks @obviyus.
iOS: use dedicated session key for chat sheet (#21139) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 31a27b0c5b27917cae4ec0b8b3fc3f5d8682dd7b Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-19 18:42:56 +00:00
- iOS/Chat: use a dedicated iOS chat session key for ChatSheet routing to avoid cross-client session collisions with main-session traffic. (#21139) thanks @mbelinky.
iOS: auto-resync chat after reconnect gaps (#21135) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 1beca3a76d382b72c5a9c9b500c5a87729a9cf82 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-19 18:37:13 +00:00
- iOS/Chat: auto-resync chat history after reconnect sequence gaps, clear stale pending runs, and avoid dead-end manual refresh errors after transient disconnects. (#21135) thanks @mbelinky.
Issue 17774 - Usage - Local - Show data from midnight to midnight of selected dates for browser time zone (AI assisted) (openclaw#19357) thanks @huntharo Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini (override approved by Tak for this run; local baseline failures outside PR scope) Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-20 21:09:03 -05:00
- UI/Usage: reload usage data immediately when timezone changes so Local/UTC toggles apply the selected date range without requiring a manual refresh. (#17774)
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- iOS/Screen: move `WKWebView` lifecycle ownership into `ScreenWebView` coordinator and explicit attach/detach flow to reduce gesture/lifecycle crash risk (`__NSArrayM insertObject:atIndex:` paths) during screen tab updates. (#20366) Thanks @ngutman.
- iOS/Onboarding: prevent pairing-status flicker during auto-resume by keeping resumed state transitions stable. (#20310) Thanks @mbelinky.
- iOS/Onboarding: stabilize pairing and reconnect behavior by resetting stale pairing request state on manual retry, disconnecting both operator and node gateways on operator failure, and avoiding duplicate pairing loops from operator transport identity attachment. (#20056) Thanks @mbelinky.
- iOS/Signing: restore local auto-selected signing-team overrides during iOS project generation by wiring `.local-signing.xcconfig` into the active signing config and emitting `OPENCLAW_DEVELOPMENT_TEAM` in local signing setup. (#19993) Thanks @ngutman.
- Telegram: unify message-like inbound handling so `message` and `channel_post` share the same dedupe/access/media pipeline and remain behaviorally consistent. (#20591) Thanks @obviyus.
fix(telegram): skip failed photo downloads in media group instead of dropping entire group (#20598) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 4a9c5f7af7c136952bf5dd396acee7f9f4e3c5d1 Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-22 12:27:06 -03:00
- Telegram: keep media-group processing resilient by skipping recoverable per-item download failures while still failing loud on non-recoverable media errors. (#20598) thanks @mcaxtr.
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- Telegram/Agents: gate exec/bash tool-failure warnings behind verbose mode so default Telegram replies stay clean while verbose sessions still surface diagnostics. (#20560) Thanks @obviyus.
- Telegram/Cron/Heartbeat: honor explicit Telegram topic targets in cron and heartbeat delivery (`<chatId>:topic:<threadId>`) so scheduled sends land in the configured topic instead of the last active thread. (#19367) Thanks @Lukavyi.
Fix Telegram DM last-route metadata leakage (#19491) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 16b025b3aa13c91fe3aab8a0eaac4987dddc574e Co-authored-by: guirguispierre <22091706+guirguispierre@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-21 21:59:59 -08:00
- Telegram/DM routing: prevent DM inbound origin metadata from leaking into main-session `lastRoute` updates and normalize DM `lastRoute.to` to provider-prefixed `telegram:<chatId>`. (#19491) thanks @guirguispierre.
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- Gateway/Daemon: forward `TMPDIR` into installed service environments so macOS LaunchAgent gateway runs can open SQLite temp/journal files reliably instead of failing with `SQLITE_CANTOPEN`. (#20512) Thanks @Clawborn.
- Agents/Billing: include the active model that produced a billing error in user-facing billing messages (for example, `OpenAI (gpt-5.3)`) across payload, failover, and lifecycle error paths, so users can identify exactly which key needs credits. (#20510) Thanks @echoVic.
- Gateway/TUI: honor `agents.defaults.blockStreamingDefault` for `chat.send` by removing the hardcoded block-streaming disable override, so replies can use configured block-mode delivery. (#19693) Thanks @neipor.
- UI/Sessions: accept the canonical main session-key alias in Chat UI flows so main-session routing stays consistent. (#20311) Thanks @mbelinky.
- OpenClawKit/Protocol: preserve JSON boolean literals (`true`/`false`) when bridging through `AnyCodable` so Apple client RPC params no longer re-encode booleans as `1`/`0`. Thanks @mbelinky.
- Commands/Doctor: skip embedding-provider warnings when `memory.backend` is `qmd`, because QMD manages embeddings internally and does not require `memorySearch` providers. (#17263) Thanks @miloudbelarebia.
- Canvas/A2UI: improve bundled-asset resolution and empty-state handling so UI fallbacks render reliably. (#20312) Thanks @mbelinky.
- Commands/Doctor: avoid rewriting invalid configs with new `gateway.auth.token` defaults during repair and only write when real config changes are detected, preventing accidental token duplication and backup churn.
- Gateway/Auth: default unresolved gateway auth to token mode with startup auto-generation/persistence of `gateway.auth.token`, while allowing explicit `gateway.auth.mode: "none"` for intentional open loopback setups. (#20686) thanks @gumadeiras.
- Channels/Matrix: fix mention detection for `formatted_body` Matrix-to links by handling matrix.to mention formats consistently. (#16941) Thanks @zerone0x.
- Heartbeat/Cron: skip interval heartbeats when `HEARTBEAT.md` is missing or empty and no tagged cron events are queued, while preserving cron-event fallback for queued tagged reminders. (#20461) thanks @vikpos.
- Browser/Relay: reuse an already-running extension relay when the relay port is occupied by another OpenClaw process, while still failing on non-relay port collisions to avoid masking unrelated listeners. (#20035) Thanks @mbelinky.
- Scripts: update clawdock helper command support to include `docker-compose.extra.yml` where available. (#17094) Thanks @zerone0x.
- Lobster/Config: remove Lobster executable-path overrides (`lobsterPath`), require PATH-based execution, and add focused Windows wrapper-resolution tests to keep shell-free behavior stable.
- Gateway/WebChat: block `sessions.patch` and `sessions.delete` for WebChat clients so session-store mutations stay restricted to non-WebChat operator flows. Thanks @allsmog for reporting.
- Gateway: clarify launchctl GUI domain bootstrap failure on macOS. (#13795) Thanks @vincentkoc.
- Lobster/CI: fix flaky test Windows cmd shim script resolution. (#20833) Thanks @vincentkoc.
- Browser/Relay: require gateway-token auth on both `/extension` and `/cdp`, and align Chrome extension setup to use a single `gateway.auth.token` input for relay authentication. Thanks @tdjackey for reporting.
- Gateway/Hooks: run BOOT.md startup checks per configured agent scope, including per-agent session-key resolution, startup-hook regression coverage, and non-success boot outcome logging for diagnosability. (#20569) thanks @mcaxtr.
- Protocol/Apple: regenerate Swift gateway models for `push.test` so `pnpm protocol:check` stays green on main. Thanks @mbelinky.
- Sandbox/Registry: serialize container and browser registry writes with shared file locks and atomic replacement to prevent lost updates and delete rollback races from desyncing `sandbox list`, `prune`, and `recreate --all`. Thanks @kexinoh.
- OTEL/diagnostics-otel: complete OpenTelemetry v2 API migration. (#12897) Thanks @vincentkoc.
- Cron/Webhooks: protect cron webhook POST delivery with SSRF-guarded outbound fetch (`fetchWithSsrFGuard`) to block private/metadata destinations before request dispatch. Thanks @Adam55A-code.
fix: harden voice-call tts deep merge
2026-02-19 15:36:52 +01:00
- Security/Voice Call: harden `voice-call` telephony TTS override merging by blocking unsafe deep-merge keys (`__proto__`, `prototype`, `constructor`) and add regression coverage for top-level and nested prototype-pollution payloads.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Security/Windows Daemon: harden Scheduled Task `gateway.cmd` generation by quoting cmd metacharacter arguments, escaping `%`/`!` expansions, and rejecting CR/LF in arguments, descriptions, and environment assignments (`set "KEY=VALUE"`), preventing command injection in Windows daemon startup scripts. Thanks @tdjackey for reporting.
- Security/Gateway/Canvas: replace shared-IP fallback auth with node-scoped session capability URLs for `/__openclaw__/canvas/*` and `/__openclaw__/a2ui/*`, fail closed when trusted-proxy requests omit forwarded client headers, and add IPv6/proxy-header regression coverage. Thanks @aether-ai-agent for reporting.
fix(security): enforce strict IPv4 SSRF literal handling
2026-02-19 15:24:03 +01:00
- Security/Net: enforce strict dotted-decimal IPv4 literals in SSRF checks and fail closed on unsupported legacy forms (octal/hex/short/packed, for example `0177.0.0.1`, `127.1`, `2130706433`) before DNS lookup.
fix(security): enforce trusted sender auth for discord moderation
2026-02-19 15:18:00 +01:00
- Security/Discord: enforce trusted-sender guild permission checks for moderation actions (`timeout`, `kick`, `ban`) and ignore untrusted `senderUserId` params to prevent privilege escalation in tool-driven flows. Thanks @aether-ai-agent for reporting.
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:33:25 +01:00
- Security/ACP+Exec: add `openclaw acp --token-file/--password-file` secret-file support (with inline secret flag warnings), redact ACP working-directory prefixes to `~` home-relative paths, constrain exec script preflight file inspection to the effective `workdir` boundary, and add security-audit warnings when `tools.exec.host="sandbox"` is configured while sandbox mode is off.
fix(security): enforce plugin and hook path containment
2026-02-19 15:34:58 +01:00
- Security/Plugins/Hooks: enforce runtime/package path containment with realpath checks so `openclaw.extensions`, `openclaw.hooks`, and hook handler modules cannot escape their trusted roots via traversal or symlinks.
refactor(security): centralize trusted sender checks for discord moderation
2026-02-19 15:39:21 +01:00
- Security/Discord: centralize trusted sender checks for moderation actions in message-action dispatch, share moderation command parsing across handlers, and clarify permission helpers with explicit any/all semantics.
fix(acp): harden session lifecycle against flooding
2026-02-19 14:50:02 +01:00
- Security/ACP: harden ACP bridge session management with duplicate-session refresh, idle-session reaping, oldest-idle soft-cap eviction, and burst rate limiting on session creation to reduce local DoS risk without disrupting normal IDE usage.
fix(security): harden ACP prompt size guardrails
2026-02-19 15:40:46 +01:00
- Security/ACP: bound ACP prompt text payloads to 2 MiB before gateway forwarding, account for join separator bytes during pre-concatenation size checks, and avoid stale active-run session state when oversized prompts are rejected. Thanks @aether-ai-agent for reporting.
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:10:57 +01:00
- Security/Plugins/Hooks: add optional `--pin` for npm plugin/hook installs, persist resolved npm metadata (`name`, `version`, `spec`, integrity, shasum, timestamp), warn/confirm on integrity drift during updates, and extend `openclaw security audit` to flag unpinned specs, missing integrity metadata, and install-record version drift.
fix(plugins): harden discovery trust checks
2026-02-19 15:13:34 +01:00
- Security/Plugins: harden plugin discovery by blocking unsafe candidates (root escapes, world-writable paths, suspicious ownership), add startup warnings when `plugins.allow` is empty with discoverable non-bundled plugins, and warn on loaded plugins without install/load-path provenance.
fix: harden gateway control-plane restart protections
2026-02-19 14:29:44 +01:00
- Security/Gateway: rate-limit control-plane write RPCs (`config.apply`, `config.patch`, `update.run`) to 3 requests per minute per `deviceId+clientIp`, add restart single-flight coalescing plus a 30-second restart cooldown, and log actor/device/ip with changed-path audit details for config/update-triggered restarts.
docs(security): document webhook hardening and changelog
2026-02-19 13:31:04 +01:00
- Security/Webhooks: harden Feishu and Zalo webhook ingress with webhook-mode token preconditions, loopback-default Feishu bind host, JSON content-type enforcement, per-path rate limiting, replay dedupe for Zalo events, constant-time Zalo secret comparison, and anomaly status counters.
fix(security): restore trusted plugin runtime exec default
2026-02-19 16:01:22 +01:00
- Security/Plugins: for the next npm release, clarify plugin trust boundary and keep `runtime.system.runCommandWithTimeout` available by default for trusted in-process plugins. Thanks @markmusson for reporting.
fix(security): enforce symlink-safe skill packaging
2026-02-19 10:54:45 +01:00
- Security/Skills: for the next npm release, reject symlinks during skill packaging to prevent external file inclusion in distributed `.skill` archives. Thanks @aether-ai-agent for reporting.
changelog: add unreleased fixes from recent PRs (#20897)
2026-02-19 03:44:15 -08:00
- Security/Gateway: fail startup when `hooks.token` matches `gateway.auth.token` so hooks and gateway token reuse is rejected at boot. (#20813) Thanks @coygeek.
- Security/Network: block plaintext `ws://` connections to non-loopback hosts and require secure websocket transport elsewhere. (#20803) Thanks @jscaldwell55.
- Security/Config: parse frontmatter YAML using the YAML 1.2 core schema to avoid implicit coercion of `on`/`off`-style values. (#20857) Thanks @davidrudduck.
- Security/Discord: escape backticks in exec-approval embed content to prevent markdown formatting injection via command text. (#20854) Thanks @davidrudduck.
- Security/Agents: replace shell-based `execSync` usage with `execFileSync` in command lookup helpers to eliminate shell argument interpolation risk. (#20655) Thanks @mahanandhi.
- Security/Media: use `crypto.randomBytes()` for temp file names and set owner-only permissions for TTS temp files. (#20654) Thanks @mahanandhi.
- Security/Gateway: set baseline security headers (`X-Content-Type-Options: nosniff`, `Referrer-Policy: no-referrer`) on gateway HTTP responses. (#10526) Thanks @abdelsfane.
fix(security): harden imessage remote scp/ssh handling
2026-02-19 11:07:56 +01:00
- Security/iMessage: harden remote attachment SSH/SCP handling by requiring strict host-key verification, validating `channels.imessage.remoteHost` as `host`/`user@host`, and rejecting unsafe host tokens from config or auto-detection. Thanks @allsmog for reporting.
Changelog: note Feishu traversal hardening
2026-02-19 10:14:31 +01:00
- Security/Feishu: prevent path traversal in Feishu inbound media temp-file writes by replacing key-derived temp filenames with UUID-based names. Thanks @allsmog for reporting.
fix: credit contributor in changelog (#20916) (thanks @orlyjamie)
2026-02-19 14:59:30 +01:00
- Security/Feishu: escape mention regex metacharacters in `stripBotMention` so crafted mention metadata cannot trigger regex injection or ReDoS during inbound message parsing. (#20916) Thanks @orlyjamie for the fix and @allsmog for reporting.
LINE/Security: harden inbound media temp-file naming (#20792) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: f6f3eecdb3ce21ccdccd8b2c10a74ebd47ad809e Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-19 09:37:33 +00:00
- LINE/Security: harden inbound media temp-file naming by using UUID-based temp paths for downloaded media instead of external message IDs. (#20792) Thanks @mbelinky.
fix(media): harden saveMediaSource against symlink TOCTOU
2026-02-19 09:51:50 +01:00
- Security/Media: harden local media ingestion against TOCTOU/symlink swap attacks by pinning reads to a single file descriptor with symlink rejection and inode/device verification in `saveMediaSource`. Thanks @dorjoos for reporting.
docs(changelog): credit allsmog for Lobster security report
2026-02-19 14:42:53 +01:00
- Security/Lobster (Windows): for the next npm release, remove shell-based fallback when launching Lobster wrappers (`.cmd`/`.bat`) and switch to explicit argv execution with wrapper entrypoint resolution, preventing command injection while preserving Windows wrapper compatibility. Thanks @allsmog for reporting.
fix(security): harden safeBins path trust
2026-02-18 04:54:46 +01:00
- Security/Exec: require `tools.exec.safeBins` binaries to resolve from trusted bin directories (system defaults plus gateway startup `PATH`) so PATH-hijacked trojan binaries cannot bypass allowlist checks. Thanks @jackhax for reporting.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Security/Exec: remove file-existence oracle behavior from `tools.exec.safeBins` by using deterministic argv-only stdin-safe validation and blocking file-oriented flags (for example `sort -o`, `jq -f`, `grep -f`) so allow/deny results no longer disclose host file presence. Thanks @nedlir for reporting.
- Security/Browser: route browser URL navigation through one SSRF-guarded validation path for tab-open/CDP-target/Playwright navigation flows and block private/metadata destinations by default (configurable via `browser.ssrfPolicy`). Thanks @dorjoos for reporting.
fix(security): harden safeBins stdin-only enforcement
2026-02-19 14:07:43 +01:00
- Security/Exec: for the next npm release, harden safe-bin stdin-only enforcement by blocking output/recursive flags (`sort -o/--output`, grep recursion) and tightening default safe bins to remove `sort`/`grep`, preventing safe-bin allowlist bypass for file writes/recursive reads. Thanks @nedlir for reporting.
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:05 +01:00
- Security/Exec: block grep safe-bin positional operand bypass by setting grep positional budget to zero, so `-e/--regexp` cannot smuggle bare filename reads (for example `.env`) via ambiguous positionals; safe-bin grep patterns must come from `-e/--regexp`. Thanks @athuljayaram for reporting.
fix(security): centralize owner-only tool gating and scope maps
2026-02-19 15:27:45 +01:00
- Security/Gateway/Agents: remove implicit admin scopes from agent tool gateway calls by classifying methods to least-privilege operator scopes, and enforce owner-only tooling (`cron`, `gateway`, `whatsapp_login`) through centralized tool-policy wrappers plus tool metadata to prevent non-owner DM privilege escalation. Ships in the next npm release. Thanks @Adam55A-code for reporting.
- Security/Gateway: centralize gateway method-scope authorization and default non-CLI gateway callers to least-privilege method scopes, with explicit CLI scope handling, full core-handler scope classification coverage, and regression guards to prevent scope drift.
chore(changelog): move SSRF transition fix to 2026.2.18
2026-02-18 04:53:50 +01:00
- Security/Net: block SSRF bypass via NAT64 (`64:ff9b::/96`, `64:ff9b:1::/48`), 6to4 (`2002::/16`), and Teredo (`2001:0000::/32`) IPv6 transition addresses, and fail closed on IPv6 parse errors. Thanks @jackhax.
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
- Security/OTEL: sanitize OTLP endpoint URL resolution. (#13791) Thanks @vincentkoc.
- Security: patch Dependabot security issues in pnpm lock. (#20832) Thanks @vincentkoc.
- Security: migrate request dependencies to `@cypress/request`. (#20836) Thanks @vincentkoc.
fix: serialize sandbox registry writes
2026-02-18 04:44:23 +01:00
## 2026.2.17
### Changes
feat(agents): support Anthropic 1M context beta header
2026-02-18 03:28:56 +01:00
- Agents/Anthropic: add opt-in 1M context beta header support for Opus/Sonnet via model `params.context1m: true` (maps to `anthropic-beta: context-1m-2025-08-07`).
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- Agents/Models: support Anthropic Sonnet 4.6 (`anthropic/claude-sonnet-4-6`) across aliases/defaults with forward-compat fallback when upstream catalogs still only expose Sonnet 4.5.
- Commands/Subagents: add `/subagents spawn` for deterministic subagent activation from chat commands. (#18218) Thanks @JoshuaLelon.
changelog: add @tyler6204 credit for today's entries
2026-02-17 11:40:20 -08:00
- Agents/Subagents: add an accepted response note for `sessions_spawn` explaining polling subagents are disabled for one-off calls. Thanks @tyler6204.
- Agents/Subagents: prefix spawned subagent task messages with context to preserve source information in downstream handling. Thanks @tyler6204.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- iOS/Share: add an iOS share extension that forwards shared URL/text/image content directly to gateway `agent.request`, with delivery-route fallback and optional receipt acknowledgements. (#19424) Thanks @mbelinky.
feat(ios): add background listening core toggle (#18261) Co-authored-by: Mariano Belinky <mariano@mb-server-643.local>
2026-02-16 17:36:17 +00:00
- iOS/Talk: add a `Background Listening` toggle that keeps Talk Mode active while the app is backgrounded (off by default for battery safety). Thanks @zeulewan.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- iOS/Talk: add a `Voice Directive Hint` toggle for Talk Mode prompts so users can disable ElevenLabs voice-switching instructions to save tokens when not needed. (#18250) Thanks @zeulewan.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- iOS/Talk: harden barge-in behavior by disabling interrupt-on-speech when output route is built-in speaker/receiver, reducing false interruptions from local TTS bleed-through. Thanks @zeulewan.
- Slack: add native single-message text streaming with Slack `chat.startStream`/`appendStream`/`stopStream`; keep reply threading aligned with `replyToMode`, default streaming to enabled, and fall back to normal delivery when streaming fails. (#9972) Thanks @natedenh.
- Slack: add configurable streaming modes for draft previews. (#18555) Thanks @Solvely-Colin.
feat(telegram): support inline button styles (#18241) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 239cb3552e4eaf2597b8e1f4af82ab2ffd1d446c Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-16 22:48:47 +05:30
- Telegram/Agents: add inline button `style` support (`primary|success|danger`) across message tool schema, Telegram action parsing, send pipeline, and runtime prompt guidance. (#18241) Thanks @obviyus.
test: add fetch mock helper and reaction coverage
2026-02-17 09:01:30 -05:00
- Telegram: surface user message reactions as system events, with configurable `channels.telegram.reactionNotifications` scope. (#10075) Thanks @Glucksberg.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- iMessage: support `replyToId` on outbound text/media sends and normalize leading `[[reply_to:<id>]]` tags so replies target the intended iMessage. Thanks @tyler6204.
- Tool Display/Web UI: add intent-first tool detail views and exec summaries. (#18592) Thanks @xdLawless2.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Discord: expose native `/exec` command options (host/security/ask/node) so Discord slash commands get autocomplete and structured inputs. Thanks @thewilloftheshadow.
Discord: add reusable component option
2026-02-16 14:22:31 -06:00
- Discord: allow reusable interactive components with `components.reusable=true` so buttons, selects, and forms can be used multiple times before expiring. Thanks @thewilloftheshadow.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- Discord: add per-button `allowedUsers` allowlist for interactive components to restrict who can click buttons. Thanks @thewilloftheshadow.
feat(cron): add default stagger controls for scheduled jobs
2026-02-17 23:46:05 +01:00
- Cron/Gateway: separate per-job webhook delivery (`delivery.mode = "webhook"`) from announce delivery, enforce valid HTTP(S) webhook URLs, and keep a temporary legacy `notify + cron.webhook` fallback for stored jobs. (#17901) Thanks @advaitpaliwal.
- Cron/CLI: add deterministic default stagger for recurring top-of-hour cron schedules (including 6-field seconds cron), auto-migrate existing jobs to persisted `schedule.staggerMs`, and add `openclaw cron add/edit --stagger <duration>` plus `--exact` overrides for per-job timing control.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- Cron: log per-run model/provider usage telemetry in cron run logs/webhooks and add a local usage report script for aggregating token usage by job. (#18172) Thanks @HankAndTheCrew.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Tools/Web: add URL allowlists for `web_search` and `web_fetch`. (#18584) Thanks @smartprogrammer93.
- Browser: add `extraArgs` config for custom Chrome launch arguments. (#18443) Thanks @JayMishra-source.
- Voice Call: pre-cache inbound greeting TTS for faster first playback. (#18447) Thanks @JayMishra-source.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- Skills: compact skill file `<location>` paths in the system prompt by replacing home-directory prefixes with `~`, and add targeted compaction tests for prompt serialization behavior. (#14776) Thanks @bitfish3.
- Skills: refine skill-description routing boundaries with explicit "Use when"/"NOT for" guidance for coding-agent/github/weather, and clarify PTY/browser fallback wording. (#14577) Thanks @DylanWoodAkers.
- Auto-reply/Prompts: include trusted inbound `message_id` in conversation metadata payloads for downstream targeting workflows. Thanks @tyler6204.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Auto-reply: include `sender_id` in trusted inbound metadata so moderation workflows can target the sender without relying on untrusted text. (#18303) Thanks @crimeacs.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- UI/Sessions: avoid duplicating typed session prefixes in display names (for example `Subagent Subagent ...`). Thanks @tyler6204.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Agents/Z.AI: enable `tool_stream` by default for real-time tool call streaming, with opt-out via `params.tool_stream: false`. (#18173) Thanks @tianxiao1430-jpg.
- Plugins: add `before_agent_start` model/provider overrides before resolution. (#18568) Thanks @natefikru.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- Mattermost: add emoji reaction actions plus reaction event notifications, including an explicit boolean `remove` flag to avoid accidental removals. (#18608) Thanks @echo931.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Memory/Search: add FTS fallback plus query expansion for memory search. (#18304) Thanks @irchelper.
- Agents/Models: support per-model `thinkingDefault` overrides in model config. (#18152) Thanks @wu-tian807.
- Agents: enable `llms.txt` discovery in default behavior. (#18158) Thanks @yolo-maxi.
docs: reorder unreleased changelog by user-impact highlights
2026-02-18 01:51:28 +01:00
- Extensions/Auth: add OpenAI Codex CLI auth provider integration. (#18009) Thanks @jiteshdhamaniya.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Feishu: add Bitable create-app/create-field tools for automation workflows. (#17963) Thanks @gaowanqi08141999.
test(docker): cover browser install build arg
2026-02-16 22:27:41 -05:00
- Docker: add optional `OPENCLAW_INSTALL_BROWSER` build arg to preinstall Chromium + Xvfb in the Docker image, avoiding runtime Playwright installs. (#18449)
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
### Fixes
fix: clean tool schemas and thinking blocks for google-antigravity (openclaw#19732) thanks @Oceanswave Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Oceanswave <760674+Oceanswave@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-19 23:49:57 -05:00
- Agents/Antigravity: preserve unsigned Claude thinking blocks as plain text instead of dropping them during transcript sanitization, preventing reasoning context loss while avoiding `thinking.signature` request rejections.
fix: strip unsupported JSON Schema keywords for Claude via Cloud Code Assist (openclaw#20124) thanks @ephraimm Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check (fails on existing unrelated type error: src/agents/subagent-announce.format.e2e.test.ts:71) - pnpm test:e2e src/agents/pi-embedded-runner/google.e2e.test.ts - pnpm test:macmini (fails on existing unrelated test: src/agents/subagent-registry.steer-restart.test.ts) Co-authored-by: ephraimm <2803669+ephraimm@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-20 06:31:20 +02:00
- Agents/Google: clean tool JSON Schemas for `google-antigravity` the same as `google-gemini-cli` before Cloud Code Assist requests, preventing Claude tool calls from failing with `patternProperties` 400 errors. (#19860)
test: harden Telegram command menu sanitization coverage (#19703) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 6a41b115902cafb5f5d79666850d4f3cd6b603ec Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-18 09:16:31 +05:30
- Tests/Telegram: add regression coverage for command-menu sync that asserts all `setMyCommands` entries are Telegram-safe and hyphen-normalized across native/custom/plugin command sources. (#19703) Thanks @obviyus.
fix(agents): make image resize logs single-line with size
2026-02-18 01:58:25 +01:00
- Agents/Image: collapse resize diagnostics to one line per image and include visible pixel/byte size details in the log message for faster triage.
fix(auth): clear all usage stats fields in clearAuthProfileCooldown (openclaw#19211) thanks @nabbilkhan Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: nabbilkhan <203121263+nabbilkhan@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-19 22:21:37 -06:00
- Auth/Cooldowns: clear all usage stats fields (`disabledUntil`, `disabledReason`, `failureCounts`) in `clearAuthProfileCooldown` so manual cooldown resets fully recover billing-disabled profiles without requiring direct file edits. (#19211) Thanks @nabbilkhan.
fix(subagent): harden read-tool overflow guards and sticky reply threading (#19508) * fix(gateway): avoid premature agent.wait completion on transient errors * fix(agent): preemptively guard tool results against context overflow * fix: harden tool-result context guard and add message_id metadata * fix: use importOriginal in session-key mock to include DEFAULT_ACCOUNT_ID The run.skill-filter test was mocking ../../routing/session-key.js with only buildAgentMainSessionKey and normalizeAgentId, but the module also exports DEFAULT_ACCOUNT_ID which is required transitively by src/web/auth-store.ts. Switch to importOriginal pattern so all real exports are preserved alongside the mocked functions. * pi-runner: guard accumulated tool-result overflow in transformContext * PI runner: compact overflowing tool-result context * Subagent: harden tool-result context recovery * Enhance tool-result context handling by adding support for legacy tool outputs and improving character estimation for message truncation. This includes a new function to create legacy tool results and updates to existing functions to better manage context overflow scenarios. * Enhance iMessage handling by adding reply tag support in send functions and tests. This includes modifications to prepend or rewrite reply tags based on provided replyToId, ensuring proper message formatting for replies. * Enhance message delivery across multiple channels by implementing sticky reply context for chunked messages. This includes preserving reply references in Discord, Telegram, and iMessage, ensuring that follow-up messages maintain their intended reply targets. Additionally, improve handling of reply tags in system prompts and tests to support consistent reply behavior. * Enhance read tool functionality by implementing auto-paging across chunks when no explicit limit is provided, scaling output budget based on model context window. Additionally, add tests for adaptive reading behavior and capped continuation guidance for large outputs. Update related functions to support these features. * Refine tool-result context management by stripping oversized read-tool details payloads during compaction, ensuring repeated read calls do not bypass context limits. Introduce new utility functions for handling truncation content and enhance character estimation for tool results. Add tests to validate the removal of excessive details in context overflow scenarios. * Refine message delivery logic in Matrix and Telegram by introducing a flag to track if a text chunk was sent. This ensures that replies are only marked as delivered when a text chunk has been successfully sent, improving the accuracy of reply handling in both channels. * fix: tighten reply threading coverage and prep fixes (#19508) (thanks @tyler6204)
2026-02-17 15:32:52 -08:00
- Agents/Subagents: preemptively guard accumulated tool-result context before model calls by truncating oversized outputs and compacting oldest tool-result messages to avoid context-window overflow crashes. Thanks @tyler6204.
fix(cli): display correct model for sub-agents in sessions list (#18660) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: ba54c5a351f7ba7f6ffcc690be0e15d8e052d0d9 Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-18 05:59:20 +01:00
- Agents/Subagents/CLI: fail `sessions_spawn` when subagent model patching is rejected, allow subagent model patch defaults from `subagents.model`, and keep `sessions list`/`status` model reporting aligned to runtime model resolution. (#18660) Thanks @robbyczgw-cla.
fix(subagent): harden read-tool overflow guards and sticky reply threading (#19508) * fix(gateway): avoid premature agent.wait completion on transient errors * fix(agent): preemptively guard tool results against context overflow * fix: harden tool-result context guard and add message_id metadata * fix: use importOriginal in session-key mock to include DEFAULT_ACCOUNT_ID The run.skill-filter test was mocking ../../routing/session-key.js with only buildAgentMainSessionKey and normalizeAgentId, but the module also exports DEFAULT_ACCOUNT_ID which is required transitively by src/web/auth-store.ts. Switch to importOriginal pattern so all real exports are preserved alongside the mocked functions. * pi-runner: guard accumulated tool-result overflow in transformContext * PI runner: compact overflowing tool-result context * Subagent: harden tool-result context recovery * Enhance tool-result context handling by adding support for legacy tool outputs and improving character estimation for message truncation. This includes a new function to create legacy tool results and updates to existing functions to better manage context overflow scenarios. * Enhance iMessage handling by adding reply tag support in send functions and tests. This includes modifications to prepend or rewrite reply tags based on provided replyToId, ensuring proper message formatting for replies. * Enhance message delivery across multiple channels by implementing sticky reply context for chunked messages. This includes preserving reply references in Discord, Telegram, and iMessage, ensuring that follow-up messages maintain their intended reply targets. Additionally, improve handling of reply tags in system prompts and tests to support consistent reply behavior. * Enhance read tool functionality by implementing auto-paging across chunks when no explicit limit is provided, scaling output budget based on model context window. Additionally, add tests for adaptive reading behavior and capped continuation guidance for large outputs. Update related functions to support these features. * Refine tool-result context management by stripping oversized read-tool details payloads during compaction, ensuring repeated read calls do not bypass context limits. Introduce new utility functions for handling truncation content and enhance character estimation for tool results. Add tests to validate the removal of excessive details in context overflow scenarios. * Refine message delivery logic in Matrix and Telegram by introducing a flag to track if a text chunk was sent. This ensures that replies are only marked as delivered when a text chunk has been successfully sent, improving the accuracy of reply handling in both channels. * fix: tighten reply threading coverage and prep fixes (#19508) (thanks @tyler6204)
2026-02-17 15:32:52 -08:00
- Agents/Subagents: add explicit subagent guidance to recover from `[compacted: tool output removed to free context]` / `[truncated: output exceeded context limit]` markers by re-reading with smaller chunks instead of full-file `cat`. Thanks @tyler6204.
- Agents/Tools: make `read` auto-page across chunks (when no explicit `limit` is provided) and scale its per-call output budget from model `contextWindow`, so larger contexts can read more before context guards kick in. Thanks @tyler6204.
- Agents/Tools: strip duplicated `read` truncation payloads from tool-result `details` and make pre-call context guarding account for heavy tool-result metadata, so repeated `read` calls no longer bypass compaction and overflow model context windows. Thanks @tyler6204.
- Reply threading: keep reply context sticky across streamed/split chunks and preserve `replyToId` on all chunk sends across shared and channel-specific delivery paths (including iMessage, BlueBubbles, Telegram, Discord, and Matrix), so follow-up bubbles stay attached to the same referenced message. Thanks @tyler6204.
- Gateway/Agent: defer transient lifecycle `error` snapshots with a short grace window so `agent.wait` does not resolve early during retry/failover. Thanks @tyler6204.
refactor: centralize presence routing and version precedence coverage (#19609) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 10d9df5263f5e14712fa4f9f62b7a686dc55e6ae Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-18 00:02:51 -05:00
- Gateway/Presence: centralize presence snapshot broadcasts and unify runtime version precedence (`OPENCLAW_VERSION` > `OPENCLAW_SERVICE_VERSION` > `npm_package_version`) so self-presence and websocket `hello-ok` report consistent versions.
fix(hooks): backport internal message hook bridge with safe delivery semantics
2026-02-18 00:32:51 +01:00
- Hooks/Automation: bridge outbound/inbound message lifecycle into internal hook events (`message:received`, `message:sent`) with session-key correlation guards, while keeping per-payload success/error reporting accurate for chunked and best-effort deliveries. (PR #9387)
- Media understanding: honor `agents.defaults.imageModel` during auto-discovery so implicit image analysis uses configured primary/fallback image models. (PR #7607)
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- iOS/Onboarding: stop auth Step 3 retry-loop churn by pausing reconnect attempts on unauthorized/missing-token gateway errors and keeping auth/pairing issue state sticky during manual retry. (#19153) Thanks @mbelinky.
- Voice-call: auto-end calls when media streams disconnect to prevent stuck active calls. (#18435) Thanks @JayMishra-source.
- Voice call/Gateway: prevent overlapping closed-loop turn races with per-call turn locking, route transcript dedupe via source-aware fingerprints with strict cache eviction bounds, and harden `voicecall latency` stats for large logs without spread-operator stack overflow. (#19140) Thanks @mbelinky.
- iOS/Chat: route ChatSheet RPCs through the operator session instead of the node session to avoid node-role authorization failures for `chat.history`, `chat.send`, and `sessions.list`. (#19320) Thanks @mbelinky.
- macOS/Update: correct the Sparkle appcast version for 2026.2.15 so updates are offered again. (#18201)
- Gateway/Auth: clear stale device-auth tokens after device token mismatch errors so re-paired clients can re-auth. (#18201)
- Telegram: enable DM voice-note transcription with CLI fallback handling. (#18564) Thanks @thhuang.
- Telegram/Polls: restore Telegram poll action wiring in channel handlers. (#18122) Thanks @akyourowngames.
- WebChat: strip reply/audio directive tags from rendered chat output. (#18093) Thanks @aldoeliacim.
- Discord: honor configured HTTP proxy for app-id and allowlist REST resolution. (#17958) Thanks @k2009.
fix cron announce routing and timeout handling
2026-02-17 11:40:04 -08:00
- BlueBubbles: add fallback path to recover outbound `message_id` from `fromMe` webhooks when platform message IDs are missing. Thanks @tyler6204.
- BlueBubbles: match outbound message-id fallback recovery by chat identifier as well as account context. Thanks @tyler6204.
- BlueBubbles: include sender identifier in untrusted conversation metadata for conversation info payloads. Thanks @tyler6204.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Security/Exec: fix the OC-09 credential-theft path via environment-variable injection. (#18048) Thanks @aether-ai-agent.
fix: harden include confinement edge cases (#18652) (thanks @aether-ai-agent)
2026-02-18 03:26:36 +01:00
- Security/Config: confine `$include` resolution to the top-level config directory, harden traversal/symlink checks with cross-platform-safe path containment, and add doctor hints for invalid escaped include paths. (#18652) Thanks @aether-ai-agent.
fix: block ISATAP SSRF bypass via shared host/ip guard
2026-02-19 09:59:34 +01:00
- Security/Net: block SSRF bypass via ISATAP embedded IPv4 transition addresses and centralize hostname/IP blocking checks across URL safety validators. Thanks @zpbrent for reporting.
docs(changelog): add missing 2026.2.16 entries and reorder by user impact
2026-02-17 23:02:24 +01:00
- Providers: improve error messaging for unconfigured local `ollama`/`vllm` providers. (#18183) Thanks @arosstale.
- TTS: surface all provider errors instead of only the last error in aggregated failures. (#17964) Thanks @ikari-pl.
- CLI/Doctor/Configure: skip gateway auth checks for loopback-only setups. (#18407) Thanks @sggolakiya.
- CLI/Doctor: reconcile gateway service-token drift after re-pair flows. (#18525) Thanks @norunners.
- Process/Windows: disable detached spawn in exec runs to prevent empty command output. (#18067) Thanks @arosstale.
- Process: gracefully terminate process trees with SIGTERM before SIGKILL. (#18626) Thanks @sauerdaniel.
- Sessions/Windows: use atomic session-store writes to prevent context loss on Windows. (#18347) Thanks @twcwinston.
- Agents/Image: validate base64 image payloads before provider submission. (#18263) Thanks @sriram369.
- Models CLI: validate catalog entries in `openclaw models set`. (#18129) Thanks @carrotRakko.
- Usage: isolate last-turn totals in token usage reporting to avoid mixed-turn totals. (#18052) Thanks @arosstale.
- Cron: resolve `accountId` from agent bindings in isolated sessions. (#17996) Thanks @simonemacario.
- Gateway/HTTP: preserve unbracketed IPv6 `Host` headers when normalizing requests. (#18061) Thanks @Clawborn.
- Sandbox: fix workspace-directory orphaning during SHA-1 -> SHA-256 slug migration. (#18523) Thanks @yinghaosang.
- Ollama/Qwen: handle Qwen 3 reasoning field format in Ollama responses. (#18631) Thanks @mr-sk.
- OpenAI/Transcripts: always drop orphaned reasoning blocks from transcript repair. (#18632) Thanks @TySabs.
chore: Typecheck tests.
2026-02-17 15:49:18 +09:00
- Fix types in all tests. Typecheck the whole repository.
fix(gateway): harden channel health monitor recovery
2026-02-17 03:26:13 +01:00
- Gateway/Channels: wire `gateway.channelHealthCheckMinutes` into strict config validation, treat implicit account status as managed for health checks, and harden channel auto-restart flow (preserve restart-attempt caps across crash loops, propagate enabled/configured runtime flags, and stop pending restart backoff after manual stop). Thanks @steipete.
fix(gateway): preserve chat.history context under hard caps
2026-02-16 21:50:01 -05:00
- Gateway/WebChat: hard-cap `chat.history` oversized payloads by truncating high-cost fields and replacing over-budget entries with placeholders, so history fetches stay within configured byte limits and avoid chat UI freezes. (#18505)
fix(ui): correct usage range totals and muted styles
2026-02-17 03:03:46 +01:00
- UI/Usage: replace lingering undefined `var(--text-muted)` usage with `var(--muted)` in usage date-range and chart styles to keep muted text visible across themes. (#17975) Thanks @jogelin.
- UI/Usage: preserve selected-range totals when timeline data is downsampled by bucket-aggregating timeseries points (instead of dropping intermediate points), so filtered tokens/cost stay accurate. (#17959) Thanks @jogelin.
fix(ui): gate sessions refresh on successful delete
2026-02-16 21:46:04 -05:00
- UI/Sessions: refresh the sessions table only after successful deletes and preserve delete errors on cancel/failure paths, so deleted sessions disappear automatically without masking delete failures. (#18507)
fix(scripts): harden Windows UI spawn behavior
2026-02-16 20:48:55 -05:00
- Scripts/UI/Windows: fix `pnpm ui:*` spawn `EINVAL` failures by restoring shell-backed launch for `.cmd`/`.bat` runners, narrowing shell usage to launcher types that require it, and rejecting unsafe forwarded shell metacharacters in UI script args. (#18594)
fix(session-memory): harden reset transcript recovery
2026-02-16 20:34:36 -05:00
- Hooks/Session-memory: recover `/new` conversation summaries when session pointers are reset-path or missing `sessionFile`, and consistently prefer the newest `.jsonl.reset.*` transcript candidate for fallback extraction. (#18088)
test(session): cover stale threadId fallback
2026-02-16 22:08:51 -05:00
- Auto-reply/Sessions: prevent stale thread ID leakage into non-thread sessions so replies stay in the main DM after topic interactions. (#18528) Thanks @j2h4u.
fix(session-memory): harden reset transcript recovery
2026-02-16 20:34:36 -05:00
- Slack: restrict forwarded-attachment ingestion to explicit shared-message attachments and skip non-Slack forwarded `image_url` fetches, preventing non-forward attachment unfurls from polluting inbound agent context while preserving forwarded message handling.
docs(changelog): note webhook session reuse fix
2026-02-17 08:37:42 -05:00
- Feishu: detect bot mentions in post messages with embedded docs when `message.mentions` is empty. (#18074) Thanks @popomore.
fix(agents): align session lock hold budget with run timeouts
2026-02-17 03:09:56 +01:00
- Agents/Sessions: align session lock watchdog hold windows with run and compaction timeout budgets (plus grace), preventing valid long-running turns from being force-unlocked mid-run while still recovering hung lock owners. (#18060)
test(cron): add model fallback regression coverage
2026-02-17 10:40:25 -05:00
- Cron: preserve default model fallbacks for cron agent runs when only `model.primary` is overridden, so failover still follows configured fallbacks unless explicitly cleared with `fallbacks: []`. (#18210) Thanks @mahsumaktas.
fix: schedule nextWakeAtMs for isolated sessionTarget cron jobs (#19541) * fix(cron): repair isolated next wake scheduling * cron: harden isolated next-wake timestamp guards --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-28 08:48:31 -08:00
- Cron/Isolation: treat non-finite `nextRunAtMs` as missing and repair isolated `every` anchor fallback so legacy jobs without valid timestamps self-heal and scheduler wake timing remains valid. (#19469) Thanks @guirguispierre.
fix cron announce routing and timeout handling
2026-02-17 11:40:04 -08:00
- Cron: route text-only announce output through the main session announce flow via runSubagentAnnounceFlow so cron text-only output remains visible to the initiating session. Thanks @tyler6204.
- Cron: treat `timeoutSeconds: 0` as no-timeout (not clamped to 1), ensuring long-running cron runs are not prematurely terminated. Thanks @tyler6204.
- Cron announce injection now targets the session determined by delivery config (`to` + channel) instead of defaulting to the current session. Thanks @tyler6204.
fix: align cron session key routing (#18637) (thanks @vignesh07)
2026-02-17 01:53:52 +01:00
- Cron/Heartbeat: canonicalize session-scoped reminder `sessionKey` routing and preserve explicit flat `sessionKey` cron tool inputs, preventing enqueue/wake namespace drift for session-targeted reminders. (#18637) Thanks @vignesh07.
docs(changelog): note webhook session reuse fix
2026-02-17 08:37:42 -05:00
- Cron/Webhooks: reuse existing session IDs for webhook/cron runs when the session key is stable and still fresh, preserving conversation history. (#18031) Thanks @Operative-001.
fix(cron): add spin-loop regression coverage
2026-02-17 08:47:35 -05:00
- Cron: prevent spin loops when cron jobs complete within the scheduled second by advancing the next run and enforcing a minimum refire gap. (#18073) Thanks @widingmarcus-cyber.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- OpenClawKit/iOS ChatUI: accept canonical session-key completion events for local pending runs and preserve message IDs across history refreshes, preventing stuck "thinking" state and message flicker after gateway replies. (#18165) Thanks @mbelinky.
- iOS/Onboarding: add QR-first onboarding wizard with setup-code deep link support, pairing/auth issue guidance, and device-pair QR generation improvements for Telegram/Web/TUI fallback flows. (#18162) Thanks @mbelinky and @Marvae.
- iOS/Gateway: stabilize connect/discovery state handling, add onboarding reset recovery in Settings, and fix iOS gateway-controller coverage for command-surface and last-connection persistence behavior. (#18164) Thanks @mbelinky.
- iOS/Talk: harden mobile talk config handling by ignoring redacted/env-placeholder API keys, support secure local keychain override, improve accessibility motion/contrast behavior in status UI, and tighten ATS to local-network allowance. (#18163) Thanks @mbelinky.
- iOS/Location: restore the significant location monitor implementation (service hooks + protocol surface + ATS key alignment) after merge drift so iOS builds compile again. (#18260) Thanks @ngutman.
feat(ios): auto-select local signing team (#18421) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: bbb9c3aa48a542539dc37136e6542d1f3958f9c2 Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Reviewed-by: @ngutman
2026-02-18 03:16:10 +08:00
- iOS/Signing: auto-select local Apple Development team during iOS project generation/build, prefer the canonical OpenClaw team when available, and support local per-machine signing overrides without committing team IDs. (#18421) Thanks @ngutman.
fix(actions): layer per-account gate fallback
2026-02-16 20:59:23 -05:00
- Discord/Telegram: make per-account message action gates effective for both action listing and execution, and preserve top-level gate restrictions when account overrides only specify a subset of `actions` keys (account key -> base key -> default fallback). (#18494)
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Telegram: keep DM-topic replies and draft previews in the originating private-chat topic by preserving positive `message_thread_id` values for DM threads. (#18586) Thanks @sebslight.
fix: align tool execute arg parsing for hooks
2026-02-17 13:19:21 +05:30
- Telegram: preserve private-chat topic `message_thread_id` on outbound sends (message/sticker/poll), keep thread-not-found retry fallback, and avoid masking `chat not found` routing errors. (#18993) Thanks @obviyus.
test(media-dedup): add missing coverage for Discord media dedup wiring Cover three integration points where media dedup could silently regress: - trimMessagingToolSent FIFO cap at 200 entries - buildReplyPayloads media filter wiring (new test file) - followup-runner messagingToolSentMediaUrls filtering
2026-02-16 20:08:27 +01:00
- Discord: prevent duplicate media delivery when the model uses the `message send` tool with media, by skipping media extraction from messaging tool results since the tool already sent the message directly. (#18270)
docs(changelog): note webhook session reuse fix
2026-02-17 08:37:42 -05:00
- Discord: route `audioAsVoice` auto-replies through the voice message API so opt-in audio renders as voice messages. (#18041) Thanks @zerone0x.
test(discord): cover auto-thread skip types
2026-02-17 09:17:56 -05:00
- Discord: skip auto-thread creation in forum/media/voice/stage channels and keep group session last-route metadata fresh to avoid invalid thread API errors and lost follow-up sends. (#18098) Thanks @Clawborn.
fix(discord): normalize command allowFrom prefixes
2026-02-17 08:45:12 -05:00
- Discord/Commands: normalize `commands.allowFrom` entries with `user:`/`discord:`/`pk:` prefixes and `<@id>` mentions so command authorization matches Discord allowlist behavior. (#18042)
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
- Telegram: keep draft-stream preview replies attached to the user message for `replyToMode: "all"` in groups and DMs, preserving threaded reply context from preview through finalization. (#17880) Thanks @yinghaosang.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Telegram: prevent streaming final replies from being overwritten by later final/error payloads, and suppress fallback tool-error warnings when a recovered assistant answer already exists after tool calls. (#17883) Thanks @Marvae and @obviyus.
fix(telegram): add initial message debounce for better push notifications (#18147) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 5e2285b6a03943a483993b540f86a0fa49d7de39 Co-authored-by: Marvae <11957602+Marvae@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-17 13:51:49 +08:00
- Telegram: debounce the first draft-stream preview update (30-char threshold) and finalize short responses by editing the stop-time preview message, improving first push notifications and avoiding duplicate final sends. (#18148) Thanks @Marvae.
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
- Telegram: disable block streaming when `channels.telegram.streamMode` is `off`, preventing newline/content-block replies from splitting into multiple messages. (#17679) Thanks @saivarunk.
fix(telegram): avoid duplicate preview bubbles in partial stream mode (#18956) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: cf4eca71d46e0c5ef1ec46af90f978b3d454c34a Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-17 12:36:15 +05:30
- Telegram: keep `streamMode: "partial"` draft previews in a single message across assistant-message/reasoning boundaries, preventing duplicate preview bubbles during partial-mode tool-call turns. (#18956) Thanks @obviyus.
fix: sanitize native command names for Telegram API (#19257) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: b608be348888505b23bb4b2f1c8c42058a28e64e Co-authored-by: akramcodez <179671552+akramcodez@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-17 23:20:36 +05:30
- Telegram: normalize native command names for Telegram menu registration (`-` -> `_`) to avoid `BOT_COMMAND_INVALID` command-menu wipeouts, and log failed command syncs instead of silently swallowing them. (#19257) Thanks @akramcodez.
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
- Telegram: route non-abort slash commands on the normal chat/topic sequential lane while keeping true abort requests (`/stop`, `stop`) on the control lane, preventing command/reply race conditions from control-lane bypass. (#17899) Thanks @obviyus.
docs: add changelog entry for Telegram media placeholder fix
2026-02-16 17:26:41 -05:00
- Telegram: ignore `<media:...>` placeholder lines when extracting `MEDIA:` tool-result paths, preventing false local-file reads and dropped replies. (#18510) Thanks @yinghaosang.
test(telegram): cover getFile file-too-big errors
2026-02-16 22:10:59 -05:00
- Telegram: skip retries when inbound media `getFile` fails with Telegram's 20MB limit and continue processing message text, avoiding dropped messages for oversized attachments. (#18531) Thanks @brandonwise.
fix(telegram): clear offsets on token change
2026-02-16 23:07:26 -05:00
- Telegram: clear stored polling offsets when bot tokens change or accounts are deleted, preventing stale offsets after token rotations. (#18233)
test(telegram): cover autoSelectFamily env precedence
2026-02-17 10:09:39 -05:00
- Telegram: enable `autoSelectFamily` by default on Node.js 22+ so IPv4 fallback works on broken IPv6 networks. (#18272) Thanks @nacho9900.
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
- Auto-reply/TTS: keep tool-result media delivery enabled in group chats and native command sessions (while still suppressing tool summary text) so `NO_REPLY` follow-ups do not drop successful TTS audio. (#17991) Thanks @zerone0x.
test(telegram): cover getFile file-too-big errors
2026-02-16 22:10:59 -05:00
- Agents/Tools: deliver tool-result media even when verbose tool output is off so media attachments are not dropped. (#16679)
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Discord: optimize reaction notification handling to skip unnecessary message fetches in `off`/`all`/`allowlist` modes, streamline reaction routing, and improve reaction emoji formatting. (#18248) Thanks @thewilloftheshadow and @victorGPT.
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
- CLI/Pairing: make `openclaw qr --remote` prefer `gateway.remote.url` over tailscale/public URL resolution and register the `openclaw clawbot qr` legacy alias path. (#18091)
CLI: restore and harden qr --remote pairing behavior (#18166) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: a79fc2a3c69234cdad1635c0cd25669fcdb4e11b Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky
2026-02-16 15:38:07 +00:00
- CLI/QR: restore fail-fast validation for `openclaw qr --remote` when neither `gateway.remote.url` nor tailscale `serve`/`funnel` is configured, preventing unusable remote pairing QR flows. (#18166) Thanks @mbelinky.
CLI: resolve parent/subcommand option collisions (#18725) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: b7e51cf90950cdd3049ac3c7a3a949717b8ba261 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-17 20:57:09 -05:00
- CLI: fix parent/subcommand option collisions across gateway, daemon, update, ACP, and browser command flows, while preserving legacy `browser set headers --json <payload>` compatibility.
fix(doctor): move forced exit to top-level command
2026-02-16 21:19:44 -05:00
- CLI/Doctor: ensure `openclaw doctor --fix --non-interactive --yes` exits promptly after completion so one-shot automation no longer hangs. (#18502)
fix(doctor): repair googlechat open dm wildcard auto-fix
2026-02-16 21:25:16 -05:00
- CLI/Doctor: auto-repair `dmPolicy="open"` configs missing wildcard allowlists and write channel-correct repair paths (including `channels.googlechat.dm.allowFrom`) so `openclaw doctor --fix` no longer leaves Google Chat configs invalid after attempted repair. (#18544)
test(session): cover stale threadId fallback
2026-02-16 22:08:51 -05:00
- CLI/Doctor: detect gateway service token drift when the gateway token is only provided via environment variables, keeping service repairs aligned after token rotation.
test(update): cover restart gating
2026-02-17 09:20:05 -05:00
- Gateway/Update: prevent restart crash loops after failed self-updates by restarting only on successful updates, stopping early on failed install/build steps, and running `openclaw doctor --fix` during updates to sanitize config. (#18131) Thanks @RamiNoodle733.
test(sessions): add delivery info regression coverage
2026-02-17 09:59:49 -05:00
- Gateway/Update: preserve update.run restart delivery context so post-update status replies route back to the initiating channel/thread. (#18267) Thanks @yinghaosang.
fix(cli): honor update restart overrides
2026-02-17 08:46:59 -05:00
- CLI/Update: run a standalone restart helper after updates, honoring service-name overrides and reporting restart initiation separately from confirmed restarts. (#18050)
fix(daemon): scope token drift warnings
2026-02-17 08:44:07 -05:00
- CLI/Daemon: warn when a gateway restart sees a stale service token so users can reinstall with `openclaw gateway install --force`, and skip drift warnings for non-gateway service restarts. (#18018)
fix(daemon): guard preferred node selection
2026-02-17 10:01:37 -05:00
- CLI/Daemon: prefer the active version-manager Node when installing daemons and include macOS version-manager bin directories in the service PATH so launchd services resolve user-managed runtimes.
test(session): cover stale threadId fallback
2026-02-16 22:08:51 -05:00
- CLI/Status: fix `openclaw status --all` token summaries for bot-token-only channels so Mattermost/Zalo no longer show a bot+app warning. (#18527) Thanks @echo931.
fix: searchable model picker in configure (#19010) (thanks @bjesuiter)
2026-02-17 09:15:20 +01:00
- CLI/Configure: make the `/model picker` allowlist prompt searchable with tokenized matching in `openclaw configure` so users can filter huge model lists by typing terms like `gpt-5.2 openai/`. (#19010) Thanks @bjesuiter.
docs(cli): add components send example
2026-02-17 09:58:37 -05:00
- CLI/Message: preserve `--components` JSON payloads in `openclaw message send` so Discord component payloads are no longer dropped. (#18222) Thanks @saurabhchopade.
test(voice-call): cover stream disconnect auto-end
2026-02-16 22:13:08 -05:00
- Voice Call: add an optional stale call reaper (`staleCallReaperSeconds`) to end stuck calls when enabled. (#18437)
fix(subagents): pass group context in /subagents spawn
2026-02-17 03:00:01 +01:00
- Auto-reply/Subagents: propagate group context (`groupId`, `groupChannel`, `space`) when spawning via `/subagents spawn`, matching tool-triggered subagent spawn behavior.
fix cron announce routing and timeout handling
2026-02-17 11:40:04 -08:00
- Subagents: route nested announce results back to the parent session after the parent run ends, falling back only when the parent session is deleted. (#18043) Thanks @tyler6204.
fix(subagents): harden announce retry guards
2026-02-16 22:57:15 -05:00
- Subagents: cap announce retry loops with max attempts and expiry to prevent infinite retry spam after deferred announces. (#18444)
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Agents/Tools/exec: add a preflight guard that detects likely shell env var injection (e.g. `$DM_JSON`, `$TMPDIR`) in Python/Node scripts before execution, preventing recurring cron failures and wasted tokens when models emit mixed shell+language source. (#12836)
test(agents): cover exec non-zero exits
2026-02-16 23:12:06 -05:00
- Agents/Tools/exec: treat normal non-zero exit codes as completed and append the exit code to tool output to avoid false tool-failure warnings. (#18425)
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Agents/Tools: make loop detection progress-aware and phased by hard-blocking known `process(action=poll|log)` no-progress loops, warning on generic identical-call repeats, warning + no-progress-blocking ping-pong alternation loops (10/20), coalescing repeated warning spam into threshold buckets (including canonical ping-pong pairs), adding a global circuit breaker at 30 no-progress repeats, and emitting structured diagnostic `tool.loop` warning/error events for loop actions. (#16808) Thanks @akramcodez and @beca-oc.
fix: before_tool_call hook double-fires with abort signal (#16852) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 6269d617f3ac811e03cd29d915f94657da922ba1 Co-authored-by: sreuter <550246+sreuter@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-17 18:23:54 +11:00
- Agents/Hooks: preserve the `before_tool_call` wrapped-marker across abort-signal tool wrapping so the hook runs once per tool call in normal agent sessions. (#16852) Thanks @sreuter.
Agents: add before_message_write persistence regression tests
2026-02-17 14:28:06 +00:00
- Agents/Tests: add `before_message_write` persistence regression coverage for block/mutate behavior (including synthetic tool-result flushes) and thrown-hook fallback persistence. (#18197) Thanks @shakkernerd
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Agents/Tools: scope the `message` tool schema to the active channel so Telegram uses `buttons` and Discord uses `components`. (#18215) Thanks @obviyus.
fix(agents): restore multi-image image tool schema contract
2026-02-16 21:34:27 -05:00
- Agents/Image tool: replace Anthropic-incompatible union schema with explicit `image` (single) and `images` (multi) parameters, keeping tool schemas `anyOf`/`oneOf`/`allOf`-free while preserving multi-image analysis support. (#18551, #18566) Thanks @aldoeliacim.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Agents/Models: probe the primary model when its auth-profile cooldown is near expiry (with per-provider throttling), so runs recover from temporary rate limits without staying on fallback models until restart. (#17478) Thanks @PlayerGhost.
fix(failover): align abort timeout detection and regressions
2026-02-16 20:59:44 -05:00
- Agents/Failover: classify provider abort stop-reason errors (`Unhandled stop reason: abort`, `stop reason: abort`, `reason: abort`) as timeout-class failures so configured model fallback chains trigger instead of surfacing raw abort failures. (#18618) Thanks @sauerdaniel.
fix(models): sync auth-profiles before availability checks
2026-02-16 21:00:25 -05:00
- Models/CLI: sync auth-profiles credentials into agent `auth.json` before registry availability checks so `openclaw models list --all` reports auth correctly for API-key/token providers, normalize provider-id aliases when bridging credentials, and skip expired token mirrors. (#18610, #18615)
Agents: raise bootstrap total cap and warn on /context truncation (#18229) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: f6620526df231b571a8821edf9fc5f76c3994583 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-16 12:04:53 -05:00
- Agents/Context: raise default total bootstrap prompt cap from `24000` to `150000` chars (keeping `bootstrapMaxChars` at `20000`), include total-cap visibility in `/context`, and mark truncation from injected-vs-raw sizes so total-cap clipping is reflected accurately.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Memory/QMD: scope managed collection names per agent and precreate glob-backed collection directories before registration, preventing cross-agent collection clobbering and startup ENOENT failures in fresh workspaces. (#17194) Thanks @jonathanadams96.
- Cron: preserve per-job schedule-error isolation in post-run maintenance recompute so malformed sibling jobs no longer abort persistence of successful runs. (#17852) Thanks @pierreeurope.
- Gateway/Config: prevent `config.patch` object-array merges from falling back to full-array replacement when some patch entries lack `id`, so partial `agents.list` updates no longer drop unrelated agents. (#17989) Thanks @stakeswky.
test(gateway): cover trusted proxy trimming
2026-02-17 08:48:57 -05:00
- Gateway/Auth: trim whitespace around trusted proxy entries before matching so configured proxies with stray spaces still authorize. (#18084) Thanks @Clawborn.
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Config/Discord: require string IDs in Discord allowlists, keep onboarding inputs string-only, and add doctor repair for numeric entries. (#18220) Thanks @thewilloftheshadow.
- Security/Sessions: create new session transcript JSONL files with user-only (`0o600`) permissions and extend `openclaw security audit --fix` to remediate existing transcript file permissions.
fix(sessions): purge deleted transcript archives
2026-02-16 22:25:24 -05:00
- Sessions/Maintenance: archive transcripts when pruning stale sessions, clean expired media in subdirectories, and purge `.deleted` transcript archives after the prune window to prevent disk leaks. (#18538)
chore: reorder latest changelog bullets by user impact
2026-02-16 23:27:23 +01:00
- Infra/Fetch: ensure foreign abort-signal listener cleanup never masks original fetch successes/failures, while still preventing detached-finally unhandled rejection noise in `wrapFetchWithAbortSignal`. Thanks @Jackten.
- Heartbeat: allow suppressing tool error warning payloads during heartbeat runs via a new heartbeat config flag. (#18497) Thanks @thewilloftheshadow.
test: stabilize infra tests
2026-02-16 22:37:34 -05:00
- Heartbeat: include sender metadata (From/To/Provider) in heartbeat prompts so model context matches the delivery target. (#18532) Thanks @dinakars777.
fix(heartbeat): bound responsePrefix strip for ack detection
2026-02-16 20:56:32 -05:00
- Heartbeat/Telegram: strip configured `responsePrefix` before heartbeat ack detection (with boundary-safe matching) so prefixed `HEARTBEAT_OK` replies are correctly suppressed instead of leaking into DMs. (#18602)
chore(changelog): restore 2026.2.15 and move entries to 2026.2.16
2026-02-16 15:53:00 +01:00
## 2026.2.15
### Changes
Discord: add component v2 UI tool support (#17419)
2026-02-15 21:19:25 -06:00
- Discord: unlock rich interactive agent prompts with Components v2 (buttons, selects, modals, and attachment-backed file blocks) so for native interaction through Discord. Thanks @thewilloftheshadow.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Discord: components v2 UI + embeds passthrough + exec approval UX refinements (CV2 containers, button layout, Discord-forwarding skip). Thanks @thewilloftheshadow.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Plugins: expose `llm_input` and `llm_output` hook payloads so extensions can observe prompt/input context and model output usage details. (#16724) Thanks @SecondThread.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Subagents: nested sub-agents (sub-sub-agents) with configurable depth. Set `agents.defaults.subagents.maxSpawnDepth: 2` to allow sub-agents to spawn their own children. Includes `maxChildrenPerAgent` limit (default 5), depth-aware tool policy, and proper announce chain routing. (#14447) Thanks @tyler6204.
feat: support per-channel ackReaction config (#17092) (thanks @zerone0x)
2026-02-15 11:29:51 -06:00
- Slack/Discord/Telegram: add per-channel ack reaction overrides (account/channel-level) to support platform-specific emoji formats. (#17092) Thanks @zerone0x.
feat(telegram): add channel_post support for bot-to-bot communication (#17857) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 27a343cd4d9c778a6017ff666d8285ae60256bf4 Co-authored-by: theSamPadilla <35386211+theSamPadilla@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus
2026-02-17 03:14:18 -06:00
- Telegram: add `channel_post` inbound support for channel-based bot-to-bot wake/trigger flows, with channel allowlist gating and message/media batching parity.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Cron/Gateway: add finished-run webhook delivery toggle (`notify`) and dedicated webhook auth token support (`cron.webhookToken`) for outbound cron webhook posts. (#14535) Thanks @advaitpaliwal.
fix: dedupe probe/token base types (#16986) (thanks @iyoda)
2026-02-15 11:34:21 -06:00
- Channels: deduplicate probe/token resolution base types across core + extensions while preserving per-channel error typing. (#16986) Thanks @iyoda and @thewilloftheshadow.
feat(memory): Add MMR re-ranking for search result diversity Adds Maximal Marginal Relevance (MMR) re-ranking to hybrid search results. - New mmr.ts with tokenization, Jaccard similarity, and MMR algorithm - Integrated into mergeHybridResults() with optional mmr config - 40 comprehensive tests covering edge cases and diversity behavior - Configurable lambda parameter (default 0.7) to balance relevance vs diversity - Updated CHANGELOG.md and memory docs This helps avoid redundant results when multiple chunks contain similar content.
2026-01-26 15:23:22 -03:00
- Memory: add MMR (Maximal Marginal Relevance) re-ranking for hybrid search diversity. Configurable via `memorySearch.query.hybrid.mmr`. Thanks @rodrigouroz.
feat(memory): Add opt-in temporal decay for hybrid search scoring Exponential decay (half-life configurable, default 30 days) applied before MMR re-ranking. Dated daily files (memory/YYYY-MM-DD.md) use filename date; evergreen files (MEMORY.md, topic files) are not decayed; other sources fall back to file mtime. Config: memorySearch.query.hybrid.temporalDecay.{enabled, halfLifeDays} Default: disabled (backwards compatible, opt-in).
2026-02-10 08:42:22 -03:00
- Memory: add opt-in temporal decay for hybrid search scoring, with configurable half-life via `memorySearch.query.hybrid.temporalDecay`. Thanks @rodrigouroz.
Agents: add nested subagent orchestration controls and reduce subagent token waste (#14447) * Agents: add subagent orchestration controls * Agents: add subagent orchestration controls (WIP uncommitted changes) * feat(subagents): add depth-based spawn gating for sub-sub-agents * feat(subagents): tool policy, registry, and announce chain for nested agents * feat(subagents): system prompt, docs, changelog for nested sub-agents * fix(subagents): prevent model fallback override, show model during active runs, and block context overflow fallback Bug 1: When a session has an explicit model override (e.g., gpt/openai-codex), the fallback candidate logic in resolveFallbackCandidates silently appended the global primary model (opus) as a backstop. On reinjection/steer with a transient error, the session could fall back to opus which has a smaller context window and crash. Fix: when storedModelOverride is set, pass fallbacksOverride ?? [] instead of undefined, preventing the implicit primary backstop. Bug 2: Active subagents showed 'model n/a' in /subagents list because resolveModelDisplay only read entry.model/modelProvider (populated after run completes). Fix: fall back to modelOverride/providerOverride fields which are populated at spawn time via sessions.patch. Bug 3: Context overflow errors (prompt too long, context_length_exceeded) could theoretically escape runEmbeddedPiAgent and be treated as failover candidates in runWithModelFallback, causing a switch to a model with a smaller context window. Fix: in runWithModelFallback, detect context overflow errors via isLikelyContextOverflowError and rethrow them immediately instead of trying the next model candidate. * fix(subagents): track spawn depth in session store and fix announce routing for nested agents * Fix compaction status tracking and dedupe overflow compaction triggers * fix(subagents): enforce depth block via session store and implement cascade kill * fix: inject group chat context into system prompt * fix(subagents): always write model to session store at spawn time * Preserve spawnDepth when agent handler rewrites session entry * fix(subagents): suppress announce on steer-restart * fix(subagents): fallback spawned session model to runtime default * fix(subagents): enforce spawn depth when caller key resolves by sessionId * feat(subagents): implement active-first ordering for numeric targets and enhance task display - Added a test to verify that subagents with numeric targets follow an active-first list ordering. - Updated `resolveSubagentTarget` to sort subagent runs based on active status and recent activity. - Enhanced task display in command responses to prevent truncation of long task descriptions. - Introduced new utility functions for compacting task text and managing subagent run states. * fix(subagents): show model for active runs via run record fallback When the spawned model matches the agent's default model, the session store's override fields are intentionally cleared (isDefault: true). The model/modelProvider fields are only populated after the run completes. This left active subagents showing 'model n/a'. Fix: store the resolved model on SubagentRunRecord at registration time, and use it as a fallback in both display paths (subagents tool and /subagents command) when the session store entry has no model info. Changes: - SubagentRunRecord: add optional model field - registerSubagentRun: accept and persist model param - sessions-spawn-tool: pass resolvedModel to registerSubagentRun - subagents-tool: pass run record model as fallback to resolveModelDisplay - commands-subagents: pass run record model as fallback to resolveModelDisplay * feat(chat): implement session key resolution and reset on sidebar navigation - Added functions to resolve the main session key and reset chat state when switching sessions from the sidebar. - Updated the `renderTab` function to handle session key changes when navigating to the chat tab. - Introduced a test to verify that the session resets to "main" when opening chat from the sidebar navigation. * fix: subagent timeout=0 passthrough and fallback prompt duplication Bug 1: runTimeoutSeconds=0 now means 'no timeout' instead of applying 600s default - sessions-spawn-tool: default to undefined (not 0) when neither timeout param is provided; use != null check so explicit 0 passes through to gateway - agent.ts: accept 0 as valid timeout (resolveAgentTimeoutMs already handles 0 → MAX_SAFE_TIMEOUT_MS) Bug 2: model fallback no longer re-injects the original prompt as a duplicate - agent.ts: track fallback attempt index; on retries use a short continuation message instead of the full original prompt since the session file already contains it from the first attempt - Also skip re-sending images on fallback retries (already in session) * feat(subagents): truncate long task descriptions in subagents command output - Introduced a new utility function to format task previews, limiting their length to improve readability. - Updated the command handler to use the new formatting function, ensuring task descriptions are truncated appropriately. - Adjusted related tests to verify that long task descriptions are now truncated in the output. * refactor(subagents): update subagent registry path resolution and improve command output formatting - Replaced direct import of STATE_DIR with a utility function to resolve the state directory dynamically. - Enhanced the formatting of command output for active and recent subagents, adding separators for better readability. - Updated related tests to reflect changes in command output structure. * fix(subagent): default sessions_spawn to no timeout when runTimeoutSeconds omitted The previous fix (75a791106) correctly handled the case where runTimeoutSeconds was explicitly set to 0 ("no timeout"). However, when models omit the parameter entirely (which is common since the schema marks it as optional), runTimeoutSeconds resolved to undefined. undefined flowed through the chain as: sessions_spawn → timeout: undefined (since undefined != null is false) → gateway agent handler → agentCommand opts.timeout: undefined → resolveAgentTimeoutMs({ overrideSeconds: undefined }) → DEFAULT_AGENT_TIMEOUT_SECONDS (600s = 10 minutes) This caused subagents to be killed at exactly 10 minutes even though the user's intent (via TOOLS.md) was for subagents to run without a timeout. Fix: default runTimeoutSeconds to 0 (no timeout) when neither runTimeoutSeconds nor timeoutSeconds is provided by the caller. Subagent spawns are long-running by design and should not inherit the 600s agent-command default timeout. * fix(subagent): accept timeout=0 in agent-via-gateway path (second 600s default) * fix: thread timeout override through getReplyFromConfig dispatch path getReplyFromConfig called resolveAgentTimeoutMs({ cfg }) with no override, always falling back to the config default (600s). Add timeoutOverrideSeconds to GetReplyOptions and pass it through as overrideSeconds so callers of the dispatch chain can specify a custom timeout (0 = no timeout). This complements the existing timeout threading in agentCommand and the cron isolated-agent runner, which already pass overrideSeconds correctly. * feat(model-fallback): normalize OpenAI Codex model references and enhance fallback handling - Added normalization for OpenAI Codex model references, specifically converting "gpt-5.3-codex" to "openai-codex" before execution. - Updated the `resolveFallbackCandidates` function to utilize the new normalization logic. - Enhanced tests to verify the correct behavior of model normalization and fallback mechanisms. - Introduced a new test case to ensure that the normalization process works as expected for various input formats. * feat(tests): add unit tests for steer failure behavior in openclaw-tools - Introduced a new test file to validate the behavior of subagents when steer replacement dispatch fails. - Implemented tests to ensure that the announce behavior is restored correctly and that the suppression reason is cleared as expected. - Enhanced the subagent registry with a new function to clear steer restart suppression. - Updated related components to support the new test scenarios. * fix(subagents): replace stop command with kill in slash commands and documentation - Updated the `/subagents` command to replace `stop` with `kill` for consistency in controlling sub-agent runs. - Modified related documentation to reflect the change in command usage. - Removed legacy timeoutSeconds references from the sessions-spawn-tool schema and tests to streamline timeout handling. - Enhanced tests to ensure correct behavior of the updated commands and their interactions. * feat(tests): add unit tests for readLatestAssistantReply function - Introduced a new test file for the `readLatestAssistantReply` function to validate its behavior with various message scenarios. - Implemented tests to ensure the function correctly retrieves the latest assistant message and handles cases where the latest message has no text. - Mocked the gateway call to simulate different message histories for comprehensive testing. * feat(tests): enhance subagent kill-all cascade tests and announce formatting - Added a new test to verify that the `kill-all` command cascades through ended parents to active descendants in subagents. - Updated the subagent announce formatting tests to reflect changes in message structure, including the replacement of "Findings:" with "Result:" and the addition of new expectations for message content. - Improved the handling of long findings and stats in the announce formatting logic to ensure concise output. - Refactored related functions to enhance clarity and maintainability in the subagent registry and tools. * refactor(subagent): update announce formatting and remove unused constants - Modified the subagent announce formatting to replace "Findings:" with "Result:" and adjusted related expectations in tests. - Removed constants for maximum announce findings characters and summary words, simplifying the announcement logic. - Updated the handling of findings to retain full content instead of truncating, ensuring more informative outputs. - Cleaned up unused imports in the commands-subagents file to enhance code clarity. * feat(tests): enhance billing error handling in user-facing text - Added tests to ensure that normal text mentioning billing plans is not rewritten, preserving user context. - Updated the `isBillingErrorMessage` and `sanitizeUserFacingText` functions to improve handling of billing-related messages. - Introduced new test cases for various scenarios involving billing messages to ensure accurate processing and output. - Enhanced the subagent announce flow to correctly manage active descendant runs, preventing premature announcements. * feat(subagent): enhance workflow guidance and auto-announcement clarity - Added a new guideline in the subagent system prompt to emphasize trust in push-based completion, discouraging busy polling for status updates. - Updated documentation to clarify that sub-agents will automatically announce their results, improving user understanding of the workflow. - Enhanced tests to verify the new guidance on avoiding polling loops and to ensure the accuracy of the updated prompts. * fix(cron): avoid announcing interim subagent spawn acks * chore: clean post-rebase imports * fix(cron): fall back to child replies when parent stays interim * fix(subagents): make active-run guidance advisory * fix(subagents): update announce flow to handle active descendants and enhance test coverage - Modified the announce flow to defer announcements when active descendant runs are present, ensuring accurate status reporting. - Updated tests to verify the new behavior, including scenarios where no fallback requester is available and ensuring proper handling of finished subagents. - Enhanced the announce formatting to include an `expectFinal` flag for better clarity in the announcement process. * fix(subagents): enhance announce flow and formatting for user updates - Updated the announce flow to provide clearer instructions for user updates based on active subagent runs and requester context. - Refactored the announcement logic to improve clarity and ensure internal context remains private. - Enhanced tests to verify the new message expectations and formatting, including updated prompts for user-facing updates. - Introduced a new function to build reply instructions based on session context, improving the overall announcement process. * fix: resolve prep blockers and changelog placement (#14447) (thanks @tyler6204) * fix: restore cron delivery-plan import after rebase (#14447) (thanks @tyler6204) * fix: resolve test failures from rebase conflicts (#14447) (thanks @tyler6204) * fix: apply formatting after rebase (#14447) (thanks @tyler6204)
2026-02-14 22:03:45 -08:00
chore: bump version to 2026.2.15
2026-02-15 04:50:19 +01:00
### Fixes
fix(discord): send initial message for non-forum thread creation (#18117) Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-17 03:48:46 +08:00
- Discord: send initial content when creating non-forum threads so `thread-create` content is delivered. (#18117) Thanks @zerone0x.
fix: replace deprecated SHA-1 in sandbox config hash
2026-02-16 04:30:05 +01:00
- Security: replace deprecated SHA-1 sandbox configuration hashing with SHA-256 for deterministic sandbox cache identity and recreation checks. Thanks @kexinoh.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Security/Logging: redact Telegram bot tokens from error messages and uncaught stack traces to prevent accidental secret leakage into logs. Thanks @aether-ai-agent.
fix(security): harden sandbox docker config validation
2026-02-16 03:03:55 +01:00
- Sandbox/Security: block dangerous sandbox Docker config (bind mounts, host networking, unconfined seccomp/apparmor) to prevent container escape via config injection. Thanks @aether-ai-agent.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Sandbox: preserve array order in config hashing so order-sensitive Docker/browser settings trigger container recreation correctly. Thanks @kexinoh.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Gateway/Security: redact sensitive session/path details from `status` responses for non-admin clients; full details remain available to `operator.admin`. (#8590) Thanks @fr33d3m0n.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Gateway/Control UI: preserve requested operator scopes for Control UI bypass modes (`allowInsecureAuth` / `dangerouslyDisableDeviceAuth`) when device identity is unavailable, preventing false `missing scope` failures on authenticated LAN/HTTP operator sessions. (#17682) Thanks @leafbird.
- LINE/Security: fail closed on webhook startup when channel token or channel secret is missing, and treat LINE accounts as configured only when both are present. (#17587) Thanks @davidahmann.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Skills/Security: restrict `download` installer `targetDir` to the per-skill tools directory to prevent arbitrary file writes. Thanks @Adam55A-code.
feat(skills): add cross-platform install fallback for non-brew environments (#17687) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 3ed4850838578b90140cc11c6fd23be6953c87ea Co-authored-by: mcrolly <60803337+mcrolly@users.noreply.github.com> Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com> Reviewed-by: @sebslight
2026-02-15 21:25:26 -06:00
- Skills/Linux: harden go installer fallback on apt-based systems by handling root/no-sudo environments safely, doing best-effort apt index refresh, and returning actionable errors instead of failing with spawn errors. (#17687) Thanks @mcrolly.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Web Fetch/Security: cap downloaded response body size before HTML parsing to prevent memory exhaustion from oversized or deeply nested pages. Thanks @xuemian168.
- Config/Gateway: make sensitive-key whitelist suffix matching case-insensitive while preserving `passwordFile` path exemptions, preventing accidental redaction of non-secret config values like `maxTokens` and IRC password-file paths. (#16042) Thanks @akramcodez.
- Dev tooling: harden git `pre-commit` hook against option injection from malicious filenames (for example `--force`), preventing accidental staging of ignored files. Thanks @mrthankyou.
- Gateway/Agent: reject malformed `agent:`-prefixed session keys (for example, `agent:main`) in `agent` and `agent.identity.get` instead of silently resolving them to the default agent, preventing accidental cross-session routing. (#15707) Thanks @rodrigouroz.
- Gateway/Chat: harden `chat.send` inbound message handling by rejecting null bytes, stripping unsafe control characters, and normalizing Unicode to NFC before dispatch. (#8593) Thanks @fr33d3m0n.
- Gateway/Send: return an actionable error when `send` targets internal-only `webchat`, guiding callers to use `chat.send` or a deliverable channel. (#15703) Thanks @rodrigouroz.
chore (changelog): note webchat command auth fix
2026-02-16 11:30:35 -08:00
- Gateway/Commands: keep webchat command authorization on the internal `webchat` context instead of inferring another provider from channel allowlists, fixing dropped `/new`/`/status` commands in Control UI when channel allowlists are configured. (#7189) Thanks @karlisbergmanis-lv.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Control UI: prevent stored XSS via assistant name/avatar by removing inline script injection, serving bootstrap config as JSON, and enforcing `script-src 'self'`. Thanks @Adam55A-code.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Agents/Security: sanitize workspace paths before embedding into LLM prompts (strip Unicode control/format chars) to prevent instruction injection via malicious directory names. Thanks @aether-ai-agent.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Agents/Sandbox: clarify system prompt path guidance so sandbox `bash/exec` uses container paths (for example `/workspace`) while file tools keep host-bridge mapping, avoiding first-attempt path misses from host-only absolute paths in sandbox command execution. (#17693) Thanks @app/juniordevbot.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Agents/Context: apply configured model `contextWindow` overrides after provider discovery so `lookupContextTokens()` honors operator config values (including discovery-failure paths). (#17404) Thanks @michaelbship and @vignesh07.
fix(memory): harden context window cache collisions
2026-02-15 19:31:41 -08:00
- Agents/Context: derive `lookupContextTokens()` from auth-available model metadata and keep the smallest discovered context window for duplicate model ids, preventing cross-provider cache collisions from overestimating session context limits. (#17586) Thanks @githabideri and @vignesh07.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Agents/OpenAI: force `store=true` for direct OpenAI Responses/Codex runs to preserve multi-turn server-side conversation state, while leaving proxy/non-OpenAI endpoints unchanged. (#16803) Thanks @mark9232 and @vignesh07.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Memory/FTS: make `buildFtsQuery` Unicode-aware so non-ASCII queries (including CJK) produce keyword tokens instead of falling back to vector-only search. (#17672) Thanks @KinGP5471.
chore (changelog): credit memory flush runtime date fix
2026-02-15 19:20:34 -08:00
- Auto-reply/Compaction: resolve `memory/YYYY-MM-DD.md` placeholders with timezone-aware runtime dates and append a `Current time:` line to memory-flush turns, preventing wrong-year memory filenames without making the system prompt time-variant. (#17603, #17633) Thanks @nicholaspapadam-wq and @vignesh07.
fix(auth): auto-expire stale auth profile cooldowns and reset error count When an auth profile hits a rate limit, `errorCount` is incremented and `cooldownUntil` is set with exponential backoff. After the cooldown expires, the time-based check correctly returns false — but `errorCount` persists. The next transient failure immediately escalates to a much longer cooldown because the backoff formula uses the stale count: 60s × 5^(errorCount-1), max 1h This creates a positive feedback loop where profiles appear permanently stuck after rate limits, requiring manual JSON editing to recover. Add `clearExpiredCooldowns()` which sweeps all profiles on every call to `resolveAuthProfileOrder()` and clears expired `cooldownUntil` / `disabledUntil` values along with resetting `errorCount` and `failureCounts` — giving the profile a fair retry window (circuit-breaker half-open → closed transition). Key design decisions: - `cooldownUntil` and `disabledUntil` handled independently (a profile can have both; only the expired one is cleared) - `errorCount` reset only when ALL unusable windows have expired - `lastFailureAt` preserved for the existing failureWindowMs decay logic - In-memory mutation; disk persistence happens lazily on the next store write, matching the existing save pattern Fixes #3604 Related: #13623, #15851, #11972, #8434
2026-02-16 07:27:27 +00:00
- Auth/Cooldowns: auto-expire stale auth profile cooldowns when `cooldownUntil` or `disabledUntil` timestamps have passed, and reset `errorCount` so the next transient failure does not immediately escalate to a disproportionately long cooldown. Handles `cooldownUntil` and `disabledUntil` independently. (#3604) Thanks @nabbilkhan.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Agents: return an explicit timeout error reply when an embedded run times out before producing any payloads, preventing silent dropped turns during slow cache-refresh transitions. (#16659) Thanks @liaosvcaf and @vignesh07.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Group chats: always inject group chat context (name, participants, reply guidance) into the system prompt on every turn, not just the first. Prevents the model from losing awareness of which group it's in and incorrectly using the message tool to send to the same group. (#14447) Thanks @tyler6204.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Browser/Agents: when browser control service is unavailable, return explicit non-retry guidance (instead of "try again") so models do not loop on repeated browser tool calls until timeout. (#17673) Thanks @austenstone.
- Subagents: use child-run-based deterministic announce idempotency keys across direct and queued delivery paths (with legacy queued-item fallback) to prevent duplicate announce retries without collapsing distinct same-millisecond announces. (#17150) Thanks @widingmarcus-cyber.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Subagents/Models: preserve `agents.defaults.model.fallbacks` when subagent sessions carry a model override, so subagent runs fail over to configured fallback models instead of retrying only the overridden primary model.
- Telegram: omit `message_thread_id` for DM sends/draft previews and keep forum-topic handling (`id=1` general omitted, non-general kept), preventing DM failures with `400 Bad Request: message thread not found`. (#10942) Thanks @garnetlyx.
- Telegram: replace inbound `<media:audio>` placeholder with successful preflight voice transcript in message body context, preventing placeholder-only prompt bodies for mention-gated voice messages. (#16789) Thanks @Limitless2023.
- Telegram: retry inbound media `getFile` calls (3 attempts with backoff) and gracefully fall back to placeholder-only processing when retries fail, preventing dropped voice/media messages on transient Telegram network errors. (#16154) Thanks @yinghaosang.
- Telegram: finalize streaming preview replies in place instead of sending a second final message, preventing duplicate Telegram assistant outputs at stream completion. (#17218) Thanks @obviyus.
- Discord: preserve channel session continuity when runtime payloads omit `message.channelId` by falling back to event/raw `channel_id` values for routing/session keys, so same-channel messages keep history across turns/restarts. Also align diagnostics so active Discord runs no longer appear as `sessionKey=unknown`. (#17622) Thanks @shakkernerd.
- Discord: dedupe native skill commands by skill name in multi-agent setups to prevent duplicated slash commands with `_2` suffixes. (#17365) Thanks @seewhyme.
- Discord: ensure role allowlist matching uses raw role IDs for message routing authorization. Thanks @xinhuagu.
Infra: skip Discord text exec approvals
2026-02-16 13:53:00 -06:00
- Discord: skip text-based exec approval forwarding in favor of Discord's component-based approval UI. Thanks @thewilloftheshadow.
chore(release): align .15 changelog ordering and release notes
2026-02-16 04:50:24 +01:00
- Web UI/Agents: hide `BOOTSTRAP.md` in the Agents Files list after onboarding is completed, avoiding confusing missing-file warnings for completed workspaces. (#17491) Thanks @gumadeiras.
chore (changelog): note qmd multi-agent startup fix
2026-02-16 10:35:15 -08:00
- Gateway/Memory: initialize QMD startup sync for every configured agent (not just the default agent), so `memory.qmd.update.onBoot` is effective across multi-agent setups. (#17663) Thanks @HenryLoenwind.
docs: reorder 2026.2.15 changelog entries by impact
2026-02-16 04:06:46 +01:00
- Auto-reply/WhatsApp/TUI/Web: when a final assistant message is `NO_REPLY` and a messaging tool send succeeded, mirror the delivered messaging-tool text into session-visible assistant output so TUI/Web no longer show `NO_REPLY` placeholders. (#7010) Thanks @Morrowind-Xie.
- Cron: infer `payload.kind="agentTurn"` for model-only `cron.update` payload patches, so partial agent-turn updates do not fail validation when `kind` is omitted. (#15664) Thanks @rodrigouroz.
chore (changelog): document TUI ANSI-safe searchable-select fix
2026-02-14 20:01:04 -08:00
- TUI: make searchable-select filtering and highlight rendering ANSI-aware so queries ignore hidden escape codes and no longer corrupt ANSI styling sequences during match highlighting. (#4519) Thanks @bee4come.
chore (changelog): note windows git-bash multiline paste fallback
2026-02-14 20:59:01 -08:00
- TUI/Windows: coalesce rapid single-line submit bursts in Git Bash into one multiline message as a fallback when bracketed paste is unavailable, preventing pasted multiline text from being split into multiple sends. (#4986) Thanks @adamkane.
chore (changelog): note tui external empty-final placeholder fix
2026-02-14 21:01:12 -08:00
- TUI: suppress false `(no output)` placeholders for non-local empty final events during concurrent runs, preventing external-channel replies from showing empty assistant bubbles while a local run is still streaming. (#5782) Thanks @LagWizard and @vignesh07.
chore (changelog): attribute issues #17515 #17466 #17505 #17404
2026-02-15 13:11:48 -08:00
- TUI: preserve copy-sensitive long tokens (URLs/paths/file-like identifiers) during wrapping and overflow sanitization so wrapped output no longer inserts spaces that corrupt copy/paste values. (#17515, #17466, #17505) Thanks @abe238, @trevorpan, and @JasonCry.
chore (changelog): note daemon-cli compat shim hardening
2026-02-14 20:53:21 -08:00
- CLI/Build: make legacy daemon CLI compatibility shim generation tolerant of minimal tsdown daemon export sets, while preserving restart/register compatibility aliases and surfacing explicit errors for unavailable legacy daemon commands. Thanks @vignesh07.
docs(changelog): fix conflict marker
2026-02-16 03:13:48 +01:00
docs(changelog): mark 2026.2.14 released
2026-02-15 04:06:00 +01:00
## 2026.2.14
fix(security): restrict hook transform module loading
2026-02-14 13:45:58 +01:00
feat(sandbox): separate bind mounts for browser containers (#16230) * feat(sandbox): add separate browser.binds config for browser containers Allow configuring bind mounts independently for browser containers via sandbox.browser.binds. When set, browser containers use browser-specific binds instead of inheriting docker.binds. Falls back to docker.binds when browser.binds is not configured for backwards compatibility. Closes #14614 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(sandbox): honor empty browser binds override (#16230) (thanks @seheepeak) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 23:27:41 +09:00
### Changes
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Telegram: add poll sending via `openclaw message poll` (duration seconds, silent delivery, anonymity controls). (#16209) Thanks @robbyczgw-cla.
docs(changelog): document Slack/Discord dmPolicy aliases
2026-02-14 20:54:50 +01:00
- Slack/Discord: add `dmPolicy` + `allowFrom` config aliases for DM access control; legacy `dm.policy` + `dm.allowFrom` keys remain supported and `openclaw doctor --fix` can migrate them.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Discord: allow exec approval prompts to target channels or both DM+channel via `channels.discord.execApprovals.target`. (#16051) Thanks @leonnardo.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Sandbox: add `sandbox.browser.binds` to configure browser-container bind mounts separately from exec containers. (#16230) Thanks @seheepeak.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Discord: add debug logging for message routing decisions to improve `--debug` tracing. (#16202) Thanks @jayleekr.
feat: add messages.suppressToolErrors config option (#16620) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 9ae4394b81bf0a68a5dfbcfe39fb60a21689ac49 Co-authored-by: vai-oro <258511217+vai-oro@users.noreply.github.com> Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com> Reviewed-by: @sebslight
2026-02-14 22:28:58 -05:00
- Agents: add optional `messages.suppressToolErrors` config to hide non-mutating tool-failure warnings from user-facing chat while still surfacing mutating failures. (#16620) Thanks @vai-oro.
feat(sandbox): separate bind mounts for browser containers (#16230) * feat(sandbox): add separate browser.binds config for browser containers Allow configuring bind mounts independently for browser containers via sandbox.browser.binds. When set, browser containers use browser-specific binds instead of inheriting docker.binds. Falls back to docker.binds when browser.binds is not configured for backwards compatibility. Closes #14614 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(sandbox): honor empty browser binds override (#16230) (thanks @seheepeak) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 23:27:41 +09:00
fix(security): restrict hook transform module loading
2026-02-14 13:45:58 +01:00
### Fixes
changelog: backfill PR release-note entries (#20839) * Docs: backfill changelog entries * Docs: mark PR 20836 as merged in changelog
2026-02-19 02:43:57 -08:00
- CLI/Installation: fix Docker installation hangs on macOS. (#12972) Thanks @vincentkoc.
- Models: fix antigravity opus 4.6 availability follow-up. (#12845) Thanks @vincentkoc.
fix(security): scope session tools and webhook secret fallback
2026-02-16 03:43:51 +01:00
- Security/Sessions/Telegram: restrict session tool targeting by default to the current session tree (`tools.sessions.visibility`, default `tree`) with sandbox clamping, and pass configured per-account Telegram webhook secrets in webhook mode when no explicit override is provided. Thanks @aether-ai-agent.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- CLI/Plugins: ensure `openclaw message send` exits after successful delivery across plugin-backed channels so one-shot sends do not hang. (#16491) Thanks @yinghaosang.
- CLI/Plugins: run registered plugin `gateway_stop` hooks before `openclaw message` exits (success and failure paths), so plugin-backed channels can clean up one-shot CLI resources. (#16580) Thanks @gumadeiras.
fix(whatsapp): honor account-level dmPolicy override (#10082) (thanks @mcaxtr) Fixes openclaw#10082 (issue #8736): inbound WhatsApp DM policy now respects account-level dmPolicy overrides.
2026-02-14 15:41:42 -03:00
- WhatsApp: honor per-account `dmPolicy` overrides (account-level settings now take precedence over channel defaults for inbound DMs). (#10082) Thanks @mcaxtr.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Telegram: when `channels.telegram.commands.native` is `false`, exclude plugin commands from `setMyCommands` menu registration while keeping plugin slash handlers callable. (#15132) Thanks @Glucksberg.
- LINE: return 200 OK for Developers Console "Verify" requests (`{"events":[]}`) without `X-Line-Signature`, while still requiring signatures for real deliveries. (#16582) Thanks @arosstale.
- Cron: deliver text-only output directly when `delivery.to` is set so cron recipients get full output instead of summaries. (#16360) Thanks @thewilloftheshadow.
- Cron/Slack: preserve agent identity (name and icon) when cron jobs deliver outbound messages. (#16242) Thanks @robbyczgw-cla.
chore(security): soften gatewayUrl override messaging
2026-02-14 21:39:39 +01:00
- Media: accept `MEDIA:`-prefixed paths (lenient whitespace) when loading outbound media to prevent `ENOENT` for tool-returned local media paths. (#13107) Thanks @mcaxtr.
docs (changelog): note media-understanding binary mime hardening
2026-02-14 19:22:17 -08:00
- Media understanding: treat binary `application/vnd.*`/zip/octet-stream attachments as non-text (while keeping vendor `+json`/`+xml` text-eligible) so Office/ZIP files are not inlined into prompt body text. (#16513) Thanks @rmramsey32.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Agents: deliver tool result media (screenshots, images, audio) to channels regardless of verbose level. (#11735) Thanks @strelov1.
fix: strip leading whitespace in block streaming reply path (#16422) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: ec4225c28e3d4594485e4da5184a41cda1d4bbb3 Co-authored-by: mcinteerj <3613653+mcinteerj@users.noreply.github.com> Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com> Reviewed-by: @sebslight
2026-02-15 16:46:26 +13:00
- Auto-reply/Block streaming: strip leading whitespace from streamed block replies so messages starting with blank lines no longer deliver visible leading empty lines. (#16422) Thanks @mcinteerj.
chore (changelog): note followup queue retry hardening
2026-02-14 20:23:27 -08:00
- Auto-reply/Queue: keep queued followups and overflow summaries when drain attempts fail, then retry delivery instead of dropping messages on transient errors. (#16771) Thanks @mmhzlrj.
fix(image): allow workspace and sandbox media paths (#15541)
2026-02-14 17:15:15 -08:00
- Agents/Image tool: allow workspace-local image paths by including the active workspace directory in local media allowlists, and trust sandbox-validated paths in image loaders to prevent false "not under an allowed directory" rejections. (#15541)
fix(image): propagate workspace root for image allowlist (#16722) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 24a13675cbc71b261726d83656233691e2e44b0e Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
2026-02-15 03:08:28 +01:00
- Agents/Image tool: propagate the effective workspace root into tool wiring so workspace-local image paths are accepted by default when running without an explicit `workspaceDir`. (#16722)
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- BlueBubbles: include sender identity in group chat envelopes and pass clean message text to the agent prompt, aligning with iMessage/Signal formatting. (#16210) Thanks @zerone0x.
- CLI: fix lazy core command registration so top-level maintenance commands (`doctor`, `dashboard`, `reset`, `uninstall`) resolve correctly instead of exposing a non-functional `maintenance` placeholder command.
- CLI/Dashboard: when `gateway.bind=lan`, generate localhost dashboard URLs to satisfy browser secure-context requirements while preserving non-LAN bind behavior. (#16434) Thanks @BinHPdev.
Changelog: note TUI gateway bind URL fix
2026-02-14 17:16:07 -08:00
- TUI/Gateway: resolve local gateway target URL from `gateway.bind` mode (tailnet/lan) instead of hardcoded localhost so `openclaw tui` connects when gateway is non-loopback. (#16299) Thanks @cortexuvula.
Changelog: note explicit TUI session override fix
2026-02-14 16:40:52 -08:00
- TUI: honor explicit `--session <key>` in `openclaw tui` even when `session.scope` is `global`, so named sessions no longer collapse into shared global history. (#16575) Thanks @cinqu.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- TUI: use available terminal width for session name display in searchable select lists. (#16238) Thanks @robbyczgw-cla.
chore (changelog): note TUI concurrent stream hardening
2026-02-14 18:25:05 -08:00
- TUI: preserve in-flight streaming replies when a different run finalizes concurrently (avoid clearing active run or reloading history mid-stream). (#10704) Thanks @axschr73.
chore (changelog): note TUI tool-boundary stream fix
2026-02-14 18:41:05 -08:00
- TUI: keep pre-tool streamed text visible when later tool-boundary deltas temporarily omit earlier text blocks. (#6958) Thanks @KrisKind75.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- TUI: sanitize ANSI/control-heavy history text, redact binary-like lines, and split pathological long unbroken tokens before rendering to prevent startup crashes on binary attachment history. (#13007) Thanks @wilkinspoe.
chore (changelog): note narrow-terminal TUI sanitizer hardening
2026-02-14 18:44:58 -08:00
- TUI: harden render-time sanitizer for narrow terminals by chunking moderately long unbroken tokens and adding fast-path sanitization guards to reduce overhead on normal text. (#5355) Thanks @tingxueren.
chore (changelog): note tui light-theme contrast fix
2026-02-14 19:08:24 -08:00
- TUI: render assistant body text in terminal default foreground (instead of fixed light ANSI color) so contrast remains readable on light themes such as Solarized Light. (#16750) Thanks @paymog.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- TUI/Hooks: pass explicit reset reason (`new` vs `reset`) through `sessions.reset` and emit internal command hooks for gateway-triggered resets so `/new` hook workflows fire in TUI/webchat.
docs (changelog): note gateway agent reset command routing
2026-02-14 19:18:17 -08:00
- Gateway/Agent: route bare `/new` and `/reset` through `sessions.reset` before running the fresh-session greeting prompt, so reset commands clear the current session in-place instead of falling through to normal agent runs. (#16732) Thanks @kdotndot and @vignesh07.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Cron: prevent `cron list`/`cron status` from silently skipping past-due recurring jobs by using maintenance recompute semantics. (#16156) Thanks @zerone0x.
- Cron: repair missing/corrupt `nextRunAtMs` for the updated job without globally recomputing unrelated due jobs during `cron update`. (#15750)
fix(cron): treat missing enabled as true in update() (openclaw#15477) thanks @eternauta1337 Verified: - pnpm exec vitest src/cron/service.issue-regressions.test.ts Co-authored-by: eternauta1337 <550409+eternauta1337@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-15 11:52:02 -03:00
- Cron: treat persisted jobs with missing `enabled` as enabled by default across update/list/timer due-path checks, and add regression coverage for missing-`enabled` store records. (#15433) Thanks @eternauta1337.
chore (changelog): note cron interrupted-start replay fix
2026-02-14 19:06:27 -08:00
- Cron: skip missed-job replay on startup for jobs interrupted mid-run (stale `runningAtMs` markers), preventing restart loops for self-restarting jobs such as update tasks. (#16694) Thanks @sbmilburn.
chore (changelog): document cron heartbeat prompt hardening
2026-02-14 19:46:14 -08:00
- Heartbeat/Cron: treat cron-tagged queued system events as cron reminders even on interval wakes, so isolated cron announce summaries no longer run under the default heartbeat prompt. (#14947) Thanks @archedark-ada and @vignesh07.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Discord: prefer gateway guild id when logging inbound messages so cached-miss guilds do not appear as `guild=dm`. Thanks @thewilloftheshadow.
chore (changelog): note discord empty channels allowlist fix
2026-02-14 19:04:18 -08:00
- Discord: treat empty per-guild `channels: {}` config maps as no channel allowlist (not deny-all), so `groupPolicy: "open"` guilds without explicit channel entries continue to receive messages. (#16714) Thanks @xqliu.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Models/CLI: guard `models status` string trimming paths to prevent crashes from malformed non-string config values. (#16395) Thanks @BinHPdev.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Gateway/Subagents: preserve queued announce items and summary state on delivery errors, retry failed announce drains, and avoid dropping unsent announcements on timeout/failure. (#16729) Thanks @Clawdette-Workspace.
chore (changelog): document config.patch agents.list merge hardening
2026-02-14 19:33:38 -08:00
- Gateway/Config: make `config.patch` merge object arrays by `id` (for example `agents.list`) instead of replacing the whole array, so partial agent updates do not silently delete unrelated agents. (#6766) Thanks @lightclient.
chore (changelog): document webchat inbound metadata cleanup
2026-02-14 19:40:25 -08:00
- Webchat/Prompts: stop injecting direct-chat `conversation_label` into inbound untrusted metadata context blocks, preventing internal label noise from leaking into visible chat replies. (#16556) Thanks @nberardi.
chore (changelog): credit inbound metadata id fix
2026-02-15 19:00:20 -08:00
- Auto-reply/Prompts: include trusted inbound `message_id`, `chat_id`, `reply_to_id`, and optional `message_id_full` metadata fields so action tools (for example reactions) can target the triggering message without relying on user text. (#17662) Thanks @MaikiMolto.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Gateway/Sessions: abort active embedded runs and clear queued session work before `sessions.reset`, returning unavailable if the run does not stop in time. (#16576) Thanks @Grynn.
- Sessions/Agents: harden transcript path resolution for mismatched agent context by preserving explicit store roots and adding safe absolute-path fallback to the correct agent sessions directory. (#16288) Thanks @robbyczgw-cla.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Agents: add a safety timeout around embedded `session.compact()` to ensure stalled compaction runs settle and release blocked session lanes. (#16331) Thanks @BinHPdev.
fix(agents): mark required-param tool errors as non-retryable (#17533) * Agents: mark missing tool params as non-retryable * Agents: include all missing required params in tool errors * Agents: change required-param errors to retry guidance * Docs: align changelog text for issue #14729 guidance wording
2026-02-15 15:50:44 -06:00
- Agents/Tools: make required-parameter validation errors list missing fields and instruct: "Supply correct parameters before retrying," reducing repeated invalid tool-call loops (for example `read({})`). (#14729)
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Agents: keep unresolved mutating tool failures visible until the same action retry succeeds, scope mutation-error surfacing to mutating calls (including `session_status` model changes), and dedupe duplicate failure warnings in outbound replies. (#16131) Thanks @Swader.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Agents/Process/Bootstrap: preserve unbounded `process log` offset-only pagination (default tail applies only when both `offset` and `limit` are omitted) and enforce strict `bootstrapTotalMaxChars` budgeting across injected bootstrap content (including markers), skipping additional injection when remaining budget is too small. (#16539) Thanks @CharlieGreenman.
- Agents/Workspace: persist bootstrap onboarding state so partially initialized workspaces recover missing `BOOTSTRAP.md` once, while completed onboarding keeps BOOTSTRAP deleted even if runtime files are later recreated. Thanks @gumadeiras.
fix(workspace): create BOOTSTRAP.md regardless of workspace state (#16457) (#16504) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: a57718c09e9b601087edcb3ee15dd7ac6b96fee2 Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-15 00:41:35 +01:00
- Agents/Workspace: create `BOOTSTRAP.md` when core workspace files are seeded in partially initialized workspaces, while keeping BOOTSTRAP one-shot after onboarding deletion. (#16457) Thanks @robbyczgw-cla.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Agents: classify external timeout aborts during compaction the same as internal timeouts, preventing unnecessary auth-profile rotation and preserving compaction-timeout snapshot fallback behavior. (#9855) Thanks @mverrilli.
chore (changelog): document empty-chunk timeout handling
2026-02-14 18:53:54 -08:00
- Agents: treat empty-stream provider failures (`request ended without sending any chunks`) as timeout-class failover signals, enabling auth-profile rotation/fallback and showing a friendly timeout message instead of raw provider errors. (#10210) Thanks @zenchantlive.
chore (changelog): note read tool file_path alias warning fix
2026-02-14 19:10:05 -08:00
- Agents: treat `read` tool `file_path` arguments as valid in tool-start diagnostics to avoid false “read tool called without path” warnings when alias parameters are used. (#16717) Thanks @Stache73.
chore (changelog): note transcript tool-call sanitization hardening
2026-02-14 20:09:32 -08:00
- Agents/Transcript: drop malformed tool-call blocks with blank required fields (`id`/`name` or missing `input`/`arguments`) during session transcript repair to prevent persistent tool-call corruption on future turns. (#15485) Thanks @mike-zachariades.
chore (changelog): document structured write/edit param normalization
2026-02-14 19:51:27 -08:00
- Tools/Write/Edit: normalize structured text-block arguments for `content`/`oldText`/`newText` before filesystem edits, preventing JSON-like file corruption and false “exact text not found” misses from block-form params. (#16778) Thanks @danielpipernz.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Ollama/Agents: avoid forcing `<final>` tag enforcement for Ollama models, which could suppress all output as `(no output)`. (#16191) Thanks @briancolinger.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Plugins: suppress false duplicate plugin id warnings when the same extension is discovered via multiple paths (config/workspace/global vs bundled), while still warning on genuine duplicates. (#16222) Thanks @shadril238.
fix: codex and similar processes keep dying on pty, solved by refactoring process spawning (#14257) * exec: clean up PTY resources on timeout and exit * cli: harden resume cleanup and watchdog stalled runs * cli: productionize PTY and resume reliability paths * docs: add PTY process supervision architecture plan * docs: rewrite PTY supervision plan as pre-rewrite baseline * docs: switch PTY supervision plan to one-go execution * docs: add one-line root cause to PTY supervision plan * docs: add OS contracts and test matrix to PTY supervision plan * docs: define process-supervisor package placement and scope * docs: tie supervisor plan to existing CI lanes * docs: place PTY supervisor plan under src/process * refactor(process): route exec and cli runs through supervisor * docs(process): refresh PTY supervision plan * wip * fix(process): harden supervisor timeout and PTY termination * fix(process): harden supervisor adapters env and wait handling * ci: avoid failing formal conformance on comment permissions * test(ui): fix cron request mock argument typing * fix(ui): remove leftover conflict marker * fix: supervise PTY processes (#14257) (openclaw#14257) (thanks @onutc)
2026-02-16 09:32:05 +08:00
- Agents/Process: supervise PTY/child process lifecycles with explicit ownership, cancellation, timeouts, and deterministic cleanup, preventing Codex/Pi PTY sessions from dying or stalling on resume. (#14257) Thanks @onutc.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Skills: watch `SKILL.md` only when refreshing skills snapshot to avoid file-descriptor exhaustion in large data trees. (#11325) Thanks @household-bard.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Memory/QMD: make `memory status` read-only by skipping QMD boot update/embed side effects for status-only manager checks.
- Memory/QMD: keep original QMD failures when builtin fallback initialization fails (for example missing embedding API keys), instead of replacing them with fallback init errors.
- Memory/Builtin: keep `memory status` dirty reporting stable across invocations by deriving status-only manager dirty state from persisted index metadata instead of process-start defaults. (#10863) Thanks @BarryYangi.
Memory/QMD: cap qmd command output buffering
2026-02-14 14:55:59 -08:00
- Memory/QMD: cap QMD command output buffering to prevent memory exhaustion from pathological `qmd` command output.
Memory/QMD: parse scope once in qmd scope checks
2026-02-14 14:58:51 -08:00
- Memory/QMD: parse qmd scope keys once per request to avoid repeated parsing in scope checks.
Memory/QMD: prefer exact docid lookup in index
2026-02-14 14:56:15 -08:00
- Memory/QMD: query QMD index using exact docid matches before falling back to prefix lookup for better recall correctness and index efficiency.
Memory/QMD: add limit arg to search command
2026-02-14 14:56:57 -08:00
- Memory/QMD: pass result limits to `search`/`vsearch` commands so QMD can cap results earlier.
Memory/QMD: optimize qmd readFile for line-window reads
2026-02-14 14:57:10 -08:00
- Memory/QMD: avoid reading full markdown files when a `from/lines` window is requested in QMD reads.
Memory/QMD: skip unchanged session export writes
2026-02-14 14:57:31 -08:00
- Memory/QMD: skip rewriting unchanged session export markdown files during sync to reduce disk churn.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Memory/QMD: make QMD result JSON parsing resilient to noisy command output by extracting the first JSON array from noisy `stdout`.
- Memory/QMD: treat prefixed `no results found` marker output as an empty result set in qmd JSON parsing. (#11302) Thanks @blazerui.
chore (changelog): note qmd multi-collection query fix
2026-02-14 19:02:48 -08:00
- Memory/QMD: avoid multi-collection `query` ranking corruption by running one `qmd query -c <collection>` per managed collection and merging by best score (also used for `search`/`vsearch` fallback-to-query). (#16740) Thanks @volarian-vai.
chore (changelog): credit qmd session collection rebind fix
2026-02-15 19:03:59 -08:00
- Memory/QMD: rebind managed collections when existing collection metadata drifts (including sessions name-only listings), preventing non-default agents from reusing another agent's `sessions` collection path. (#17194) Thanks @jonathanadams96.
chore (changelog): note qmd index artifact hardening
2026-02-14 20:16:35 -08:00
- Memory/QMD: make `openclaw memory index` verify and print the active QMD index file path/size, and fail when QMD leaves a missing or zero-byte index artifact after an update. (#16775) Thanks @Shunamxiao.
Changelog: note QMD null-byte collection self-heal
2026-02-14 18:09:08 -08:00
- Memory/QMD: detect null-byte `ENOTDIR` update failures, rebuild managed collections once, and retry update to self-heal corrupted collection metadata. (#12919) Thanks @jorgejhms.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Memory/QMD/Security: add `rawKeyPrefix` support for QMD scope rules and preserve legacy `keyPrefix: "agent:..."` matching, preventing scoped deny bypass when operators match agent-prefixed session keys.
- Memory/Builtin: narrow memory watcher targets to markdown globs and ignore dependency/venv directories to reduce file-descriptor pressure during memory sync startup. (#11721) Thanks @rex05ai.
- Security/Memory-LanceDB: treat recalled memories as untrusted context (escape injected memory text + explicit non-instruction framing), skip likely prompt-injection payloads during auto-capture, and restrict auto-capture to user messages to reduce memory-poisoning risk. (#12524) Thanks @davidschmid24.
- Security/Memory-LanceDB: require explicit `autoCapture: true` opt-in (default is now disabled) to prevent automatic PII capture unless operators intentionally enable it. (#12552) Thanks @fr33d3m0n.
- Diagnostics/Memory: prune stale diagnostic session state entries and cap tracked session states to prevent unbounded in-memory growth on long-running gateways. (#5136) Thanks @coygeek and @vignesh07.
- Gateway/Memory: clean up `agentRunSeq` tracking on run completion/abort and enforce maintenance-time cap pruning to prevent unbounded sequence-map growth over long uptimes. (#6036) Thanks @coygeek and @vignesh07.
- Auto-reply/Memory: bound `ABORT_MEMORY` growth by evicting oldest entries and deleting reset (`false`) flags so abort state tracking cannot grow unbounded over long uptimes. (#6629) Thanks @coygeek and @vignesh07.
- Slack/Memory: bound thread-starter cache growth with TTL + max-size pruning to prevent long-running Slack gateways from accumulating unbounded thread cache state. (#5258) Thanks @coygeek and @vignesh07.
- Outbound/Memory: bound directory cache growth with max-size eviction and proactive TTL pruning to prevent long-running gateways from accumulating unbounded directory entries. (#5140) Thanks @coygeek and @vignesh07.
- Skills/Memory: remove disconnected nodes from remote-skills cache to prevent stale node metadata from accumulating over long uptimes. (#6760) Thanks @coygeek.
- Sandbox/Tools: make sandbox file tools bind-mount aware (including absolute container paths) and enforce read-only bind semantics for writes. (#16379) Thanks @tasaankaeris.
chore (changelog): note sandbox prompt workspace-path hardening
2026-02-14 20:20:36 -08:00
- Sandbox/Prompts: show the sandbox container workdir as the prompt working directory and clarify host-path usage for file tools, preventing host-path `exec` failures in sandbox sessions. (#16790) Thanks @carrotRakko.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Media/Security: allow local media reads from OpenClaw state `workspace/` and `sandboxes/` roots by default so generated workspace media can be delivered without unsafe global path bypasses. (#15541) Thanks @lanceji.
- Media/Security: harden local media allowlist bypasses by requiring an explicit `readFile` override when callers mark paths as validated, and reject filesystem-root `localRoots` entries. (#16739)
fix: allow agent workspace directories in media local roots (#17136) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 7545ef1e1901a5bfd33aaa55a2320e003ea39126 Co-authored-by: MisterGuy420 <255743668+MisterGuy420@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-15 10:53:45 -05:00
- Media/Security: allow outbound local media reads from the active agent workspace (including `workspace-<agentId>`) via agent-scoped local roots, avoiding broad global allowlisting of all per-agent workspaces. (#17136) Thanks @MisterGuy420.
Outbound: scope core send media roots by agent (#17268) Merged with gates skipped by maintainer request. Prepared head SHA: 663ac49b3a8432b1dab2155351bec84d34775087
2026-02-15 11:43:02 -05:00
- Outbound/Media: thread explicit `agentId` through core `sendMessage` direct-delivery path so agent-scoped local media roots apply even when mirror metadata is absent. (#17268) Thanks @gumadeiras.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Discord/Security: harden voice message media loading (SSRF + allowed-local-root checks) so tool-supplied paths/URLs cannot be used to probe internal URLs or read arbitrary local files.
- Security/BlueBubbles: require explicit `mediaLocalRoots` allowlists for local outbound media path reads to prevent local file disclosure. (#16322) Thanks @mbelinky.
- Security/BlueBubbles: reject ambiguous shared-path webhook routing when multiple webhook targets match the same guid/password.
- Security/BlueBubbles: harden BlueBubbles webhook auth behind reverse proxies by only accepting passwordless webhooks for direct localhost loopback requests (forwarded/proxied requests now require a password). Thanks @simecek.
- Feishu/Security: harden media URL fetching against SSRF and local file disclosure. (#16285) Thanks @mbelinky.
- Security/Zalo: reject ambiguous shared-path webhook routing when multiple webhook targets match the same secret.
- Security/Nostr: require loopback source and block cross-origin profile mutation/import attempts. Thanks @vincentkoc.
- Security/Signal: harden signal-cli archive extraction during install to prevent path traversal outside the install root.
- Security/Hooks: restrict hook transform modules to `~/.openclaw/hooks/transforms` (prevents path traversal/escape module loads via config). Config note: `hooks.transformsDir` must now be within that directory. Thanks @akhmittra.
- Security/Hooks: ignore hook package manifest entries that point outside the package directory (prevents out-of-tree handler loads during hook discovery).
- Security/Archive: enforce archive extraction entry/size limits to prevent resource exhaustion from high-expansion ZIP/TAR archives. Thanks @vincentkoc.
- Security/Media: reject oversized base64-backed input media before decoding to avoid large allocations. Thanks @vincentkoc.
- Security/Media: stream and bound URL-backed input media fetches to prevent memory exhaustion from oversized responses. Thanks @vincentkoc.
- Security/Skills: harden archive extraction for download-installed skills to prevent path traversal outside the target directory. Thanks @markmusson.
- Security/Slack: compute command authorization for DM slash commands even when `dmPolicy=open`, preventing unauthorized users from running privileged commands via DM. Thanks @christos-eth.
chore (changelog): credit pairing account isolation fix
2026-02-15 19:09:18 -08:00
- Security/Pairing: scope pairing allowlist writes/reads to channel accounts (for example `telegram:yy`), and propagate account-aware pairing approvals so multi-account channels do not share a single per-channel pairing allowFrom store. (#17631) Thanks @crazytan.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Security/iMessage: keep DM pairing-store identities out of group allowlist authorization (prevents cross-context command authorization). Thanks @vincentkoc.
- Security/Google Chat: deprecate `users/<email>` allowlists (treat `users/...` as immutable user id only); keep raw email allowlists for usability. Thanks @vincentkoc.
- Security/Google Chat: reject ambiguous shared-path webhook routing when multiple webhook targets verify successfully (prevents cross-account policy-context misrouting). Thanks @vincentkoc.
fix(doctor): resolve telegram allowFrom usernames
2026-02-14 16:47:13 +01:00
- Telegram/Security: require numeric Telegram sender IDs for allowlist authorization (reject `@username` principals), auto-resolve `@username` to IDs in `openclaw doctor --fix` (when possible), and warn in `openclaw security audit` when legacy configs contain usernames. Thanks @vincentkoc.
docs(changelog): note Telegram webhookSecret hard requirement
2026-02-14 22:04:01 +01:00
- Telegram/Security: reject Telegram webhook startup when `webhookSecret` is missing or empty (prevents unauthenticated webhook request forgery). Thanks @yueyueL.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- Security/Windows: avoid shell invocation when spawning child processes to prevent cmd.exe metacharacter injection via untrusted CLI arguments (e.g. agent prompt text).
chore (changelog): note telegram webhook timeout retry-storm fix
2026-02-14 18:57:09 -08:00
- Telegram: set webhook callback timeout handling to `onTimeout: "return"` (10s) so long-running update processing no longer emits webhook 500s and retry storms. (#16763) Thanks @chansearrington.
chore (changelog): note signal group-id normalization fix
2026-02-14 18:59:41 -08:00
- Signal: preserve case-sensitive `group:` target IDs during normalization so mixed-case group IDs no longer fail with `Group not found`. (#16748) Thanks @repfigit.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Security/Agents: scope CLI process cleanup to owned child PIDs to avoid killing unrelated processes on shared hosts. Thanks @aether-ai-agent.
- Security/Agents: enforce workspace-root path bounds for `apply_patch` in non-sandbox mode to block traversal and symlink escape writes. Thanks @p80n-sec.
fix(agents): block workspaceOnly apply_patch delete symlink escape
2026-02-15 03:23:16 +01:00
- Security/Agents: enforce symlink-escape checks for `apply_patch` delete hunks under `workspaceOnly`, while still allowing deleting the symlink itself. Thanks @p80n-sec.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Security/Agents (macOS): prevent shell injection when writing Claude CLI keychain credentials. (#15924) Thanks @aether-ai-agent.
docs(changelog): reorder 2026.2.14 notes
2026-02-15 03:55:10 +01:00
- macOS: hard-limit unkeyed `openclaw://agent` deep links and ignore `deliver` / `to` / `channel` unless a valid unattended key is provided. Thanks @Cillian-Collins.
- Scripts/Security: validate GitHub logins and avoid shell invocation in `scripts/update-clawtributors.ts` to prevent command injection via malicious commit records. Thanks @scanleale.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Security: fix Chutes manual OAuth login state validation by requiring the full redirect URL (reject code-only pastes) (thanks @aether-ai-agent).
- Security/Gateway: harden tool-supplied `gatewayUrl` overrides by restricting them to loopback or the configured `gateway.remote.url`. Thanks @p80n-sec.
- Security/Gateway: block `system.execApprovals.*` via `node.invoke` (use `exec.approvals.node.*` instead). Thanks @christos-eth.
- Security/Gateway: reject oversized base64 chat attachments before decoding to avoid large allocations. Thanks @vincentkoc.
- Security/Gateway: stop returning raw resolved config values in `skills.status` requirement checks (prevents operator.read clients from reading secrets). Thanks @simecek.
- Security/Net: fix SSRF guard bypass via full-form IPv4-mapped IPv6 literals (blocks loopback/private/metadata access). Thanks @yueyueL.
docs(changelog): note browser control path traversal fix
2026-02-14 21:31:46 +01:00
- Security/Browser: harden browser control file upload + download helpers to prevent path traversal / local file disclosure. Thanks @1seal.
docs: consolidate 2026.2.14 changelog
2026-02-15 00:02:00 +01:00
- Security/Browser: block cross-origin mutating requests to loopback browser control routes (CSRF hardening). Thanks @vincentkoc.
- Security/Node Host: enforce `system.run` rawCommand/argv consistency to prevent allowlist/approval bypass. Thanks @christos-eth.
- Security/Exec approvals: prevent safeBins allowlist bypass via shell expansion (host exec allowlist mode only; not enabled by default). Thanks @christos-eth.
- Security/Exec: harden PATH handling by disabling project-local `node_modules/.bin` bootstrapping by default, disallowing node-host `PATH` overrides, and spawning ACP servers via the current executable by default. Thanks @akhmittra.
- Security/Tlon: harden Urbit URL fetching against SSRF by blocking private/internal hosts by default (opt-in: `channels.tlon.allowPrivateNetwork`). Thanks @p80n-sec.
- Security/Voice Call (Telnyx): require webhook signature verification when receiving inbound events; configs without `telnyx.publicKey` are now rejected unless `skipSignatureVerification` is enabled. Thanks @p80n-sec.
- Security/Voice Call: require valid Twilio webhook signatures even when ngrok free tier loopback compatibility mode is enabled. Thanks @p80n-sec.
- Security/Discovery: stop treating Bonjour TXT records as authoritative routing (prefer resolved service endpoints) and prevent discovery from overriding stored TLS pins; autoconnect now requires a previously trusted gateway. Thanks @simecek.
chore: format changelog
2026-02-14 15:03:07 +01:00
chore(release): publish 2026.2.13 appcast
2026-02-14 04:31:12 +01:00
## 2026.2.13
fix(onboarding): exit cleanly after web ui hatch
2026-02-13 03:20:25 +01:00
chore(skills): remove duplicate local-places skill
2026-02-13 16:15:36 +01:00
### Changes
feat(podman): add optional Podman setup and documentation (#16273) * feat(podman): add optional Podman setup and documentation - Introduced `setup-podman.sh` for one-time host setup of OpenClaw in a rootless Podman environment, including user creation, image building, and launch script installation. - Added `run-openclaw-podman.sh` for running the OpenClaw gateway as a Podman container. - Created `openclaw.podman.env` for environment variable configuration. - Updated documentation to include Podman installation instructions and a new dedicated Podman guide. - Added a systemd Quadlet unit for managing the OpenClaw service as a user service. * fix: harden Podman setup and docs (#16273) (thanks @DarwinsBuddy) * style: format cli credentials --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 17:39:06 +01:00
- Install: add optional Podman-based setup: `setup-podman.sh` for one-time host setup (openclaw user, image, launch script, systemd quadlet), `run-openclaw-podman.sh launch` / `launch setup`; systemd Quadlet unit for openclaw user service; docs for rootless container, openclaw user (subuid/subgid), and quadlet (troubleshooting). (#16273) Thanks @DarwinsBuddy.
fix: add Discord voice message changelog (#7253) (thanks @nyanjou)
2026-02-13 12:42:47 -06:00
- Discord: send voice messages with waveform previews from local audio files (including silent delivery). (#7253) Thanks @nyanjou.
Discord: refine presence config defaults (#10855) (thanks @h0tp-ftw)
2026-02-13 13:12:16 -06:00
- Discord: add configurable presence status/activity/type/url (custom status defaults to activity text). (#10855) Thanks @h0tp-ftw.
feat(slack): land thread-ownership from @DarlingtonDeveloper (#15775) Land PR #15775 by @DarlingtonDeveloper: - add thread-ownership plugin and Slack message_sending hook wiring - include regression tests and changelog update Co-authored-by: Mike <108890394+DarlingtonDeveloper@users.noreply.github.com>
2026-02-13 23:37:05 +00:00
- Slack/Plugins: add thread-ownership outbound gating via `message_sending` hooks, including @-mention bypass tracking and Slack outbound hook wiring for cancel/modify behavior. (#15775) Thanks @DarlingtonDeveloper.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Agents: add synthetic catalog support for `hf:zai-org/GLM-5`. (#15867) Thanks @battman21.
- Skills: remove duplicate `local-places` Google Places skill/proxy and keep `goplaces` as the single supported Google Places path.
feat: add pre-prompt context size diagnostic logging (openclaw#8930) thanks @Glucksberg Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 19:54:22 -04:00
- Agents: add pre-prompt context diagnostics (`messages`, `systemPromptChars`, `promptChars`, provider/model, session file) before embedded runner prompt calls to improve overflow debugging. (#8930) Thanks @Glucksberg.
docs(changelog): clarify Hugging Face support in 2026.2.13
2026-02-14 05:51:07 +01:00
- Onboarding/Providers: add first-class Hugging Face Inference provider support (provider wiring, onboarding auth choice/API key flow, and default-model selection), and preserve Hugging Face auth intent in auth-choice remapping (`tokenProvider=huggingface` with `authChoice=apiKey`) while skipping env-override prompts when an explicit token is provided. (#13472) Thanks @Josephrp.
fix: wire minimax-api-key-cn onboarding (#15191) (thanks @liuy)
2026-02-14 13:16:18 +01:00
- Onboarding/Providers: add `minimax-api-key-cn` auth choice for the MiniMax China API endpoint. (#15191) Thanks @liuy.
chore(skills): remove duplicate local-places skill
2026-02-13 16:15:36 +01:00
chore!: remove moltbot legacy state/config support
2026-02-14 12:40:41 +01:00
### Breaking
- Config/State: removed legacy `.moltbot` auto-detection/migration and `moltbot.json` config candidates. If you still have state/config under `~/.moltbot`, move it to `~/.openclaw` (recommended) or set `OPENCLAW_STATE_DIR` / `OPENCLAW_CONFIG_PATH` explicitly.
fix(onboarding): exit cleanly after web ui hatch
2026-02-13 03:20:25 +01:00
### Fixes
feat(gateway): add trusted-proxy auth mode (#15940) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 279d4b304f83186fda44dfe63a729406a835dafa Co-authored-by: nickytonline <833231+nickytonline@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
2026-02-14 06:32:17 -05:00
- Gateway/Auth: add trusted-proxy mode hardening follow-ups by keeping `OPENCLAW_GATEWAY_*` env compatibility, auto-normalizing invalid setup combinations in interactive `gateway configure` (trusted-proxy forces `bind=lan` and disables Tailscale serve/funnel), and suppressing shared-secret/rate-limit audit findings that do not apply to trusted-proxy deployments. (#15940) Thanks @nickytonline.
fix(docs): update outdated hooks documentation URLs (#16165) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8ed13fb02fae2cb6dd3cacdb3cd1ef37a5cdd4d8 Co-authored-by: nicholascyh <188132635+nicholascyh@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
2026-02-14 20:05:37 +08:00
- Docs/Hooks: update hooks documentation URLs to the new `/automation/hooks` location. (#16165) Thanks @nicholascyh.
docs(changelog): note audit warning for gateway tools override
2026-02-14 12:48:48 +01:00
- Security/Audit: warn when `gateway.tools.allow` re-enables default-denied tools over HTTP `POST /tools/invoke`, since this can increase RCE blast radius if the gateway is reachable.
fix(security): harden plugin/hook npm installs
2026-02-14 14:07:07 +01:00
- Security/Plugins/Hooks: harden npm-based installs by restricting specs to registry packages only, passing `--ignore-scripts` to `npm pack`, and cleaning up temp install directories.
docs(changelog): note inter-session provenance security fix
2026-02-15 16:00:09 +01:00
- Security/Sessions: preserve inter-session input provenance for routed prompts so delegated/internal sessions are not treated as direct external user instructions. Thanks @anbecker.
fix(feishu): remove typing indicator on NO_REPLY cleanup (openclaw#15508) thanks @arosstale Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-14 12:24:27 +01:00
- Feishu: stop persistent Typing reaction on NO_REPLY/suppressed runs by wiring reply-dispatcher cleanup to remove typing indicators. (#15464) Thanks @arosstale.
fix: strip leading empty lines in sanitizeUserFacingText (#16280) * fix: strip leading empty lines in sanitizeUserFacingText (#16158) (thanks @mcinteerj) * fix: strip leading empty lines in sanitizeUserFacingText (#16158) (thanks @mcinteerj) * fix: strip leading empty lines in sanitizeUserFacingText (#16158) (thanks @mcinteerj)
2026-02-14 16:34:02 +01:00
- Agents: strip leading empty lines from `sanitizeUserFacingText` output and normalize whitespace-only outputs to empty text. (#16158) Thanks @mcinteerj.
bluebubbles: gracefully handle disabled private API with action/tool filtering and fallbacks (#16002) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 243cc0cc9a9ac68b5a7069da50f9f496ac4722d2 Co-authored-by: tyler6204 <243?+tyler6204@users.noreply.github.com> Co-authored-by: tyler6204 <64381258+tyler6204@users.noreply.github.com> Reviewed-by: @tyler6204
2026-02-13 21:15:56 -08:00
- BlueBubbles: gracefully degrade when Private API is disabled by filtering private-only actions, skipping private-only reactions/reply effects, and avoiding private reply markers so non-private flows remain usable. (#16002) Thanks @L-U-C-K-Y.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Outbound: add a write-ahead delivery queue with crash-recovery retries to prevent lost outbound messages after gateway restarts. (#15636) Thanks @nabbilkhan, @thewilloftheshadow.
- Auto-reply/Threading: auto-inject implicit reply threading so `replyToMode` works without requiring model-emitted `[[reply_to_current]]`, while preserving `replyToMode: "off"` behavior for implicit Slack replies and keeping block-streaming chunk coalescing stable under `replyToMode: "first"`. (#14976) Thanks @Diaspar4u.
fix(reply): honour explicit [[reply_to_*]] tags when replyToMode is off (#16174) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 778fc2559ade85a37209866c2edbe33bfc5bbb86 Co-authored-by: aldoeliacim <17973757+aldoeliacim@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
2026-02-14 06:29:42 -06:00
- Auto-reply/Threading: honor explicit `[[reply_to_*]]` tags even when `replyToMode` is `off`. (#16174) Thanks @aldoeliacim.
refactor(reply): clarify explicit reply tags in off mode (#16189) * refactor(reply): clarify explicit reply tags in off mode * fix(plugin-sdk): alias account-id subpath for extensions
2026-02-14 14:15:37 +01:00
- Plugins/Threading: rename `allowTagsWhenOff` to `allowExplicitReplyTagsWhenOff` and keep the old key as a deprecated alias for compatibility. (#16189)
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Outbound/Threading: pass `replyTo` and `threadId` from `message send` tool actions through the core outbound send path to channel adapters, preserving thread/reply routing. (#14948) Thanks @mcaxtr.
- Auto-reply/Media: allow image-only inbound messages (no caption) to reach the agent instead of short-circuiting as empty text, and preserve thread context in queued/followup prompt bodies for media-only runs. (#11916) Thanks @arosstale.
fix: normalize Discord autoThread reply target (#8302) (thanks @gavinbmoore)
2026-02-13 13:04:19 -06:00
- Discord: route autoThread replies to existing threads instead of the root channel. (#8302) Thanks @gavinbmoore, @thewilloftheshadow.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Web UI: add `img` to DOMPurify allowed tags and `src`/`alt` to allowed attributes so markdown images render in webchat instead of being stripped. (#15437) Thanks @lailoo.
- Telegram/Matrix: treat MP3 and M4A (including `audio/mp4`) as voice-compatible for `asVoice` routing, and keep WAV/AAC falling back to regular audio sends. (#15438) Thanks @azade-c.
fix(whatsapp): preserve outbound document filenames (#15594) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8e0d765d1d7ebf3375e9d82b27ffeb486c5be930 Co-authored-by: TsekaLuk <79151285+TsekaLuk@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
2026-02-14 01:54:10 +08:00
- WhatsApp: preserve outbound document filenames for web-session document sends instead of always sending `"file"`. (#15594) Thanks @TsekaLuk.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Telegram: cap bot menu registration to Telegram's 100-command limit with an overflow warning while keeping typed hidden commands available. (#15844) Thanks @battman21.
- Telegram: scope skill commands to the resolved agent for default accounts so `setMyCommands` no longer triggers `BOT_COMMANDS_TOO_MUCH` when multiple agents are configured. (#15599)
- Discord: avoid misrouting numeric guild allowlist entries to `/channels/<guildId>` by prefixing guild-only inputs with `guild:` during resolution. (#12326) Thanks @headswim.
fix: default QMD search mode (#16047) (thanks @togotago)
2026-02-13 23:14:20 -08:00
- Memory/QMD: default `memory.qmd.searchMode` to `search` for faster CPU-only recall and always scope `search`/`vsearch` requests to managed collections (auto-falling back to `query` when required). (#16047) Thanks @togotago.
Changelog: configurable LanceDB capture limit
2026-02-14 16:01:30 -08:00
- Memory/LanceDB: add configurable `captureMaxChars` for auto-capture while keeping the legacy 500-char default. (#16641) Thanks @ciberponk.
fix: harden msteams mentions and fallback links (#15436) (thanks @hyojin)
2026-02-13 15:08:48 +01:00
- MS Teams: preserve parsed mention entities/text when appending OneDrive fallback file links, and accept broader real-world Teams mention ID formats (`29:...`, `8:orgid:...`) while still rejecting placeholder patterns. (#15436) Thanks @hyojin.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Media: classify `text/*` MIME types as documents in media-kind routing so text attachments are no longer treated as unknown. (#12237) Thanks @arosstale.
- Inbound/Web UI: preserve literal `\n` sequences when normalizing inbound text so Windows paths like `C:\\Work\\nxxx\\README.md` are not corrupted. (#11547) Thanks @mcaxtr.
- TUI/Streaming: preserve richer streamed assistant text when final payload drops pre-tool-call text blocks, while keeping non-empty final payload authoritative for plain-text updates. (#15452) Thanks @TsekaLuk.
- Providers/MiniMax: switch implicit MiniMax API-key provider from `openai-completions` to `anthropic-messages` with the correct Anthropic-compatible base URL, fixing `invalid role: developer (2013)` errors on MiniMax M2.5. (#15275) Thanks @lailoo.
- Ollama/Agents: use resolved model/provider base URLs for native `/api/chat` streaming (including aliased providers), normalize `/v1` endpoints, and forward abort + `maxTokens` stream options for reliable cancellation and token caps. (#11853) Thanks @BrokenFinger98.
docs(changelog): note codex spark implementation and merged PR attributions
2026-02-13 15:39:13 +00:00
- OpenAI Codex/Spark: implement end-to-end `gpt-5.3-codex-spark` support across fallback/thinking/model resolution and `models list` forward-compat visibility. (#14990, #15174) Thanks @L-U-C-K-Y, @loiie45e.
- Agents/Codex: allow `gpt-5.3-codex-spark` in forward-compat fallback, live model filtering, and thinking presets, and fix model-picker recognition for spark. (#14990) Thanks @L-U-C-K-Y.
openai-codex: add gpt-5.3-codex-spark forward-compat model (#15174) Merged via maintainer flow after rebase + local gates. Prepared head SHA: 6cac87cbf97e5f627085787fe5f565778fa223bf Co-authored-by: loiie45e <15420100+loiie45e@users.noreply.github.com> Co-authored-by: mbelinky <2406260+mbelinky@users.noreply.github.com>
2026-02-13 23:21:07 +08:00
- Models/Codex: resolve configured `openai-codex/gpt-5.3-codex-spark` through forward-compat fallback during `models list`, so it is not incorrectly tagged as missing when runtime resolution succeeds. (#15174) Thanks @loiie45e.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- OpenAI Codex/Auth: bridge OpenClaw OAuth profiles into `pi` `auth.json` so model discovery and models-list registry resolution can use Codex OAuth credentials. (#15184) Thanks @loiie45e.
- Auth/OpenAI Codex: share OAuth login handling across onboarding and `models auth login --provider openai-codex`, keep onboarding alive when OAuth fails, and surface a direct OAuth help note instead of terminating the wizard. (#15406, follow-up to #14552) Thanks @zhiluo20.
- Onboarding/Providers: add vLLM as an onboarding provider with model discovery, auth profile wiring, and non-interactive auth-choice validation. (#12577) Thanks @gejifeng.
fix: Docker installation keeps hanging on MacOS (#12972) * Onboarding: avoid stdin resume after wizard finish * Changelog: remove Docker hang entry from PR * Terminal: make stdin resume behavior explicit at call sites * CI: rerun format check * Onboarding: restore terminal before cancel exit * test(onboard): align restoreTerminalState expectation * chore(format): align onboarding restore test with updated oxfmt config * chore(format): enforce updated oxfmt on restore test * chore(format): apply updated oxfmt spacing to restore test * fix: avoid stdin resume after onboarding (#12972) (thanks @vincentkoc) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 10:46:07 -08:00
- Onboarding/CLI: restore terminal state without resuming paused `stdin`, so onboarding exits cleanly (including Docker TTY installs that would otherwise hang). (#12972) Thanks @vincentkoc.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Signal/Install: auto-install `signal-cli` via Homebrew on non-x64 Linux architectures, avoiding x86_64 native binary `Exec format error` failures on arm64/arm hosts. (#15443) Thanks @jogvan-k.
fix(macos): prevent Voice Wake crash on CJK trigger transcripts (openclaw#11052) thanks @Flash-LHR Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: Flash-LHR <47357603+Flash-LHR@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 10:36:14 +08:00
- macOS Voice Wake: fix a crash in trigger trimming for CJK/Unicode transcripts by matching and slicing on original-string ranges instead of transformed-string indices. (#11052) Thanks @Flash-LHR.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Mattermost (plugin): retry websocket monitor connections with exponential backoff and abort-aware teardown so transient connect failures no longer permanently stop monitoring. (#14962) Thanks @mcaxtr.
- Discord/Agents: apply channel/group `historyLimit` during embedded-runner history compaction to prevent long-running channel sessions from bypassing truncation and overflowing context windows. (#11224) Thanks @shadril238.
fix(outbound): return error instead of silently redirecting to allowList[0] (#13578)
2026-02-13 01:20:03 -03:00
- Outbound targets: fail closed for WhatsApp/Twitch/Google Chat fallback paths so invalid or missing targets are dropped instead of rerouted, and align resolver hints with strict target requirements. (#13578) Thanks @mcaxtr.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Gateway/Restart: clear stale command-queue and heartbeat wake runtime state after SIGUSR1 in-process restarts to prevent zombie gateway behavior where queued work stops draining. (#15195) Thanks @joeykrug.
- Heartbeat: prevent scheduler silent-death races during runner reloads, preserve retry cooldown backoff under wake bursts, and prioritize user/action wake causes over interval/retry reasons when coalescing. (#15108) Thanks @joeykrug.
- Heartbeat: allow explicit wake (`wake`) and hook wake (`hook:*`) reasons to run even when `HEARTBEAT.md` is effectively empty so queued system events are processed. (#14527) Thanks @arosstale.
- Auto-reply/Heartbeat: strip sentence-ending `HEARTBEAT_OK` tokens even when followed by up to 4 punctuation characters, while preserving surrounding sentence punctuation. (#15847) Thanks @Spacefish.
Auto-reply: fix non-default agent session transcript path resolution (#15154) * Auto-reply: fix non-default agent transcript path resolution * Auto-reply: harden non-default agent transcript lookups * Auto-reply: harden session path resolution across agent stores
2026-02-12 23:23:12 -05:00
- Sessions/Agents: pass `agentId` when resolving existing transcript paths in reply runs so non-default agents and heartbeat/chat handlers no longer fail with `Session file path must be within sessions directory`. (#15141) Thanks @Goldenmonstew.
fix: land multi-agent session path fix + regressions (#15103) (#15448) Co-authored-by: Josh Lehman <josh@martian.engineering>
2026-02-13 14:17:24 +01:00
- Sessions/Agents: pass `agentId` through status and usage transcript-resolution paths (auto-reply, gateway usage APIs, and session cost/log loaders) so non-default agents can resolve absolute session files without path-validation failures. (#15103) Thanks @jalehman.
fix: archive old transcript files on /new and /reset (#14949) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 4724df7dea247970b909ef8d293ba4a612b7b1b4 Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-13 16:55:16 -03:00
- Sessions: archive previous transcript files on `/new` and `/reset` session resets (including gateway `sessions.reset`) so stale transcripts do not accumulate on disk. (#14869) Thanks @mcaxtr.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Status/Sessions: stop clamping derived `totalTokens` to context-window size, keep prompt-token snapshots wired through session accounting, and surface context usage as unknown when fresh snapshot data is missing to avoid false 100% reports. (#15114) Thanks @echoVic.
perf(cli): speed up startup
2026-02-14 12:16:16 +00:00
- Gateway/Routing: speed up hot paths for session listing (derived titles + previews), WS broadcast, and binding resolution.
perf(gateway): cache session list transcript fields
2026-02-14 12:52:46 +00:00
- Gateway/Sessions: cache derived title + last-message transcript reads to speed up repeated sessions list refreshes.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- CLI/Completion: route plugin-load logs to stderr and write generated completion scripts directly to stdout to avoid `source <(openclaw completion ...)` corruption. (#15481) Thanks @arosstale.
- CLI: lazily load outbound provider dependencies and remove forced success-path exits so commands terminate naturally without killing intentional long-running foreground actions. (#12906) Thanks @DrCrinkle.
perf(cli): speed up startup
2026-02-14 12:16:16 +00:00
- CLI: speed up startup by lazily registering core commands (keeps rich `--help` while reducing cold-start overhead).
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Security/Gateway + ACP: block high-risk tools (`sessions_spawn`, `sessions_send`, `gateway`, `whatsapp_login`) from HTTP `/tools/invoke` by default with `gateway.tools.{allow,deny}` overrides, and harden ACP permission selection to fail closed when tool identity/options are ambiguous while supporting `allow_always`/`reject_always`. (#15390) Thanks @aether-ai-agent.
docs(changelog): thank reporter for ACP hardening
2026-02-14 12:54:47 +01:00
- Security/ACP: prompt for non-read/search permission requests in ACP clients (reduces silent tool approval risk). Thanks @aether-ai-agent.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Security/Gateway: breaking default-behavior change - canvas IP-based auth fallback now only accepts machine-scoped addresses (RFC1918, link-local, ULA IPv6, CGNAT); public-source IP matches now require bearer token auth. (#14661) Thanks @sumleo.
- Security/Link understanding: block loopback/internal host patterns and private/mapped IPv6 addresses in extracted URL handling to close SSRF bypasses in link CLI flows. (#15604) Thanks @AI-Reviewer-QS.
- Security/Browser: constrain `POST /trace/stop`, `POST /wait/download`, and `POST /download` output paths to OpenClaw temp roots and reject traversal/escape paths.
fix(security): harden archive extraction (#16203) * fix(browser): confine upload paths for file chooser * fix(browser): sanitize suggested download filenames * chore(lint): avoid control regex in download sanitizer * test(browser): cover absolute escape paths * docs(browser): update upload example path * refactor(browser): centralize upload path confinement * fix(infra): harden tmp dir selection * fix(security): harden archive extraction * fix(infra): harden tar extraction filter
2026-02-14 14:42:08 +01:00
- Security/Browser: sanitize download `suggestedFilename` to keep implicit `wait/download` paths within the downloads root. Thanks @1seal.
- Security/Browser: confine `POST /hooks/file-chooser` upload paths to an OpenClaw temp uploads root and reject traversal/escape paths. Thanks @1seal.
fix(browser): authenticate sandbox browser bridge server
2026-02-14 12:54:16 +01:00
- Security/Browser: require auth for the sandbox browser bridge server (protects `/profiles`, `/tabs`, CDP URLs, and other control endpoints). Thanks @jackhax.
fix(security): enforce sandbox bridge auth
2026-02-14 13:17:41 +01:00
- Security: bind local helper servers to loopback and fail closed on non-loopback OAuth callback hosts (reduces localhost/LAN attack surface).
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Security/Canvas: serve A2UI assets via the shared safe-open path (`openFileWithinRoot`) to close traversal/TOCTOU gaps, with traversal and symlink regression coverage. (#10525) Thanks @abdelsfane.
- Security/WhatsApp: enforce `0o600` on `creds.json` and `creds.json.bak` on save/backup/restore paths to reduce credential file exposure. (#10529) Thanks @abdelsfane.
- Security/Gateway: sanitize and truncate untrusted WebSocket header values in pre-handshake close logs to reduce log-poisoning risk. Thanks @thewilloftheshadow.
- Security/Audit: add misconfiguration checks for sandbox Docker config with sandbox mode off, ineffective `gateway.nodes.denyCommands` entries, global minimal tool-profile overrides by agent profiles, and permissive extension-plugin tool reachability.
- Security/Audit: distinguish external webhooks (`hooks.enabled`) from internal hooks (`hooks.internal.enabled`) in attack-surface summaries to avoid false exposure signals when only internal hooks are enabled. (#13474) Thanks @mcaxtr.
- Security/Onboarding: clarify multi-user DM isolation remediation with explicit `openclaw config set session.dmScope ...` commands in security audit, doctor security, and channel onboarding guidance. (#13129) Thanks @VintLin.
fix(gateway): bind system.run approvals to exec approvals
2026-02-14 13:02:48 +01:00
- Security/Gateway: bind node `system.run` approval overrides to gateway exec-approval records (runId-bound), preventing approval-bypass via `node.invoke` param injection. Thanks @222n5.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Agents/Nodes: harden node exec approval decision handling in the `nodes` tool run path by failing closed on unexpected approval decisions, and add regression coverage for approval-required retry/deny/timeout flows. (#4726) Thanks @rmorse.
- Android/Nodes: harden `app.update` by requiring HTTPS and gateway-host URL matching plus SHA-256 verification, stream URL camera downloads to disk with size guards to avoid memory spikes, and stop signing release builds with debug keys. (#13541) Thanks @smartprogrammer93.
- Routing: enforce strict binding-scope matching across peer/guild/team/roles so peer-scoped Discord/Slack bindings no longer match unrelated guild/team contexts or fallback tiers. (#15274) Thanks @lailoo.
- Exec/Allowlist: allow multiline heredoc bodies (`<<`, `<<-`) while keeping multiline non-heredoc shell commands blocked, so exec approval parsing permits heredoc input safely without allowing general newline command chaining. (#13811) Thanks @mcaxtr.
Config: preserve env var references on write (#15600) * Config: preserve env var references on write * Config: handle env refs in arrays
2026-02-13 11:52:23 -06:00
- Config: preserve `${VAR}` env references when writing config files so `openclaw config set/apply/patch` does not persist secrets to disk. Thanks @thewilloftheshadow.
fix: preserve ${VAR} env var references when writing config back to disk (#11560) * fix: preserve ${VAR} env var references when writing config back to disk Fixes #11466 When config is loaded, ${VAR} references are resolved to their plaintext values. Previously, writeConfigFile would serialize the resolved values, silently replacing "${ANTHROPIC_API_KEY}" with "sk-ant-api03-..." in the config file. Now writeConfigFile reads the current file pre-substitution, and for each value that matches what a ${VAR} reference would resolve to, restores the original reference. Values the caller intentionally changed are kept as-is. This fixes all 50+ writeConfigFile call sites (doctor, configure wizard, gateway config.set/apply/patch, plugins, hooks, etc.) without requiring any caller changes. New files: - src/config/env-preserve.ts — restoreEnvVarRefs() utility - src/config/env-preserve.test.ts — 11 unit tests * fix: remove global config env snapshot race * docs(changelog): note config env snapshot race fix --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 18:53:17 -06:00
- Config: remove a cross-request env-snapshot race in config writes by carrying read-time env context into write calls per request, preserving `${VAR}` refs safely under concurrent gateway config mutations. (#11560) Thanks @akoscz.
fix(config): log config overwrite audits
2026-02-13 20:12:36 +00:00
- Config: log overwrite audit entries (path, backup target, and hash transition) whenever an existing config file is replaced, improving traceability for unexpected config clobbers.
fix(macos): ensure exec approval prompt displays the command (#5042) * fix(config): migrate audio.transcription with any CLI command Two bugs fixed: 1. Removed CLI allowlist from mapLegacyAudioTranscription - the modern config format has no such restriction, so the allowlist only blocked legacy migration of valid configs like whisperx-transcribe.sh 2. Moved audio.transcription migration to a separate migration entry - it was nested inside routing.config-v2 which early-exited when no routing section existed Closes #5017 * fix(macos): ensure exec approval prompt displays the command The NSStackView and NSScrollView for the command text lacked proper width constraints, causing the accessory view to collapse to zero width in some cases. This fix: 1. Adds minimum width constraint (380px) to the root stack view 2. Adds minimum width constraint to the command scroll view 3. Enables vertical resizing and scrolling for long commands 4. Adds max height constraint to prevent excessively tall prompts Closes #5038 * fix: validate legacy audio transcription migration input (openclaw#5042) thanks @shayan919293 * docs: add changelog note for legacy audio migration guard (openclaw#5042) thanks @shayan919293 * fix: satisfy lint on audio transcription migration braces (openclaw#5042) thanks @shayan919293 --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 06:49:06 -08:00
- Config: keep legacy audio transcription migration strict by rejecting non-string/unsafe command tokens while still migrating valid custom script executables. (#5042) Thanks @shayan919293.
fix(config): accept $schema key in root config (#15280) * fix(config): accept $schema key in root config (#14998) * fix: strip $schema via preprocess to avoid spurious UI section * fix(config): allow root without zod preprocess wrapper --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 10:07:12 +08:00
- Config: accept `$schema` key in config file so JSON Schema editor tooling works without validation errors. (#14998)
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Gateway/Tools Invoke: sanitize `/tools/invoke` execution failures while preserving `400` for tool input errors and returning `500` for unexpected runtime failures, with regression coverage and docs updates. (#13185) Thanks @davidrudduck.
- Gateway/Hooks: preserve `408` for hook request-body timeout responses while keeping bounded auth-failure cache eviction behavior, with timeout-status regression coverage. (#15848) Thanks @AI-Reviewer-QS.
- Plugins/Hooks: fire `before_tool_call` hook exactly once per tool invocation in embedded runs by removing duplicate dispatch paths while preserving parameter mutation semantics. (#15635) Thanks @lailoo.
- Agents/Transcript policy: sanitize OpenAI/Codex tool-call ids during transcript policy normalization to prevent invalid tool-call identifiers from propagating into session history. (#15279) Thanks @divisonofficer.
- Agents/Image tool: cap image-analysis completion `maxTokens` by model capability (`min(4096, model.maxTokens)`) to avoid over-limit provider failures while still preventing truncation. (#11770) Thanks @detecti1.
- Agents/Compaction: centralize exec default resolution in the shared tool factory so per-agent `tools.exec` overrides (host/security/ask/node and related defaults) persist across compaction retries. (#15833) Thanks @napetrov.
- Gateway/Agents: stop injecting a phantom `main` agent into gateway agent listings when `agents.list` explicitly excludes it. (#11450) Thanks @arosstale.
- Process/Exec: avoid shell execution for `.exe` commands on Windows so env overrides work reliably in `runCommandWithTimeout`. Thanks @thewilloftheshadow.
- Daemon/Windows: preserve literal backslashes in `gateway.cmd` command parsing so drive and UNC paths are not corrupted in runtime checks and doctor entrypoint comparisons. (#15642) Thanks @arosstale.
- Sandbox: pass configured `sandbox.docker.env` variables to sandbox containers at `docker create` time. (#15138) Thanks @stevebot-alive.
- Voice Call: route webhook runtime event handling through shared manager event logic so rejected inbound hangups are idempotent in production, with regression tests for duplicate reject events and provider-call-ID remapping parity. (#15892) Thanks @dcantu96.
- Cron: add regression coverage for announce-mode isolated jobs so runs that already report `delivered: true` do not enqueue duplicate main-session relays, including delivery configs where `mode` is omitted and defaults to announce. (#15737) Thanks @brandonwise.
- Cron: honor `deleteAfterRun` in isolated announce delivery by mapping it to subagent announce cleanup mode, so cron run sessions configured for deletion are removed after completion. (#15368) Thanks @arosstale.
- Web tools/web_fetch: prefer `text/markdown` responses for Cloudflare Markdown for Agents, add `cf-markdown` extraction for markdown bodies, and redact fetched URLs in `x-markdown-tokens` debug logs to avoid leaking raw paths/query params. (#15376) Thanks @Yaxuan42.
feat: support freshness parameter for Perplexity web_search provider (#15343) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 01aba2bfba053c028f62970dcd153b19d00c5e3b Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com> Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com> Reviewed-by: @sebslight
2026-02-14 11:18:16 +08:00
- Tools/web_search: support `freshness` for the Perplexity provider by mapping `pd`/`pw`/`pm`/`py` to Perplexity `search_recency_filter` values and including freshness in the Perplexity cache key. (#15343) Thanks @echoVic.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Clawdock: avoid Zsh readonly variable collisions in helper scripts. (#15501) Thanks @nkelner.
- Memory: switch default local embedding model to the QAT `embeddinggemma-300m-qat-Q8_0` variant for better quality at the same footprint. (#15429) Thanks @azade-c.
docs(discord): replace quick setup and add recommended guild setup (#20088) Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-18 08:39:09 -07:00
- Docs/Discord: expand quick setup and clarify guild workspace guidance. (#20088) Thanks @pejmanjohn, @thewilloftheshadow.
docs: reorder 2026.2.13 changelog by user interest
2026-02-14 03:31:45 +01:00
- Docs/Mermaid: remove hardcoded Mermaid init theme blocks from four docs diagrams so dark mode inherits readable theme defaults. (#15157) Thanks @heytulsiprasad.
fix: harden device pairing token generation and verification (#16535) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: bcbb50e3683b12643d8eb2ef3fde74dd3a3ac4a7 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-14 16:23:33 -05:00
- Security/Pairing: generate 256-bit base64url device and node pairing tokens and use byte-safe constant-time verification to avoid token-compare edge-case failures. (#16535) Thanks @FaizanKolega, @gumadeiras.
fix(onboarding): exit cleanly after web ui hatch
2026-02-13 03:20:25 +01:00
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
## 2026.2.12
docs: start 2026.2.10 changelog section
2026-02-11 11:27:58 +01:00
### Changes
CLI: add plugins uninstall command (#5985) (openclaw#6141) thanks @JustasMonkev Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: JustasMonkev <59362982+JustasMonkev@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 04:11:26 +02:00
- CLI/Plugins: add `openclaw plugins uninstall <id>` with `--dry-run`, `--force`, and `--keep-files` options, including safe uninstall path handling and plugin uninstall docs. (#5985) Thanks @JustasMonkev.
fix(cli): drop logs --localTime alias noise
2026-02-11 08:34:03 -05:00
- CLI: add `openclaw logs --local-time` to display log timestamps in local timezone. (#13818) Thanks @xialonglee.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Telegram: render blockquotes as native `<blockquote>` tags instead of stripping them. (#14608)
feat: expose /compact command in Telegram native menu (openclaw#10352) thanks @akramcodez Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: akramcodez <179671552+akramcodez@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 07:47:25 +05:30
- Telegram: expose `/compact` in the native command menu. (#10352) Thanks @akramcodez.
fix: add discord role allowlists (#10650) (thanks @Minidoracat)
2026-02-12 19:50:10 -06:00
- Discord: add role-based allowlists and role-based agent routing. (#10650) Thanks @Minidoracat.
fix(config): avoid redacting maxTokens-like fields (#14006) * fix(config): avoid redacting maxTokens-like fields * fix(config): finalize redaction prep items (#14006) (thanks @constansino) --------- Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-11 05:32:00 -08:00
- Config: avoid redacting `maxTokens`-like fields during config snapshot redaction, preventing round-trip validation failures in `/config`. (#14006) Thanks @constansino.
docs: start 2026.2.10 changelog section
2026-02-11 11:27:58 +01:00
fix: harden hook session key routing defaults
2026-02-13 02:09:01 +01:00
### Breaking
- Hooks: `POST /hooks/agent` now rejects payload `sessionKey` overrides by default. To keep fixed hook context, set `hooks.defaultSessionKey` (recommended with `hooks.allowedSessionKeyPrefixes: ["hook:"]`). If you need legacy behavior, explicitly set `hooks.allowRequestSessionKey: true`. Thanks @alpernae for reporting.
fix: use configured base URL for Ollama model discovery (#14131) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 2292d2de6d6a4608fba8124ace738df75ae890fc Co-authored-by: shtse8 <8020099+shtse8@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-11 15:51:59 +00:00
### Fixes
fix: harden OpenResponses URL input fetching
2026-02-13 01:38:15 +01:00
- Gateway/OpenResponses: harden URL-based `input_file`/`input_image` handling with explicit SSRF deny policy, hostname allowlists (`files.urlAllowlist` / `images.urlAllowlist`), per-request URL input caps (`maxUrlParts`), blocked-fetch audit logging, and regression coverage/docs updates.
fix(sessions): guard withSessionStoreLock against undefined storePath (#14717) (openclaw#14755) thanks @lailoo Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-15 21:57:51 +08:00
- Sessions: guard `withSessionStoreLock` against undefined `storePath` to prevent `path.dirname` crash. (#14717)
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Security: fix unauthenticated Nostr profile API remote config tampering. (#13719) Thanks @coygeek.
fix: remove bundled soul-evil hook (closes #8776) (#14757) * fix: remove bundled soul-evil hook (closes #8776) * fix: remove soul-evil docs (#14757) (thanks @Imccccc) --------- Co-authored-by: OpenClaw Bot <bot@openclaw.ai> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 01:52:09 +08:00
- Security: remove bundled soul-evil hook. (#14757) Thanks @Imccccc.
fix: harden hook session key routing defaults
2026-02-13 02:09:01 +01:00
- Security/Audit: add hook session-routing hardening checks (`hooks.defaultSessionKey`, `hooks.allowRequestSessionKey`, and prefix allowlists), and warn when HTTP API endpoints allow explicit session-key routing.
fix: confine sandbox skill sync destinations
2026-02-13 01:24:46 +01:00
- Security/Sandbox: confine mirrored skill sync destinations to the sandbox `skills/` root and stop using frontmatter-controlled skill names as filesystem destination paths. Thanks @1seal.
fix(security): harden untrusted web tool transcripts
2026-02-13 00:46:11 +01:00
- Security/Web tools: treat browser/web content as untrusted by default (wrapped outputs for browser snapshot/tabs/console and structured external-content metadata for web tools), and strip `toolResult.details` from model-facing transcript/compaction inputs to reduce prompt-injection replay risk.
fix(security): harden hook and device token auth
2026-02-13 01:23:26 +01:00
- Security/Hooks: harden webhook and device token verification with shared constant-time secret comparison, and add per-client auth-failure throttling for hook endpoints (`429` + `Retry-After`). Thanks @akhmittra.
fix(browser): require auth on control HTTP and auto-bootstrap token
2026-02-13 02:01:57 +01:00
- Security/Browser: require auth for loopback browser control HTTP routes, auto-generate `gateway.auth.token` when browser control starts without auth, and add a security-audit check for unauthenticated browser control. Thanks @tcusolle.
fix: harden session transcript path resolution
2026-02-13 01:27:33 +01:00
- Sessions/Gateway: harden transcript path resolution and reject unsafe session IDs/file paths so session operations stay within agent sessions directories. Thanks @akhmittra.
fix(session): preserve verbose/thinking/tts overrides across /new and /reset (openclaw#10881) thanks @mcaxtr Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 23:27:12 -03:00
- Sessions: preserve `verboseLevel`, `thinkingLevel`/`reasoningLevel`, and `ttsAuto` overrides across `/new` and `/reset` session resets. (#10787) Thanks @mcaxtr.
fix(gateway): increase WebSocket max payload to 5 MB for image uploads (#14486) * fix(gateway): increase WebSocket max payload to 5 MB for image uploads The 512 KB limit was too small for base64-encoded images — a 400 KB image becomes ~532 KB after encoding, exceeding the limit and closing the connection with code 1006. Bump MAX_PAYLOAD_BYTES to 5 MB and MAX_BUFFERED_BYTES to 8 MB to support standard image uploads via webchat. Closes #14400 * fix: align gateway WS limits with 5MB image uploads (#14486) (thanks @0xRaini) * docs: fix changelog conflict for #14486 --------- Co-authored-by: 0xRaini <0xRaini@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 00:48:49 +08:00
- Gateway: raise WS payload/buffer limits so 5,000,000-byte image attachments work reliably. (#14486) Thanks @0xRaini.
fix: local-time timestamps include offset (#14771) (thanks @0xRaini)
2026-02-12 17:53:59 +01:00
- Logging/CLI: use local timezone timestamps for console prefixing, and include `±HH:MM` offsets when using `openclaw logs --local-time` to avoid ambiguity. (#14771) Thanks @0xRaini.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Gateway: drain active turns before restart to prevent message loss. (#13931) Thanks @0xRaini.
- Gateway: auto-generate auth token during install to prevent launchd restart loops. (#13813) Thanks @cathrynlavery.
- Gateway: prevent `undefined`/missing token in auth config. (#13809) Thanks @asklee-klawd.
fix(configure): reject literal "undefined" and "null" gateway auth tokens (#13767) * fix(configure): reject literal "undefined" and "null" gateway auth tokens * fix(configure): reject literal "undefined" and "null" gateway auth tokens * fix(configure): validate gateway password prompt and harden token coercion (#13767) (thanks @omair445) * test: remove unused vitest imports in baseline lint fixtures (#13767) --------- Co-authored-by: Luna AI <luna@coredirection.ai> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 21:04:41 +05:00
- Configure/Gateway: reject literal `"undefined"`/`"null"` token input and validate gateway password prompt values to avoid invalid password-mode configs. (#13767) Thanks @omair445.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Gateway: handle async `EPIPE` on stdout/stderr during shutdown. (#13414) Thanks @keshav55.
docs(changelog): add Control UI symlink install fix entry Co-authored-by: aynorica <54416476+aynorica@users.noreply.github.com>
2026-02-12 14:48:25 -05:00
- Gateway/Control UI: resolve missing dashboard assets when `openclaw` is installed globally via symlink-based Node managers (nvm/fnm/n/Homebrew). (#14919) Thanks @aynorica.
Gateway/Control UI: preserve partial output on abort (#15026) * Gateway/Control UI: preserve partial output on abort * fix: finalize abort partial handling and tests (#15026) (thanks @advaitpaliwal) --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:55:28 -08:00
- Gateway/Control UI: keep partial assistant output visible when runs are aborted, and persist aborted partials to session transcripts for follow-up context.
fix: local-time timestamps include offset (#14771) (thanks @0xRaini)
2026-02-12 17:53:59 +01:00
- Cron: use requested `agentId` for isolated job auth resolution. (#13983) Thanks @0xRaini.
- Cron: prevent cron jobs from skipping execution when `nextRunAtMs` advances. (#14068) Thanks @WalterSumbon.
- Cron: pass `agentId` to `runHeartbeatOnce` for main-session jobs. (#14140) Thanks @ishikawa-pro.
- Cron: re-arm timers when `onTimer` fires while a job is still executing. (#14233) Thanks @tomron87.
- Cron: prevent duplicate fires when multiple jobs trigger simultaneously. (#14256) Thanks @xinhuagu.
fix: harden isolated cron announce delivery fallback (#15739) (thanks @widingmarcus-cyber)
2026-02-13 23:48:36 +01:00
- Cron: prevent duplicate announce-mode isolated cron deliveries, and keep main-session fallback active when best-effort structured delivery attempts fail to send any message. (#15739) Thanks @widingmarcus-cyber.
fix: local-time timestamps include offset (#14771) (thanks @0xRaini)
2026-02-12 17:53:59 +01:00
- Cron: isolate scheduler errors so one bad job does not break all jobs. (#14385) Thanks @MarvinDontPanic.
- Cron: prevent one-shot `at` jobs from re-firing on restart after skipped/errored runs. (#13878) Thanks @lailoo.
fix: prevent heartbeat scheduler death when runOnce throws (#14901) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 022efbfef959f4c4225d7ab1a49540c8f39accd3 Co-authored-by: joeykrug <5925937+joeykrug@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-12 16:38:46 -04:00
- Heartbeat: prevent scheduler stalls on unexpected run errors and avoid immediate rerun loops after `requests-in-flight` skips. (#14901) Thanks @joeykrug.
fix: respect session model override in agent runtime (#14783) (#14983) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: ec47d1a7bf4e97a5db77281567318c1565d319b5 Co-authored-by: shtse8 <8020099+shtse8@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-12 22:12:15 +00:00
- Cron: honor stored session model overrides for isolated-agent runs while preserving `hooks.gmail.model` precedence for Gmail hook sessions. (#14983) Thanks @shtse8.
fix: use os.tmpdir fallback paths for temp files (#14985) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 347c689407037a05be0717209660076c6a07d0ec Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-12 16:08:41 -05:00
- Logging/Browser: fall back to `os.tmpdir()/openclaw` for default log, browser trace, and browser download temp paths when `/tmp/openclaw` is unavailable.
changelog: add cron and whatsapp fix entries with contributor thanks
2026-02-11 23:44:56 -06:00
- WhatsApp: convert Markdown bold/strikethrough to WhatsApp formatting. (#14285) Thanks @Raikan10.
- WhatsApp: allow media-only sends and normalize leading blank payloads. (#14408) Thanks @karimnaguib.
- WhatsApp: default MIME type for voice messages when Baileys omits it. (#14444) Thanks @mcaxtr.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Telegram: handle no-text message in model picker editMessageText. (#14397) Thanks @0xRaini.
- Telegram: surface REACTION_INVALID as non-fatal warning. (#14340) Thanks @0xRaini.
- BlueBubbles: fix webhook auth bypass via loopback proxy trust. (#13787) Thanks @coygeek.
- Slack: change default replyToMode from "off" to "all". (#14364) Thanks @nm-de.
fix(slack): apply limit parameter to emoji-list action (#13421) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 67e9b648581c30a6472ac993dcc404e2d104ad1c Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
2026-02-13 14:20:41 -03:00
- Slack: honor `limit` for `emoji-list` actions across core and extension adapters, with capped emoji-list responses in the Slack action handler. (#4293) Thanks @mcaxtr.
fix(slack): detect control commands when message starts with @mention (#14142) Merged via /review-pr-v2 -> /prepare-pr-v2 -> /merge-pr-v2. Prepared head SHA: cb0b4f6a3b675bceb7e59b8939b4800f813bc069 Co-authored-by: beefiker <55247450+beefiker@users.noreply.github.com> Co-authored-by: gumadeiras <gumadeiras@gmail.com> Reviewed-by: @gumadeiras
2026-02-12 01:41:48 +09:00
- Slack: detect control commands when channel messages start with bot mention prefixes (for example, `@Bot /new`). (#14142) Thanks @beefiker.
fix: align slack thread footer metadata with reply semantics (#14625) (thanks @bennewton999)
2026-02-13 05:16:24 +01:00
- Slack: include thread reply metadata in inbound message footer context (`thread_ts`, `parent_user_id`) while keeping top-level `thread_ts == ts` events unthreaded. (#14625) Thanks @bennewton999.
changelog: keep signal entry while restoring removed rows
2026-02-12 15:55:23 -08:00
- Signal: enforce E.164 validation for the Signal bot account prompt so mistyped numbers are caught early. (#15063) Thanks @Duartemartins.
fix: refine cron heartbeat event detection
2026-02-12 15:50:27 -08:00
- Discord: process DM reactions instead of silently dropping them. (#10418) Thanks @mcaxtr.
Changelog: note Discord admin permission fix
2026-02-12 19:53:34 -06:00
- Discord: treat Administrator as full permissions in channel permission checks. Thanks @thewilloftheshadow.
fix: update replyToMode notes (#11062) (thanks @cordx56)
2026-02-12 18:49:46 -06:00
- Discord: respect replyToMode in threads. (#11062) Thanks @cordx56.
Discord: add gateway proxy docs and tests (#10400) (thanks @winter-loo)
2026-02-13 13:14:19 -06:00
- Discord: add optional gateway proxy support for WebSocket connections via `channels.discord.proxy`. (#10400) Thanks @winter-loo, @thewilloftheshadow.
fix(browser): hide navigator.webdriver from reCAPTCHA v3 detection (openclaw#10735) thanks @Milofax Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: Milofax <2537423+Milofax@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 03:16:28 +01:00
- Browser: add Chrome launch flag `--disable-blink-features=AutomationControlled` to reduce `navigator.webdriver` automation detection issues on reCAPTCHA-protected sites. (#10735) Thanks @Milofax.
fix: align cron prompt content with filtered reminder events
2026-02-12 16:01:53 -08:00
- Heartbeat: filter noise-only system events so scheduled reminder notifications do not fire when cron runs carry only heartbeat markers. (#13317) Thanks @pvtclawn.
fix: normalize Signal mentions (#2013) (thanks @alexgleason)
2026-02-12 14:32:46 -08:00
- Signal: render mention placeholders as `@uuid`/`@phone` so mention gating and Clawdbot targeting work. (#2013) Thanks @alexgleason.
fix: guard reminder note (#18588) (thanks @vignesh07)
2026-02-16 14:10:13 -08:00
- Agents/Reminders: guard reminder promises by appending a note when no `cron.add` succeeded in the turn, so users know nothing was scheduled. (#18588) Thanks @vignesh07.
fix: refine cron heartbeat event detection
2026-02-12 15:50:27 -08:00
- Discord: omit empty content fields for media-only messages while preserving caption whitespace. (#9507) Thanks @leszekszpunar.
feat(provider): Z.AI endpoints + model catalog (#13456) (thanks @tomsun28) (#13456) Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 21:01:48 +08:00
- Onboarding/Providers: add Z.AI endpoint-specific auth choices (`zai-coding-global`, `zai-coding-cn`, `zai-global`, `zai-cn`) and expand default Z.AI model wiring. (#13456) Thanks @tomsun28.
feat(minimax): update models from M2.1 to M2.5 (#14865) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 1d58bc5760af657e205f7a113cec30aaf461abc6 Co-authored-by: adao-max <153898832+adao-max@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-13 05:48:46 +08:00
- Onboarding/Providers: update MiniMax API default/recommended models from M2.1 to M2.5, add M2.5/M2.5-Lightning model entries, and include `minimax-m2.5` in modern model filtering. (#14865) Thanks @adao-max.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Ollama: use configured `models.providers.ollama.baseUrl` for model discovery and normalize `/v1` endpoints to the native Ollama API root. (#14131) Thanks @shtse8.
- Voice Call: pass Twilio stream auth token via `<Parameter>` instead of query string. (#14029) Thanks @mcwigglesmcgee.
feat(config): expose full pi-ai model compat fields in config schema (openclaw#11063) thanks @ikari-pl Verified: - pnpm build - pnpm check - pnpm test (full run; transient lobster timeout rerun passed) Co-authored-by: ikari-pl <811702+ikari-pl@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-14 01:47:18 +01:00
- Config/Models: allow full `models.providers.*.models[*].compat` keys used by `openai-completions` (`thinkingFormat`, `supportsStrictMode`, and streaming/tool-result compatibility flags) so valid provider overrides no longer fail strict config validation. (#11063) Thanks @ikari-pl.
chore: add feishu contributor thanks to changelog (openclaw#14448) Co-authored-by: zhiyi <7426274+youngerstyle@users.noreply.github.com> Co-authored-by: 王春跃 <80630709+openperf@users.noreply.github.com> Co-authored-by: Wei Wang <1019875+onevcat@users.noreply.github.com> Co-authored-by: Cynosure159 <29699738+Cynosure159@users.noreply.github.com> Co-authored-by: jack-cooper <10961327+jackcooper2015@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-11 22:48:31 -06:00
- Feishu: pass `Buffer` directly to the Feishu SDK upload APIs instead of `Readable.from(...)` to avoid form-data upload failures. (#10345) Thanks @youngerstyle.
- Feishu: trigger mention-gated group handling only when the bot itself is mentioned (not just any mention). (#11088) Thanks @openperf.
- Feishu: probe status uses the resolved account context for multi-account credential checks. (#11233) Thanks @onevcat.
feat(feishu): add streaming card support via Card Kit API (openclaw#10379) thanks @xzq-xu Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: xzq-xu <53989315+xzq-xu@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 10:19:27 +08:00
- Feishu: add streaming card replies via Card Kit API and preserve `renderMode=auto` fallback behavior for plain-text responses. (#10379) Thanks @xzq-xu.
chore: add feishu contributor thanks to changelog (openclaw#14448) Co-authored-by: zhiyi <7426274+youngerstyle@users.noreply.github.com> Co-authored-by: 王春跃 <80630709+openperf@users.noreply.github.com> Co-authored-by: Wei Wang <1019875+onevcat@users.noreply.github.com> Co-authored-by: Cynosure159 <29699738+Cynosure159@users.noreply.github.com> Co-authored-by: jack-cooper <10961327+jackcooper2015@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-11 22:48:31 -06:00
- Feishu DocX: preserve top-level converted block order using `firstLevelBlockIds` when writing/appending documents. (#13994) Thanks @Cynosure159.
- Feishu plugin packaging: remove `workspace:*` `openclaw` dependency from `extensions/feishu` and sync lockfile for install compatibility. (#14423) Thanks @jackcooper2015.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- CLI/Wizard: exit with code 1 when `configure`, `agents add`, or interactive `onboard` wizards are canceled, so `set -e` automation stops correctly. (#14156) Thanks @0xRaini.
changelog: add missing fix entries
2026-02-12 08:10:23 -06:00
- Media: strip `MEDIA:` lines with local paths instead of leaking as visible text. (#14399) Thanks @0xRaini.
- Config/Cron: exclude `maxTokens` from config redaction and honor `deleteAfterRun` on skipped cron jobs. (#13342) Thanks @niceysam.
- Config: ignore `meta` field changes in config file watcher. (#13460) Thanks @brandonwise.
- Daemon: suppress `EPIPE` error when restarting LaunchAgent. (#14343) Thanks @0xRaini.
- Antigravity: add opus 4.6 forward-compat model and bypass thinking signature sanitization. (#14218) Thanks @jg-noncelogic.
- Agents: prevent file descriptor leaks in child process cleanup. (#13565) Thanks @KyleChen26.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Agents: prevent double compaction caused by cache TTL bypassing guard. (#13514) Thanks @taw0002.
changelog: add missing fix entries
2026-02-12 08:10:23 -06:00
- Agents: use last API call's cache tokens for context display instead of accumulated sum. (#13805) Thanks @akari-musubi.
fix: refine cron heartbeat event detection
2026-02-12 15:50:27 -08:00
- Agents: keep followup-runner session `totalTokens` aligned with post-compaction context by using last-call usage and shared token-accounting logic. (#14979) Thanks @shtse8.
Changelog: add missing entries for #14882 and #15012
2026-02-12 18:56:34 -06:00
- Hooks/Plugins: wire 9 previously unwired plugin lifecycle hooks into core runtime paths (session, compaction, gateway, and outbound message hooks). (#14882) Thanks @shtse8.
- Hooks/Tools: dispatch `before_tool_call` and `after_tool_call` hooks from both tool execution paths with rebased conflict fixes. (#15012) Thanks @Patrick-Barletta, @Takhoffman.
fix(hooks): replace console logging with proper subsystem logging in loader (openclaw#11029) thanks @shadril238 Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: shadril238 <63901551+shadril238@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-14 06:21:11 +06:00
- Hooks: replace loader `console.*` output with subsystem logger messages so hook loading errors/warnings route through standard logging. (#11029) Thanks @shadril238.
fix: refine cron heartbeat event detection
2026-02-12 15:50:27 -08:00
- Discord: allow channel-edit to archive/lock threads and set auto-archive duration. (#5542) Thanks @stumct.
chore: bump version to 2026.2.12
2026-02-12 18:20:26 +01:00
- Discord tests: use a partial @buape/carbon mock in slash command coverage. (#13262) Thanks @arosstale.
- Tests: update thread ID handling in Slack message collection tests. (#14108) Thanks @swizzmagik.
fix(update): repair daemon-cli compat exports after self-update
2026-02-13 03:25:28 +01:00
- Update/Daemon: fix post-update restart compatibility by generating `dist/cli/daemon-cli.js` with alias-aware exports from hashed daemon bundles, preventing `registerDaemonCli` import failures during `openclaw update`.
fix: use configured base URL for Ollama model discovery (#14131) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 2292d2de6d6a4608fba8124ace738df75ae890fc Co-authored-by: shtse8 <8020099+shtse8@users.noreply.github.com> Reviewed-by: @gumadeiras
2026-02-11 15:51:59 +00:00
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
## 2026.2.9
Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription.
2026-02-07 18:15:25 -08:00
### Added
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Commands: add `commands.allowFrom` config for separate command authorization, allowing operators to restrict slash commands to specific users while keeping chat open to others. (#12430) Thanks @thewilloftheshadow.
feat: `ClawDock` - shell docker helpers for OpenClaw development (#12817) Discussion: https://github.com/openclaw/openclaw/discussions/13528 ## Checklist - [x] **Mark as AI-assisted in the PR title or description** - Implemented by 🤖, reviewed by 👨‍💻 - [x] **Note the degree of testing** - fully tested and I use it myself - [x] **Include prompts or session logs if possible (super helpful!)** - I can try doing a "resume" on a few sessions, but don't think it'll provide value. Lmk if this is a blocker. - [x] **Confirm you understand what the code does** - It's simple :) ## Summary of changes - **ClawDock** - Shell helpers replace verbose `docker-compose` commands with simple `clawdock-*` shortcuts - **Zero-config setup** - First run auto-detects the OpenClaw project directory from common paths and saves the config for future use - **No extra dependencies** - Just bash - **Built-in auth & device pairing helpers** - `clawdock-fix-token`, `clawdock-dashboard`, etc to handle gateay setup, streamline web UI, etc... - **Updated Docker docs** - Installation docs now include the optional ClawDock helper setup for users who want simplified container management ## Example Usage ```bash $ clawdock-help 🦞 ClawDock - Docker Helpers for OpenClaw ⚡ Basic Operations clawdock-start Start the gateway clawdock-stop Stop the gateway clawdock-restart Restart the gateway clawdock-status Check container status clawdock-logs View live logs (follows) 🐚 Container Access clawdock-shell Shell into container (openclaw alias ready) clawdock-cli Run CLI commands (e.g., clawdock-cli status) clawdock-exec <cmd> Execute command in gateway container 🌐 Web UI & Devices clawdock-dashboard Open web UI in browser (auto-guides you) clawdock-devices List device pairings (auto-guides you) clawdock-approve <id> Approve device pairing (with examples) ⚙️ Setup & Configuration clawdock-fix-token Configure gateway token (run once) 🔧 Maintenance clawdock-rebuild Rebuild Docker image clawdock-clean ⚠️ Remove containers & volumes (nuclear) 🛠️ Utilities clawdock-health Run health check clawdock-token Show gateway auth token clawdock-cd Jump to openclaw project directory clawdock-config Open config directory (~/.openclaw) clawdock-workspace Open workspace directory ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🚀 First Time Setup 1. clawdock-start # Start the gateway 2. clawdock-fix-token # Configure token 3. clawdock-dashboard # Open web UI 4. clawdock-devices # If pairing needed 5. clawdock-approve <id> # Approve pairing 💬 WhatsApp Setup clawdock-shell > openclaw channels login --channel whatsapp > openclaw status ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 💡 All commands guide you through next steps! 📚 Docs: https://docs.openclaw.ai ```\n\nCo-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
2026-02-10 16:04:41 -05:00
- Docker: add ClawDock shell helpers for Docker workflows. (#12817) Thanks @Olshansk.
changelog: add channel health monitor entry
2026-02-12 11:47:57 +07:00
- Gateway: periodic channel health monitor auto-restarts stuck, crashed, or silently-stopped channels. Configurable via `gateway.channelHealthCheckMinutes` (default: 5, set to 0 to disable). (#7053, #4302)
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- iOS: alpha node app + setup-code onboarding. (#11756) Thanks @mbelinky.
- Channels: comprehensive BlueBubbles and channel cleanup. (#11093) Thanks @tyler6204.
feat: IRC — add first-class channel support Adds IRC as a first-class channel with core config surfaces (schema/hints/dock), plugin auto-enable detection, routing/policy alignment, and docs/tests. Co-authored-by: Vignesh <vigneshnatarajan92@gmail.com>
2026-02-10 15:33:57 -08:00
- Channels: IRC first-class channel support. (#11482) Thanks @vignesh07.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Plugins: device pairing + phone control plugins (Telegram `/pair`, iOS/Android node controls). (#11755) Thanks @mbelinky.
- Tools: add Grok (xAI) as a `web_search` provider. (#12419) Thanks @tmchow.
- Gateway: add agent management RPC methods for the web UI (`agents.create`, `agents.update`, `agents.delete`). (#11045) Thanks @advaitpaliwal.
Changelog: note gateway thinking/tool WS streaming (#10568) (thanks @nk1tz)
2026-02-10 19:30:08 -06:00
- Gateway: stream thinking events to WS clients and broadcast tool events independent of verbose level. (#10568) Thanks @nk1tz.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Web UI: show a Compaction divider in chat history. (#11341) Thanks @Takhoffman.
- Agents: include runtime shell in agent envelopes. (#1835) Thanks @Takhoffman.
- Agents: auto-select `zai/glm-4.6v` for image understanding when ZAI is primary provider. (#10267) Thanks @liuy.
- Paths: add `OPENCLAW_HOME` for overriding the home directory used by internal path resolution. (#12091) Thanks @sebslight.
Onboard: rename Custom API Endpoint to Custom Provider
2026-02-10 07:36:04 -05:00
- Onboarding: add Custom Provider flow for OpenAI and Anthropic-compatible endpoints. (#11106) Thanks @MackDing.
feat(hooks): add agentId support to webhook mappings (#13672) * feat(hooks): add agentId support to webhook mappings Allow webhook mappings to route hook runs to a specific agent via the new `agentId` field. This enables lightweight agents with minimal bootstrap files to handle webhooks, reducing token cost per hook run. The agentId is threaded through: - HookMappingConfig (config type + zod schema) - HookMappingResolved + HookAction (mapping types) - normalizeHookMapping + buildActionFromMapping (mapping logic) - mergeAction (transform override support) - HookAgentPayload + normalizeAgentPayload (direct /hooks/agent endpoint) - dispatchAgentHook → CronJob.agentId (server dispatch) The existing runCronIsolatedAgentTurn already supports agentId on CronJob — this change simply wires it through from webhook mappings. Usage in config: hooks.mappings[].agentId = "my-agent" Usage via POST /hooks/agent: { "message": "...", "agentId": "my-agent" } Includes tests for mapping passthrough and payload normalization. Includes doc updates for webhook.md. * fix(hooks): enforce webhook agent routing policy + docs/changelog updates (#13672) (thanks @BillChirico) * fix(hooks): harden explicit agent allowlist semantics (#13672) (thanks @BillChirico) --------- Co-authored-by: Pip <pip@openclaw.ai> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
2026-02-10 19:23:58 -05:00
- Hooks: route webhook agent runs to specific `agentId`s, add `hooks.allowedAgentIds` controls, and fall back to default agent when unknown IDs are provided. (#13672) Thanks @BillChirico.
Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription.
2026-02-07 18:15:25 -08:00
### Fixes
fix(cron): prevent one-shot at jobs from re-firing on restart after skip/error (#13845) (#13878) Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 13:33:15 +08:00
- Cron: prevent one-shot `at` jobs from re-firing on gateway restart when previously skipped or errored. (#13845)
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Discord: add exec approval cleanup option to delete DMs after approval/denial/timeout. (#13205) Thanks @thewilloftheshadow.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Sessions: prune stale entries, cap session store size, rotate large stores, accept duration/size thresholds, default to warn-only maintenance, and prune cron run sessions after retention windows. (#13083) Thanks @skyfallsin, @gumadeiras.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- CI: Implement pipeline and workflow order. Thanks @quotentiroler.
- WhatsApp: preserve original filenames for inbound documents. (#12691) Thanks @akramcodez.
- Telegram: harden quote parsing; preserve quote context; avoid QUOTE_TEXT_INVALID; avoid nested reply quote misclassification. (#12156) Thanks @rybnikov.
fix(security): default standalone servers to loopback bind (#13184) * fix(security): default standalone servers to loopback bind (#4) Change canvas host and telegram webhook default bind from 0.0.0.0 (all interfaces) to 127.0.0.1 (loopback only) to prevent unintended network exposure when no explicit host is configured. * fix: restore telegram webhook host override while keeping loopback defaults (openclaw#13184) thanks @davidrudduck * style: format telegram docs after rebase (openclaw#13184) thanks @davidrudduck --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 01:39:56 +10:00
- Security/Telegram: breaking default-behavior change — standalone canvas host + Telegram webhook listeners now bind loopback (`127.0.0.1`) instead of `0.0.0.0`; set `channels.telegram.webhookHost` when external ingress is required. (#13184) Thanks @davidrudduck.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Telegram: recover proactive sends when stale topic thread IDs are used by retrying without `message_thread_id`. (#11620)
- Discord: auto-create forum/media thread posts on send, with chunked follow-up replies and media handling for forum sends. (#12380) Thanks @magendary, @thewilloftheshadow.
- Discord: cap gateway reconnect attempts to avoid infinite retry loops. (#12230) Thanks @Yida-Dev.
- Telegram: render markdown spoilers with `<tg-spoiler>` HTML tags. (#11543) Thanks @ezhikkk.
- Telegram: truncate command registration to 100 entries to avoid `BOT_COMMANDS_TOO_MUCH` failures on startup. (#12356) Thanks @arosstale.
- Telegram: match DM `allowFrom` against sender user id (fallback to chat id) and clarify pairing logs. (#12779) Thanks @liuxiaopai-ai.
fix(pairing): use actual code in pairing approval text
2026-02-10 19:47:34 -05:00
- Pairing/Telegram: include the actual pairing code in approve commands, route Telegram pairing replies through the shared pairing message builder, and add regression checks to prevent `<code>` placeholder drift.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Onboarding: QuickStart now auto-installs shell completion (prompt only in Manual).
Feat/litellm provider (#12823) * feat: add LiteLLM provider types, env var, credentials, and auth choice Add litellm-api-key auth choice, LITELLM_API_KEY env var mapping, setLitellmApiKey() credential storage, and LITELLM_DEFAULT_MODEL_REF. * feat: add LiteLLM onboarding handler and provider config Add applyLitellmProviderConfig which properly registers models.providers.litellm with baseUrl, api type, and model definitions. This fixes the critical bug from PR #6488 where the provider entry was never created, causing model resolution to fail at runtime. * docs: add LiteLLM provider documentation Add setup guide covering onboarding, manual config, virtual keys, model routing, and usage tracking. Link from provider index. * docs: add LiteLLM to sidebar navigation in docs.json Add providers/litellm to both English and Chinese provider page lists so the docs page appears in the sidebar navigation. * test: add LiteLLM non-interactive onboarding test Wire up litellmApiKey flag inference and auth-choice handler for the non-interactive onboarding path, and add an integration test covering profile, model default, and credential storage. * fix: register --litellm-api-key CLI flag and add preferred provider mapping Wire up the missing Commander CLI option, action handler mapping, and help text for --litellm-api-key. Add litellm-api-key to the preferred provider map for consistency with other providers. * fix: remove zh-CN sidebar entry for litellm (no localized page yet) * style: format buildLitellmModelDefinition return type * fix(onboarding): harden LiteLLM provider setup (#12823) * refactor(onboarding): keep auth-choice provider dispatcher under size limit --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-11 02:46:56 -08:00
- Onboarding/Providers: add LiteLLM provider onboarding and preserve custom LiteLLM proxy base URLs while enforcing API-key auth mode. (#12823) Thanks @ryan-crabbe.
fix(docker): support Bash 3.2 in docker-setup.sh (#9441) * fix(docker): use Bash 3.2-compatible upsert_env in docker-setup.sh * refactor(docker): simplify argument handling in write_extra_compose function * fix(docker): add bash 3.2 regression coverage (#9441) (thanks @mateusz-michalik) --------- Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-11 01:55:43 +11:00
- Docker: make `docker-setup.sh` compatible with macOS Bash 3.2 and empty extra mounts. (#9441) Thanks @mateusz-michalik.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Auth: strip embedded line breaks from pasted API keys and tokens before storing/resolving credentials.
chore: add missing CHANGELOG entry
2026-02-10 15:12:37 -05:00
- Agents: strip reasoning tags and downgraded tool markers from messaging tool and streaming output to prevent leakage. (#11053, #13453) Thanks @liebertar, @meaadore1221-afk, @gumadeiras.
fix: prevent act:evaluate hangs from getting browser tool stuck/killed (#13498) * fix(browser): prevent permanent timeout after stuck evaluate Thread AbortSignal from client-fetch through dispatcher to Playwright operations. When a timeout fires, force-disconnect the Playwright CDP connection to unblock the serialized command queue, allowing the next call to reconnect transparently. Key changes: - client-fetch.ts: proper AbortController with signal propagation - pw-session.ts: new forceDisconnectPlaywrightForTarget() - pw-tools-core.interactions.ts: accept signal, align inner timeout to outer-500ms, inject in-browser Promise.race for async evaluates - routes/dispatcher.ts + types.ts: propagate signal through dispatch - server.ts + bridge-server.ts: Express middleware creates AbortSignal from request lifecycle - client-actions-core.ts: add timeoutMs to evaluate type Fixes #10994 * fix(browser): v2 - force-disconnect via Connection.close() instead of browser.close() When page.evaluate() is stuck on a hung CDP transport, browser.close() also hangs because it tries to send a close command through the same stuck pipe. v2 fix: forceDisconnectPlaywrightForTarget now directly calls Playwright's internal Connection.close() which locally rejects all pending callbacks and emits 'disconnected' without touching the network. This instantly unblocks all stuck Playwright operations. closePlaywrightBrowserConnection (clean shutdown) now also has a 3s timeout fallback that drops to forceDropConnection if browser.close() hangs. Fixes permanent browser timeout after stuck evaluate. * fix(browser): v3 - fire-and-forget browser.close() instead of Connection.close() v2's forceDropConnection called browser._connection.close() which corrupts the entire Playwright instance because Connection is shared across all objects (BrowserType, Browser, Page, etc.). This prevented reconnection with cascading 'connectOverCDP: Force-disconnected' errors. v3 fix: forceDisconnectPlaywrightForTarget now: 1. Nulls cached connection immediately 2. Fire-and-forgets browser.close() (doesn't await — it may hang) 3. Next connectBrowser() creates a fresh connectOverCDP WebSocket Each connectOverCDP creates an independent WebSocket to the CDP endpoint, so the new connection is unaffected by the old one's pending close. The old browser.close() eventually resolves when the in-browser evaluate timeout fires, or the old connection gets GC'd. * fix(browser): v4 - clear connecting state and remove stale disconnect listeners The reconnect was failing because: 1. forceDisconnectPlaywrightForTarget nulled cached but not connecting, so subsequent calls could await a stale promise 2. The old browser's 'disconnected' event handler raced with new connections, nulling the fresh cached reference Fix: null both cached and connecting, and removeAllListeners on the old browser before fire-and-forget close. * fix(browser): v5 - use raw CDP Runtime.terminateExecution to kill stuck evaluate When forceDisconnectPlaywrightForTarget fires, open a raw WebSocket to the stuck page's CDP endpoint and send Runtime.terminateExecution. This kills running JS without navigating away or crashing the page. Also clear connecting state and remove stale disconnect listeners. * fix(browser): abort cancels stuck evaluate * Browser: always cleanup evaluate abort listener * Chore: remove Playwright debug scripts * Docs: add CDP evaluate refactor plan * Browser: refactor Playwright force-disconnect * Browser: abort stops evaluate promptly * Node host: extract withTimeout helper * Browser: remove disconnected listener safely * Changelog: note act:evaluate hang fix --------- Co-authored-by: Bob <bob@dutifulbob.com>
2026-02-11 07:54:48 +08:00
- Browser: prevent stuck `act:evaluate` from wedging the browser tool, and make cancellation stop waiting promptly. (#13498) Thanks @onutc.
fix(gateway): default-deny missing connect scopes
2026-02-09 21:32:51 -06:00
- Security/Gateway: default-deny missing connect `scopes` (no implicit `operator.admin`).
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Web UI: make chat refresh smoothly scroll to the latest messages and suppress new-messages badge flash during manual refresh.
fix(ui): coerce form values to schema types before config.set (#13468) Co-authored-by: Gustavo Madeira Santana <gumadeiras@users.noreply.github.com>
2026-02-11 03:25:07 -03:00
- Web UI: coerce Form Editor values to schema types before `config.set` and `config.apply`, preventing numeric and boolean fields from being serialized as strings. (#13468) Thanks @mcaxtr.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Tools/web_search: include provider-specific settings in the web search cache key, and pass `inlineCitations` for Grok. (#12419) Thanks @tmchow.
- Tools/web_search: fix Grok response parsing for xAI Responses API output blocks. (#13049) Thanks @ereid7.
- Tools/web_search: normalize direct Perplexity model IDs while keeping OpenRouter model IDs unchanged. (#12795) Thanks @cdorsey.
- Model failover: treat HTTP 400 errors as failover-eligible, enabling automatic model fallback. (#1879) Thanks @orenyomtov.
- Errors: prevent false positive context overflow detection when conversation mentions "context overflow" topic. (#2078) Thanks @sbking.
- Errors: avoid rewriting/swallowing normal assistant replies that mention error keywords by scoping `sanitizeUserFacingText` rewrites to error-context. (#12988) Thanks @Takhoffman.
- Config: re-hydrate state-dir `.env` during runtime config loads so `${VAR}` substitutions remain resolvable. (#12748) Thanks @rodrigouroz.
- Gateway: no more post-compaction amnesia; injected transcript writes now preserve Pi session `parentId` chain so agents can remember again. (#12283) Thanks @Takhoffman.
- Gateway: fix multi-agent sessions.usage discovery. (#11523) Thanks @Takhoffman.
chore(release): 2026.2.9
2026-02-09 10:30:07 -06:00
- Agents: recover from context overflow caused by oversized tool results (pre-emptive capping + fallback truncation). (#11579) Thanks @tyler6204.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Subagents/compaction: stabilize announce timing and preserve compaction metrics across retries. (#11664) Thanks @tyler6204.
fix: report subagent timeout as 'timed out' instead of 'completed successfully' (#13996) * fix: report subagent timeout as 'timed out' instead of 'completed successfully' * fix: propagate subagent timeout status across agent.wait (#13996) (thanks @dario-github) --------- Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-12 01:55:30 +08:00
- Subagents: report timeout-aborted runs as timed out instead of completed successfully in parent-session announcements. (#13996) Thanks @dario-github.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Cron: share isolated announce flow and harden scheduling/delivery reliability. (#11641) Thanks @tyler6204.
- Cron tool: recover flat params when LLM omits the `job` wrapper for add requests. (#12124) Thanks @tyler6204.
docs(changelog): reorder 2026.2.9 for end users
2026-02-09 11:37:55 -06:00
- Gateway/CLI: when `gateway.bind=lan`, use a LAN IP for probe URLs and Control UI links. (#11448) Thanks @AnonO6.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- CLI: make `openclaw plugins list` output scannable by hoisting source roots and shortening bundled/global/workspace plugin paths.
- Hooks: fix bundled hooks broken since 2026.2.2 (tsdown migration). (#9295) Thanks @patrickshao.
fix(plugins): ignore install scripts during plugin/hook install
2026-02-09 21:33:10 -06:00
- Security/Plugins: install plugin and hook dependencies with `--ignore-scripts` to prevent lifecycle script execution.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Routing: refresh bindings per message by loading config at route resolution so binding changes apply without restart. (#11372) Thanks @juanpablodlc.
- Exec approvals: render forwarded commands in monospace for safer approval scanning. (#11937) Thanks @sebslight.
- Config: clamp `maxTokens` to `contextWindow` to prevent invalid model configs. (#5516) Thanks @lailoo.
- Thinking: allow xhigh for `github-copilot/gpt-5.2-codex` and `github-copilot/gpt-5.2`. (#11646) Thanks @LatencyTDH.
- Thinking: honor `/think off` for reasoning-capable models. (#9564) Thanks @liuy.
- Discord: support forum/media thread-create starter messages, wire `message thread create --message`, and harden routing. (#10062) Thanks @jarvis89757.
feat(discord): download attachments from forwarded messages (#17049) Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-16 22:23:40 +01:00
- Discord: download attachments from forwarded messages. (#17049) Thanks @pip-nomel, @thewilloftheshadow.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Paths: structurally resolve `OPENCLAW_HOME`-derived home paths and fix Windows drive-letter handling in tool meta shortening. (#12125) Thanks @mcaxtr.
Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription.
2026-02-07 18:15:25 -08:00
- Memory: set Voyage embeddings `input_type` for improved retrieval. (#10818) Thanks @mcinteerj.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Memory: disable async batch embeddings by default for memory indexing (opt-in via `agents.defaults.memorySearch.remote.batch.enabled`). (#13069) Thanks @mcinteerj.
- Memory/QMD: reuse default model cache across agents instead of re-downloading per agent. (#12114) Thanks @tyler6204.
- Memory/QMD: run boot refresh in background by default, add configurable QMD maintenance timeouts, retry QMD after fallback failures, and scope QMD queries to OpenClaw-managed collections. (#9690, #9705, #10042) Thanks @vignesh07.
- Memory/QMD: initialize QMD backend on gateway startup so background update timers restart after process reloads. (#10797) Thanks @vignesh07.
- Config/Memory: auto-migrate legacy top-level `memorySearch` settings into `agents.defaults.memorySearch`. (#11278, #9143) Thanks @vignesh07.
Memory/QMD: treat plain-text no-results as empty
2026-02-07 19:39:50 -08:00
- Memory/QMD: treat plain-text `No results found` output from QMD as an empty result instead of throwing invalid JSON errors. (#9824)
Memory/QMD: add configurable search mode
2026-02-07 19:48:03 -08:00
- Memory/QMD: add `memory.qmd.searchMode` to choose `query`, `search`, or `vsearch` recall mode. (#9967, #10084)
Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription.
2026-02-07 18:15:25 -08:00
- Media understanding: recognize `.caf` audio attachments for transcription. (#10982) Thanks @succ985.
fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
2026-02-08 05:16:59 +02:00
- State dir: honor `OPENCLAW_STATE_DIR` for default device identity and canvas storage paths. (#4824) Thanks @kossoy.
feat(matrix): Add multi-account support to Matrix channel The Matrix channel previously hardcoded `listMatrixAccountIds` to always return only `DEFAULT_ACCOUNT_ID`, ignoring any accounts configured in `channels.matrix.accounts`. This prevented running multiple Matrix bot accounts simultaneously. Changes: - Update `listMatrixAccountIds` to read from `channels.matrix.accounts` config, falling back to `DEFAULT_ACCOUNT_ID` for legacy single-account configurations - Add `resolveMatrixConfigForAccount` to resolve config for a specific account ID, merging account-specific values with top-level defaults - Update `resolveMatrixAccount` to use account-specific config when available - The multi-account config structure (channels.matrix.accounts) was not defined in the MatrixConfig type, causing TypeScript to not recognize the field. Added the accounts field to properly type the multi-account configuration. - Add stopSharedClientForAccount() to stop only the specific account's client instead of all clients when an account shuts down - Wrap dynamic import in try/finally to prevent startup mutex deadlock if the import fails - Pass accountId to resolveSharedMatrixClient(), resolveMatrixAuth(), and createMatrixClient() to ensure the correct account's credentials are used for outbound messages - Add accountId parameter to resolveMediaMaxBytes to check account-specific config before falling back to top-level config - Maintain backward compatibility with existing single-account setups This follows the same pattern already used by the WhatsApp channel for multi-account support. Fixes #3165 Fixes #3085 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 07:28:39 -08:00
- Doctor/State dir: suppress repeated legacy migration warnings only for valid symlink mirrors, while keeping warnings for empty or invalid legacy trees. (#11709) Thanks @gumadeiras.
- Tests: harden flaky hotspots by removing timer sleeps, consolidating onboarding provider-auth coverage, and improving memory test realism. (#11598) Thanks @gumadeiras.
- macOS: honor Nix-managed defaults suite (`ai.openclaw.mac`) for nixMode to prevent onboarding from reappearing after bundle-id churn. (#12205) Thanks @joshp123.
fix: harden matrix multi-account routing (#7286) (thanks @emonty)
2026-02-13 20:34:53 +01:00
- Matrix: add multi-account support via `channels.matrix.accounts`; use per-account config for dm policy, allowFrom, groups, and other settings; serialize account startup to avoid race condition. (#7286, #3165, #3085) Thanks @emonty.
Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription.
2026-02-07 18:15:25 -08:00
docs(changelog): prepare 2026.2.6
2026-02-06 15:30:10 -08:00
## 2026.2.6
chore: bump version to 2026.2.3
2026-02-03 18:33:27 -08:00
### Changes
fix: cron scheduler reliability, store hardening, and UX improvements (#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (#10776) (thanks @tyler6204)
2026-02-06 18:03:03 -08:00
- Cron: default `wakeMode` is now `"now"` for new jobs (was `"next-heartbeat"`). (#10776) Thanks @tyler6204.
- Cron: `cron run` defaults to force execution; use `--due` to restrict to due-only. (#10776) Thanks @tyler6204.
docs(changelog): highlight Opus 4.6 + Codex 5.3 first
2026-02-06 17:28:46 -08:00
- Models: support Anthropic Opus 4.6 and OpenAI Codex gpt-5.3-codex (forward-compat fallbacks). (#9853, #10720, #9995) Thanks @TinyTb, @calvin-hpnet, @tyler6204.
docs(changelog): curate 2026.2.6
2026-02-06 16:56:29 -08:00
- Providers: add xAI (Grok) support. (#9885) Thanks @grp06.
Merge PR #8868: add Baidu Qianfan support (thanks @ide-rea)
2026-02-07 00:19:04 -08:00
- Providers: add Baidu Qianfan support. (#8868) Thanks @ide-rea.
docs(changelog): prepare 2026.2.6
2026-02-06 15:30:10 -08:00
- Web UI: add token usage dashboard. (#10072) Thanks @Takhoffman.
feat(ui): add RTL support for Hebrew/Arabic text in webchat (openclaw#11498) thanks @dirbalak Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: dirbalak <30323349+dirbalak@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-13 06:15:20 +02:00
- Web UI: add RTL auto-direction support for Hebrew/Arabic text in chat composer and rendered messages. (#11498) Thanks @dirbalak.
docs(changelog): curate 2026.2.6
2026-02-06 16:56:29 -08:00
- Memory: native Voyage AI support. (#7078) Thanks @mcinteerj.
- Sessions: cap sessions_history payloads to reduce context overflow. (#10000) Thanks @gut-puncture.
- CLI: sort commands alphabetically in help output. (#8068) Thanks @deepsoumya617.
docs(changelog): note CI pipeline optimization (#10784) (thanks @mcaxtr)
2026-02-06 23:25:01 -08:00
- CI: optimize pipeline throughput (macOS consolidation, Windows perf, workflow concurrency). (#10784) Thanks @mcaxtr.
docs(changelog): curate 2026.2.6
2026-02-06 16:56:29 -08:00
- Agents: bump pi-mono to 0.52.7; add embedded forward-compat fallback for Opus 4.6 model ids.
chore: bump version to 2026.2.3
2026-02-03 18:33:27 -08:00
fix: cron scheduler reliability, store hardening, and UX improvements (#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (#10776) (thanks @tyler6204)
2026-02-06 18:03:03 -08:00
### Added
- Cron: run history deep-links to session chat from the dashboard. (#10776) Thanks @tyler6204.
- Cron: per-run session keys in run log entries and default labels for cron sessions. (#10776) Thanks @tyler6204.
- Cron: legacy payload field compatibility (`deliver`, `channel`, `to`, `bestEffortDeliver`) in schema. (#10776) Thanks @tyler6204.
chore: update changelog for #8193 (thanks @gildo)
2026-02-04 09:22:36 +05:30
### Fixes
TTS: add missing OpenAI voices (ballad, cedar, juniper, marin, verse) (openclaw#11020) thanks @lailoo Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: ${pr_author_login} <${coauthor_email}> Co-authored-by: ${tak_name} <${tak_email}>
2026-02-13 21:54:00 +08:00
- TTS: add missing OpenAI voices (ballad, cedar, juniper, marin, verse) to the allowlist so they are recognized instead of silently falling back to Edge TTS. (#2393)
fix: cron scheduler reliability, store hardening, and UX improvements (#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (#10776) (thanks @tyler6204)
2026-02-06 18:03:03 -08:00
- Cron: scheduler reliability (timer drift, restart catch-up, lock contention, stale running markers). (#10776) Thanks @tyler6204.
- Cron: store migration hardening (legacy field migration, parse error handling, explicit delivery mode persistence). (#10776) Thanks @tyler6204.
docs(changelog): curate 2026.2.6
2026-02-06 16:56:29 -08:00
- Telegram: auto-inject DM topic threadId in message tool + subagent announce. (#7235) Thanks @Lukavyi.
- Security: require auth for Gateway canvas host and A2UI assets. (#9518) Thanks @coygeek.
- Cron: fix scheduling and reminder delivery regressions; harden next-run recompute + timer re-arming + legacy schedule fields. (#9733, #9823, #9948, #9932) Thanks @tyler6204, @pycckuu, @j2h4u, @fujiwara-tofu-shop.
- Update: harden Control UI asset handling in update flow. (#10146) Thanks @gumadeiras.
- Security: add skill/plugin code safety scanner; redact credentials from config.get gateway responses. (#9806, #9858) Thanks @abdelsfane.
- Exec approvals: coerce bare string allowlist entries to objects. (#9903) Thanks @mcaxtr.
- Slack: add mention stripPatterns for /new and /reset. (#9971) Thanks @ironbyte-rgb.
- Chrome extension: fix bundled path resolution. (#8914) Thanks @kelvinCB.
- Compaction/errors: allow multiple compaction retries on context overflow; show clear billing errors. (#8928, #8391) Thanks @Glucksberg.
## 2026.2.3
### Changes
- Telegram: remove last `@ts-nocheck` from `bot-handlers.ts`, use Grammy types directly, deduplicate `StickerMetadata`. Zero `@ts-nocheck` remaining in `src/telegram/`. (#9206)
- Telegram: remove `@ts-nocheck` from `bot-message.ts`, type deps via `Omit<BuildTelegramMessageContextParams>`, widen `allMedia` to `TelegramMediaRef[]`. (#9180)
- Telegram: remove `@ts-nocheck` from `bot.ts`, fix duplicate `bot.catch` error handler (Grammy overrides), remove dead reaction `message_thread_id` routing, harden sticker cache guard. (#9077)
- Onboarding: add Cloudflare AI Gateway provider setup and docs. (#7914) Thanks @roerohan.
- Onboarding: add Moonshot (.cn) auth choice and keep the China base URL when preserving defaults. (#7180) Thanks @waynelwz.
- Docs: clarify tmux send-keys for TUI by splitting text and Enter. (#7737) Thanks @Wangnov.
- Docs: mirror the landing page revamp for zh-CN (features, quickstart, docs directory, network model, credits). (#8994) Thanks @joshp123.
- Messages: add per-channel and per-account responsePrefix overrides across channels. (#9001) Thanks @mudrii.
- Cron: add announce delivery mode for isolated jobs (CLI + Control UI) and delivery mode config.
- Cron: default isolated jobs to announce delivery; accept ISO 8601 `schedule.at` in tool inputs.
- Cron: hard-migrate isolated jobs to announce/none delivery; drop legacy post-to-main/payload delivery fields and `atMs` inputs.
- Cron: delete one-shot jobs after success by default; add `--keep-after-run` for CLI.
- Cron: suppress messaging tools during announce delivery so summaries post consistently.
- Cron: avoid duplicate deliveries when isolated runs send messages directly.
### Fixes
fix: ensure exec approval is registered before returning (#2402) (#3357) * feat(gateway): add register and awaitDecision methods to ExecApprovalManager Separates registration (synchronous) from waiting (async) to allow callers to confirm registration before the decision is made. Adds grace period for resolved entries to prevent race conditions. * feat(gateway): add two-phase response and waitDecision handler for exec approvals Send immediate 'accepted' response after registration so callers can confirm the approval ID is valid. Add exec.approval.waitDecision endpoint to wait for decision on already-registered approvals. * fix(exec): await approval registration before returning approval-pending Ensures the approval ID is registered in the gateway before the tool returns. Uses exec.approval.request with expectFinal:false for registration, then fire-and-forget exec.approval.waitDecision for the decision phase. Fixes #2402 * test(gateway): update exec-approval test for two-phase response Add assertion for immediate 'accepted' response before final decision. * test(exec): update approval-id test mocks for new two-phase flow Mock both exec.approval.request (registration) and exec.approval.waitDecision (decision) calls to match the new internal implementation. * fix(lint): add cause to errors, use generics instead of type assertions * fix(exec-approval): guard register() against duplicate IDs * fix: remove unused timeoutMs param, guard register() against duplicates * fix(exec-approval): throw on duplicate ID, capture entry in closure * fix: return error on timeout, remove stale test mock branch * fix: wrap register() in try/catch, make timeout handling consistent * fix: update snapshot on timeout, make two-phase response opt-in * fix: extend grace period to 15s, return 'expired' status * fix: prevent double-resolve after timeout * fix: make register() idempotent, capture snapshot before await * fix(gateway): complete two-phase exec approval wiring * fix: finalize exec approval race fix (openclaw#3357) thanks @ramin-shirali * fix(protocol): regenerate exec approval request models (openclaw#3357) thanks @ramin-shirali * fix(test): remove unused callCount in discord threading test --------- Co-authored-by: rshirali <rshirali@rshirali-haga.local> Co-authored-by: rshirali <rshirali@rshirali-haga-1.home> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 19:57:02 +01:00
- Control UI: add hardened fallback for asset resolution in global npm installs. (#4855) Thanks @anapivirtua.
- Update: remove dead restore control-ui step that failed on gitignored dist/ output.
- Update: avoid wiping prebuilt Control UI assets during dev auto-builds (`tsdown --no-clean`), run update doctor via `openclaw.mjs`, and auto-restore missing UI assets after doctor. (#10146) Thanks @gumadeiras.
- Models: add forward-compat fallback for `openai-codex/gpt-5.3-codex` when model registry hasn't discovered it yet. (#9989) Thanks @w1kke.
- Auto-reply/Docs: normalize `extra-high` (and spaced variants) to `xhigh` for Codex thinking levels, and align Codex 5.3 FAQ examples. (#9976) Thanks @slonce70.
- Compaction: remove orphaned `tool_result` messages during history pruning to prevent session corruption from aborted tool calls. (#9868, fixes #9769, #9724, #9672)
- Telegram: pass `parentPeer` for forum topic binding inheritance so group-level bindings apply to all topics within the group. (#9789, fixes #9545, #9351)
- CLI: pass `--disable-warning=ExperimentalWarning` as a Node CLI option when respawning (avoid disallowed `NODE_OPTIONS` usage; fixes npm pack). (#9691) Thanks @18-RAJAT.
- CLI: resolve bundled Chrome extension assets by walking up to the nearest assets directory; add resolver and clipboard tests. (#8914) Thanks @kelvinCB.
- Tests: stabilize Windows ACL coverage with deterministic os.userInfo mocking. (#9335) Thanks @M00N7682.
- Exec approvals: coerce bare string allowlist entries to objects to prevent allowlist corruption. (#9903, fixes #9790) Thanks @mcaxtr.
- Exec approvals: ensure two-phase approval registration/decision flow works reliably by validating `twoPhase` requests and exposing `waitDecision` as an approvals-scoped gateway method. (#3357, fixes #2402) Thanks @ramin-shirali.
docs(changelog): curate 2026.2.6
2026-02-06 16:56:29 -08:00
- Heartbeat: allow explicit accountId routing for multi-account channels. (#8702) Thanks @lsh411.
- TUI/Gateway: handle non-streaming finals, refresh history for non-local chat runs, and avoid event gap warnings for targeted tool streams. (#8432) Thanks @gumadeiras.
- Shell completion: auto-detect and migrate slow dynamic patterns to cached files for faster terminal startup; add completion health checks to doctor/update/onboard.
- Telegram: honor session model overrides in inline model selection. (#8193) Thanks @gildo.
- Web UI: fix agent model selection saves for default/non-default agents and wrap long workspace paths. Thanks @Takhoffman.
- Web UI: resolve header logo path when `gateway.controlUi.basePath` is set. (#7178) Thanks @Yeom-JinHo.
- Web UI: apply button styling to the new-messages indicator.
- Onboarding: infer auth choice from non-interactive API key flags. (#8484) Thanks @f-trycua.
- Security: keep untrusted channel metadata out of system prompts (Slack/Discord). Thanks @KonstantinMirin.
- Security: enforce sandboxed media paths for message tool attachments. (#9182) Thanks @victormier.
- Security: require explicit credentials for gateway URL overrides to prevent credential leakage. (#8113) Thanks @victormier.
- Security: gate `whatsapp_login` tool to owner senders and default-deny non-owner contexts. (#8768) Thanks @victormier.
- Voice call: harden webhook verification with host allowlists/proxy trust and keep ngrok loopback bypass.
- Voice call: add regression coverage for anonymous inbound caller IDs with allowlist policy. (#8104) Thanks @victormier.
- Cron: accept epoch timestamps and 0ms durations in CLI `--at` parsing.
- Cron: reload store data when the store file is recreated or mtime changes.
- Cron: deliver announce runs directly, honor delivery mode, and respect wakeMode for summaries. (#8540) Thanks @tyler6204.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Telegram: include forward_from_chat metadata in forwarded messages and harden cron delivery target checks. (#8392) Thanks @sleontenko.
docs(changelog): curate 2026.2.6
2026-02-06 16:56:29 -08:00
- macOS: fix cron payload summary rendering and ISO 8601 formatter concurrency safety.
docs: credit memorySearch changelog
2026-02-10 00:14:36 -08:00
- Discord: enforce DM allowlists for agent components (buttons/select menus), honoring pairing store approvals and tag matches. (#11254) Thanks @thedudeabidesai.
chore: update changelog for #8193 (thanks @gildo)
2026-02-04 09:22:36 +05:30
fix: add legacy daemon-cli shim for updates
2026-02-03 18:04:42 -08:00
## 2026.2.2-3
### Fixes
- Update: ship legacy daemon-cli shim for pre-tsdown update imports (fixes daemon restart after npm update).
fix: improve build-info resolution for commit/version
2026-02-03 17:31:51 -08:00
## 2026.2.2-2
iMessage: promote BlueBubbles and refresh docs/skills (#8415) * feat: Make BlueBubbles the primary iMessage integration - Remove old imsg skill (skills/imsg/SKILL.md) - Create new BlueBubbles skill (skills/bluebubbles/SKILL.md) with message tool examples - Add keep-alive script documentation for VM/headless setups to docs/channels/bluebubbles.md - AppleScript that pokes Messages.app every 5 minutes - LaunchAgent configuration for automatic execution - Prevents Messages.app from going idle in VM environments - Update all documentation to prioritize BlueBubbles over legacy imsg: - Mark imsg channel as legacy throughout docs - Update README.md channel lists - Update wizard, hubs, pairing, and index docs - Update FAQ to recommend BlueBubbles for iMessage - Update RPC docs to note imsg as legacy pattern - Update Chinese documentation (zh-CN) - Replace imsg examples with generic macOS skill examples where appropriate BlueBubbles is now the recommended first-class iMessage integration, with the legacy imsg integration marked for potential future removal. * refactor: Update import paths and improve code formatting - Adjusted import paths in session-status-tool.ts, whatsapp-heartbeat.ts, and heartbeat-runner.ts for consistency. - Reformatted code for better readability by aligning and grouping related imports and function parameters. - Enhanced error messages and conditional checks for clarity in heartbeat-runner.ts. * skills: restore imsg skill and align bluebubbles skill * docs: update FAQ for clarity and formatting - Adjusted the formatting of the FAQ section to ensure consistent bullet point alignment. - No content changes were made, only formatting improvements for better readability. * style: oxfmt touched files * fix: preserve BlueBubbles developer reference (#8415) (thanks @tyler6204)
2026-02-03 18:06:54 -08:00
### Changes
- Docs: promote BlueBubbles as the recommended iMessage integration; mark imsg channel as legacy. (#8415) Thanks @tyler6204.
fix: improve build-info resolution for commit/version
2026-02-03 17:31:51 -08:00
### Fixes
- CLI status: resolve build-info from bundled dist output (fixes "unknown" commit in npm builds).
chore: bump version to 2026.2.2-1
2026-02-03 17:26:10 -08:00
## 2026.2.2-1
### Fixes
- CLI status: fall back to build-info for version detection (fixes "unknown" in beta builds). Thanks @gumadeira.
fix: expand SSRF guard coverage
2026-02-02 04:57:09 -08:00
## 2026.2.2
docs: add changelog for zh-CN translations (#6619) (thanks @joshp123)
2026-02-02 08:22:17 +00:00
### Changes
chore: prep 2026.2.2 docs/release checks
2026-02-03 16:38:42 -08:00
- Feishu: add Feishu/Lark plugin support + docs. (#7313) Thanks @jiulingyun (openclaw-cn).
feat(ui): add Agents dashboard
2026-02-02 21:31:17 -05:00
- Web UI: add Agents dashboard for managing agent files, tools, skills, models, channels, and cron jobs.
feat(cron): enhance delivery modes and job configuration - Updated isolated cron jobs to support new delivery modes: `announce` and `none`, improving output management. - Refactored job configuration to remove legacy fields and streamline delivery settings. - Enhanced the `CronJobEditor` UI to reflect changes in delivery options, including a new segmented control for delivery mode selection. - Updated documentation to clarify the new delivery configurations and their implications for job execution. - Improved tests to validate the new delivery behavior and ensure backward compatibility with legacy settings. This update provides users with greater flexibility in managing how isolated jobs deliver their outputs, enhancing overall usability and clarity in job configurations.
2026-02-03 16:53:46 -08:00
- Subagents: discourage direct messaging tool use unless a specific external recipient is requested.
fix: changelog entry for QMD memory (#3160) (thanks @vignesh07)
2026-02-02 23:28:21 -08:00
- Memory: implement the opt-in QMD backend for workspace memory. (#3160) Thanks @vignesh07.
chore: prepare 2026.2.2 release
2026-02-03 09:59:21 -08:00
- Security: add healthcheck skill and bootstrap audit guidance. (#7641) Thanks @Takhoffman.
chore: prep 2026.2.2 docs/release checks
2026-02-03 16:38:42 -08:00
- Config: allow setting a default subagent thinking level via `agents.defaults.subagents.thinking` (and per-agent `agents.list[].subagents.thinking`). (#7372) Thanks @tyler6204.
- Docs: zh-CN translations seed + polish, pipeline guidance, nav/landing updates, and typo fixes. (#8202, #6995, #6619, #7242, #7303, #7415) Thanks @AaronWander, @taiyi747, @Explorer1092, @rendaoyuan, @joshp123, @lailoo.
Docs: guard zh-CN i18n workflow What: - document zh-CN docs pipeline and generated-doc guardrails - note Discord escalation when the pipeline drags Why: - prevent accidental edits to generated translations Tests: - pnpm build - pnpm check - pnpm test Co-authored-by: Josh Palmer <joshpalmer123@gmail.com>
2026-02-03 17:18:13 -08:00
- Docs: add zh-CN i18n guardrails to avoid editing generated translations. (#8416) Thanks @joshp123.
docs: add changelog for zh-CN translations (#6619) (thanks @joshp123)
2026-02-02 08:22:17 +00:00
fix: expand SSRF guard coverage
2026-02-02 04:57:09 -08:00
### Fixes
fix: honor telegram model overrides in buttons (#8193) (thanks @gildo)
2026-02-04 09:16:10 +05:30
- Docs: finish renaming the QMD memory docs to reference the OpenClaw state dir.
- Onboarding: keep TUI flow exclusive (skip completion prompt + background Web UI seed).
- Onboarding: drop completion prompt now handled by install/update.
- TUI: block onboarding output while TUI is active and restore terminal state on exit.
- CLI: cache shell completion scripts in state dir and source cached files in profiles.
- Zsh completion: escape option descriptions to avoid invalid option errors.
- Agents: repair malformed tool calls and session transcripts. (#7473) Thanks @justinhuangcode.
- fix(agents): validate AbortSignal instances before calling AbortSignal.any() (#7277) (thanks @Elarwei001)
- fix(webchat): respect user scroll position during streaming and refresh (#7226) (thanks @marcomarandiz)
- Telegram: recover from grammY long-poll timed out errors. (#7466) Thanks @macmimi23.
- Media understanding: skip binary media from file text extraction. (#7475) Thanks @AlexZhangji.
fix(slack): fail closed on slash command channel type lookup
2026-02-02 16:53:02 -08:00
- Security: enforce access-group gating for Slack slash commands when channel type lookup fails.
docs(changelog): credit @simecek for gateway connect auth fix
2026-02-14 22:42:13 +01:00
- Security: require validated shared-secret auth before skipping device identity on gateway connect. Thanks @simecek.
fix: expand SSRF guard coverage
2026-02-02 04:57:09 -08:00
- Security: guard skill installer downloads with SSRF checks (block private/localhost URLs).
docs(changelog): note gateway /approve scope fix
2026-02-14 22:13:29 +01:00
- Security/Gateway: require `operator.approvals` for in-chat `/approve` when invoked from gateway clients. Thanks @yueyueL.
fix: harden Windows exec allowlist
2026-02-03 09:34:08 -08:00
- Security: harden Windows exec allowlist; block cmd.exe bypass via single &. Thanks @simecek.
chore: prep 2026.2.2 docs/release checks
2026-02-03 16:38:42 -08:00
- Media understanding: apply SSRF guardrails to provider fetches; allow private baseUrl overrides explicitly.
fix: normalize Discord autoThread reply target (#8302) (thanks @gavinbmoore)
2026-02-13 13:04:19 -06:00
- fix(voice-call): harden inbound allowlist; reject anonymous callers; require Telnyx publicKey for allowlist; token-gate Twilio media streams; cap webhook body size (thanks @simecek)
chore: prepare 2026.2.2 release
2026-02-03 09:59:21 -08:00
- Onboarding: keep TUI flow exclusive (skip completion prompt + background Web UI seed); completion prompt now handled by install/update.
- CLI/Zsh completion: cache scripts in state dir and escape option descriptions to avoid invalid option errors.
fix(skills): warn when bundled dir missing
2026-02-03 14:01:40 -05:00
- fix(ui): resolve Control UI asset path correctly.
fix(ui): note agent file refresh in changelog
2026-02-03 14:15:47 -05:00
- fix(ui): refresh agent files after external edits.
chore: prepare 2026.2.2 release
2026-02-03 09:59:21 -08:00
- Tests: stub SSRF DNS pinning in web auto-reply + Gemini video coverage. (#6619) Thanks @joshp123.
fix: expand SSRF guard coverage
2026-02-02 04:57:09 -08:00
chore: bump to 2026.2.1
2026-02-02 08:50:34 +00:00
## 2026.2.1
docs: start 2026.1.31 changelog
2026-01-31 16:28:19 +01:00
### Changes
docs: update 2026.2.1 changelog
2026-02-02 03:25:22 -08:00
- Docs: onboarding/install/i18n/exec-approvals/Control UI/exe.dev/cacheRetention updates + misc nav/typos. (#3050, #3461, #4064, #4675, #4729, #4763, #5003, #5402, #5446, #5474, #5663, #5689, #5694, #5967, #6270, #6300, #6311, #6416, #6487, #6550, #6789)
docs: add changelog for zh-CN translations (#6619) (thanks @joshp123)
2026-02-02 08:22:17 +00:00
- Telegram: use shared pairing store. (#6127) Thanks @obviyus.
- Agents: add OpenRouter app attribution headers. Thanks @alexanderatallah.
- Agents: add system prompt safety guardrails. (#5445) Thanks @joshp123.
- Agents: update pi-ai to 0.50.9 and rename cacheControlTtl -> cacheRetention (with back-compat mapping).
- Agents: extend CreateAgentSessionOptions with systemPrompt/skills/contextFiles.
- Agents: add tool policy conformance snapshot (no runtime behavior change). (#6011)
- Auth: update MiniMax OAuth hint + portal auth note copy.
- Discord: inherit thread parent bindings for routing. (#3892) Thanks @aerolalit.
- Gateway: inject timestamps into agent and chat.send messages. (#3705) Thanks @conroywhitney, @CashWilliams.
- Gateway: require TLS 1.3 minimum for TLS listeners. (#5970) Thanks @loganaden.
- Web UI: refine chat layout + extend session active duration.
- CI: add formal conformance + alias consistency checks. (#5723, #5807)
### Fixes
- Security: guard remote media fetches with SSRF protections (block private/localhost, DNS pinning).
- Updates: clean stale global install rename dirs and extend gateway update timeouts to avoid npm ENOTEMPTY failures.
docs(changelog): credit logicx24 for plugin install traversal report
2026-02-14 22:53:42 +01:00
- Security/Plugins/Hooks: validate install paths and reject traversal-like names (prevents path traversal outside the state dir). Thanks @logicx24.
docs: add changelog for zh-CN translations (#6619) (thanks @joshp123)
2026-02-02 08:22:17 +00:00
- Telegram: add download timeouts for file fetches. (#6914) Thanks @hclsys.
- Telegram: enforce thread specs for DM vs forum sends. (#6833) Thanks @obviyus.
- Streaming: flush block streaming on paragraph boundaries for newline chunking. (#7014)
- Streaming: stabilize partial streaming filters.
- Auto-reply: avoid referencing workspace files in /new greeting prompt. (#5706) Thanks @bravostation.
- Tools: align tool execute adapters/signatures (legacy + parameter order + arg normalization).
chore: fix formatting and CI
2026-02-02 16:41:49 +00:00
- Tools: treat "\*" tool allowlist entries as valid to avoid spurious unknown-entry warnings.
docs: add changelog for zh-CN translations (#6619) (thanks @joshp123)
2026-02-02 08:22:17 +00:00
- Skills: update session-logs paths from .clawdbot to .openclaw. (#4502)
- Slack: harden media fetch limits and Slack file URL validation. (#6639) Thanks @davidiach.
- Lint: satisfy curly rule after import sorting. (#6310)
- Process: resolve Windows `spawn()` failures for npm-family CLIs by appending `.cmd` when needed. (#5815) Thanks @thejhinvirtuoso.
- Discord: resolve PluralKit proxied senders for allowlists and labels. (#5838) Thanks @thewilloftheshadow.
- Tlon: add timeout to SSE client fetch calls (CWE-400). (#5926)
- Memory search: L2-normalize local embedding vectors to fix semantic search. (#5332)
- Agents: align embedded runner + typings with pi-coding-agent API updates (pi 0.51.0).
- Agents: ensure OpenRouter attribution headers apply in the embedded runner.
- Agents: cap context window resolution for compaction safeguard. (#6187) Thanks @iamEvanYT.
- System prompt: resolve overrides and hint using session_status for current date/time. (#1897, #1928, #2108, #3677)
- Agents: fix Pi prompt template argument syntax. (#6543)
- Subagents: fix announce failover race (always emit lifecycle end; timeout=0 means no-timeout). (#6621)
- Teams: gate media auth retries.
- Telegram: restore draft streaming partials. (#5543) Thanks @obviyus.
- Onboarding: friendlier Windows onboarding message. (#6242) Thanks @shanselman.
- TUI: prevent crash when searching with digits in the model selector.
- Agents: wire before_tool_call plugin hook into tool execution. (#6570, #6660) Thanks @ryancnelson.
- Browser: secure Chrome extension relay CDP sessions.
- Docker: use container port for gateway command instead of host port. (#5110) Thanks @mise42.
- Docker: start gateway CMD by default for container deployments. (#6635) Thanks @kaizen403.
- fix(lobster): block arbitrary exec via lobsterPath/cwd injection (GHSA-4mhr-g7xj-cg8j). (#5335) Thanks @vignesh07.
- Security: sanitize WhatsApp accountId to prevent path traversal. (#4610)
- Security: restrict MEDIA path extraction to prevent LFI. (#4930)
- Security: validate message-tool filePath/path against sandbox root. (#6398)
- Security: block LD*/DYLD* env overrides for host exec. (#4896) Thanks @HassanFleyah.
- Security: harden web tool content wrapping + file parsing safeguards. (#4058) Thanks @VACInc.
- Security: enforce Twitch `allowFrom` allowlist gating (deny non-allowlisted senders). Thanks @MegaManSec.
## 2026.1.31
docs: start 2026.1.31 changelog
2026-01-31 16:28:19 +01:00
### Fixes
docs: fold 2026.2.2 into 2026.2.1
2026-02-02 02:43:54 -08:00
- Plugins: validate plugin/hook install paths and reject traversal-like names.
fix: treat '*' tool allowlist as valid
2026-02-02 08:45:47 +00:00
- Tools: treat `"*"` tool allowlist entries as valid to avoid spurious unknown-entry warnings.
fix: restore telegram draft streaming partials (#5543) (thanks @obviyus)
2026-01-31 22:45:27 +05:30
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
## 2026.1.30
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
- CLI: add `completion` command (Zsh/Bash/PowerShell/Fish) and auto-setup during postinstall/onboarding.
- CLI: add per-agent `models status` (`--agent` filter). (#4780) Thanks @jlowin.
- Agents: add Kimi K2.5 to the synthetic model catalog. (#4407) Thanks @manikv12.
- Auth: switch Kimi Coding to built-in provider; normalize OAuth profile email.
feat: add MiniMax OAuth plugin (#4521) (thanks @Maosghoul)
2026-01-31 12:42:45 +01:00
- Auth: add MiniMax OAuth plugin + onboarding option. (#4521) Thanks @Maosghoul.
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
- Agents: update pi SDK/API usage and dependencies.
- Web UI: refresh sessions after chat commands and improve session display names.
- Build: move TypeScript builds to `tsdown` + `tsgo` (faster builds, CI typechecks), update tsconfig target, and clean up lint rules.
fix: align npm publish metadata
2026-01-31 14:20:58 +01:00
- Build: align npm tar override and bin metadata so the `openclaw` CLI entrypoint is preserved in npm publishes.
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
- Docs: add pi/pi-dev docs and update OpenClaw branding + install links.
fix: stabilize docker e2e flows
2026-02-02 13:08:52 +00:00
- Docker E2E: stabilize gateway readiness, plugin installs/manifests, and cleanup/doctor switch entrypoint checks.
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
- Security: restrict local path extraction in media parser to prevent LFI. (#4880)
- Gateway: prevent token defaults from becoming the literal "undefined". (#4873) Thanks @Hisleren.
- Control UI: fix assets resolution for npm global installs. (#4909) Thanks @YuriNachos.
fix: avoid stderr backpressure in macOS discovery (#3304) (thanks @abhijeet117)
2026-01-31 12:02:32 +01:00
- macOS: avoid stderr pipe backpressure in gateway discovery. (#3304) Thanks @abhijeet117.
chore: bump version to 2026.1.30
2026-01-31 11:37:33 +01:00
- Telegram: normalize account token lookup for non-normalized IDs. (#5055) Thanks @jasonsschin.
- Telegram: preserve delivery thread fallback and fix threadId handling in delivery context.
- Telegram: fix HTML nesting for overlapping styles/links. (#4578) Thanks @ThanhNguyxn.
- Telegram: accept numeric messageId/chatId in react actions. (#4533) Thanks @Ayush10.
- Telegram: honor per-account proxy dispatcher via undici fetch. (#4456) Thanks @spiceoogway.
- Telegram: scope skill commands to bound agent per bot. (#4360) Thanks @robhparker.
- BlueBubbles: debounce by messageId to preserve attachments in text+image messages. (#4984)
- Routing: prefer requesterOrigin over stale session entries for sub-agent announce delivery. (#4957)
- Extensions: restore embedded extension discovery typings.
- CLI: fix `tui:dev` port resolution.
- LINE: fix status command TypeError. (#4651)
- OAuth: skip expired-token warnings when refresh tokens are still valid. (#4593)
- Build: skip redundant UI install step in Dockerfile. (#4584) Thanks @obviyus.
docs: reorder 2026.1.29 changelog
2026-01-30 05:37:12 +01:00
## 2026.1.29
chore: start 2026.1.25 changelog
2026-01-25 20:58:35 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Rebrand: rename the npm package/CLI to `openclaw`, add a `openclaw` compatibility shim, and move extensions to the `@openclaw/*` scope.
docs: reorder 2026.1.29 changelog
2026-01-30 05:37:12 +01:00
- Onboarding: strengthen security warning copy for beta + access control expectations.
- Onboarding: add Venice API key to non-interactive flow. (#1893) Thanks @jonisjongithub.
- Config: auto-migrate legacy state/config paths and keep config resolution consistent across legacy filenames.
- Gateway: warn on hook tokens via query params; document header auth preference. (#2200) Thanks @YuriNachos.
- Gateway: add dangerous Control UI device auth bypass flag + audit warnings. (#2248)
- Doctor: warn on gateway exposure without auth. (#2016) Thanks @Alex-Alaniz.
- Web UI: keep sub-agent announce replies visible in WebChat. (#1977) Thanks @andrescardonas7.
- Browser: route browser control via gateway/node; remove standalone browser control command and control URL config.
- Browser: route `browser.request` via node proxies when available; honor proxy timeouts; derive browser ports from `gateway.port`.
- Browser: fall back to URL matching for extension relay target resolution. (#1999) Thanks @jonit-dev.
- Telegram: allow caption param for media sends. (#1888) Thanks @mguellsegarra.
- Telegram: support plugin sendPayload channelData (media/buttons) and validate plugin commands. (#1917) Thanks @JoshuaLelon.
- Telegram: avoid block replies when streaming is disabled. (#1885) Thanks @ivancasco.
- Telegram: add optional silent send flag (disable notifications). (#2382) Thanks @Suksham-sharma.
- Telegram: support editing sent messages via message(action="edit"). (#2394) Thanks @marcelomar21.
- Telegram: support quote replies for message tool and inbound context. (#2900) Thanks @aduk059.
- Telegram: add sticker receive/send with vision caching. (#2629) Thanks @longjos.
- Telegram: send sticker pixels to vision models. (#2650)
- Telegram: keep topic IDs in restart sentinel notifications. (#1807) Thanks @hsrvc.
- Discord: add configurable privileged gateway intents for presences/members. (#2266) Thanks @kentaro.
- Slack: clear ack reaction after streamed replies. (#2044) Thanks @fancyboi999.
- Matrix: switch plugin SDK to @vector-im/matrix-bot-sdk.
- Tlon: format thread reply IDs as @ud. (#1837) Thanks @wca4a.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Tools: add per-sender group tool policies and fix precedence. (#1757) Thanks @adam91holt.
fix: summarize dropped compaction messages (#2509) (thanks @jogi47)
2026-01-26 20:34:37 -06:00
- Agents: summarize dropped messages during compaction safeguard pruning. (#2509) Thanks @jogi47.
docs: reorder 2026.1.29 changelog
2026-01-30 05:37:12 +01:00
- Agents: expand cron tool description with full schema docs. (#1988) Thanks @tomascupr.
- Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Memory Search: allow extra paths for memory indexing (ignores symlinks). (#3600) Thanks @kira-ariaki.
fix: add multi-image input support to nano-banana-pro skill (#1958) (thanks @tyler6204)
2026-01-26 14:22:24 -08:00
- Skills: add multi-image input support to Nano Banana Pro skill. (#1958) Thanks @tyler6204.
docs: reorder 2026.1.29 changelog
2026-01-30 05:37:12 +01:00
- Skills: add missing dependency metadata for GitHub, Notion, Slack, Discord. (#1995) Thanks @jackheuberger.
- Commands: group /help and /commands output with Telegram paging. (#2504) Thanks @hougangdev.
- Routing: add per-account DM session scope and document multi-account isolation. (#3095) Thanks @jarvis-sam.
- Routing: precompile session key regexes. (#1697) Thanks @Ray0907.
- CLI: use Node's module compile cache for faster startup. (#2808) Thanks @pi0.
- Auth: show copyable Google auth URL after ASCII prompt. (#1787) Thanks @robbyczgw-cla.
- TUI: avoid width overflow when rendering selection lists. (#1686) Thanks @mossein.
- macOS: finish OpenClaw app rename for macOS sources, bundle identifiers, and shared kit paths. (#2844) Thanks @fal3.
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Branding: update launchd labels, mobile bundle IDs, and logging subsystems to bot.molt (legacy bundle ID migrations). Thanks @thewilloftheshadow.
docs: reorder 2026.1.29 changelog
2026-01-30 05:37:12 +01:00
- macOS: limit project-local `node_modules/.bin` PATH preference to debug builds (reduce PATH hijacking risk).
- macOS: keep custom SSH usernames in remote target. (#2046) Thanks @algal.
- macOS: avoid crash when rendering code blocks by bumping Textual to 0.3.1. (#2033) Thanks @garricn.
- Update: ignore dist/control-ui for dirty checks and restore after ui builds. (#1976) Thanks @Glucksberg.
- Build: bundle A2UI assets during build and stop tracking generated bundles. (#2455) Thanks @0oAstro.
- CI: increase Node heap size for macOS checks. (#1890) Thanks @realZachi.
- Config: apply config.env before ${VAR} substitution. (#1813) Thanks @spanishflu-est1918.
- Gateway: prefer newest session metadata when combining stores. (#1823) Thanks @emanuelst.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Docs: tighten Fly private deployment steps. (#2289) Thanks @dguido.
- Docs: add migration guide for moving to a new machine. (#2381)
- Docs: add Northflank one-click deployment guide. (#2167) Thanks @AdeboyeDN.
- Docs: add Vercel AI Gateway to providers sidebar. (#1901) Thanks @jerilynzheng.
- Docs: add Render deployment guide. (#1975) Thanks @anurag.
- Docs: add Claude Max API Proxy guide. (#1875) Thanks @atalovesyou.
- Docs: add DigitalOcean deployment guide. (#1870) Thanks @0xJonHoldsCrypto.
- Docs: add Oracle Cloud (OCI) platform guide + cross-links. (#2333) Thanks @hirefrank.
- Docs: add Raspberry Pi install guide. (#1871) Thanks @0xJonHoldsCrypto.
- Docs: add GCP Compute Engine deployment guide. (#1848) Thanks @hougangdev.
- Docs: add LINE channel guide. Thanks @thewilloftheshadow.
- Docs: credit both contributors for Control UI refresh. (#1852) Thanks @EnzeD.
- Docs: keep docs header sticky so navbar stays visible while scrolling. (#2445) Thanks @chenyuan99.
- Docs: update exe.dev install instructions. (#https://github.com/openclaw/openclaw/pull/3047) Thanks @zackerthescar.
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: harden gateway auth defaults
2026-01-26 18:18:55 +00:00
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: harden gateway auth defaults
2026-01-26 18:18:55 +00:00
- **BREAKING:** Gateway auth mode "none" is removed; gateway now requires token/password (Tailscale Serve identity still allowed).
fix(webchat): support image-only sends
2026-01-26 05:32:29 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix(skill): update session-logs paths from .clawdbot to .openclaw (#4502) Co-authored-by: Jarvis <jarvis@openclaw.ai> Co-authored-by: CLAWDINATOR Bot <clawdinator[bot]@users.noreply.github.com> Co-authored-by: Shadow <shadow@openclaw.ai>
2026-02-01 13:42:28 -04:00
- Skills: update session-logs paths to use ~/.openclaw. (#4502) Thanks @bonald.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Telegram: avoid silent empty replies by tracking normalization skips before fallback. (#3796)
- Mentions: honor mentionPatterns even when explicit mentions are present. (#3303) Thanks @HirokiKobayashi-R.
- Discord: restore username directory lookup in target resolution. (#3131) Thanks @bonald.
- Agents: align MiniMax base URL test expectation with default provider config. (#3131) Thanks @bonald.
- Agents: prevent retries on oversized image errors and surface size limits. (#2871) Thanks @Suksham-sharma.
- Agents: inherit provider baseUrl/api for inline models. (#2740) Thanks @lploc94.
- Memory Search: keep auto provider model defaults and only include remote when configured. (#2576) Thanks @papago2355.
- Telegram: include AccountId in native command context for multi-agent routing. (#2942) Thanks @Chloe-VP.
- Telegram: handle video note attachments in media extraction. (#2905) Thanks @mylukin.
- TTS: read OPENAI_TTS_BASE_URL at runtime instead of module load to honor config.env. (#3341) Thanks @hclsys.
- macOS: auto-scroll to bottom when sending a new message while scrolled up. (#2471) Thanks @kennyklee.
- Web UI: auto-expand the chat compose textarea while typing (with sensible max height). (#2950) Thanks @shivamraut101.
- Gateway: prevent crashes on transient network errors (fetch failures, timeouts, DNS). Added fatal error detection to only exit on truly critical errors. Fixes #2895, #2879, #2873. (#2980) Thanks @elliotsecops.
- Agents: guard channel tool listActions to avoid plugin crashes. (#2859) Thanks @mbelinky.
- Discord: stop resolveDiscordTarget from passing directory params into messaging target parsers. Fixes #3167. Thanks @thewilloftheshadow.
- Discord: avoid resolving bare channel names to user DMs when a username matches. Thanks @thewilloftheshadow.
- Discord: fix directory config type import for target resolution. Thanks @thewilloftheshadow.
- Providers: update MiniMax API endpoint and compatibility mode. (#3064) Thanks @hlbbbbbbb.
- Telegram: treat more network errors as recoverable in polling. (#3013) Thanks @ryancontent.
- Discord: resolve usernames to user IDs for outbound messages. (#2649) Thanks @nonggialiang.
- Providers: update Moonshot Kimi model references to kimi-k2.5. (#2762) Thanks @MarvinCui.
- Gateway: suppress AbortError and transient network errors in unhandled rejections. (#2451) Thanks @Glucksberg.
- TTS: keep /tts status replies on text-only commands and avoid duplicate block-stream audio. (#2451) Thanks @Glucksberg.
- Security: pin npm overrides to keep tar@7.5.4 for install toolchains.
- Security: properly test Windows ACL audit for config includes. (#2403) Thanks @dominicnunez.
- CLI: recognize versioned Node executables when parsing argv. (#2490) Thanks @David-Marsh-Photo.
- CLI: avoid prompting for gateway runtime under the spinner. (#2874)
- BlueBubbles: coalesce inbound URL link preview messages. (#1981) Thanks @tyler6204.
- Cron: allow payloads containing "heartbeat" in event filter. (#2219) Thanks @dwfinkelstein.
- CLI: avoid loading config for global help/version while registering plugin commands. (#2212) Thanks @dial481.
- Agents: include memory.md when bootstrapping memory context. (#2318) Thanks @czekaj.
- Agents: release session locks on process termination and cover more signals. (#2483) Thanks @janeexai.
- Agents: skip cooldowned providers during model failover. (#2143) Thanks @YiWang24.
- Telegram: harden polling + retry behavior for transient network errors and Node 22 transport issues. (#2420) Thanks @techboss.
- Telegram: ignore non-forum group message_thread_id while preserving DM thread sessions. (#2731) Thanks @dylanneve1.
- Telegram: wrap reasoning italics per line to avoid raw underscores. (#2181) Thanks @YuriNachos.
- Telegram: centralize API error logging for delivery and bot calls. (#2492) Thanks @altryne.
- Voice Call: enforce Twilio webhook signature verification for ngrok URLs; disable ngrok free tier bypass by default.
- Security: harden Tailscale Serve auth by validating identity via local tailscaled before trusting headers.
- Media: fix text attachment MIME misclassification with CSV/TSV inference and UTF-16 detection; add XML attribute escaping for file output. (#3628) Thanks @frankekn.
- Build: align memory-core peer dependency with lockfile.
- Security: add mDNS discovery mode with minimal default to reduce information disclosure. (#1882) Thanks @orlyjamie.
- Security: harden URL fetches with DNS pinning to reduce rebinding risk. Thanks Chris Zheng.
- Web UI: improve WebChat image paste previews and allow image-only sends. (#1925) Thanks @smartprogrammer93.
- Security: wrap external hook content by default with a per-hook opt-out. (#1827) Thanks @mertcicekci0.
- Gateway: default auth now fail-closed (token/password required; Tailscale Serve identity remains allowed).
- Gateway: treat loopback + non-local Host connections as remote unless trusted proxy headers are present.
- Onboarding: remove unsupported gateway auth "off" choice from onboarding/configure flows and CLI flags.
## 2026.1.24-3
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Slack: fix image downloads failing due to missing Authorization header on cross-origin redirects. (#1936) Thanks @sanderhelgesen.
- Gateway: harden reverse proxy handling for local-client detection and unauthenticated proxied connects. (#1795) Thanks @orlyjamie.
- Security audit: flag loopback Control UI with auth disabled as critical. (#1795) Thanks @orlyjamie.
- CLI: resume claude-cli sessions and stream CLI replies to TUI clients. (#1921) Thanks @rmorse.
chore: release 2026.1.24-1
2026-01-25 14:08:20 +00:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
## 2026.1.24-2
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Packaging: include dist/link-understanding output in npm tarball (fixes missing apply.js import on install).
## 2026.1.24-1
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Packaging: include dist/shared output in npm tarball (fixes missing reasoning-tags import on install).
chore: release 2026.1.24-1
2026-01-25 14:08:20 +00:00
chore: bump 2026.1.24
2026-01-24 15:00:00 +00:00
## 2026.1.24
docs: highlight Ollama provider discovery
2026-01-24 23:09:48 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Providers: Ollama discovery + docs; Venice guide upgrades + cross-links. (#1606) Thanks @abhaymundhara. https://docs.openclaw.ai/providers/ollama https://docs.openclaw.ai/providers/venice
docs: expand 2026.1.24 highlights
2026-01-25 13:00:52 +00:00
- Channels: LINE plugin (Messaging API) with rich replies + quick replies. (#1630) Thanks @plum-dawg.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- TTS: Edge fallback (keyless) + `/tts` auto modes. (#1668, #1667) Thanks @steipete, @sebslight. https://docs.openclaw.ai/tts
- Exec approvals: approve in-chat via `/approve` across all channels (including plugins). (#1621) Thanks @czekaj. https://docs.openclaw.ai/tools/exec-approvals https://docs.openclaw.ai/tools/slash-commands
- Telegram: DM topics as separate sessions + outbound link preview toggle. (#1597, #1700) Thanks @rohannagpal, @zerone0x. https://docs.openclaw.ai/channels/telegram
docs: highlight Ollama provider discovery
2026-01-24 23:09:48 +00:00
chore: bump 2026.1.24
2026-01-24 15:00:00 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Channels: add LINE plugin (Messaging API) with rich replies, quick replies, and plugin HTTP registry. (#1630) Thanks @plum-dawg.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- TTS: add Edge TTS provider fallback, defaulting to keyless Edge with MP3 retry on format failures. (#1668) Thanks @steipete. https://docs.openclaw.ai/tts
- TTS: add auto mode enum (off/always/inbound/tagged) with per-session `/tts` override. (#1667) Thanks @sebslight. https://docs.openclaw.ai/tts
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Telegram: treat DM topics as separate sessions and keep DM history limits stable with thread suffixes. (#1597) Thanks @rohannagpal.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Telegram: add `channels.telegram.linkPreview` to toggle outbound link previews. (#1700) Thanks @zerone0x. https://docs.openclaw.ai/channels/telegram
- Web search: add Brave freshness filter parameter for time-scoped results. (#1688) Thanks @JonUleis. https://docs.openclaw.ai/tools/web
Docs: credit Control UI refresh contributors (#1852)
2026-01-25 22:18:47 -06:00
- UI: refresh Control UI dashboard design system (colors, icons, typography). (#1745, #1786) Thanks @EnzeD, @mousberg.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Exec approvals: forward approval prompts to chat with `/approve` for all channels (including plugins). (#1621) Thanks @czekaj. https://docs.openclaw.ai/tools/exec-approvals https://docs.openclaw.ai/tools/slash-commands
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Gateway: expose config.patch in the gateway tool with safe partial updates + restart sentinel. (#1653) Thanks @steipete.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Diagnostics: add diagnostic flags for targeted debug logs (config + env override). https://docs.openclaw.ai/diagnostics/flags
chore: bump 2026.1.24
2026-01-24 15:00:00 +00:00
- Docs: expand FAQ (migration, scheduling, concurrency, model recommendations, OpenAI subscription auth, Pi sizing, hackable install, docs SSL workaround).
- Docs: add verbose installer troubleshooting guidance.
docs: expand macOS VM guide (#1693) (thanks @f-trycua)
2026-01-25 05:13:51 +00:00
- Docs: add macOS VM guide with local/hosted options + VPS/nodes guidance. (#1693) Thanks @f-trycua.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Docs: add Bedrock EC2 instance role setup + IAM steps. (#1625) Thanks @sergical. https://docs.openclaw.ai/bedrock
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Docs: update Fly.io guide notes.
- Dev: add prek pre-commit hooks + dependabot config for weekly updates. (#1720) Thanks @dguido.
chore: bump 2026.1.24
2026-01-24 15:00:00 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: config/debug UI overflow (#1715) Thanks @saipreetham589. Co-authored-by: SaiPreetham <saipreetham.pesu@gmail.com>
2026-01-25 13:20:37 +00:00
- Web UI: fix config/debug layout overflow, scrolling, and code block sizing. (#1715) Thanks @saipreetham589.
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Web UI: show Stop button during active runs, swap back to New session when idle. (#1664) Thanks @ndbroadbent.
docs(changelog): reattribute duplicated PR credits
2026-03-03 05:40:01 +00:00
- Web UI: clear stale disconnect banners on reconnect; allow form saves with unsupported schema paths but block missing schema. (#1707) Thanks @steipete.
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Web UI: hide internal `message_id` hints in chat bubbles.
fix: allow control ui token auth without pairing
2026-01-25 12:47:06 +00:00
- Gateway: allow Control UI token-only auth to skip device pairing even when device identity is present (`gateway.controlUi.allowInsecureAuth`). (#1679) Thanks @steipete.
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Matrix: decrypt E2EE media attachments with preflight size guard. (#1744) Thanks @araa47.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- BlueBubbles: route phone-number targets to DMs, avoid leaking routing IDs, and auto-create missing DMs (Private API required). (#1751) Thanks @tyler6204. https://docs.openclaw.ai/channels/bluebubbles
fix: preserve BlueBubbles reply tag GUIDs
2026-01-24 23:09:16 +00:00
- BlueBubbles: keep part-index GUIDs in reply tags when short IDs are missing.
fix(imessage): normalize messaging targets (#1708) Co-authored-by: Aaron Ng <1653630+aaronn@users.noreply.github.com>
2026-01-25 13:43:32 +00:00
- iMessage: normalize chat_id/chat_guid/chat_identifier prefixes case-insensitively and keep service-prefixed handles stable. (#1708) Thanks @aaronn.
fix: signal reactions
2026-01-25 03:20:09 +00:00
- Signal: repair reaction sends (group/UUID targets + CLI author flags). (#1651) Thanks @vilkasdev.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Signal: add configurable signal-cli startup timeout + external daemon mode docs. (#1677) https://docs.openclaw.ai/channels/signal
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Telegram: set fetch duplex="half" for uploads on Node 22 to avoid sendPhoto failures. (#1684) Thanks @commdata2338.
- Telegram: use wrapped fetch for long-polling on Node to normalize AbortSignal handling. (#1639)
- Telegram: honor per-account proxy for outbound API calls. (#1774) Thanks @radek-paclt.
fix(telegram): fall back to text when voice messages forbidden (#1725) * fix(telegram): fall back to text when voice messages forbidden When TTS auto mode is enabled, slash commands like /status would fail silently because sendVoice was rejected with VOICE_MESSAGES_FORBIDDEN. The entire reply would fail without any text being sent. This adds error handling to catch VOICE_MESSAGES_FORBIDDEN specifically and fall back to sending the text content as a regular message instead of failing completely. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: handle telegram voice fallback errors (#1725) (thanks @foeken) --------- Co-authored-by: Echo <andre.foeken@Donut.local> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-25 14:18:41 +01:00
- Telegram: fall back to text when voice notes are blocked by privacy settings. (#1725) Thanks @foeken.
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Voice Call: return stream TwiML for outbound conversation calls on initial Twilio webhook. (#1634)
- Voice Call: serialize Twilio TTS playback and cancel on barge-in to prevent overlap. (#1713) Thanks @dguido.
- Google Chat: tighten email allowlist matching, typing cleanup, media caps, and onboarding/docs/tests. (#1635) Thanks @iHildy.
- Google Chat: normalize space targets without double `spaces/` prefix.
fix: auto-compact on context overflow promptError before returning error (#1627) * fix: detect Anthropic 'Request size exceeds model context window' as context overflow Anthropic now returns 'Request size exceeds model context window' instead of the previously detected 'prompt is too long' format. This new error message was not recognized by isContextOverflowError(), causing auto-compaction to NOT trigger. Users would see the raw error twice without any recovery attempt. Changes: - Add 'exceeds model context window' and 'request size exceeds' to isContextOverflowError() detection patterns - Add tests that fail without the fix, verifying both the raw error string and the JSON-wrapped format from Anthropic's API - Add test for formatAssistantErrorText to ensure the friendly 'Context overflow' message is shown instead of the raw error Note: The upstream pi-ai package (@mariozechner/pi-ai) also needs a fix in its OVERFLOW_PATTERNS regex: /exceeds the context window/i should be changed to /exceeds.*context window/i to match both 'the' and 'model' variants for triggering auto-compaction retry. * fix(tests): remove unused imports and helper from test files Remove WorkspaceBootstrapFile references and _makeFile helper that were incorrectly copied from another test file. These caused type errors and were unrelated to the context overflow detection tests. * fix: trigger auto-compaction on context overflow promptError When the LLM rejects a request with a context overflow error that surfaces as a promptError (thrown exception rather than streamed error), the existing auto-compaction in pi-coding-agent never triggers. This happens because the error bypasses the agent's message_end → agent_end → _checkCompaction path. This fix adds a fallback compaction attempt directly in the run loop: - Detects context overflow in promptError (excluding compaction_failure) - Calls compactEmbeddedPiSessionDirect (bypassing lane queues since already in-lane) - Retries the prompt after successful compaction - Limits to one compaction attempt per run to prevent infinite loops Fixes: context overflow errors shown to user without auto-compaction attempt * style: format compact.ts and run.ts with oxfmt * fix: tighten context overflow match (#1627) (thanks @rodrigouroz) --------- Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-24 19:09:24 -03:00
- Agents: auto-compact on context overflow prompt errors before failing. (#1627) Thanks @rodrigouroz.
fix: use active auth profile for auto-compaction
2026-01-24 22:23:49 +00:00
- Agents: use the active auth profile for auto-compaction recovery.
fix: skip image understanding for vision models (#1747) Thanks @tyler6204. Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com>
2026-01-25 09:56:57 +00:00
- Media understanding: skip image understanding when the primary model already supports vision. (#1747) Thanks @tyler6204.
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- Models: default missing custom provider fields so minimal configs are accepted.
- Messaging: keep newline chunking safe for fenced markdown blocks across channels.
fix: paragraph-aware newline chunking (#1726) Thanks @tyler6204 Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com>
2026-01-25 13:24:00 +00:00
- Messaging: treat newline chunking as paragraph-aware (blank-line splits) to keep lists and headings together. (#1726) Thanks @tyler6204.
docs: reorder 2026.1.24 changelog
2026-01-25 12:58:00 +00:00
- TUI: reload history after gateway reconnect to restore session state. (#1663)
- Heartbeat: normalize target identifiers for consistent routing.
- Exec: keep approvals for elevated ask unless full mode. (#1616) Thanks @ivancasco.
- Exec: treat Windows platform labels as Windows for node shell selection. (#1760) Thanks @ymat19.
- Gateway: include inline config env vars in service install environments. (#1735) Thanks @Seredeep.
fix: skip tailscale dns probe when off
2026-01-25 02:49:16 +00:00
- Gateway: skip Tailscale DNS probing when tailscale.mode is off. (#1671)
fix: reduce log noise for node disconnect/late invoke errors (#1607) * fix: reduce log noise for node disconnect/late invoke errors - Handle both 'node not connected' and 'node disconnected' errors at info level - Return success with late:true for unknown invoke IDs instead of error - Add 30-second throttle to skills change listener to prevent rapid-fire probes - Add tests for isNodeUnavailableError and late invoke handling * fix: clean up skills refresh timer and listener on shutdown Store the return value from registerSkillsChangeListener() and call it on gateway shutdown. Also clear any pending refresh timer. This follows the same pattern used for agentUnsub and heartbeatUnsub. * refactor: simplify KISS/YAGNI - inline checks, remove unit tests for internal utilities * fix: reduce gateway log noise (#1607) (thanks @petter-b) * test: align agent id casing expectations (#1607) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-24 21:05:41 +01:00
- Gateway: reduce log noise for late invokes + remote node probes; debounce skills refresh. (#1607) Thanks @petter-b.
fix: clarify control ui auth hints (fixes #1690)
2026-01-25 04:46:42 +00:00
- Gateway: clarify Control UI/WebChat auth error hints for missing tokens. (#1690)
fix: listen on ipv6 loopback for gateway
2026-01-25 05:48:40 +00:00
- Gateway: listen on IPv6 loopback when bound to 127.0.0.1 so localhost webhooks work.
fix: move gateway lock to temp dir
2026-01-25 09:21:39 +00:00
- Gateway: store lock files in the temp directory to avoid stale locks on persistent volumes. (#1676)
fix: default direct gateway port + docs (#1603) (thanks @ngutman)
2026-01-24 21:01:42 +00:00
- macOS: default direct-transport `ws://` URLs to port 18789; document `gateway.remote.transport`. (#1603) Thanks @ngutman.
Telegram: threaded conversation support (#1597) * Telegram: isolate dm topic sessions * Tests: cap vitest workers * Tests: cap Vitest workers on CI macOS * Tests: avoid timer-based pi-ai stream mock * Tests: increase embedded runner timeout * fix: harden telegram dm thread handling (#1597) (thanks @rohannagpal) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-25 10:18:51 +05:30
- Tests: cap Vitest workers on CI macOS to reduce timeouts. (#1597) Thanks @rohannagpal.
- Tests: avoid fake-timer dependency in embedded runner stream mock to reduce CI flakes. (#1597) Thanks @rohannagpal.
- Tests: increase embedded runner ordering test timeout to reduce CI flakes. (#1597) Thanks @rohannagpal.
chore: bump 2026.1.24
2026-01-24 15:00:00 +00:00
chore: prepare 2026.1.23-1
2026-01-24 13:28:22 +00:00
## 2026.1.23-1
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: prepare 2026.1.23-1
2026-01-24 13:28:22 +00:00
- Packaging: include dist/tts output in npm tarball (fixes missing dist/tts/tts.js).
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
## 2026.1.23
fix: preserve PNG alpha fallback (#1491) (thanks @robbyczgw-cla)
2026-01-23 08:42:40 +00:00
feat: default TTS model overrides on (#1559) (thanks @Glucksberg) Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
2026-01-24 09:40:18 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- TTS: move Telegram TTS into core + enable model-driven TTS tags by default for expressive audio replies. (#1559) Thanks @Glucksberg. https://docs.openclaw.ai/tts
- Gateway: add `/tools/invoke` HTTP endpoint for direct tool calls (auth + tool policy enforced). (#1575) Thanks @vignesh07. https://docs.openclaw.ai/gateway/tools-invoke-http-api
- Heartbeat: per-channel visibility controls (OK/alerts/indicator). (#1452) Thanks @dlauer. https://docs.openclaw.ai/gateway/heartbeat
- Deploy: add Fly.io deployment support + guide. (#1570) https://docs.openclaw.ai/platforms/fly
- Channels: add Tlon/Urbit channel plugin (DMs, group mentions, thread replies). (#1544) Thanks @wca4a. https://docs.openclaw.ai/channels/tlon
feat: default TTS model overrides on (#1559) (thanks @Glucksberg) Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
2026-01-24 09:40:18 +00:00
fix: restart gateway after update by default
2026-01-23 11:49:59 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Channels: allow per-group tool allow/deny policies across built-in + plugin channels. (#1546) Thanks @adam91holt. https://docs.openclaw.ai/multi-agent-sandbox-tools
- Agents: add Bedrock auto-discovery defaults + config overrides. (#1553) Thanks @fal3. https://docs.openclaw.ai/bedrock
- CLI: add `openclaw system` for system events + heartbeat controls; remove standalone `wake`. (commit 71203829d) https://docs.openclaw.ai/cli/system
- CLI: add live auth probes to `openclaw models status` for per-profile verification. (commit 40181afde) https://docs.openclaw.ai/cli/models
- CLI: restart the gateway by default after `openclaw update`; add `--no-restart` to skip it. (commit 2c85b1b40)
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Browser: add node-host proxy auto-routing for remote gateways (configurable per gateway/node). (commit c3cb26f7c)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Plugins: add optional `llm-task` JSON-only tool for workflows. (#1498) Thanks @vignesh07. https://docs.openclaw.ai/tools/llm-task
fix: align bluebubbles outbound group sessions
2026-01-24 12:22:49 +00:00
- Markdown: add per-channel table conversion (bullets for Signal/WhatsApp, code blocks elsewhere). (#1495) Thanks @odysseus0.
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Agents: keep system prompt time zone-only and move current time to `session_status` for better cache hits. (commit 66eec295b)
- Agents: remove redundant bash tool alias from tool registration/display. (#1571) Thanks @Takhoffman.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Docs: add cron vs heartbeat decision guide (with Lobster workflow notes). (#1533) Thanks @JustYannicc. https://docs.openclaw.ai/automation/cron-vs-heartbeat
- Docs: clarify HEARTBEAT.md empty file skips heartbeats, missing file still runs. (#1535) Thanks @JustYannicc. https://docs.openclaw.ai/gateway/heartbeat
fix: restart gateway after update by default
2026-01-23 11:49:59 +00:00
fix: preserve PNG alpha fallback (#1491) (thanks @robbyczgw-cla)
2026-01-23 08:42:40 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: resolve session ids in session tools
2026-01-24 11:09:06 +00:00
- Sessions: accept non-UUID sessionIds for history/send/status while preserving agent scoping. (#1518)
fix: normalize heartbeat targets
2026-01-24 13:17:02 +00:00
- Heartbeat: accept plugin channel ids for heartbeat target validation + UI hints.
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Messaging/Sessions: mirror outbound sends into target session keys (threads + dmScope), create session entries on send, and normalize session key casing. (#1520, commit 4b6cdd1d3)
fix: align bluebubbles outbound group sessions
2026-01-24 12:22:49 +00:00
- Sessions: reject array-backed session stores to prevent silent wipes. (#1469)
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Gateway: compare Linux process start time to avoid PID recycling lock loops; keep locks unless stale. (#1572) Thanks @steipete.
- Gateway: accept null optional fields in exec approval requests. (#1511) Thanks @pvoo.
- Exec approvals: persist allowlist entry ids to keep macOS allowlist rows stable. (#1521) Thanks @ngutman.
- Exec: honor tools.exec ask/security defaults for elevated approvals (avoid unwanted prompts). (commit 5662a9cdf)
- Daemon: use platform PATH delimiters when building minimal service paths. (commit a4e57d3ac)
- Linux: include env-configured user bin roots in systemd PATH and align PATH audits. (#1512) Thanks @robbyczgw-cla.
fix: align bluebubbles outbound group sessions
2026-01-24 12:22:49 +00:00
- Tailscale: retry serve/funnel with sudo only for permission errors and keep original failure details. (#1551) Thanks @sweepies.
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Docker: update gateway command in docker-compose and Hetzner guide. (#1514)
- Agents: show tool error fallback when the last assistant turn only invoked tools (prevents silent stops). (commit 8ea8801d0)
- Agents: ignore IDENTITY.md template placeholders when parsing identity. (#1556)
- Agents: drop orphaned OpenAI Responses reasoning blocks on model switches. (#1562) Thanks @roshanasingh4.
fix: add log hint for agent failure (#1550) (thanks @sweepies)
2026-01-24 02:54:22 +00:00
- Agents: add CLI log hint to "agent failed before reply" messages. (#1550) Thanks @sweepies.
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Agents: warn and ignore tool allowlists that only reference unknown or unloaded plugin tools. (#1566)
- Agents: treat plugin-only tool allowlists as opt-ins; keep core tools enabled. (#1467)
- Agents: honor enqueue overrides for embedded runs to avoid queue deadlocks in tests. (commit 084002998)
- Slack: honor open groupPolicy for unlisted channels in message + slash gating. (#1563) Thanks @itsjaydesu.
fix(discord): autoThread ack reactions + exec approval null handling (#1511) * fix(discord): gate autoThread by thread owner * fix(discord): ack bot-owned autoThreads * fix(discord): ack mentions in open channels - Ack reactions in bot-owned autoThreads - Ack reactions in open channels (no mention required) - DRY: Pass pre-computed isAutoThreadOwnedByBot to avoid redundant checks - Consolidate ack logic with explanatory comment * fix: allow null values in exec.approval.request schema The ExecApprovalRequestParamsSchema was rejecting null values for optional fields like resolvedPath, but the calling code in bash-tools.exec.ts passes null. This caused intermittent 'invalid exec.approval.request params' validation errors. Fix: Accept Type.Union([Type.String(), Type.Null()]) for all optional string fields in the schema. Update test to reflect new behavior. * fix: align discord ack reactions with mention gating (#1511) (thanks @pvoo) --------- Co-authored-by: Wimmie <wimmie@tameson.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-23 21:01:15 +01:00
- Discord: limit autoThread mention bypass to bot-owned threads; keep ack reactions mention-gated. (#1511) Thanks @pvoo.
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Discord: retry rate-limited allowlist resolution + command deploy to avoid gateway crashes. (commit f70ac0c7c)
- Mentions: ignore mentionPattern matches when another explicit mention is present in group chats (Slack/Discord/Telegram/WhatsApp). (commit d905ca0e0)
fix: render Telegram media captions
2026-01-24 03:39:21 +00:00
- Telegram: render markdown in media captions. (#1478)
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- MS Teams: remove `.default` suffix from Graph scopes and Bot Framework probe scopes. (#1507, #1574) Thanks @Evizero.
- Browser: keep extension relay tabs controllable when the extension reuses a session id after switching tabs. (#1160)
- Voice wake: auto-save wake words on blur/submit across iOS/Android and align limits with macOS. (commit 69f645c66)
- UI: keep the Control UI sidebar visible while scrolling long pages. (#1515) Thanks @pookNast.
- UI: cache Control UI markdown rendering + memoize chat text extraction to reduce Safari typing jank. (commit d57cb2e1a)
- TUI: forward unknown slash commands, include Gateway commands in autocomplete, and render slash replies as system output. (commit 1af227b61, commit 8195497ce, commit 6fba598ea)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: auth probe output polish (table output, inline errors, reduced noise, and wrap fixes in `openclaw models status`). (commit da3f2b489, commit 00ae21bed, commit 31e59cd58, commit f7dc27f2d, commit 438e782f8, commit 886752217, commit aabe0bed3, commit 81535d512, commit c63144ab1)
fix: anchor MEDIA tag parsing
2026-01-24 03:46:07 +00:00
- Media: only parse `MEDIA:` tags when they start the line to avoid stripping prose mentions. (#1206)
fix: preserve PNG alpha fallback (#1491) (thanks @robbyczgw-cla)
2026-01-23 08:42:40 +00:00
- Media: preserve PNG alpha when possible; fall back to JPEG when still over size cap. (#1491) Thanks @robbyczgw-cla.
docs: finalize 2026.1.23 changelog
2026-01-24 13:16:02 +00:00
- Skills: gate bird Homebrew install to macOS. (#1569) Thanks @bradleypriest.
fix: preserve PNG alpha fallback (#1491) (thanks @robbyczgw-cla)
2026-01-23 08:42:40 +00:00
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
## 2026.1.22
fix: stop BlueBubbles typing on idle/no-reply (#1439) (thanks @Nicell)
2026-01-22 21:33:19 +00:00
feat(macos): add attach-only launchd override
2026-01-22 07:37:55 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: highlight compaction safeguards in changelog
2026-01-23 06:39:24 +00:00
- Highlight: Compaction safeguard now uses adaptive chunking, progressive fallback, and UI status + retries. (#1466) Thanks @dlauer.
[AI Assisted] Usage: add Google Antigravity usage tracking (#1490) * Usage: add Google Antigravity usage tracking - Add dedicated fetcher for google-antigravity provider - Fetch credits and per-model quotas from Cloud Code API - Report individual model IDs sorted by usage (top 10) - Include comprehensive debug logging with [antigravity] prefix * fix: refine antigravity usage tracking (#1490) (thanks @patelhiren) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-23 02:17:59 -05:00
- Providers: add Antigravity usage tracking to status output. (#1490) Thanks @patelhiren.
feat: add slack replyToModeByChatType overrides
2026-01-23 05:24:18 +00:00
- Slack: add chat-type reply threading overrides via `replyToModeByChatType`. (#1442) Thanks @stefangalescu.
docs: note #1482 in changelog
2026-01-23 04:37:58 +00:00
- BlueBubbles: add `asVoice` support for MP3/CAF voice memos in sendAttachment. (#1477, #1482) Thanks @Nicell.
feat: refine onboarding hatch flow
2026-01-23 04:32:13 +00:00
- Onboarding: add hatch choice (TUI/Web/Later), token explainer, background dashboard seed on macOS, and showcase link.
feat(macos): add attach-only launchd override
2026-01-22 07:37:55 +00:00
fix: stop BlueBubbles typing on idle/no-reply (#1439) (thanks @Nicell)
2026-01-22 21:33:19 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: stop BlueBubbles typing on idle/no-reply (#1439) (thanks @Nicell)
2026-01-22 21:33:19 +00:00
- BlueBubbles: stop typing indicator on idle/no-reply. (#1439) Thanks @Nicell.
fix: honor send path/filePath inputs (#1444) (thanks @hopyky)
2026-01-23 02:10:05 +00:00
- Message tool: keep path/filePath as-is for send; hydrate buffers only for sendAttachment. (#1444) Thanks @hopyky.
fix: cover missing session key model switch persist (#1465) (thanks @robbyczgw-cla)
2026-01-22 21:40:54 +00:00
- Auto-reply: only report a model switch when session state is available. (#1465) Thanks @robbyczgw-cla.
fix: resolve control UI avatar URLs (#1457) (thanks @dlauer)
2026-01-22 21:57:02 +00:00
- Control UI: resolve local avatar URLs with basePath across injection + identity RPC. (#1457) Thanks @dlauer.
fix: sanitize assistant session text (#1456) (thanks @zerone0x)
2026-01-23 07:01:29 +00:00
- Agents: sanitize assistant history text to strip tool-call markers. (#1456) Thanks @zerone0x.
fix: clarify Discord onboarding hint (#1487) Thanks @kyleok. Co-authored-by: Ganghyun Kim <58307870+kyleok@users.noreply.github.com>
2026-01-23 14:50:05 +09:00
- Discord: clarify Message Content Intent onboarding hint. (#1487) Thanks @kyleok.
fix: stop gateway before uninstall
2026-01-23 07:17:27 +00:00
- Gateway: stop the service before uninstalling and fail if it remains loaded.
fix: surface concrete ai error details
2026-01-22 22:24:25 +00:00
- Agents: surface concrete API error details instead of generic AI service errors.
fix: fall back to non-PTY exec
2026-01-23 06:26:30 +00:00
- Exec: fall back to non-PTY when PTY spawn fails (EBADF). (#1484)
fix: allow chained exec allowlists Co-authored-by: Lucas Czekaj <1464539+czekaj@users.noreply.github.com>
2026-01-23 00:10:19 +00:00
- Exec approvals: allow per-segment allowlists for chained shell commands on gateway + node hosts. (#1458) Thanks @czekaj.
fix: gate transcript sanitization by provider
2026-01-23 00:28:41 +00:00
- Agents: make OpenAI sessions image-sanitize-only; gate tool-id/repair sanitization by provider.
fix: honor gateway env token for doctor/security Co-authored-by: azade-c <azade-c@users.noreply.github.com>
2026-01-23 03:13:44 +00:00
- Doctor: honor CLAWDBOT_GATEWAY_TOKEN for auth checks and security audit token reuse. (#1448) Thanks @azade-c.
fix: improve tool summaries
2026-01-23 00:59:44 +00:00
- Agents: make tool summaries more readable and only show optional params when set.
fix: follow soul.md more closely (#1434) * Agents: honor SOUL.md persona guidance * fix: harden SOUL.md detection (#1434) (thanks @neooriginal) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-23 06:00:13 +01:00
- Agents: honor SOUL.md guidance even when the file is nested or path-qualified. (#1434) Thanks @neooriginal.
fix: improve matrix direct room resolution (#1436) (thanks @sibbl) (#1486) * fix: improve matrix direct room resolution (#1436) (thanks @sibbl) * docs: update changelog for matrix fix (#1486) (thanks @sibbl)
2026-01-23 05:38:04 +00:00
- Matrix (plugin): persist m.direct for resolved DMs and harden room fallback. (#1436, #1486) Thanks @sibbl.
fix: resolve changelog merge markers
2026-01-23 02:49:47 +00:00
- CLI: prefer `~` for home paths in output.
- Mattermost (plugin): enforce pairing/allowlist gating, keep @username targets, and clarify plugin-only docs. (#1428) Thanks @damoahdominic.
docs: add transcript hygiene reference
2026-01-23 01:34:21 +00:00
- Agents: centralize transcript sanitization in the runner; keep <final> tags and error turns intact.
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
- Auth: skip auth profiles in cooldown during initial selection and rotation. (#1316) Thanks @odrobnik.
- Agents/TUI: honor user-pinned auth profiles during cooldown and preserve search picker ranking. (#1432) Thanks @tobiasbischoff.
fix: correct gog auth services example (#1454) (thanks @zerone0x)
2026-01-22 22:51:59 +00:00
- Docs: fix gog auth services example to include docs scope. (#1454) Thanks @zerone0x.
fix: reduce Slack WebClient retries
2026-01-23 06:28:01 +00:00
- Slack: reduce WebClient retries to avoid duplicate sends. (#1481)
fix: read Slack thread replies for message reads (#1450) (#1450) Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: Rodrigo Uroz <rodrigouroz@users.noreply.github.com>
2026-01-23 01:17:45 -03:00
- Slack: read thread replies for message reads when threadId is provided (replies-only). (#1450) Thanks @rodrigouroz.
docs: update changelog for #1492
2026-01-23 08:45:25 +00:00
- Discord: honor accountId across message actions and cron deliveries. (#1492) Thanks @svkozak.
fix(macos): prefer linked channel in health summaries
2026-01-22 08:08:33 +00:00
- macOS: prefer linked channels in gateway summary to avoid false “not linked” status.
fix: always skip browser opens in tests
2026-01-23 05:59:29 +00:00
- macOS/tests: fix gateway summary lookup after guard unwrap; prevent browser opens during tests. (ECID-1483)
fix: stop BlueBubbles typing on idle/no-reply (#1439) (thanks @Nicell)
2026-01-22 21:33:19 +00:00
chore: release 2026.1.21-2
2026-01-22 11:42:42 +00:00
## 2026.1.21-2
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Control UI: ignore bootstrap identity placeholder text for avatar values and fall back to the default avatar. https://docs.openclaw.ai/cli/agents https://docs.openclaw.ai/web/control-ui
docs: add changelog entry for PR #1447
2026-01-22 08:39:54 -05:00
- Slack: remove deprecated `filetype` field from `files.uploadV2` to eliminate API warnings. (#1447)
chore: release 2026.1.21-2
2026-01-22 11:42:42 +00:00
fix: align chat composer
2026-01-21 07:48:00 +00:00
## 2026.1.21
feat: show node PATH and bootstrap node host env
2026-01-21 11:06:14 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Highlight: Lobster optional plugin tool for typed workflows + approval gates. https://docs.openclaw.ai/tools/lobster
- Lobster: allow workflow file args via `argsJson` in the plugin tool. https://docs.openclaw.ai/tools/lobster
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
- Heartbeat: allow running heartbeats in an explicit session key. (#1256) Thanks @zknicker.
- CLI: default exec approvals to the local host, add gateway/node targeting flags, and show target details in allowlist output.
- CLI: exec approvals mutations render tables instead of raw JSON.
- Exec approvals: support wildcard agent allowlists (`*`) across all agents.
- Exec approvals: allowlist matches resolved binary paths only, add safe stdin-only bins, and tighten allowlist shell parsing.
- Nodes: expose node PATH in status/describe and bootstrap PATH for node-host execution.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: flatten node service commands under `openclaw node` and remove `service node` docs.
- CLI: move gateway service commands under `openclaw gateway` and add `gateway probe` for reachability.
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
- Sessions: add per-channel reset overrides via `session.resetByChannel`. (#1353) Thanks @cash-echo-bot.
docs: fix 2026.1.21 changelog placement
2026-01-23 07:51:40 +00:00
- Agents: add identity avatar config support and Control UI avatar rendering. (#1329, #1424) Thanks @dlauer.
- UI: show per-session assistant identity in the Control UI. (#1420) Thanks @robbyczgw-cla.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: add `openclaw update wizard` for interactive channel selection and restart prompts. https://docs.openclaw.ai/cli/update
docs: fix 2026.1.21 changelog placement
2026-01-23 07:51:40 +00:00
- Signal: add typing indicators and DM read receipts via signal-cli.
- MSTeams: add file uploads, adaptive cards, and attachment handling improvements. (#1410) Thanks @Evizero.
- Onboarding: remove the run setup-token auth option (paste setup-token or reuse CLI creds instead).
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Docs: add troubleshooting entry for gateway.mode blocking gateway start. https://docs.openclaw.ai/gateway/troubleshooting
docs: fix 2026.1.21 changelog placement
2026-01-23 07:51:40 +00:00
- Docs: add /model allowlist troubleshooting note. (#1405)
- Docs: add per-message Gmail search example for gog. (#1220) Thanks @mbelinky.
feat: show node PATH and bootstrap node host env
2026-01-21 11:06:14 +00:00
fix: enforce secure control ui auth
2026-01-21 23:58:30 +00:00
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- **BREAKING:** Control UI now rejects insecure HTTP without device identity by default. Use HTTPS (Tailscale Serve) or set `gateway.controlUi.allowInsecureAuth: true` to allow token-only auth. https://docs.openclaw.ai/web/control-ui#insecure-http
docs: fix 2026.1.21 changelog placement
2026-01-23 07:51:40 +00:00
- **BREAKING:** Envelope and system event timestamps now default to host-local time (was UTC) so agents dont have to constantly convert.
fix: enforce secure control ui auth
2026-01-21 23:58:30 +00:00
fix: align chat composer
2026-01-21 07:48:00 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: improve macOS exec approvals
2026-01-22 00:43:21 +00:00
- Nodes/macOS: prompt on allowlist miss for node exec approvals, persist allowlist decisions, and flatten node invoke errors. (#1394) Thanks @ngutman.
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
- Gateway: keep auto bind loopback-first and add explicit tailnet binding to avoid Tailscale taking over local UI. (#1380)
docs: fix 2026.1.21 changelog placement
2026-01-23 07:51:40 +00:00
- Memory: prevent CLI hangs by deferring vector probes, adding sqlite-vec/embedding timeouts, and showing sync progress early.
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
- Agents: enforce 9-char alphanumeric tool call ids for Mistral providers. (#1372) Thanks @zerone0x.
fix: persist history image injections
2026-01-21 18:17:10 +00:00
- Embedded runner: persist injected history images so attachments arent reloaded each turn. (#1374) Thanks @Nicell.
fix(auth): skip auth profiles in cooldown during selection and rotation Auth profiles in cooldown (due to rate limiting) were being attempted, causing unnecessary retries and delays. This fix ensures: 1. Initial profile selection skips profiles in cooldown 2. Profile rotation (after failures) skips cooldown profiles 3. Clear error message when all profiles are unavailable Tests added: - Skips profiles in cooldown during initial selection - Skips profiles in cooldown when rotating after failure Fixes #1316
2026-01-22 10:04:56 +01:00
- Nodes tool: include agent/node/gateway context in tool failure logs to speed approval debugging.
- macOS: exec approvals now respect wildcard agent allowlists (`*`).
- macOS: allow SSH agent auth when no identity file is set. (#1384) Thanks @ameno-.
- Gateway: prevent multiple gateways from sharing the same config/state at once (singleton lock).
- UI: remove the chat stop button and keep the composer aligned to the bottom edge.
- Typing: start instant typing indicators at run start so DMs and mentions show immediately.
- Configure: restrict the model allowlist picker to OAuth-compatible Anthropic models and preselect Opus 4.5.
- Configure: seed model fallbacks from the allowlist selection when multiple models are chosen.
- Model picker: list the full catalog when no model allowlist is configured.
- Discord: honor wildcard channel configs via shared match helpers. (#1334) Thanks @pvoo.
- BlueBubbles: resolve short message IDs safely and expose full IDs in templates. (#1387) Thanks @tyler6204.
- Infra: preserve fetch helper methods when wrapping abort signals. (#1387)
- macOS: default distribution packaging to universal binaries. (#1396) Thanks @JustYannicc.
fix: align chat composer
2026-01-21 07:48:00 +00:00
fix: guard anthropic refusal trigger
2026-01-21 07:28:11 +00:00
## 2026.1.20
chore: release 2026.1.20-1
2026-01-21 07:36:32 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Control UI: add copy-as-markdown with error feedback. (#1345) https://docs.openclaw.ai/web/control-ui
- Control UI: drop the legacy list view. (#1345) https://docs.openclaw.ai/web/control-ui
- TUI: add syntax highlighting for code blocks. (#1200) https://docs.openclaw.ai/tui
- TUI: session picker shows derived titles, fuzzy search, relative times, and last message preview. (#1271) https://docs.openclaw.ai/tui
- TUI: add a searchable model picker for quicker model selection. (#1198) https://docs.openclaw.ai/tui
- TUI: add input history (up/down) for submitted messages. (#1348) https://docs.openclaw.ai/tui
- ACP: add `openclaw acp` for IDE integrations. https://docs.openclaw.ai/cli/acp
- ACP: add `openclaw acp client` interactive harness for debugging. https://docs.openclaw.ai/cli/acp
- Skills: add download installs with OS-filtered options. https://docs.openclaw.ai/tools/skills
- Skills: add the local sherpa-onnx-tts skill. https://docs.openclaw.ai/tools/skills
- Memory: add hybrid BM25 + vector search (FTS5) with weighted merging and fallback. https://docs.openclaw.ai/concepts/memory
- Memory: add SQLite embedding cache to speed up reindexing and frequent updates. https://docs.openclaw.ai/concepts/memory
- Memory: add OpenAI batch indexing for embeddings when configured. https://docs.openclaw.ai/concepts/memory
- Memory: enable OpenAI batch indexing by default for OpenAI embeddings. https://docs.openclaw.ai/concepts/memory
- Memory: allow parallel OpenAI batch indexing jobs (default concurrency: 2). https://docs.openclaw.ai/concepts/memory
- Memory: render progress immediately, color batch statuses in verbose logs, and poll OpenAI batch status every 2s by default. https://docs.openclaw.ai/concepts/memory
- Memory: add `--verbose` logging for memory status + batch indexing details. https://docs.openclaw.ai/concepts/memory
- Memory: add native Gemini embeddings provider for memory search. (#1151) https://docs.openclaw.ai/concepts/memory
- Browser: allow config defaults for efficient snapshots in the tool/CLI. (#1336) https://docs.openclaw.ai/tools/browser
- Nostr: add the Nostr channel plugin with profile management + onboarding defaults. (#1323) https://docs.openclaw.ai/channels/nostr
- Matrix: migrate to matrix-bot-sdk with E2EE support, location handling, and group allowlist upgrades. (#1298) https://docs.openclaw.ai/channels/matrix
- Slack: add HTTP webhook mode via Bolt HTTP receiver. (#1143) https://docs.openclaw.ai/channels/slack
- Telegram: enrich forwarded-message context with normalized origin details + legacy fallback. (#1090) https://docs.openclaw.ai/channels/telegram
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Discord: fall back to `/skill` when native command limits are exceeded. (#1287)
- Discord: expose `/skill` globally. (#1287)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Zalouser: add channel dock metadata, config schema, setup wiring, probe, and status issues. (#1219) https://docs.openclaw.ai/plugins/zalouser
- Plugins: require manifest-embedded config schemas with preflight validation warnings. (#1272) https://docs.openclaw.ai/plugins/manifest
- Plugins: move channel catalog metadata into plugin manifests. (#1290) https://docs.openclaw.ai/plugins/manifest
- Plugins: align Nextcloud Talk policy helpers with core patterns. (#1290) https://docs.openclaw.ai/plugins/manifest
- Plugins/UI: let channel plugin metadata drive UI labels/icons and cron channel options. (#1306) https://docs.openclaw.ai/web/control-ui
- Agents/UI: add agent avatar support in identity config, IDENTITY.md, and the Control UI. (#1329) https://docs.openclaw.ai/gateway/configuration
- Plugins: add plugin slots with a dedicated memory slot selector. https://docs.openclaw.ai/plugins/agent-tools
- Plugins: ship the bundled BlueBubbles channel plugin (disabled by default). https://docs.openclaw.ai/channels/bluebubbles
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Plugins: migrate bundled messaging extensions to the plugin SDK and resolve plugin-sdk imports in the loader.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Plugins: migrate the Zalo plugin to the shared plugin SDK runtime. https://docs.openclaw.ai/channels/zalo
- Plugins: migrate the Zalo Personal plugin to the shared plugin SDK runtime. https://docs.openclaw.ai/plugins/zalouser
- Plugins: allow optional agent tools with explicit allowlists and add the plugin tool authoring guide. https://docs.openclaw.ai/plugins/agent-tools
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Plugins: auto-enable bundled channel/provider plugins when configuration is present.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Plugins: sync plugin sources on channel switches and update npm-installed plugins during `openclaw update`.
- Plugins: share npm plugin update logic between `openclaw update` and `openclaw plugins update`.
feat: add agent avatar support (#1329) (thanks @dlauer)
2026-01-22 03:54:31 +00:00
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Gateway/API: add `/v1/responses` (OpenResponses) with item-based input + semantic streaming events. (#1229)
- Gateway/API: expand `/v1/responses` to support file/image inputs, tool_choice, usage, and output limits. (#1229)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Usage: add `/usage cost` summaries and macOS menu cost charts. https://docs.openclaw.ai/reference/api-usage-costs
- Security: warn when <=300B models run without sandboxing while web tools are enabled. https://docs.openclaw.ai/cli/security
- Exec: add host/security/ask routing for gateway + node exec. https://docs.openclaw.ai/tools/exec
- Exec: add `/exec` directive for per-session exec defaults (host/security/ask/node). https://docs.openclaw.ai/tools/exec
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Exec approvals: migrate approvals to `~/.openclaw/exec-approvals.json` with per-agent allowlists + skill auto-allow toggle, and add approvals UI + node exec lifecycle events. https://docs.openclaw.ai/tools/exec-approvals
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Nodes: add headless node host (`openclaw node start`) for `system.run`/`system.which`. https://docs.openclaw.ai/cli/node
- Nodes: add node daemon service install/status/start/stop/restart. https://docs.openclaw.ai/cli/node
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Bridge: add `skills.bins` RPC to support node host auto-allow skill bins.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Sessions: add daily reset policy with per-type overrides and idle windows (default 4am local), preserving legacy idle-only configs. (#1146) https://docs.openclaw.ai/concepts/session
- Sessions: allow `sessions_spawn` to override thinking level for sub-agent runs. https://docs.openclaw.ai/tools/subagents
- Channels: unify thread/topic allowlist matching + command/mention gating helpers across core providers. https://docs.openclaw.ai/concepts/groups
- Models: add Qwen Portal OAuth provider support. (#1120) https://docs.openclaw.ai/providers/qwen
- Onboarding: add allowlist prompts and username-to-id resolution across core and extension channels. https://docs.openclaw.ai/start/onboarding
- Docs: clarify allowlist input types and onboarding behavior for messaging channels. https://docs.openclaw.ai/start/onboarding
- Docs: refresh Android node discovery docs for the Gateway WS service type. https://docs.openclaw.ai/platforms/android
- Docs: surface Amazon Bedrock in provider lists and clarify Bedrock auth env vars. (#1289) https://docs.openclaw.ai/bedrock
- Docs: clarify WhatsApp voice notes. https://docs.openclaw.ai/channels/whatsapp
- Docs: clarify Windows WSL portproxy LAN access notes. https://docs.openclaw.ai/platforms/windows
- Docs: refresh bird skill install metadata and usage notes. (#1302) https://docs.openclaw.ai/tools/browser-login
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Agents: add local docs path resolution and include docs/mirror/source/community pointers in the system prompt.
- Agents: clarify node_modules read-only guidance in agent instructions.
- Config: stamp last-touched metadata on write and warn if the config is newer than the running build.
- macOS: hide usage section when usage is unavailable instead of showing provider errors.
chore: release 2026.1.20-1
2026-01-21 07:36:32 +00:00
- Android: migrate node transport to the Gateway WebSocket protocol with TLS pinning support + gateway discovery naming.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Android: send structured payloads in node events/invokes and include user-agent metadata in gateway connects.
- Android: remove legacy bridge transport code now that nodes use the gateway protocol.
fix: pass android lint and swiftformat
2026-01-19 11:14:27 +00:00
- Android: bump okhttp + dnsjava to satisfy lint dependency checks.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Build: update workspace + core/plugin deps.
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Build: use tsgo for dev/watch builds by default (opt out with `OPENCLAW_TS_COMPILER=tsc`).
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Repo: remove the Peekaboo git submodule now that the SPM release is used.
- macOS: switch PeekabooBridge integration to the tagged Swift Package Manager release.
- macOS: stop syncing Peekaboo in postinstall.
- Swabble: use the tagged Commander Swift package release.
Usage: add cost summaries to /usage + mac menu
2026-01-19 00:04:58 +00:00
fix: enforce strict config validation
2026-01-19 03:38:51 +00:00
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- **BREAKING:** Reject invalid/unknown config entries and refuse to start the gateway for safety. Run `openclaw doctor --fix` to repair, then update plugins (`openclaw plugins update`) if you use any.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:19:58 +00:00
- Discovery: shorten Bonjour DNS-SD service type to `_moltbot-gw._tcp` and update discovery clients/docs.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Diagnostics: export OTLP logs, correct queue depth tracking, and document message-flow telemetry.
- Diagnostics: emit message-flow diagnostics across channels via shared dispatch. (#1244)
- Diagnostics: gate heartbeat/webhook logging. (#1244)
- Gateway: strip inbound envelope headers from chat history messages to keep clients clean.
- Gateway: clarify unauthorized handshake responses with token/password mismatch guidance.
- Gateway: allow mobile node client ids for iOS + Android handshake validation. (#1354)
- Gateway: clarify connect/validation errors for gateway params. (#1347)
- Gateway: preserve restart wake routing + thread replies across restarts. (#1337)
- Gateway: reschedule per-agent heartbeats on config hot reload without restarting the runner.
- Gateway: require authorized restarts for SIGUSR1 (restart/apply/update) so config gating can't be bypassed.
- Cron: auto-deliver isolated agent output to explicit targets without tool calls. (#1285)
- Agents: preserve subagent announce thread/topic routing + queued replies across channels. (#1241)
fix: propagate agent run context for subagent announce
2026-01-19 00:45:03 +00:00
- Agents: propagate accountId into embedded runs so sub-agent announce routing honors the originating account. (#1058)
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Agents: avoid treating timeout errors with "aborted" messages as user aborts, so model fallback still runs. (#1137)
- Agents: sanitize oversized image payloads before send and surface image-dimension errors.
- Sessions: fall back to session labels when listing display names. (#1124)
fix: add safeguard compaction tool summaries
2026-01-19 01:44:08 +00:00
- Compaction: include tool failure summaries in safeguard compaction to prevent retry loops. (#1084)
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Config: log invalid config issues once per run and keep invalid-config errors stackless.
- Config: allow Perplexity as a web_search provider in config validation. (#1230)
- Config: allow custom fields under `skills.entries.<name>.config` for skill credentials/config. (#1226)
- Doctor: clarify plugin auto-enable hint text in the startup banner.
fix: canonicalize legacy session keys
2026-01-19 05:17:06 +00:00
- Doctor: canonicalize legacy session keys in session stores to prevent stale metadata. (#1169)
docs: update changelog for docs:list guard
2026-01-18 22:38:15 +00:00
- Docs: make docs:list fail fast with a clear error if the docs directory is missing.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Plugins: add Nextcloud Talk manifest for plugin config validation. (#1297)
- Plugins: surface plugin load/register/config errors in gateway logs with plugin/source context.
- CLI: preserve cron delivery settings when editing message payloads. (#1322)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: keep `openclaw logs` output resilient to broken pipes while preserving progress output.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- CLI: avoid duplicating --profile/--dev flags when formatting commands.
- CLI: centralize CLI command registration to keep fast-path routing and program wiring in sync. (#1207)
- CLI: keep banners on routed commands, restore config guarding outside fast-path routing, and tighten fast-path flag parsing while skipping console capture for extra speed. (#1195)
- CLI: skip runner rebuilds when dist is fresh. (#1231)
- CLI: add WSL2/systemd unavailable hints in daemon status/doctor output.
- Status: route native `/status` to the active agent so model selection reflects the correct profile. (#1301)
- Status: show both usage windows with reset hints when usage data is available. (#1101)
- UI: keep config form enums typed, preserve empty strings, protect sensitive defaults, and deepen config search. (#1315)
- UI: preserve ordered list numbering in chat markdown. (#1341)
- UI: allow Control UI to read gatewayUrl from URL params for remote WebSocket targets. (#1342)
- UI: prevent double-scroll in Control UI chat by locking chat layout to the viewport. (#1283)
- UI: enable shell mode for sync Windows spawns to avoid `pnpm ui:build` EINVAL. (#1212)
- TUI: keep thinking blocks ordered before content during streaming and isolate per-run assembly. (#1202)
- TUI: align custom editor initialization with the latest pi-tui API. (#1298)
- TUI: show generic empty-state text for searchable pickers. (#1201)
fix: refine TUI model search rendering
2026-01-19 00:15:08 +00:00
- TUI: highlight model search matches and stabilize search ordering.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Configure: hide OpenRouter auto routing model from the model picker. (#1182)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Memory: show total file counts + scan issues in `openclaw memory status`.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Memory: fall back to non-batch embeddings after repeated batch failures.
- Memory: apply OpenAI batch defaults even without explicit remote config.
feat(doctor): repair launch agent bootstrap Co-authored-by: Dr Alexander Mikhalev <alex@metacortex.engineer>
2026-01-18 16:09:55 +00:00
- Memory: index atomically so failed reindex preserves the previous memory database. (#1151)
- Memory: avoid sqlite-vec unique constraint failures when reindexing duplicate chunk ids. (#1151)
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Memory: retry transient 5xx errors (Cloudflare) during embedding indexing.
- Memory: parallelize embedding indexing with rate-limit retries.
- Memory: split overly long lines to keep embeddings under token limits.
- Memory: skip empty chunks to avoid invalid embedding inputs.
- Memory: split embedding batches to avoid OpenAI token limits during indexing.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Memory: probe sqlite-vec availability in `openclaw memory status`.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Exec approvals: enforce allowlist when ask is off.
- Exec approvals: prefer raw command for node approvals/events.
- Tools: show exec elevated flag before the command and keep it outside markdown in tool summaries.
feat: add exec host approvals flow
2026-01-18 04:27:33 +00:00
- Tools: return a companion-app-required message when node exec is requested with no paired node.
feat: route macOS node exec via app IPC
2026-01-18 16:36:13 +00:00
- Tools: return a companion-app-required message when `system.run` is requested without a supporting node.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Exec: default gateway/node exec security to allowlist when unset (sandbox stays deny).
- Exec: prefer bash when fish is default shell, falling back to sh if bash is missing. (#1297)
- Exec: merge login-shell PATH for host=gateway exec while keeping daemon PATH minimal. (#1304)
- Streaming: emit assistant deltas for OpenAI-compatible SSE chunks. (#1147)
- Discord: make resolve warnings avoid raw JSON payloads on rate limits.
- Discord: process message handlers in parallel across sessions to avoid event queue blocking. (#1295)
- Discord: stop reconnecting the gateway after aborts to prevent duplicate listeners.
feat: route macOS node exec via app IPC
2026-01-18 16:36:13 +00:00
- Discord: only emit slow listener warnings after 30s.
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Discord: inherit parent channel allowlists for thread slash commands and reactions. (#1123)
- Telegram: honor pairing allowlists for native slash commands.
- Telegram: preserve hidden text_link URLs by expanding entities in inbound text. (#1118)
- Slack: resolve Bolt import interop for Bun + Node. (#1191)
- Web search: infer Perplexity base URL from API key source (direct vs OpenRouter).
- Web fetch: harden SSRF protection with shared hostname checks and redirect limits. (#1346)
- Browser: register AI snapshot refs for act commands. (#1282)
fix: include query in Twilio webhook verification
2026-01-18 04:25:17 +00:00
- Voice call: include request query in Twilio webhook verification when publicUrl is set. (#864)
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Anthropic: default API prompt caching to 1h with configurable TTL override.
- Anthropic: ignore TTL for OAuth.
- Auth profiles: keep auto-pinned preference while allowing rotation on failover. (#1138)
- Auth profiles: user pins stay locked. (#1138)
- Model catalog: avoid caching import failures, log transient discovery errors, and keep partial results. (#1332)
- Tests: stabilize Windows gateway/CLI tests by skipping sidecars, normalizing argv, and extending timeouts.
- Tests: stabilize plugin SDK resolution and embedded agent timeouts.
- Windows: install gateway scheduled task as the current user.
- Windows: show friendly guidance instead of failing on access denied.
- macOS: load menu session previews asynchronously so items populate while the menu is open.
- macOS: use label colors for session preview text so previews render in menu subviews.
- macOS: suppress usage error text in the menubar cost view.
- macOS: Doctor repairs LaunchAgent bootstrap issues for Gateway + Node when listed but not loaded. (#1166)
- macOS: avoid touching launchd in Remote over SSH so quitting the app no longer disables the remote gateway. (#1105)
feat(doctor): repair launch agent bootstrap Co-authored-by: Dr Alexander Mikhalev <alex@metacortex.engineer>
2026-01-18 16:09:55 +00:00
- macOS: bundle Textual resources in packaged app builds to avoid code block crashes. (#1006)
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
- Daemon: include HOME in service environments to avoid missing HOME errors. (#1214)
chore: release 2026.1.20-1
2026-01-21 07:36:32 +00:00
docs: restore 2026.1.20 release notes
2026-01-21 08:42:19 +00:00
Thanks @AlexMikhalev, @CoreyH, @John-Rood, @KrauseFx, @MaudeBot, @Nachx639, @NicholaiVogel, @RyanLisse, @ThePickle31, @VACInc, @Whoaa512, @YuriNachos, @aaronveklabs, @abdaraxus, @alauppe, @ameno-, @artuskg, @austinm911, @bradleypriest, @cheeeee, @dougvk, @fogboots, @gnarco, @gumadeiras, @jdrhyne, @joelklabo, @longmaba, @mukhtharcm, @odysseus0, @oscargavin, @rhjoh, @sebslight, @sibbl, @sleontenko, @steipete, @suminhthanh, @thewilloftheshadow, @tyler6204, @vignesh07, @visionik, @ysqander, @zerone0x.
fix(doctor): avoid ack reaction migration without config (#1087) Thanks @YuriNachos. Co-authored-by: Yuri Chukhlib <YuriNachos@users.noreply.github.com>
2026-01-17 18:07:06 +00:00
fix: stamp build commit metadata
2026-01-17 12:30:11 +00:00
## 2026.1.16-2
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: stamp build commit metadata
2026-01-17 12:30:11 +00:00
- CLI: stamp build commit into dist metadata so banners show the commit in npm installs.
refactor: centralize cli manager cleanup Co-authored-by: Nicholas Spisak <jsnsdirect@gmail.com>
2026-01-18 00:11:45 +00:00
- CLI: close memory manager after memory commands to avoid hanging processes. (#1127) — thanks @NicholasSpisak.
fix: stamp build commit metadata
2026-01-17 12:30:11 +00:00
fix: cut 2026.1.16-1 beta
2026-01-17 11:12:43 +00:00
## 2026.1.16-1
chore: start 2026.1.15 (unreleased)
2026-01-15 16:47:19 +00:00
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Hooks: add hooks system with bundled hooks, CLI tooling, and docs. (#1028) — thanks @ThomsenDrake. https://docs.openclaw.ai/hooks
- Media: add inbound media understanding (image/audio/video) with provider + CLI fallbacks. https://docs.openclaw.ai/nodes/media-understanding
- Plugins: add Zalo Personal plugin (`@openclaw/zalouser`) and unify channel directory for plugins. (#1032) — thanks @suminhthanh. https://docs.openclaw.ai/plugins/zalouser
- Models: add Vercel AI Gateway auth choice + onboarding updates. (#1016) — thanks @timolins. https://docs.openclaw.ai/providers/vercel-ai-gateway
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
- Sessions: add `session.identityLinks` for cross-platform DM session li nking. (#1033) — thanks @thewilloftheshadow. https://docs.openclaw.ai/concepts/session
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Web search: add `country`/`language` parameters (schema + Brave API) and docs. (#1046) — thanks @YuriNachos. https://docs.openclaw.ai/tools/web
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- **BREAKING:** `openclaw message` and message tool now require `target` (dropping `to`/`channelId` for destinations). (#1034) — thanks @tobalsan.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- **BREAKING:** Channel auth now prefers config over env for Discord/Telegram/Matrix (env is fallback only). (#1040) — thanks @thewilloftheshadow.
refactor: drop legacy room chatType
2026-01-17 05:40:28 +00:00
- **BREAKING:** Drop legacy `chatType: "room"` support; use `chatType: "channel"`.
refactor: centralize message target resolution Co-authored-by: Thinh Dinh <tobalsan@users.noreply.github.com>
2026-01-17 06:03:19 +00:00
- **BREAKING:** remove legacy provider-specific target resolution fallbacks; target resolution is centralized with plugin hints + directory lookups.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- **BREAKING:** `openclaw hooks` is now `openclaw webhooks`; hooks live under `openclaw hooks`. https://docs.openclaw.ai/cli/webhooks
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- **BREAKING:** `openclaw plugins install <path>` now copies into `~/.openclaw/extensions` (use `--link` to keep path-based loading).
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: fix lint/format and update changelog Co-authored-by: ItzR3NO <ItzR3NO@users.noreply.github.com>
2026-01-17 10:16:32 +00:00
- Plugins: ship bundled plugins disabled by default and allow overrides by installed versions. (#1066) — thanks @ItzR3NO.
- Plugins: add bundled Antigravity + Gemini CLI OAuth + Copilot Proxy provider plugins. (#1066) — thanks @ItzR3NO.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Tools: improve `web_fetch` extraction using Readability (with fallback).
- Tools: add Firecrawl fallback for `web_fetch` when configured.
- Tools: send Chrome-like headers by default for `web_fetch` to improve extraction on bot-sensitive sites.
- Tools: Firecrawl fallback now uses bot-circumvention + cache by default; remove basic HTML fallback when extraction fails.
feat: notify on exec exit
2026-01-17 05:43:27 +00:00
- Tools: default `exec` exit notifications and auto-migrate legacy `tools.bash` to `tools.exec`.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Tools: add `exec` PTY support for interactive sessions. https://docs.openclaw.ai/tools/exec
feat: add tmux-style process key helpers
2026-01-17 06:12:25 +00:00
- Tools: add tmux-style `process send-keys` and bracketed paste helpers for PTY sessions.
feat: add process submit helper
2026-01-17 06:38:47 +00:00
- Tools: add `process submit` helper to send CR for PTY sessions.
fix: respond to PTY cursor queries
2026-01-17 07:05:15 +00:00
- Tools: respond to PTY cursor position queries to unblock interactive TUIs.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Tools: include tool outputs in verbose mode and expand verbose tool feedback.
docs: update coding-agent skill guidance
2026-01-17 10:59:06 +00:00
- Skills: update coding-agent guidance to prefer PTY-enabled exec runs and simplify tmux usage.
fix: refresh TUI session info after runs
2026-01-17 08:22:32 +00:00
- TUI: refresh session token counts after runs complete or fail. (#1079) — thanks @d-ploutarchos.
fix: trim /status oauth output
2026-01-17 04:54:16 +00:00
- Status: trim `/status` to current-provider usage only and drop the OAuth/token block.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Directory: unify `openclaw directory` across channels and plugin channels.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- UI: allow deleting sessions from the Control UI.
feat: add sqlite-vec memory search acceleration
2026-01-17 18:02:25 +00:00
- Memory: add sqlite-vec vector acceleration with CLI status details.
fix: probe memory vector availability
2026-01-17 19:42:23 +00:00
- Memory: add experimental session transcript indexing for memory_search (opt-in via memorySearch.experimental.sessionMemory + sources).
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Skills: add user-invocable skill commands and expanded skill command registration.
- Telegram: default reaction level to minimal and enable reaction notifications by default.
- Telegram: allow reply-chain messages to bypass mention gating in groups. (#1038) — thanks @adityashaw2.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- iMessage: add remote attachment support for VM/SSH deployments.
docs: note live target cache refresh Co-authored-by: Thinh Dinh <tobalsan@users.noreply.github.com>
2026-01-17 05:00:10 +00:00
- Messages: refresh live directory cache results when resolving targets.
feat: mirror delivered outbound messages (#1031) Co-authored-by: T Savo <TSavo@users.noreply.github.com>
2026-01-17 01:48:02 +00:00
- Messages: mirror delivered outbound text/media into session transcripts. (#1031) — thanks @TSavo.
fix: tidy iMessage/Signal sender envelopes (#1080) - thanks @tyler6204 Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-01-17 08:29:13 +00:00
- Messages: avoid redundant sender envelopes for iMessage + Signal group chats. (#1080) — thanks @tyler6204.
fix: normalize deepgram audio upload bytes
2026-01-17 09:19:27 +00:00
- Media: normalize Deepgram audio upload bytes for fetch compatibility.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Cron: isolated cron jobs now start a fresh session id on every run to prevent context buildup.
- Docs: add `/help` hub, Node/npm PATH guide, and expand directory CLI docs.
fix: harden env var substitution parsing (#1044) (thanks @sebslight)
2026-01-17 00:29:08 +00:00
- Config: support env var substitution in config values. (#1044) — thanks @sebslight.
docs: update health/status + doctor docs
2026-01-17 01:14:17 +00:00
- Health: add per-agent session summaries and account-level health details, and allow selective probes. (#1047) — thanks @gumadeiras.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Hooks: add hook pack installs (npm/path/zip/tar) with `openclaw.hooks` manifests and `openclaw hooks install/update`.
feat: unify hooks installs and webhooks
2026-01-17 07:08:04 +00:00
- Plugins: add zip installs and `--link` to avoid copying local paths.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix(macos): drain subprocess pipes before wait (#1081) Thanks @thesash. Co-authored-by: Sash Catanzarite <sashcatanzarite@Sash-MacBook-Pro-14in-3.local>
2026-01-17 08:24:34 +00:00
- macOS: drain subprocess pipes before waiting to avoid deadlocks. (#1081) — thanks @thesash.
fix: format verbose tool output by channel
2026-01-17 10:17:57 +00:00
- Verbose: wrap tool summaries/output in markdown only for markdown-capable channels.
fix: include context in elevated exec denial
2026-01-17 17:55:04 +00:00
- Tools: include provider/session context in elevated exec denial errors.
fix: probe memory vector availability
2026-01-17 19:42:23 +00:00
- Tools: normalize exec tool alias naming in tool error logs.
- Logging: reuse shared ANSI stripping to keep console capture lint-clean.
- Logging: prefix nested agent output with session/run/channel context.
fix: allow telegram prefixes/topics for inline buttons (#1072) — thanks @danielz1z Co-authored-by: danielz1z <danielz1z@users.noreply.github.com>
2026-01-17 07:49:57 +00:00
- Telegram: accept tg/group/telegram prefixes + topic targets for inline button validation. (#1072) — thanks @danielz1z.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Telegram: split long captions into follow-up messages.
fix: block invalid config startup Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com>
2026-01-17 10:25:24 +00:00
- Config: block startup on invalid config, preserve best-effort doctor config, and keep rolling config backups. (#1083) — thanks @mukhtharcm.
fix: normalize subagent announce delivery origin Co-authored-by: Adam Holt <mail@adamholt.co.nz>
2026-01-17 03:57:59 +00:00
- Sub-agents: normalize announce delivery origin + queue bucketing by accountId to keep multi-account routing stable. (#1061, #1058) — thanks @adam91holt.
fix: normalize delivery routing context Co-authored-by: adam91holt <adam91holt@users.noreply.github.com>
2026-01-17 06:38:15 +00:00
- Sessions: include deliveryContext in sessions.list and reuse normalized delivery routing for announce/restart fallbacks. (#1058)
fix: expose deliveryContext in sessions_list Co-authored-by: Adam Holt <mail@adamholt.co.nz>
2026-01-17 06:54:22 +00:00
- Sessions: propagate deliveryContext into last-route updates to keep account/channel routing stable. (#1058)
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Sessions: preserve overrides on `/new` reset.
fix: guard memory sync errors
2026-01-17 08:03:53 +00:00
- Memory: prevent unhandled rejections when watch/interval sync fails. (#1076) — thanks @roshanasingh4.
fix: avoid crash on memory embeddings errors (#1004)
2026-01-17 09:45:45 +00:00
- Memory: avoid gateway crash when embeddings return 429/insufficient_quota (disable tool + surface error). (#1004)
fix: preserve account routing for explicit targets Co-authored-by: adam91holt <adam91holt@users.noreply.github.com>
2026-01-17 04:24:47 +00:00
- Gateway: honor explicit delivery targets without implicit accountId fallback; preserve lastAccountId for implicit routing.
fix: sync delivery routing context Co-authored-by: adam91holt <adam91holt@users.noreply.github.com>
2026-01-17 06:01:30 +00:00
- Gateway: avoid reusing last-to/accountId when the requested channel differs; sync deliveryContext with last route fields.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Build: allow `@lydell/node-pty` builds on supported platforms.
fix: land oxlint config follow-ups (#1064) (thanks @connorshea)
2026-01-17 03:25:05 +00:00
- Repo: fix oxlint config filename and move ignore pattern into config. (#1064) — thanks @connorshea.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Messages: `/stop` now hard-aborts queued followups and sub-agent runs; suppress zero-count stop notes.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Messages: honor message tool channel when deduping sends.
fix: unify inbound sender labels
2026-01-17 05:21:02 +00:00
- Messages: include sender labels for live group messages across channels, matching queued/history formatting. (#1059)
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Sessions: reset `compactionCount` on `/new` and `/reset`, and preserve `sessions.json` file mode (0600).
- Sessions: repair orphaned user turns before embedded prompts.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Sessions: hard-stop `sessions.delete` cleanup.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Channels: treat replies to the bot as implicit mentions across supported channels.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Channels: normalize object-format capabilities in channel capability parsing.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Security: default-deny slash/control commands unless a channel computed `CommandAuthorized` (fixes accidental “open” behavior), and ensure WhatsApp + Zalo plugin channels gate inline `/…` tokens correctly. https://docs.openclaw.ai/gateway/security
fix(skills): fix watcher ignored typing
2026-01-17 08:27:59 +00:00
- Security: redact sensitive text in gateway WS logs.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- Tools: cap pending `exec` process output to avoid unbounded buffers.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: speed up `openclaw sandbox-explain` by avoiding heavy plugin imports when normalizing channel ids.
fix: browser remote tab ops harden (#1057) (thanks @mukhtharcm)
2026-01-17 00:57:35 +00:00
- Browser: remote profile tab operations prefer persistent Playwright and avoid silent HTTP fallbacks. (#1057) — thanks @mukhtharcm.
fix(browser): remote profile tab ops follow-up (#1060) (thanks @mukhtharcm) Landed via follow-up to #1057. Gate: pnpm lint && pnpm build && pnpm test
2026-01-17 01:28:22 +00:00
- Browser: remote profile tab ops follow-up: shared Playwright loader, Playwright-based focus, and more coverage (incl. opt-in live Browserless test). (follow-up to #1057) — thanks @mukhtharcm.
fix: keep extension relay list current (#1073) Thanks @roshanasingh4. Co-authored-by: Roshan Singh <88576930+roshanasingh4@users.noreply.github.com>
2026-01-17 07:42:47 +00:00
- Browser: refresh extension relay tab metadata after navigation so `/json/list` stays current. (#1073) — thanks @roshanasingh4.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- WhatsApp: scope self-chat response prefix; inject pending-only group history and clear after any processed message.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- WhatsApp: include `linked` field in `describeAccount`.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Agents: drop unsigned Gemini tool calls and avoid JSON Schema `format` keyword collisions.
fix: gate image tool and deepgram audio payload
2026-01-17 09:33:53 +00:00
- Agents: hide the image tool when the primary model already supports images.
docs: note NO_REPLY guidance for message tool
2026-01-17 00:08:51 +00:00
- Agents: avoid duplicate sends by replying with `NO_REPLY` after `message` tool sends.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Auth: inherit/merge sub-agent auth profiles from the main agent.
- Gateway: resolve local auth for security probe and validate gateway token/password file modes. (#1011, #1022) — thanks @ivanrvpereira, @kkarimi.
- Signal/iMessage: bound transport readiness waits to 30s with periodic logging. (#1014) — thanks @Szpadel.
docs: update changelog for 2026.1.16
2026-01-17 08:50:02 +00:00
- iMessage: avoid RPC restart loops.
- OpenAI image-gen: handle URL + `b64_json` responses and remove deprecated `response_format` (use URL downloads).
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- CLI: auto-update global installs when installed via a package manager.
docs: update health/status + doctor docs
2026-01-17 01:14:17 +00:00
- Routing: migrate legacy `accountID` bindings to `accountId` and remove legacy fallback lookups. (#1047) — thanks @gumadeiras.
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
- Discord: truncate skill command descriptions to 100 chars for slash command limits. (#1018) — thanks @evalexpr.
- Security: bump `tar` to 7.5.3.
- Models: align ZAI thinking toggles.
fix: finalize inbound contexts
2026-01-17 05:04:29 +00:00
- iMessage/Signal: include sender metadata for non-queued group messages. (#1059)
fix: preserve discord chunk whitespace
2026-01-17 07:11:15 +00:00
- Discord: preserve whitespace when chunking long lines so message splits keep spacing intact.
fix(skills): fix watcher ignored typing
2026-01-17 08:27:59 +00:00
- Skills: fix skills watcher ignored list typing (tsc).
docs: fix changelog after 2026.1.15 release
2026-01-17 00:02:54 +00:00
## 2026.1.15
docs: sort unreleased changelog
2026-01-16 09:46:12 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Plugins: add provider auth registry + `openclaw models auth login` for plugin-driven OAuth/API key flows.
docs: refresh unreleased highlights
2026-01-16 09:51:27 +00:00
- Browser: improve remote CDP/Browserless support (auth passthrough, `wss` upgrade, timeouts, clearer errors).
- Heartbeat: per-agent configuration + 24h duplicate suppression. (#980) — thanks @voidserf.
- Security: audit warns on weak model tiers; app nodes store auth tokens encrypted (Keychain/SecurePrefs).
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
feat: render native chat markdown via Textual
2026-01-16 09:02:21 +00:00
- **BREAKING:** iOS minimum version is now 18.0 to support Textual markdown rendering in native chat. (#702)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- **BREAKING:** Microsoft Teams is now a plugin; install `@openclaw/msteams` via `openclaw plugins install @openclaw/msteams`.
docs: sort unreleased changelog
2026-01-16 09:46:12 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
Changelog: note schema-driven channels UI
2026-01-16 14:15:14 -06:00
- UI/Apps: move channel/config settings to schema-driven forms and rename Connections → Channels. (#1040) — thanks @thewilloftheshadow.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: set process titles to `openclaw-<command>` for clearer process listings.
fix: sync remote ssh targets
2026-01-16 07:32:58 +00:00
- CLI/macOS: sync remote SSH target/identity to config and let `gateway status` auto-infer SSH targets (ssh-config aware).
feat: scope telegram inline buttons
2026-01-16 20:16:35 +00:00
- Telegram: scope inline buttons with allowlist default + callback gating in DMs/groups.
feat: enable telegram reaction notifications by default
2026-01-16 20:51:39 +00:00
- Telegram: default reaction notifications to own.
fix: heartbeat prompt + dedupe (#980) (thanks @voidserf) - tighten default heartbeat prompt guidance - suppress duplicate heartbeat alerts within 24h Co-authored-by: void <voidserf@users.noreply.github.com>
2026-01-15 16:24:52 -08:00
- Heartbeat: tighten prompt guidance + suppress duplicate alerts for 24h. (#980) — thanks @voidserf.
chore: ignore local identity files (#1001) (thanks @gerardward2007) * chore: ignore local identity files (IDENTITY.md, USER.md) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: ignore local identity files (#1001) (thanks @gerardward2007) * chore: format session status tool * chore: format bash exec background abort test --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-16 11:30:04 +01:00
- Repo: ignore local identity files to avoid accidental commits. (#1001) — thanks @gerardward2007.
feat(session): add dmScope for multi-user DM isolation Co-authored-by: Alphonse-arianee <Alphonse-arianee@users.noreply.github.com>
2026-01-15 10:57:00 +00:00
- Sessions/Security: add `session.dmScope` for multi-user DM isolation and audit warnings. (#948) — thanks @Alphonse-arianee.
fix: show disabled channels in onboarding picker
2026-01-16 01:29:25 +00:00
- Onboarding: switch channels setup to a single-select loop with per-channel actions and disabled hints in the picker.
fix: show provider/model labels in TUI
2026-01-16 01:13:14 +00:00
- TUI: show provider/model labels for the active session and default model.
feat: add per-agent heartbeat config
2026-01-16 00:46:07 +00:00
- Heartbeat: add per-agent heartbeat configuration and multi-agent docs example.
fix: add control UI auth guidance
2026-01-16 09:01:45 +00:00
- UI: show gateway auth guidance + doc link on unauthorized Control UI connections.
feat(ui): delete sessions from Control UI
2026-01-16 22:33:38 +00:00
- UI: add session deletion action in Control UI sessions list. (#1017) — thanks @Szpadel.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Security: warn on weak model tiers (Haiku, below GPT-5, below Claude 4.5) in `openclaw security audit`.
docs: refresh unreleased highlights
2026-01-16 09:51:27 +00:00
- Apps: store node auth tokens encrypted (Keychain/SecurePrefs).
refactor: centralize daemon path resolution
2026-01-15 23:09:08 +00:00
- Daemon: share profile/state-dir resolution across service helpers and honor `CLAWDBOT_STATE_DIR` for Windows task scripts.
chore: update changelog (#969) (thanks @bjesuiter)
2026-01-15 22:09:45 +00:00
- Docs: clarify multi-gateway rescue bot guidance. (#969) — thanks @bjesuiter.
feat(date-time): standardize time context and tool timestamps
2026-01-15 22:26:31 +00:00
- Agents: add Current Date & Time system prompt section with configurable time format (auto/12/24).
- Tools: normalize Slack/Discord message timestamps with `timestampMs`/`timestampUtc` while keeping raw provider fields.
feat: add system.which bin probe
2026-01-16 07:31:26 +00:00
- macOS: add `system.which` for prompt-free remote skill discovery (with gateway fallback to `system.run`).
feat(date-time): standardize time context and tool timestamps
2026-01-15 22:26:31 +00:00
- Docs: add Date & Time guide and update prompt/timezone configuration docs.
feat(whatsapp): add debounceMs for batching rapid messages (#971) * feat(whatsapp): add debounceMs for batching rapid messages Add a `debounceMs` configuration option to WhatsApp channel settings that batches rapid consecutive messages from the same sender into a single response. This prevents triggering separate agent runs for each message when a user sends multiple short messages in quick succession (e.g., "Hey!", "how are you?", "I was wondering..."). Changes: - Add `debounceMs` config to WhatsAppConfig and WhatsAppAccountConfig - Implement message buffering in `monitorWebInbox` with: - Map-based buffer keyed by sender (DM) or chat ID (groups) - Debounce timer that resets on each new message - Message combination with newline separator - Single message optimization (no modification if only one message) - Wire `debounceMs` through account resolution and monitor tuning - Add UI hints and schema documentation Usage example: { "channels": { "whatsapp": { "debounceMs": 5000 // 5 second window } } } Default behavior: `debounceMs: 0` (disabled by default) Verified: All existing tests pass (3204 tests), TypeScript compilation succeeds with no errors. Implemented with assistance from AI coding tools. Closes #967 * chore: wip inbound debounce * fix: debounce inbound messages across channels (#971) (thanks @juanpablodlc) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-15 15:07:19 -08:00
- Messages: debounce rapid inbound messages across channels with per-connector overrides. (#971) — thanks @juanpablodlc.
fix: allow media-only sends
2026-01-16 03:15:07 +00:00
- Messages: allow media-only sends (CLI/tool) and show Telegram voice recording status for voice notes. (#957) — thanks @rdev.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Auth/Status: keep auth profiles sticky per session (rotate on compaction/new), surface provider usage headers in `/status` and `openclaw models status`, and update docs.
- CLI: add `--json` output for `openclaw daemon` lifecycle/install commands.
fix: make node-llama-cpp optional
2026-01-15 18:37:02 +00:00
- Memory: make `node-llama-cpp` an optional dependency (avoid Node 25 install failures) and improve local-embeddings fallback/errors.
docs(changelog): move browser relay fixes to 2026.1.15
2026-01-15 17:03:40 +00:00
- Browser: add `snapshot refs=aria` (Playwright aria-ref ids) for self-resolving refs across `snapshot``act`.
- Browser: `profile="chrome"` now defaults to host control and returns clearer “attach a tab” errors.
feat(browser): prefer Chrome default + add Brave/Edge fallbacks Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
2026-01-16 03:24:53 +00:00
- Browser: prefer stable Chrome for auto-detect, with Brave/Edge fallbacks and updated docs. (#983) — thanks @cpojer.
fix: tune remote CDP timeouts
2026-01-16 09:01:25 +00:00
- Browser: increase remote CDP reachability timeouts + add `remoteCdpTimeoutMs`/`remoteCdpHandshakeTimeoutMs`.
fix: support authenticated remote CDP URLs (#895) (thanks @mukhtharcm)
2026-01-16 08:31:51 +00:00
- Browser: preserve auth/query tokens for remote CDP endpoints and pass Basic auth for CDP HTTP/WS. (#895) — thanks @mukhtharcm.
fix: refine telegram reactions (#964) (thanks @bohdanpodvirnyi)
2026-01-15 17:20:17 +00:00
- Telegram: add bidirectional reaction support with configurable notifications and agent guidance. (#964) — thanks @bohdanpodvirnyi.
fix: add telegram custom commands (#860) (thanks @nachoiacovino) Co-authored-by: Nacho Iacovino <50103937+nachoiacovino@users.noreply.github.com>
2026-01-16 08:20:48 +00:00
- Telegram: allow custom commands in the bot menu (merged with native; conflicts ignored). (#860) — thanks @nachoiacovino.
Discord: fix allowlist gating. Closes #961
2026-01-15 11:53:13 -06:00
- Discord: allow allowlisted guilds without channel lists to receive messages when `groupPolicy="allowlist"`. — thanks @thewilloftheshadow.
fix: update discord action defaults (#870) (thanks @JDIVE)
2026-01-16 06:50:27 +00:00
- Discord: allow emoji/sticker uploads + channel actions in config defaults. (#870) — thanks @JDIVE.
docs: sort unreleased changelog
2026-01-16 09:46:12 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
feat: enhance web_fetch fallbacks
2026-01-17 00:00:15 +00:00
- Messages: make `/stop` clear queued followups and pending session lane work for a hard abort.
- Messages: make `/stop` abort active sub-agent runs spawned from the requester session and report how many were stopped.
- WhatsApp: report linked status consistently in channel status. (#1050) — thanks @YuriNachos.
- Sessions: keep per-session overrides when `/new` resets compaction counters. (#1050) — thanks @YuriNachos.
- Skills: allow OpenAI image-gen helper to handle URL or base64 responses. (#1050) — thanks @YuriNachos.
fix: avoid imessage rpc restart loop
2026-01-17 00:34:44 +00:00
- WhatsApp: default response prefix only for self-chat, using identity name when set.
- iMessage: treat missing `imsg rpc` support as fatal to avoid restart loops.
- Auth: merge main auth profiles into per-agent stores for sub-agents and document inheritance. (#1013) — thanks @marcmarg.
- Agents: avoid JSON Schema `format` collisions in tool params by renaming snapshot format fields. (#1013) — thanks @marcmarg.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Fix: make `openclaw update` auto-update global installs when installed via a package manager.
docs: sort unreleased changelog
2026-01-16 09:46:12 +00:00
- Fix: list model picker entries as provider/model pairs for explicit selection. (#970) — thanks @mcinteerj.
- Fix: align OpenAI image-gen defaults with DALL-E 3 standard quality and document output formats. (#880) — thanks @mkbehr.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Fix: persist `gateway.mode=local` after selecting Local run mode in `openclaw configure`, even if no other sections are chosen.
docs: sort unreleased changelog
2026-01-16 09:46:12 +00:00
- Daemon: fix profile-aware service label resolution (env-driven) and add coverage for launchd/systemd/schtasks. (#969) — thanks @bjesuiter.
- Agents: avoid false positives when logging unsupported Google tool schema keywords.
- Agents: skip Gemini history downgrades for google-antigravity to preserve tool calls. (#894) — thanks @mukhtharcm.
- Status: restore usage summary line for current provider when no OAuth profiles exist.
- Fix: guard model fallback against undefined provider/model values. (#954) — thanks @roshanasingh4.
- Fix: refactor session store updates, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
- Fix: clean up suspended CLI processes across backends. (#978) — thanks @Nachx639.
- Fix: support MiniMax coding plan usage responses with `model_remains`/`current_interval_*` payloads.
fix: honor message tool channel for tool dedupe (#1053) - Treat message tool `channel` as provider hint for dedupe/suppression. - Prefer NO_REPLY after message tool sends to avoid duplicate replies. Co-authored-by: Sash Catanzarite <1166151+thesash@users.noreply.github.com>
2026-01-16 16:23:51 -08:00
- Fix: honor message tool channel for duplicate suppression (prefer `NO_REPLY` after `message` tool sends). (#1053) — thanks @sashcatanzarite.
docs: sort unreleased changelog
2026-01-16 09:46:12 +00:00
- Fix: suppress WhatsApp pairing replies for historical catch-up DMs on initial link. (#904)
- Browser: extension mode recovers when only one tab is attached (stale targetId fallback).
- Browser: fix `tab not found` for extension relay snapshots/actions when Playwright blocks `newCDPSession` (use the single available Page).
- Browser: upgrade `ws``wss` when remote CDP uses `https` (fixes Browserless handshake).
- Telegram: skip `message_thread_id=1` for General topic sends while keeping typing indicators. (#848) — thanks @azade-c.
fix: sanitize user-facing errors and strip final tags Co-authored-by: Drake Thomsen <drake.thomsen@example.com>
2026-01-16 03:00:40 +00:00
- Fix: sanitize user-facing error text + strip `<final>` tags across reply pipelines. (#975) — thanks @ThomsenDrake.
fix: normalize pairing aliases and webhook guard (#991) (thanks @longmaba)
2026-01-16 04:53:40 +00:00
- Fix: normalize pairing CLI aliases, allow extension channels, and harden Zalo webhook payload parsing. (#991) — thanks @longmaba.
Gateway auth: accept local Tailscale Serve hostnames and tailnet IPs (#885) * Gateway auth: accept local Tailscale Serve hostnames and tailnet IPs * fix: allow local Tailscale Serve hostnames (#885) (thanks @oswalpalash) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-16 13:21:25 +05:30
- Fix: allow local Tailscale Serve hostnames without treating tailnet clients as direct. (#885) — thanks @oswalpalash.
fix: reset sessions after role ordering conflicts
2026-01-16 09:03:54 +00:00
- Fix: reset sessions after role-ordering conflicts to recover from consecutive user turns. (#998)
chore: start 2026.1.15 (unreleased)
2026-01-15 16:47:19 +00:00
chore(macos): prep Sparkle release 2026.1.14-1
2026-01-15 11:15:41 +00:00
## 2026.1.14-1
feat: add security audit + onboarding checkpoint
2026-01-15 01:25:11 +00:00
fix(onboarding): move web search hint to end
2026-01-15 07:50:00 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
- Web search: `web_search`/`web_fetch` tools (Brave API) + first-time setup in onboarding/configure.
refactor: route browser control via gateway/node
2026-01-27 03:23:42 +00:00
- Browser control: Chrome extension relay takeover mode + remote browser control support.
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
- Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Security: expanded `openclaw security audit` (+ `--fix`), detect-secrets CI scan, and a `SECURITY.md` reporting policy.
fix(onboarding): move web search hint to end
2026-01-15 07:50:00 +00:00
feat: add security audit + onboarding checkpoint
2026-01-15 01:25:11 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
- Docs: clarify per-agent auth stores, sandboxed skill binaries, and elevated semantics.
- Docs: add FAQ entries for missing provider auth after adding agents and Gemini thinking signature errors.
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Agents: add optional auth-profile copy prompt on `agents add` and improve auth error messaging.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Security: expand `openclaw security audit` checks (model hygiene, config includes, plugin allowlists, exposure matrix) and extend `--fix` to tighten more sensitive state paths.
feat: sticky auth profile rotation + usage headers
2026-01-16 00:24:31 +00:00
- Security: add `SECURITY.md` reporting policy.
- Channels: add Matrix plugin (external) with docs + onboarding hooks.
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Plugins: add Zalo channel plugin with gateway HTTP hooks and onboarding install prompt. (#854) — thanks @longmaba.
- Onboarding: add a security checkpoint prompt (docs link + sandboxing hint); require `--accept-risk` for `--non-interactive`.
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
- Docs: expand gateway security hardening guidance and incident response checklist.
- Docs: document DM history limits for channel DMs. (#883) — thanks @pkrmf.
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
- Tools: add `web_search`/`web_fetch` (Brave API), auto-enable `web_fetch` for sandboxed sessions, and remove the `brave-search` skill.
- CLI/Docs: add a web tools configure section for storing Brave API keys and update onboarding tips.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Browser: add Chrome extension relay takeover mode (toolbar button), plus `openclaw browser extension install/path` and remote browser control (standalone server + token auth).
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
Embedded runner: suppress raw API error payloads (#919)
2026-01-14 16:52:10 -08:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Sessions: refactor session store updates to lock + mutate per-entry, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
fix(agents): skip thinking tags in code spans
2026-01-15 09:23:10 +00:00
- Browser: add tests for snapshot labels/efficient query params and labeled image responses.
- Google: downgrade unsigned thinking blocks before send to avoid missing signature errors.
- Doctor: avoid re-adding WhatsApp config when only legacy ack reactions are set. (#927, fixes #900) — thanks @grp06.
- Agents: scrub tuple `items` schemas for Gemini tool calls. (#926, fixes #746) — thanks @grp06.
fix: harden antigravity claude support (#968) Co-authored-by: Max <rdev@users.noreply.github.com>
2026-01-16 01:52:34 +00:00
- Agents: harden Antigravity Claude history/tool-call sanitization. (#968) — thanks @rdev.
fix(agents): skip thinking tags in code spans
2026-01-15 09:23:10 +00:00
- Agents: stabilize sub-agent announce status from runtime outcomes and normalize Result/Notes. (#835) — thanks @roshanasingh4.
- Embedded runner: suppress raw API error payloads from replies. (#924) — thanks @grp06.
- Auth: normalize Claude Code CLI profile mode to oauth and auto-migrate config. (#855) — thanks @sebslight.
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
- Daemon: clear persisted launchd disabled state before bootstrap (fixes `daemon install` after uninstall). (#849) — thanks @ndraiman.
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Logging: tolerate `EIO` from console writes to avoid gateway crashes. (#925, fixes #878) — thanks @grp06.
- Sandbox: restore `docker.binds` config validation for custom bind mounts. (#873) — thanks @akonyer.
- Sandbox: preserve configured PATH for `docker exec` so custom tools remain available. (#873) — thanks @akonyer.
- Slack: respect `channels.slack.requireMention` default when resolving channel mention gating. (#850) — thanks @evalexpr.
- Telegram: aggregate split inbound messages into one prompt (reduces “one reply per fragment”).
- Auto-reply: treat trailing `NO_REPLY` tokens as silent replies.
- Config: prevent partial config writes from clobbering unrelated settings (base hash guard + merge patch for connection saves).
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
## 2026.1.14
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Usage: add MiniMax coding plan usage tracking.
- Auth: label Claude Code CLI auth options. (#915) — thanks @SeanZoR.
- Docs: standardize Claude Code CLI naming across docs and prompts. (follow-up to #915)
- Telegram: add message delete action in the message tool. (#903) — thanks @sleontenko.
- Config: add `channels.<provider>.configWrites` gating for channel-initiated config writes; migrate Slack channel IDs.
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
- Mac: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
- UI: use application-defined WebSocket close code (browser compatibility). (#918) — thanks @rahthakor.
docs(changelog): regroup 2026.1.14
2026-01-15 08:59:16 +00:00
- TUI: render picker overlays via the overlay stack so /models and /settings display. (#921) — thanks @grizzdank.
- TUI: add a bright spinner + elapsed time in the status line for send/stream/run states.
macOS: prefer bridge tunnel port in remote mode
2026-01-15 14:04:54 +00:00
- TUI: show LLM error messages (rate limits, auth, etc.) instead of `(no output)`.
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Gateway/Dev: ensure `pnpm gateway:dev` always uses the dev profile config + state (`~/.openclaw-dev`).
macOS: prefer bridge tunnel port in remote mode
2026-01-15 14:04:54 +00:00
#### Agents / Auth / Tools / Sandbox
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
macOS: prefer bridge tunnel port in remote mode
2026-01-15 14:04:54 +00:00
- Agents: make user time zone and 24-hour time explicit in the system prompt. (#859) — thanks @CashWilliams.
- Agents: strip downgraded tool call text without eating adjacent replies and filter thinking-tag leaks. (#905) — thanks @erikpr1994.
- Agents: cap tool call IDs for OpenAI/OpenRouter to avoid request rejections. (#875) — thanks @j1philli.
- Sandbox: restore `docker.binds` config validation and preserve configured PATH for `docker exec`. (#873) — thanks @akonyer.
#### macOS / Apps
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
macOS: prefer bridge tunnel port in remote mode
2026-01-15 14:04:54 +00:00
- macOS: ensure launchd log directory exists with a test-only override. (#909) — thanks @roshanasingh4.
- macOS: format ConnectionsStore config to satisfy SwiftFormat lint. (#852) — thanks @mneves75.
- macOS: pass auth token/password to dashboard URL for authenticated access. (#918) — thanks @rahthakor.
- macOS: reuse launchd gateway auth and skip wizard when gateway config already exists. (#917)
fix: document macOS remote tunnels (#960) (thanks @kkarimi)
2026-01-16 01:59:14 +00:00
- macOS: prefer the default bridge tunnel port in remote mode for node bridge connectivity; document macOS remote control + bridge tunnels. (#960, fixes #865) — thanks @kkarimi.
macOS: prefer bridge tunnel port in remote mode
2026-01-15 14:04:54 +00:00
- Apps: use canonical main session keys from gateway defaults across macOS/iOS/Android to avoid creating bare `main` sessions.
fix: isolate Slack thread sessions (#758)
2026-01-15 08:01:15 +00:00
- macOS: fix cron preview/testing payload to use `channel` key. (#867) — thanks @wes-davis.
- Telegram: honor `channels.telegram.timeoutSeconds` for grammY API requests. (#863) — thanks @Snaver.
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Telegram: split long captions into media + follow-up text messages. (#907) - thanks @jalehman.
fix: isolate Slack thread sessions (#758)
2026-01-15 08:01:15 +00:00
- Telegram: migrate group config when supergroups change chat IDs. (#906) — thanks @sleontenko.
- Messaging: unify markdown formatting + format-first chunking for Slack/Telegram/Signal. (#920) — thanks @TheSethRose.
feat: refine subagents + add chat.inject Co-authored-by: Tyler Yust <tyler6204@users.noreply.github.com>
2026-01-15 23:06:58 +00:00
- Slack: drop Socket Mode events with mismatched `api_app_id`/`team_id`. (#889) — thanks @roshanasingh4.
- Discord: isolate autoThread thread context. (#856) — thanks @davidguttman.
fix: isolate Slack thread sessions (#758)
2026-01-15 08:01:15 +00:00
- WhatsApp: fix context isolation using wrong ID (was bot's number, now conversation ID). (#911) — thanks @tristanmanchester.
- WhatsApp: normalize user JIDs with device suffix for allowlist checks in groups. (#838) — thanks @peschee.
fix(onboarding): move web search hint to end
2026-01-15 07:50:00 +00:00
chore: prep 2026.1.13 release
2026-01-13 23:59:04 +00:00
## 2026.1.13
fix: make postinstall patcher idempotent
2026-01-13 23:12:27 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: make postinstall patcher idempotent
2026-01-13 23:12:27 +00:00
- Postinstall: treat already-applied pnpm patches as no-ops to avoid npm/bun install failures.
chore: prep 2026.1.13 release
2026-01-13 23:59:04 +00:00
- Packaging: pin `@mariozechner/pi-ai` to 0.45.7 and refresh patched dependency to match npm resolution.
fix: make postinstall patcher idempotent
2026-01-13 23:12:27 +00:00
chore: fix npm package contents
2026-01-13 09:36:15 +00:00
## 2026.1.12-2
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: fix npm package contents
2026-01-13 09:36:15 +00:00
- Packaging: include `dist/memory/**` in the npm tarball (fixes `ERR_MODULE_NOT_FOUND` for `dist/memory/index.js`).
fix: resume subagent registry safely (#831) (thanks @roshanasingh4)
2026-01-13 10:10:15 +00:00
- Agents: persist sub-agent registry across gateway restarts and resume announce flow safely. (#831) — thanks @roshanasingh4.
Changelog: thank PR #845
2026-01-13 12:29:45 +01:00
- Agents: strip invalid Gemini thought signatures from OpenRouter history to avoid 400s. (#841, #845) — thanks @MatthieuBizien.
chore: fix npm package contents
2026-01-13 09:36:15 +00:00
chore: fix npm package contents
2026-01-13 09:33:02 +00:00
## 2026.1.12-1
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: fix npm package contents
2026-01-13 09:33:02 +00:00
- Packaging: include `dist/channels/**` in the npm tarball (fixes `ERR_MODULE_NOT_FOUND` for `dist/channels/registry.js`).
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
## 2026.1.12
chore: sanitize onboarding api keys
2026-01-12 11:18:31 +00:00
docs: add changelog entry for minimax fix
2026-01-12 16:53:53 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor!: rename chat providers to channels
2026-01-13 06:16:43 +00:00
- **BREAKING:** rename chat “providers” (Slack/Telegram/WhatsApp/…) to **channels** across CLI/RPC/config; legacy config keys auto-migrate on load (and are written back as `channels.*`).
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
- Memory: add vector search for agent memories (Markdown-only) with SQLite index, chunking, lazy sync + file watch, and per-agent enablement/fallback.
- Plugins: restore full voice-call plugin parity (Telnyx/Twilio, streaming, inbound policies, tools/CLI).
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Models: add Synthetic provider plus Moonshot Kimi K2 0905 + turbo/thinking variants (with docs). (#811) — thanks @siraht; (#818) — thanks @mickahouan.
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
- Cron: one-shot schedules accept ISO timestamps (UTC) with optional delete-after-run; cron jobs can target a specific agent (CLI + macOS/Control UI).
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Agents: add compaction mode config with optional safeguard summarization and per-agent model fallbacks. (#700) — thanks @thewilloftheshadow; (#583) — thanks @mitschabaude-bot.
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
### New & Improved
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Memory: add custom OpenAI-compatible embedding endpoints; support OpenAI/local `node-llama-cpp` embeddings with per-agent overrides and provider metadata in tools/CLI. (#819) — thanks @mukhtharcm.
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Memory: new `openclaw memory` CLI plus `memory_search`/`memory_get` tools with snippets + line ranges; index stored under `~/.openclaw/memory/{agentId}.sqlite` with watch-on-by-default.
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
- Agents: strengthen memory recall guidance; make workspace bootstrap truncation configurable (default 20k) with warnings; add default sub-agent model config.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Tools/Sandbox: add tool profiles + group shorthands; support tool-policy groups in `tools.sandbox.tools`; drop legacy `memory` shorthand; allow Docker bind mounts via `docker.binds`. (#790) — thanks @akonyer.
feat: add provider-specific tool policies
2026-01-13 09:59:21 +00:00
- Tools: add provider/model-specific tool policy overrides (`tools.byProvider`) to trim tool exposure per provider.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Tools: add browser `scrollintoview` action; allow Claude/Gemini tool param aliases; allow thinking `xhigh` for GPT-5.2/Codex with safe downgrades. (#793) — thanks @hsrvc; (#444) — thanks @grp06.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Gateway/CLI: add Tailscale binary discovery, custom bind mode, and probe auth retry; add `openclaw dashboard` auto-open flow; default native slash commands to `"auto"` with per-provider overrides. (#740) — thanks @jeffersonwarrior.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Auth/Onboarding: add Chutes OAuth (PKCE + refresh + onboarding choice); normalize API key inputs; default TUI onboarding to `deliver: false`. (#726) — thanks @FrieSei; (#791) — thanks @roshanasingh4.
- Providers: add `discord.allowBots`; trim legacy MiniMax M2 from default catalogs; route MiniMax vision to the Coding Plan VLM endpoint (also accepts `@/path/to/file.png` inputs). (#802) — thanks @zknicker.
- Gateway: allow Tailscale Serve identity headers to satisfy token auth; rebuild Control UI assets when protocol schema is newer. (#823) — thanks @roshanasingh4; (#786) — thanks @meaningfool.
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
- Heartbeat: default `ackMaxChars` to 300 so short `HEARTBEAT_OK` replies stay internal.
chore: sanitize onboarding api keys
2026-01-12 11:18:31 +00:00
fix: harden doctor install checks
2026-01-13 07:25:25 +00:00
### Installer
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Install: run `openclaw doctor --non-interactive` after git installs/updates and nudge daemon restarts when detected.
fix: harden doctor install checks
2026-01-13 07:25:25 +00:00
chore: sanitize onboarding api keys
2026-01-12 11:18:31 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: harden doctor install checks
2026-01-13 07:25:25 +00:00
- Doctor: warn on pnpm workspace mismatches, missing Control UI assets, and missing tsx binaries; offer UI rebuilds.
feat: add provider-specific tool policies
2026-01-13 09:59:21 +00:00
- Tools: apply global tool allow/deny even when agent-specific tool policy is set.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Models/Providers: treat credential validation failures as auth errors to trigger fallback; normalize `${ENV_VAR}` apiKey values and auto-fill missing provider keys; preserve explicit GitHub Copilot provider config + agent-dir auth profiles. (#822) — thanks @sebslight; (#705) — thanks @TAGOOZ.
chore(changelog): note auth profile order fix
2026-01-13 07:42:47 +00:00
- Auth: drop invalid auth profiles from ordering so environment keys can still be used for providers like MiniMax.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Gemini: normalize Gemini 3 ids to preview variants; strip Gemini CLI tool call/response ids; downgrade missing `thought_signature`; strip Claude `msg_*` thought_signature fields to avoid base64 decode errors. (#795) — thanks @thewilloftheshadow; (#783) — thanks @ananth-vardhan-cn; (#793) — thanks @hsrvc; (#805) — thanks @marcmarg.
fix: recover from compaction overflow
2026-01-13 08:02:58 +00:00
- Agents: auto-recover from compaction context overflow by resetting the session and retrying; propagate overflow details from embedded runs so callers can recover.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- MiniMax: strip malformed tool invocation XML; include `MiniMax-VL-01` in implicit provider for image pairing. (#809) — thanks @latitudeki5223.
docs: credit MiniMax agent-dir fix
2026-01-13 07:30:50 +00:00
- Onboarding/Auth: honor `CLAWDBOT_AGENT_DIR` / `PI_CODING_AGENT_DIR` when writing auth profiles (MiniMax). (#829) — thanks @roshanasingh4.
fix: handle Anthropic overloaded_error gracefully (#832) (thanks @danielz1z)
2026-01-13 08:32:06 +00:00
- Anthropic: handle `overloaded_error` with a friendly message and failover classification. (#832) — thanks @danielz1z.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Anthropic: merge consecutive user turns (preserve newest metadata) before validation to avoid incorrect role errors. (#804) — thanks @ThomsenDrake.
- Messaging: enforce context isolation for message tool sends; keep typing indicators alive during tool execution. (#793) — thanks @hsrvc; (#450, #447) — thanks @thewilloftheshadow.
- Auto-reply: `/status` allowlist behavior, reasoning-tag enforcement on fallback, and system-event enqueueing for elevated/reasoning toggles. (#810) — thanks @mcinteerj.
- System events: include local timestamps when events are injected into prompts. (#245) — thanks @thewilloftheshadow.
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
- Auto-reply: resolve ambiguous `/model` matches; fix streaming block reply media handling; keep >300 char heartbeat replies instead of dropping.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Discord/Slack: centralize reply-thread planning; fix autoThread routing + add per-channel autoThread; avoid duplicate listeners; keep reasoning italics intact; allow clearing channel parents via message tool. (#800, #807) — thanks @davidguttman; (#744) — thanks @thewilloftheshadow.
- Telegram: preserve forum topic thread ids, persist polling offsets, respect account bindings in webhook mode, and show typing indicator in General topics. (#727, #739) — thanks @thewilloftheshadow; (#821) — thanks @gumadeiras; (#779) — thanks @azade-c.
- Slack: accept slash commands with or without leading `/` for custom command configs. (#798) — thanks @thewilloftheshadow.
- Cron: persist disabled jobs correctly; accept `jobId` aliases for update/run/remove params. (#205, #252) — thanks @thewilloftheshadow.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Gateway/CLI: honor `CLAWDBOT_LAUNCHD_LABEL` / `CLAWDBOT_SYSTEMD_UNIT` overrides; `agents.list` respects explicit config; reduce noisy loopback WS logs during tests; run `openclaw doctor --non-interactive` during updates. (#781) — thanks @ronyrus.
chore: release 2026.1.12
2026-01-13 09:25:50 +00:00
- Onboarding/Control UI: refuse invalid configs (run doctor first); quote Windows browser URLs for OAuth; keep chat scroll position unless the user is near the bottom. (#764) — thanks @mukhtharcm; (#794) — thanks @roshanasingh4; (#217) — thanks @thewilloftheshadow.
- Tools/UI: harden tool input schemas for strict providers; drop null-only union variants for Gemini schema cleanup; treat `maxChars: 0` as unlimited; keep TUI last streamed response instead of "(no output)". (#782) — thanks @AbhisekBasu1; (#796) — thanks @gabriel-trigo; (#747) — thanks @thewilloftheshadow.
- Connections UI: polish multi-account account cards. (#816) — thanks @steipete.
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
### Maintenance
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
Docs: reorder 2025.1.12 changelog
2026-01-13 07:03:44 +00:00
- Dependencies: bump Pi packages to 0.45.3 and refresh patched pi-ai.
- Testing: update Vitest + browser-playwright to 4.0.17.
- Docs: add Amazon Bedrock provider notes and link from models/FAQ.
chore: release 2026.1.11-1
2026-01-12 09:46:34 +00:00
feat: plugin system + voice-call
2026-01-12 01:16:39 +00:00
## 2026.1.11
feat(macos): prompt for CLI install
2026-01-11 10:15:37 +00:00
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Plugins are now first-class: loader + CLI management, plus the new Voice Call plugin.
- Config: modular `$include` support for split config files. (#731) — thanks @pasogott.
- Agents/Pi: reserve compaction headroom so pre-compaction memory writes can run before auto-compaction.
- Agents: automatic pre-compaction memory flush turn to store durable memories before compaction.
feat(macos): prompt for CLI install
2026-01-11 10:15:37 +00:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: refresh minimax setup docs
2026-01-12 05:49:02 +00:00
- CLI/Onboarding: simplify MiniMax auth choice to a single M2.1 option.
- CLI: configure section selection now loops until Continue.
docs: expand minimax + cerebras setup
2026-01-12 05:57:49 +00:00
- Docs: explain MiniMax vs MiniMax Lightning (speed vs cost) and restore LM Studio example.
- Docs: add Cerebras GLM 4.6/4.7 config example (OpenAI-compatible endpoint).
docs: update changelog
2026-01-12 05:08:11 +00:00
- Onboarding/CLI: group model/auth choice by provider and label Z.AI as GLM 4.7.
feat: add Moonshot auth choice
2026-01-12 06:47:52 +00:00
- Onboarding/Docs: add Moonshot AI (Kimi K2) auth choice + config example.
- CLI/Onboarding: prompt to reuse detected API keys for Moonshot/MiniMax/Z.AI/Gemini/Anthropic/OpenCode.
feat(model): add /model picker
2026-01-12 06:02:39 +00:00
- Auto-reply: add compact `/model` picker (models + available providers) and show provider endpoints in `/model status`.
feat(control-ui): add model presets
2026-01-12 07:09:46 +00:00
- Control UI: add Config tab model presets (MiniMax M2.1, GLM 4.7, Kimi) for one-click setup.
feat: plugin system + voice-call
2026-01-12 01:16:39 +00:00
- Plugins: add extension loader (tools/RPC/CLI/services), discovery paths, and config schema + Control UI labels (uiHints).
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Plugins: add `openclaw plugins install` (path/tgz/npm), plus `list|info|enable|disable|doctor` UX.
chore: update changelog for voice-call plugin
2026-01-11 23:23:23 +00:00
- Plugins: voice-call plugin now real (Twilio/log), adds start/status RPC/CLI/tool + tests.
feat: add plugin architecture
2026-01-11 12:11:12 +00:00
- Docs: add plugins doc + cross-links from tools/skills/gateway config.
chore: update changelog
2026-01-12 01:27:11 +00:00
- Docs: add beginner-friendly plugin quick start + expand Voice Call plugin docs.
feat: plugin system + voice-call
2026-01-12 01:16:39 +00:00
- Tests: add Docker plugin loader + tgz-install smoke test.
chore: update changelog
2026-01-12 01:27:11 +00:00
- Tests: extend Docker plugin E2E to cover installing from local folders (`plugins.load.paths`) and `file:` npm specs.
docs: add changelog entry for minimax fix
2026-01-12 16:53:53 +00:00
- Tests: add coverage for pre-compaction memory flush settings.
docs: update changelog for #769
2026-01-12 06:59:17 +00:00
- Tests: modernize live model smoke selection for current releases and enforce tools/images/thinking-high coverage. (#769) — thanks @steipete.
feat: add apply_patch tool (exec-gated)
2026-01-12 03:42:49 +00:00
- Agents/Tools: add `apply_patch` tool for multi-file edits (experimental; gated by tools.exec.applyPatch; OpenAI-only).
fix: rename bash tool to exec (#748) (thanks @myfunc)
2026-01-12 02:49:55 +00:00
- Agents/Tools: rename the bash tool to exec (config alias maintained). (#748) — thanks @myfunc.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Agents: add pre-compaction memory flush config (`agents.defaults.compaction.*`) with a soft threshold + system prompt.
fix: guard config includes (#731) (thanks @pasogott)
2026-01-12 00:12:03 +00:00
- Config: add `$include` directive for modular config files. (#731) — thanks @pasogott.
fix: add changelog for minimum release age (#718) (thanks @dan-dr)
2026-01-11 11:26:39 +00:00
- Build: set pnpm minimum release age to 2880 minutes (2 days). (#718) — thanks @dan-dr.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- macOS: prompt to install the global `openclaw` CLI when missing in local mode; install via `openclaw.ai/install-cli.sh` (no onboarding) and use external launchd/CLI instead of the embedded gateway runtime.
docs: verify gog calendar colors (#715) (thanks @mjrussell)
2026-01-11 10:39:40 +00:00
- Docs: add gog calendar event color IDs from `gog calendar colors`. (#715) — thanks @mjrussell.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Cron/CLI: add `--model` flag to cron add/edit commands. (#711) — thanks @mjrussell.
fix: trim cron model overrides and doc guidance (#711) (thanks @mjrussell)
2026-01-11 10:52:40 +00:00
- Cron/CLI: trim model overrides on cron edits and document main-session guidance. (#711) — thanks @mjrussell.
docs: note bundled skill-creator
2026-01-11 11:32:30 +00:00
- Skills: bundle `skill-creator` to guide creating and packaging skills.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Providers: add per-DM history limit overrides (`dmHistoryLimit`) with provider-level config. (#728) — thanks @pkrmf.
- Discord: expose channel/category management actions in the message tool. (#730) — thanks @NicholasSpisak.
fix: land PR #733 (thanks @AbhisekBasu1)
2026-01-11 23:37:44 +00:00
- Docs: rename README “macOS app” section to “Apps”. (#733) — thanks @AbhisekBasu1.
docs: update changelog
2026-01-12 04:38:52 +00:00
- Gateway: require `client.id` in WebSocket connect params; use `client.instanceId` for presence de-dupe; update docs/tests.
- macOS: remove the attach-only gateway setting; local mode now always manages launchd while still attaching to an existing gateway if present.
feat(macos): prompt for CLI install
2026-01-11 10:15:37 +00:00
chore: harden installer and add smoke ci
2026-01-11 23:54:26 +00:00
### Installer
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore: harden installer and add smoke ci
2026-01-11 23:54:26 +00:00
- Postinstall: replace `git apply` with builtin JS patcher (works npm/pnpm/bun; no git dependency) plus regression tests.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Postinstall: skip pnpm patch fallback when the new patcher is active.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Installer tests: add root+non-root docker smokes, CI workflow to fetch openclaw.ai scripts and run install sh/cli with onboarding skipped.
chore: harden installer and add smoke ci
2026-01-11 23:54:26 +00:00
- Installer UX: support `CLAWDBOT_NO_ONBOARD=1` for non-interactive installs; fix npm prefix on Linux and auto-install git.
docs: add installer internals
2026-01-12 02:00:09 +00:00
- Installer UX: add `install.sh --help` with flags/env and git install hint.
docs: note installer git method
2026-01-12 00:59:08 +00:00
- Installer UX: add `--install-method git|npm` and auto-detect source checkouts (prompt to update git checkout vs migrate to npm).
chore: harden installer and add smoke ci
2026-01-11 23:54:26 +00:00
fix: add update env regression test (#713) (thanks @danielz1z)
2026-01-11 10:48:46 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix(models): default MiniMax to /anthropic
2026-01-12 05:09:59 +00:00
- Models/Onboarding: configure MiniMax (minimax.io) via Anthropic-compatible `/anthropic` endpoint by default (keep `minimax-api` as a legacy alias).
fix: clean up lint + guardCancel typing
2026-01-12 07:02:49 +00:00
- Models: normalize Gemini 3 Pro/Flash IDs to preview names for live model lookups. (#769) — thanks @steipete.
- CLI: fix guardCancel typing for configure prompts. (#769) — thanks @steipete.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Gateway/WebChat: include handshake validation details in the WebSocket close reason for easier debugging; preserve close codes.
fix: stabilize invalid-connect handshake response
2026-01-12 00:15:14 +00:00
- Gateway/Auth: send invalid connect responses before closing the handshake; stabilize invalid-connect auth test.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Gateway: tighten gateway listener detection.
- Control UI: hide onboarding chat when configured and guard the mobile chat sidebar overlay.
- Auth: read Codex keychain credentials and make the lookup platform-aware.
- macOS/Release: avoid bundling dist artifacts in relay builds and generate appcasts from zip-only sources.
feat: add plugin architecture
2026-01-11 12:11:12 +00:00
- Doctor: surface plugin diagnostics in the report.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Plugins: treat `plugins.load.paths` directory entries as package roots when they contain `package.json` + `openclaw.extensions`; load plugin packages from config dirs; extract archives without system tar.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Config: expand `~` in `CLAWDBOT_CONFIG_PATH` and common path-like config fields (including `plugins.load.paths`); guard invalid `$include` paths. (#731) — thanks @pasogott.
fix: persist first Pi user message in JSONL
2026-01-12 05:17:54 +00:00
- Agents: stop pre-creating session transcripts so first user messages persist in JSONL history.
fix: skip memory flush on read-only workspace
2026-01-12 06:33:14 +00:00
- Agents: skip pre-compaction memory flush when the session workspace is read-only.
docs: clarify memory flush behavior
2026-01-12 07:39:44 +00:00
- Auto-reply: ignore inline `/status` directives unless the message is directive-only.
fix: align /think default display (#751) (thanks @gabriel-trigo)
2026-01-12 02:51:17 +00:00
- Auto-reply: align `/think` default display with model reasoning defaults. (#751) — thanks @gabriel-trigo.
fix: flush block reply buffers on tool boundaries (#750) (thanks @sebslight)
2026-01-12 02:54:57 +00:00
- Auto-reply: flush block reply buffers on tool boundaries. (#750) — thanks @sebslight.
fix: sender fallback for command auth (#755) (thanks @juanpablodlc)
2026-01-12 06:28:53 +00:00
- Auto-reply: allow sender fallback for command authorization when `SenderId` is empty (WhatsApp self-chat). (#755) — thanks @juanpablodlc.
fix: gate inline /status stripping
2026-01-13 01:20:52 +00:00
- Auto-reply: treat whitespace-only sender ids as missing for command authorization (WhatsApp self-chat). (#766) — thanks @steipete.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Heartbeat: refresh prompt text for updated defaults.
- Agents/Tools: use PowerShell on Windows to capture system utility output. (#748) — thanks @myfunc.
fix: tolerate unset docker env vars (#725) (thanks @petradonka)
2026-01-12 00:38:05 +00:00
- Docker: tolerate unset optional env vars in docker-setup.sh under strict mode. (#725) — thanks @petradonka.
fix: add update env regression test (#713) (thanks @danielz1z)
2026-01-11 10:48:46 +00:00
- CLI/Update: preserve base environment when passing overrides to update subprocesses. (#713) — thanks @danielz1z.
fix: prevent silent message-tool drops (#717) (thanks @theglove44)
2026-01-11 11:04:29 +00:00
- Agents: treat message tool errors as failures so fallback replies still send; require `to` + `message` for `action=send`. (#717) — thanks @theglove44.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Agents: preserve reasoning items on tool-only turns.
- Agents/Subagents: wait for completion before announcing, align wait timeout with run timeout, and make announce prompts more emphatic.
fix: route subagent transcripts and keep tool action enums (#708) (thanks @xMikeMickelson)
2026-01-11 11:19:38 +00:00
- Agents: route subagent transcripts to the target agent sessions directory and add regression coverage. (#708) — thanks @xMikeMickelson.
- Agents/Tools: preserve action enums when flattening tool schemas. (#708) — thanks @xMikeMickelson.
fix(gateway): canonicalize main session aliases
2026-01-12 01:05:43 +00:00
- Gateway/Agents: canonicalize main session aliases for store writes and add regression coverage. (#709) — thanks @xMikeMickelson.
fix: reset session after compaction overflow
2026-01-12 00:28:02 +00:00
- Agents: reset sessions and retry when auto-compaction overflows instead of crashing the gateway.
feat: add pre-compaction memory flush
2026-01-12 05:28:17 +00:00
- Providers/Telegram: normalize command mentions for consistent parsing. (#729) — thanks @obviyus.
- Providers: skip DM history limit handling for non-DM sessions. (#728) — thanks @pkrmf.
fix(sandbox): avoid sandboxing main DM sessions
2026-01-12 01:23:37 +00:00
- Sandbox: fix non-main mode incorrectly sandboxing the main DM session and align `/status` runtime reporting with effective sandbox state.
fix(sandbox): canonicalize agent main alias
2026-01-12 02:22:56 +00:00
- Sandbox/Gateway: treat `agent:<id>:main` as a main-session alias when `session.mainKey` is customized (backwards compatible).
fix: fast-path slash commands
2026-01-12 06:10:17 +00:00
- Auto-reply: fast-path allowlisted slash commands (inline `/help`/`/commands`/`/status`/`/whoami` stripped before model).
fix: add update env regression test (#713) (thanks @danielz1z)
2026-01-11 10:48:46 +00:00
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
## 2026.1.10
fix: improve telegram configuration safety
2026-01-11 03:57:44 +01:00
docs(changelog): consolidate 2026.1.11
2026-01-11 04:17:37 +01:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: `openclaw status` now table-based + shows OS/update/gateway/daemon/agents/sessions; `status --all` adds a full read-only debug report (tables, log tails, Tailscale summary, and scan progress via OSC-9 + spinner).
docs: update changelog for codex cli
2026-01-11 01:40:09 +00:00
- CLI Backends: add Codex CLI fallback with resume support (text output) and JSONL parsing for new runs, plus a live CLI resume probe.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: add `openclaw update` (safe-ish git checkout update) + `--update` shorthand. (#673) — thanks @fm1randa.
Move provider to a plugin-architecture (#661) * refactor: introduce provider plugin registry * refactor: move provider CLI to plugins * docs: add provider plugin implementation notes * refactor: shift provider runtime logic into plugins * refactor: add plugin defaults and summaries * docs: update provider plugin notes * feat(commands): add /commands slash list * Auto-reply: tidy help message * Auto-reply: fix status command lint * Tests: align google shared expectations * Auto-reply: tidy help message * Auto-reply: fix status command lint * refactor: move provider routing into plugins * test: align agent routing expectations * docs: update provider plugin notes * refactor: route replies via provider plugins * docs: note route-reply plugin hooks * refactor: extend provider plugin contract * refactor: derive provider status from plugins * refactor: unify gateway provider control * refactor: use plugin metadata in auto-reply * fix: parenthesize cron target selection * refactor: derive gateway methods from plugins * refactor: generalize provider logout * refactor: route provider logout through plugins * refactor: move WhatsApp web login methods into plugin * refactor: generalize provider log prefixes * refactor: centralize default chat provider * refactor: derive provider lists from registry * refactor: move provider reload noops into plugins * refactor: resolve web login provider via alias * refactor: derive CLI provider options from plugins * refactor: derive prompt provider list from plugins * style: apply biome lint fixes * fix: resolve provider routing edge cases * docs: update provider plugin refactor notes * fix(gateway): harden agent provider routing * refactor: move provider routing into plugins * refactor: move provider CLI to plugins * refactor: derive provider lists from registry * fix: restore slash command parsing * refactor: align provider ids for schema * refactor: unify outbound target resolution * fix: keep outbound labels stable * feat: add msteams to cron surfaces * fix: clean up lint build issues * refactor: localize chat provider alias normalization * refactor: drive gateway provider lists from plugins * docs: update provider plugin notes * style: format message-provider * fix: avoid provider registry init cycles * style: sort message-provider imports * fix: relax provider alias map typing * refactor: move provider routing into plugins * refactor: add plugin pairing/config adapters * refactor: route pairing and provider removal via plugins * refactor: align auto-reply provider typing * test: stabilize telegram media mocks * docs: update provider plugin refactor notes * refactor: pluginize outbound targets * refactor: pluginize provider selection * refactor: generalize text chunk limits * docs: update provider plugin notes * refactor: generalize group session/config * fix: normalize provider id for room detection * fix: avoid provider init in system prompt * style: formatting cleanup * refactor: normalize agent delivery targets * test: update outbound delivery labels * chore: fix lint regressions * refactor: extend provider plugin adapters * refactor: move elevated/block streaming defaults to plugins * refactor: defer outbound send deps to plugins * docs: note plugin-driven streaming/elevated defaults * refactor: centralize webchat provider constant * refactor: add provider setup adapters * refactor: delegate provider add config to plugins * docs: document plugin-driven provider add * refactor: add plugin state/binding metadata * refactor: build agent provider status from plugins * docs: note plugin-driven agent bindings * refactor: centralize internal provider constant usage * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize default chat provider * refactor: centralize WhatsApp target normalization * refactor: move provider routing into plugins * refactor: normalize agent delivery targets * chore: fix lint regressions * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * feat: expand provider plugin adapters * refactor: route auto-reply via provider plugins * fix: align WhatsApp target normalization * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize WhatsApp target normalization * feat: add /config chat config updates * docs: add /config get alias * feat(commands): add /commands slash list * refactor: centralize default chat provider * style: apply biome lint fixes * chore: fix lint regressions * fix: clean up whatsapp allowlist typing * style: format config command helpers * refactor: pluginize tool threading context * refactor: normalize session announce targets * docs: note new plugin threading and announce hooks * refactor: pluginize message actions * docs: update provider plugin actions notes * fix: align provider action adapters * refactor: centralize webchat checks * style: format message provider helpers * refactor: move provider onboarding into adapters * docs: note onboarding provider adapters * feat: add msteams onboarding adapter * style: organize onboarding imports * fix: normalize msteams allowFrom types * feat: add plugin text chunk limits * refactor: use plugin chunk limit fallbacks * feat: add provider mention stripping hooks * style: organize provider plugin type imports * refactor: generalize health snapshots * refactor: update macOS health snapshot handling * docs: refresh health snapshot notes * style: format health snapshot updates * refactor: drive security warnings via plugins * docs: note provider security adapter * style: format provider security adapters * refactor: centralize provider account defaults * refactor: type gateway client identity constants * chore: regen gateway protocol swift * fix: degrade health on failed provider probe * refactor: centralize pairing approve hint * docs: add plugin CLI command references * refactor: route auth and tool sends through plugins * docs: expand provider plugin hooks * refactor: document provider docking touchpoints * refactor: normalize internal provider defaults * refactor: streamline outbound delivery wiring * refactor: make provider onboarding plugin-owned * refactor: support provider-owned agent tools * refactor: move telegram draft chunking into telegram module * refactor: infer provider tool sends via extractToolSend * fix: repair plugin onboarding imports * refactor: de-dup outbound target normalization * style: tidy plugin and agent imports * refactor: data-drive provider selection line * fix: satisfy lint after provider plugin rebase * test: deflake gateway-cli coverage * style: format gateway-cli coverage test * refactor(provider-plugins): simplify provider ids * test(pairing-cli): avoid provider-specific ternary * style(macos): swiftformat HealthStore * refactor(sandbox): derive provider tool denylist * fix(sandbox): avoid plugin init in defaults * refactor(provider-plugins): centralize provider aliases * style(test): satisfy biome * refactor(protocol): v3 providers.status maps * refactor(ui): adapt to protocol v3 * refactor(macos): adapt to protocol v3 * test: update providers.status v3 fixtures * refactor(gateway): map provider runtime snapshot * test(gateway): update reload runtime snapshot * refactor(whatsapp): normalize heartbeat provider id * docs(refactor): update provider plugin notes * style: satisfy biome after rebase * fix: describe sandboxed elevated in prompt * feat(gateway): add agent image attachments + live probe * refactor: derive CLI provider options from plugins * fix(gateway): harden agent provider routing * fix(gateway): harden agent provider routing * refactor: align provider ids for schema * fix(protocol): keep agent provider string * fix(gateway): harden agent provider routing * fix(protocol): keep agent provider string * refactor: normalize agent delivery targets * refactor: support provider-owned agent tools * refactor(config): provider-keyed elevated allowFrom * style: satisfy biome * fix(gateway): appease provider narrowing * style: satisfy biome * refactor(reply): move group intro hints into plugin * fix(reply): avoid plugin registry init cycle * refactor(providers): add lightweight provider dock * refactor(gateway): use typed client id in connect * refactor(providers): document docks and avoid init cycles * refactor(providers): make media limit helper generic * fix(providers): break plugin registry import cycles * style: satisfy biome * refactor(status-all): build providers table from plugins * refactor(gateway): delegate web login to provider plugin * refactor(provider): drop web alias * refactor(provider): lazy-load monitors * style: satisfy lint/format * style: format status-all providers table * style: swiftformat gateway discovery model * test: make reload plan plugin-driven * fix: avoid token stringification in status-all * refactor: make provider IDs explicit in status * feat: warn on signal/imessage provider runtime errors * test: cover gateway provider runtime warnings in status * fix: add runtime kind to provider status issues * test: cover health degradation on probe failure * fix: keep routeReply lightweight * style: organize routeReply imports * refactor(web): extract auth-store helpers * refactor(whatsapp): lazy login imports * refactor(outbound): route replies via plugin outbound * docs: update provider plugin notes * style: format provider status issues * fix: make sandbox scope warning wrap-safe * refactor: load outbound adapters from provider plugins * docs: update provider plugin outbound notes * style(macos): fix swiftformat lint * docs: changelog for provider plugins * fix(macos): satisfy swiftformat * fix(macos): open settings via menu action * style: format after rebase * fix(macos): open Settings via menu action --------- Co-authored-by: LK <luke@kyohere.com> Co-authored-by: Luke K (pr-0f3t) <2609441+lc0rp@users.noreply.github.com> Co-authored-by: Xin <xin@imfing.com>
2026-01-11 11:45:25 +00:00
- Gateway: add OpenAI-compatible `/v1/chat/completions` HTTP endpoint (auth, SSE streaming, per-agent routing). (#680).
docs(changelog): consolidate 2026.1.11
2026-01-11 04:17:37 +01:00
### Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- Onboarding/Models: add first-class Z.AI (GLM) auth choice (`zai-api-key`) + `--zai-api-key` flag.
fix: stabilize onboarding auth tests (#703) (thanks @mteam88)
2026-01-11 03:42:27 +01:00
- CLI/Onboarding: add OpenRouter API key auth option in configure/onboard. (#703) — thanks @mteam88.
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- Agents: add human-delay pacing between block replies (modes: off/natural/custom, per-agent configurable). (#446) — thanks @tony-freedomology.
docs(changelog): consolidate 2026.1.11
2026-01-11 04:17:37 +01:00
- Agents/Browser: add `browser.target` (sandbox/host/custom) with sandbox host-control gating via `agents.defaults.sandbox.browser.allowHostControl`, allowlists for custom control URLs/hosts/ports, and expand browser tool docs (remote control, profiles, internals).
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- Onboarding/Models: add catalog-backed default model picker to onboarding + configure. (#611) — thanks @jonasjancarik.
- Agents/OpenCode Zen: update fallback models + defaults, keep legacy alias mappings. (#669) — thanks @magimetal.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: add `openclaw reset` and `openclaw uninstall` flows (interactive + non-interactive) plus docker cleanup smoke test.
Move provider to a plugin-architecture (#661) * refactor: introduce provider plugin registry * refactor: move provider CLI to plugins * docs: add provider plugin implementation notes * refactor: shift provider runtime logic into plugins * refactor: add plugin defaults and summaries * docs: update provider plugin notes * feat(commands): add /commands slash list * Auto-reply: tidy help message * Auto-reply: fix status command lint * Tests: align google shared expectations * Auto-reply: tidy help message * Auto-reply: fix status command lint * refactor: move provider routing into plugins * test: align agent routing expectations * docs: update provider plugin notes * refactor: route replies via provider plugins * docs: note route-reply plugin hooks * refactor: extend provider plugin contract * refactor: derive provider status from plugins * refactor: unify gateway provider control * refactor: use plugin metadata in auto-reply * fix: parenthesize cron target selection * refactor: derive gateway methods from plugins * refactor: generalize provider logout * refactor: route provider logout through plugins * refactor: move WhatsApp web login methods into plugin * refactor: generalize provider log prefixes * refactor: centralize default chat provider * refactor: derive provider lists from registry * refactor: move provider reload noops into plugins * refactor: resolve web login provider via alias * refactor: derive CLI provider options from plugins * refactor: derive prompt provider list from plugins * style: apply biome lint fixes * fix: resolve provider routing edge cases * docs: update provider plugin refactor notes * fix(gateway): harden agent provider routing * refactor: move provider routing into plugins * refactor: move provider CLI to plugins * refactor: derive provider lists from registry * fix: restore slash command parsing * refactor: align provider ids for schema * refactor: unify outbound target resolution * fix: keep outbound labels stable * feat: add msteams to cron surfaces * fix: clean up lint build issues * refactor: localize chat provider alias normalization * refactor: drive gateway provider lists from plugins * docs: update provider plugin notes * style: format message-provider * fix: avoid provider registry init cycles * style: sort message-provider imports * fix: relax provider alias map typing * refactor: move provider routing into plugins * refactor: add plugin pairing/config adapters * refactor: route pairing and provider removal via plugins * refactor: align auto-reply provider typing * test: stabilize telegram media mocks * docs: update provider plugin refactor notes * refactor: pluginize outbound targets * refactor: pluginize provider selection * refactor: generalize text chunk limits * docs: update provider plugin notes * refactor: generalize group session/config * fix: normalize provider id for room detection * fix: avoid provider init in system prompt * style: formatting cleanup * refactor: normalize agent delivery targets * test: update outbound delivery labels * chore: fix lint regressions * refactor: extend provider plugin adapters * refactor: move elevated/block streaming defaults to plugins * refactor: defer outbound send deps to plugins * docs: note plugin-driven streaming/elevated defaults * refactor: centralize webchat provider constant * refactor: add provider setup adapters * refactor: delegate provider add config to plugins * docs: document plugin-driven provider add * refactor: add plugin state/binding metadata * refactor: build agent provider status from plugins * docs: note plugin-driven agent bindings * refactor: centralize internal provider constant usage * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize default chat provider * refactor: centralize WhatsApp target normalization * refactor: move provider routing into plugins * refactor: normalize agent delivery targets * chore: fix lint regressions * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * feat: expand provider plugin adapters * refactor: route auto-reply via provider plugins * fix: align WhatsApp target normalization * fix: normalize WhatsApp targets for groups and E.164 (#631) (thanks @imfing) * refactor: centralize WhatsApp target normalization * feat: add /config chat config updates * docs: add /config get alias * feat(commands): add /commands slash list * refactor: centralize default chat provider * style: apply biome lint fixes * chore: fix lint regressions * fix: clean up whatsapp allowlist typing * style: format config command helpers * refactor: pluginize tool threading context * refactor: normalize session announce targets * docs: note new plugin threading and announce hooks * refactor: pluginize message actions * docs: update provider plugin actions notes * fix: align provider action adapters * refactor: centralize webchat checks * style: format message provider helpers * refactor: move provider onboarding into adapters * docs: note onboarding provider adapters * feat: add msteams onboarding adapter * style: organize onboarding imports * fix: normalize msteams allowFrom types * feat: add plugin text chunk limits * refactor: use plugin chunk limit fallbacks * feat: add provider mention stripping hooks * style: organize provider plugin type imports * refactor: generalize health snapshots * refactor: update macOS health snapshot handling * docs: refresh health snapshot notes * style: format health snapshot updates * refactor: drive security warnings via plugins * docs: note provider security adapter * style: format provider security adapters * refactor: centralize provider account defaults * refactor: type gateway client identity constants * chore: regen gateway protocol swift * fix: degrade health on failed provider probe * refactor: centralize pairing approve hint * docs: add plugin CLI command references * refactor: route auth and tool sends through plugins * docs: expand provider plugin hooks * refactor: document provider docking touchpoints * refactor: normalize internal provider defaults * refactor: streamline outbound delivery wiring * refactor: make provider onboarding plugin-owned * refactor: support provider-owned agent tools * refactor: move telegram draft chunking into telegram module * refactor: infer provider tool sends via extractToolSend * fix: repair plugin onboarding imports * refactor: de-dup outbound target normalization * style: tidy plugin and agent imports * refactor: data-drive provider selection line * fix: satisfy lint after provider plugin rebase * test: deflake gateway-cli coverage * style: format gateway-cli coverage test * refactor(provider-plugins): simplify provider ids * test(pairing-cli): avoid provider-specific ternary * style(macos): swiftformat HealthStore * refactor(sandbox): derive provider tool denylist * fix(sandbox): avoid plugin init in defaults * refactor(provider-plugins): centralize provider aliases * style(test): satisfy biome * refactor(protocol): v3 providers.status maps * refactor(ui): adapt to protocol v3 * refactor(macos): adapt to protocol v3 * test: update providers.status v3 fixtures * refactor(gateway): map provider runtime snapshot * test(gateway): update reload runtime snapshot * refactor(whatsapp): normalize heartbeat provider id * docs(refactor): update provider plugin notes * style: satisfy biome after rebase * fix: describe sandboxed elevated in prompt * feat(gateway): add agent image attachments + live probe * refactor: derive CLI provider options from plugins * fix(gateway): harden agent provider routing * fix(gateway): harden agent provider routing * refactor: align provider ids for schema * fix(protocol): keep agent provider string * fix(gateway): harden agent provider routing * fix(protocol): keep agent provider string * refactor: normalize agent delivery targets * refactor: support provider-owned agent tools * refactor(config): provider-keyed elevated allowFrom * style: satisfy biome * fix(gateway): appease provider narrowing * style: satisfy biome * refactor(reply): move group intro hints into plugin * fix(reply): avoid plugin registry init cycle * refactor(providers): add lightweight provider dock * refactor(gateway): use typed client id in connect * refactor(providers): document docks and avoid init cycles * refactor(providers): make media limit helper generic * fix(providers): break plugin registry import cycles * style: satisfy biome * refactor(status-all): build providers table from plugins * refactor(gateway): delegate web login to provider plugin * refactor(provider): drop web alias * refactor(provider): lazy-load monitors * style: satisfy lint/format * style: format status-all providers table * style: swiftformat gateway discovery model * test: make reload plan plugin-driven * fix: avoid token stringification in status-all * refactor: make provider IDs explicit in status * feat: warn on signal/imessage provider runtime errors * test: cover gateway provider runtime warnings in status * fix: add runtime kind to provider status issues * test: cover health degradation on probe failure * fix: keep routeReply lightweight * style: organize routeReply imports * refactor(web): extract auth-store helpers * refactor(whatsapp): lazy login imports * refactor(outbound): route replies via plugin outbound * docs: update provider plugin notes * style: format provider status issues * fix: make sandbox scope warning wrap-safe * refactor: load outbound adapters from provider plugins * docs: update provider plugin outbound notes * style(macos): fix swiftformat lint * docs: changelog for provider plugins * fix(macos): satisfy swiftformat * fix(macos): open settings via menu action * style: format after rebase * fix(macos): open Settings via menu action --------- Co-authored-by: LK <luke@kyohere.com> Co-authored-by: Luke K (pr-0f3t) <2609441+lc0rp@users.noreply.github.com> Co-authored-by: Xin <xin@imfing.com>
2026-01-11 11:45:25 +00:00
- Providers: move provider wiring to a plugin architecture. (#661).
- Providers: unify group history context wrappers across providers with per-provider/per-account `historyLimit` overrides (fallback to `messages.groupChat.historyLimit`). Set `0` to disable. (#672).
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- Gateway/Heartbeat: optionally deliver heartbeat `Reasoning:` output (`agents.defaults.heartbeat.includeReasoning`). (#690)
- Docker: allow optional home volume + extra bind mounts in `docker-setup.sh`. (#679) — thanks @gabriel-trigo.
docs: update changelog for codex cli
2026-01-11 01:40:09 +00:00
fix(status): improve diagnostics and output
2026-01-11 02:42:14 +01:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: add compaction headroom for memory writes
2026-01-11 10:46:20 +00:00
- Auto-reply: suppress draft/typing streaming for `NO_REPLY` (silent system ops) so it doesnt leak partial output.
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- CLI/Status: expand tables to full terminal width; clarify provider setup vs runtime warnings; richer per-provider detail; token previews in `status` while keeping `status --all` redacted; add troubleshooting link footer; keep log tails pasteable; show gateway auth used when reachable; surface provider runtime errors (Signal/iMessage/Slack); harden `tailscale status --json` parsing; make `status --all` scan progress determinate; and replace the footer with a 3-line “Next steps” recommendation (share/debug/probe).
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI/Gateway: clarify that `openclaw gateway status` reports RPC health (connect + RPC) and shows RPC failures separately from connect failures.
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- CLI/Update: gate progress spinner on stdout TTY and align clean-check step label. (#701) — thanks @bjesuiter.
docs(changelog): consolidate 2026.1.11
2026-01-11 04:17:37 +01:00
- Telegram: add `/whoami` + `/id` commands to reveal sender id for allowlists; allow `@username` and prefixed ids in `allowFrom` prompts (with stability warning).
fix: strip markup heartbeat acks
2026-01-11 23:26:51 +00:00
- Heartbeat: strip markup-wrapped `HEARTBEAT_OK` so acks dont leak to external providers (e.g., Telegram).
docs(changelog): consolidate 2026.1.11
2026-01-11 04:17:37 +01:00
- Control UI: stop auto-writing `telegram.groups["*"]` and warn/confirm before enabling wildcard groups.
- WhatsApp: send ack reactions only for handled messages and ignore legacy `messages.ackReaction` (doctor copies to `whatsapp.ackReaction`). (#629) — thanks @pasogott.
fix: mirror skills for read-only sandbox
2026-01-11 04:24:11 +01:00
- Sandbox/Skills: mirror skills into sandbox workspaces for read-only mounts so SKILL.md stays accessible.
fix(status): improve diagnostics and output
2026-01-11 02:42:14 +01:00
- Terminal/Table: ANSI-safe wrapping to prevent table clipping/color loss; add regression coverage.
fix: harden docker apt install (#697) (thanks @gabriel-trigo)
2026-01-11 03:27:48 +01:00
- Docker: allow optional apt packages during image build and document the build arg. (#697) — thanks @gabriel-trigo.
docs(changelog): consolidate 2026.1.11
2026-01-11 04:17:37 +01:00
- Gateway/Heartbeat: deliver reasoning even when the main heartbeat reply is `HEARTBEAT_OK`. (#694) — thanks @antons.
fix: apply model extra params without overwriting stream (#732) (thanks @peschee)
2026-01-11 23:55:14 +00:00
- Agents/Pi: inject config `temperature`/`maxTokens` into streaming without replacing the session streamFn; cover with live maxTokens probe. (#732) — thanks @peschee.
fix: reset unsigned launchd overrides (#695) (thanks @jeffersonwarrior)
2026-01-11 03:19:24 +01:00
- macOS: clear unsigned launchd overrides on signed restarts and warn via doctor when attach-only/disable markers are set. (#695) — thanks @jeffersonwarrior.
docs: update changelog for codex cli
2026-01-11 01:40:09 +00:00
- Agents: enforce single-writer session locks and drop orphan tool results to prevent tool-call ID failures (MiniMax/Anthropic-compatible APIs).
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Docs: make `openclaw status` the first diagnostic step, clarify `status --deep` behavior, and document `/whoami` + `/id`.
docs: update changelog for codex cli
2026-01-11 01:40:09 +00:00
- Docs/Testing: clarify live tool+image probes and how to list your testable `provider/model` ids.
test(live): harden gateway probes
2026-01-11 04:46:30 +00:00
- Tests/Live: make gateway bash+read probes resilient to provider formatting while still validating real tool calls.
docs: consolidate 2026.1.10 notes
2026-01-11 04:08:33 +01:00
- WhatsApp: detect @lid mentions in groups using authDir reverse mapping + resolve self JID E.164 for mention gating. (#692) — thanks @peschee.
- Gateway/Auth: default to token auth on loopback during onboarding, add doctor token generation flow, and tighten audio transcription config to Whisper-only.
fix: dedupe inbound messages across providers
2026-01-11 00:12:17 +01:00
- Providers: dedupe inbound messages across providers to avoid duplicate LLM runs on redeliveries/reconnects. (#689) — thanks @adam91holt.
fix: cover extra thinking tags (#688) (thanks @theglove44)
2026-01-10 23:23:23 +01:00
- Agents: strip `<thought>`/`<antthinking>` tags from hidden reasoning output and cover tag variants in tests. (#688) — thanks @theglove44.
fix: normalize model picker refs (#683) (thanks @benithors)
2026-01-10 23:39:39 +01:00
- macOS: save model picker selections as normalized provider/model IDs and keep manual entries aligned. (#683) — thanks @benithors.
docs: add changelog entry for usage limit failover (#687) (thanks @evalexpr)
2026-01-10 23:12:27 +01:00
- Agents: recognize "usage limit" errors as rate limits for failover. (#687) — thanks @evalexpr.
fix: polish restart feedback + stabilize tests (#685) (thanks @carlulsoe)
2026-01-10 22:52:09 +01:00
- CLI: avoid success message when daemon restart is skipped. (#685) — thanks @carlulsoe.
chore: update changelog for command gating
2026-01-11 00:42:04 +01:00
- Commands: disable `/config` + `/debug` by default; gate via `commands.config`/`commands.debug` and hide from native registration/help output.
fix: clarify sub-agent sandbox limits
2026-01-11 05:04:14 +01:00
- Agents/System: clarify that sub-agents remain sandboxed and cannot use elevated host access.
Gateway: disable OpenAI HTTP chat completions by default (#686) * feat(gateway): disable OpenAI chat completions HTTP by default * test(gateway): deflake mock OpenAI tool-calling * docs(changelog): note OpenAI HTTP endpoint default-off
2026-01-10 21:55:54 +00:00
- Gateway: disable the OpenAI-compatible `/v1/chat/completions` endpoint by default; enable via `gateway.http.endpoints.chatCompletions.enabled=true`.
fix: harden mac bridge disconnect handling (#676) (thanks @ngutman)
2026-01-10 22:25:05 +01:00
- macOS: stabilize bridge tunnels, guard invoke senders on disconnect, and drain stdout/stderr to avoid deadlocks. (#676) — thanks @ngutman.
fix: describe sandboxed elevated in prompt
2026-01-10 21:37:04 +01:00
- Agents/System: clarify sandboxed runtime in system prompt and surface elevated availability when sandboxed.
fix(auto-reply): RawBody commands + locked session updates (#643)
2026-01-10 17:32:19 +01:00
- Auto-reply: prefer `RawBody` for command/directive parsing (WhatsApp + Discord) and prevent fallback runs from clobbering concurrent session updates. (#643) — thanks @mcinteerj.
fix(whatsapp): preserve group message IDs and normalize reaction participants
2026-01-10 18:06:53 +13:00
- WhatsApp: fix group reactions by preserving message IDs and sender JIDs in history; normalize participant phone numbers to JIDs in outbound reactions. (#640) — thanks @mcinteerj.
fix: add whatsapp sender ids to group context
2026-01-10 21:08:49 +01:00
- WhatsApp: expose group participant IDs to the model so reactions can target the right sender.
fix: cron wakeMode now waits for heartbeat (#666) (thanks @roshanasingh4)
2026-01-10 18:05:23 +01:00
- Cron: `wakeMode: "now"` waits for heartbeat completion (and retries when the main lane is busy). (#666) — thanks @roshanasingh4.
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
- Agents/OpenAI: fix Responses tool-only → follow-up turn handling (avoid standalone `reasoning` items that trigger 400 “required following item”) and replay reasoning items in Responses/Codex Responses history for tool-call-only turns.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Sandbox: add `openclaw sandbox explain` (effective policy inspector + fix-it keys); improve “sandbox jail” tool-policy/elevated errors with actionable config key paths; link to docs.
docs: add changelog for gmail tailscale fix
2026-01-10 18:52:17 +01:00
- Hooks/Gmail: keep Tailscale serve path at `/` while preserving the public path. (#668) — thanks @antons.
feat(hooks): allow gmail tailscale target URLs
2026-01-10 19:19:30 +01:00
- Hooks/Gmail: allow Tailscale target URLs to preserve internal serve paths.
fix: harden cli credential sync
2026-01-10 16:37:49 +01:00
- Auth: update Claude Code keychain credentials in-place during refresh sync; share JSON file helpers; add CLI fallback coverage.
fix: throttle cli credential sync
2026-01-10 17:44:03 +01:00
- Auth: throttle external CLI credential syncs (Claude/Codex), reduce Keychain reads, and skip sync when cached credentials are still fresh.
fix: stabilize telegram media tests (#664) (thanks @azade-c)
2026-01-10 18:06:05 +01:00
- CLI: respect `CLAWDBOT_STATE_DIR` for node pairing + voice wake settings storage. (#664) — thanks @azade-c.
docs(changelog): move 2026.1.10 fixes
2026-01-10 04:19:43 +00:00
- Onboarding/Gateway: persist non-interactive gateway token auth in config; add WS wizard + gateway tool-calling regression coverage.
fix: make chat.send non-blocking
2026-01-10 17:02:20 +01:00
- Gateway/Control UI: make `chat.send` non-blocking, wire Stop to `chat.abort`, and treat `/stop` as an out-of-band abort. (#653)
fix(gateway): harden chat abort semantics
2026-01-10 17:23:16 +01:00
- Gateway/Control UI: allow `chat.abort` without `runId` (abort active runs), suppress post-abort chat streaming, and prune stuck chat runs. (#653)
fix: sniff chat attachment mime (#670) (thanks @cristip73)
2026-01-10 20:06:33 +01:00
- Gateway/Control UI: sniff image attachments for chat.send, drop non-images, and log mismatches. (#670) — thanks @cristip73.
fix: harden restart-mac signing (#580) (thanks @jeffersonwarrior)
2026-01-10 23:48:33 +01:00
- macOS: force `restart-mac.sh --sign` to require identities and keep bundled Node signed for relay verification. (#580) — thanks @jeffersonwarrior.
feat(gateway): add agent image attachments + live probe
2026-01-10 20:34:34 +00:00
- Gateway/Agent: accept image attachments on `agent` (multimodal message) and add live gateway image probe (`CLAWDBOT_LIVE_GATEWAY_IMAGE_PROBE=1`).
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: `openclaw sessions` now includes `elev:*` + `usage:*` flags in the table output.
fix(pairing): accept positional provider args
2026-01-10 16:36:43 +01:00
- CLI/Pairing: accept positional provider for `pairing list|approve` (npm-run compatible); update docs/bot hints.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Branding: normalize legacy casing/branding to “OpenClaw” (CLI, status, docs).
docs(changelog): note native /model fix
2026-01-10 16:52:14 +01:00
- Auto-reply: fix native `/model` not updating the actual chat session (Telegram/Slack/Discord). (#646)
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Doctor: offer to run `openclaw update` first on git installs (keeps doctor output aligned with latest).
- Doctor: avoid false legacy workspace warning when install dir is `~/openclaw`. (#660)
fix: reasoning iMessage sessions + final reply (#655) (thanks @antons)
2026-01-10 15:31:57 +01:00
- iMessage: fix reasoning persistence across DMs; avoid partial/duplicate replies when reasoning is enabled. (#655) — thanks @antons.
fix: minimax apiKey optional for providers (#656) (thanks @mneves75)
2026-01-10 15:08:12 +01:00
- Models/Auth: allow MiniMax API configs without `models.providers.minimax.apiKey` (auth profiles / `MINIMAX_API_KEY`). (#656) — thanks @mneves75.
fix: dedupe message tool replies (#659) (thanks @mickahouan)
2026-01-10 15:28:13 +01:00
- Agents: avoid duplicate replies when the message tool sends. (#659) — thanks @mickahouan.
fix: harden cloud code assist tool schema sanitizing (#665) (thanks @sebslight)
2026-01-10 18:03:43 +01:00
- Agents: harden Cloud Code Assist tool ID sanitization (toolUse/toolCall/toolResult) and scrub extra JSON Schema constraints. (#665) — thanks @sebslight.
test(live): harden gateway probes
2026-01-11 04:46:30 +00:00
- Agents: sanitize tool results + Cloud Code Assist tool IDs at context-build time (prevents mid-run strict-provider request rejects).
fix: log workspace tool path resolution (#642) (thanks @mukhtharcm)
2026-01-10 17:09:56 +01:00
- Agents/Tools: resolve workspace-relative Read/Write/Edit paths; align bash default cwd. (#642) — thanks @mukhtharcm.
fix: telegram draft chunking defaults (#667) (thanks @rubyrunsstuff)
2026-01-10 18:30:06 +01:00
- Discord: include forwarded message snapshots in agent session context. (#667) — thanks @rubyrunsstuff.
- Telegram: add `telegram.draftChunk` to tune draft streaming chunking for `streamMode: "block"`. (#667) — thanks @rubyrunsstuff.
test: add workspace path regressions
2026-01-10 17:26:29 +01:00
- Tests/Agents: add regression coverage for workspace tool path resolution and bash cwd defaults.
docs: update changelog (#662)
2026-01-10 16:04:08 +00:00
- iOS/Android: enable stricter concurrency/lint checks; fix Swift 6 strict concurrency issues + Android lint errors (ExifInterface, obsolete SDK check). (#662) — thanks @KristijanJovanovski.
chore: note codex keychain fallback
2026-01-11 23:39:55 +00:00
- Auth: read Codex CLI keychain tokens on macOS before falling back to `~/.codex/auth.json`, preventing stale refresh tokens from breaking gateway live tests.
docs(changelog): soften exec allowlist scope note
2026-02-15 00:03:03 +01:00
- Security/Exec approvals: reject shell command substitution (`$()` and backticks) inside double quotes to prevent exec allowlist bypass when exec allowlist mode is explicitly enabled (the default configuration does not use this mode). Thanks @simecek.
docs: update changelog
2026-01-10 16:23:25 +00:00
- iOS/macOS: share `AsyncTimeout`, require explicit `bridgeStableID` on connect, and harden tool display defaults (avoids missing-resource label fallbacks).
fix: serialize telegram media-group processing
2026-01-10 18:05:33 +01:00
- Telegram: serialize media-group processing to avoid missed albums under load.
fix: signal handle dataMessage.reaction safely (#637) (thanks @neist)
2026-01-10 19:13:23 +01:00
- Signal: handle `dataMessage.reaction` events (signal-cli SSE) to avoid broken attachment errors. (#637) — thanks @neist.
fix: update showcase changelog (#650) (thanks @henrino3)
2026-01-10 16:16:48 +01:00
- Docs: showcase entries for ParentPay, R2 Upload, iOS TestFlight, and Oura Health. (#650) — thanks @henrino3.
fix(agents): harden tool transcript repair
2026-01-10 21:45:10 +00:00
- Agents: repair session transcripts by dropping duplicate tool results across the whole history (unblocks Anthropic-compatible APIs after retries).
- Tests/Live: reset the gateway session between model runs to avoid cross-provider transcript incompatibilities (notably OpenAI Responses reasoning replay rules).
chore(release): consolidate into 2026.1.10
2026-01-11 04:41:38 +01:00
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
## 2026.1.9
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Microsoft Teams provider: polling, attachments, outbound CLI send, per-channel policy.
- Models/Auth expansion: OpenCode Zen + MiniMax API onboarding; token auth profiles + auth order; OAuth health in doctor/status.
- CLI/Gateway UX: message subcommands, gateway discover/status/SSH, /config + /debug, sandbox CLI.
- Provider reliability sweep: WhatsApp contact cards/targets, Telegram audio-as-voice + streaming, Signal reactions, Slack threading, Discord stability.
- Auto-reply + status: block-streaming controls, reasoning handling, usage/cost reporting.
- Control UI/TUI: queued messages, session links, reasoning view, mobile polish, logs UX.
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- CLI: `openclaw message` now subcommands (`message send|poll|...`) and requires `--provider` unless only one provider configured.
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Commands/Tools: `/restart` and gateway restart tool disabled by default; enable with `commands.restart=true`.
### New Features and Changes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Models/Auth: OpenCode Zen onboarding (#623) — thanks @magimetal; MiniMax Anthropic-compatible API + hosted onboarding (#590, #495) — thanks @mneves75, @tobiasbischoff.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Models/Auth: setup-token + token auth profiles; `openclaw models auth order {get,set,clear}`; per-agent auth candidates in `/model status`; OAuth expiry checks in doctor/status.
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Agent/System: claude-cli runner; `session_status` tool (and sandbox allow); adaptive context pruning default; system prompt messaging guidance + no auto self-update; eligible skills list injection; sub-agent context trimmed.
- Commands: `/commands` list; `/models` alias; `/usage` alias; `/debug` runtime overrides + effective config view; `/config` chat updates + `/config get`; `config --section`.
- CLI/Gateway: unified message tool + message subcommands; gateway discover (local + wide-area DNS-SD) with JSON/timeout; gateway status human-readable + JSON + SSH loopback; wide-area records include gatewayPort/sshPort/cliPath + tailnet DNS fallback.
- CLI UX: logs output modes (pretty/plain/JSONL) + colorized health/daemon output; global `--no-color`; lobster palette in onboarding/config.
- Dev ergonomics: gateway `--dev/--reset` + dev profile auto-config; C-3PO dev templates; dev gateway/TUI helper scripts.
- Sandbox/Workspace: sandbox list/recreate commands; sync skills into sandbox workspace; sandbox browser auto-start.
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Config/Onboarding: inline env vars; OpenAI API key flow to shared `~/.openclaw/.env`; Opus 4.5 default prompt for Anthropic auth; QuickStart auto-install gateway (Node-only) + provider picker tweaks + skip-systemd flags; TUI bootstrap prompt (`tui --message`); remove Bun runtime choice.
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Providers: Microsoft Teams provider (polling, attachments, outbound sends, requireMention, config reload/DM policy). (#404) — thanks @onutc
- Providers: WhatsApp broadcast groups for multi-agent replies (#547) — thanks @pasogott; inbound media size cap configurable (#505) — thanks @koala73; identity-based message prefixes (#578) — thanks @p6l-richard.
- Providers: Telegram inline keyboard buttons + callback payload routing (#491) — thanks @azade-c; cron topic delivery targets (#474/#478) — thanks @mitschabaude-bot, @nachoiacovino; `[[audio_as_voice]]` tag support (#490) — thanks @jarvis-medmatic.
- Providers: Signal reactions + notifications with allowlist support.
- Status/Usage: /status cost reporting + `/cost` lines; auth profile snippet; provider usage windows.
- Control UI: mobile responsiveness (#558) — thanks @carlulsoe; queued messages + Enter-to-send (#527) — thanks @YuriNachos; session links (#471) — thanks @HazAT; reasoning view; skill install feedback (#445) — thanks @pkrmf; chat layout refresh (#475) — thanks @rahthakor; docs link + new session button; drop explicit `ui:install`.
- TUI: agent picker + agents list RPC; improved status line.
- Doctor/Daemon: audit/repair flows, permissions checks, supervisor config audits; provider status probes + warnings for Discord intents and Telegram privacy; last activity timestamps; gateway restart guidance.
- Docs: Hetzner Docker VPS guide + cross-links (#556/#592) — thanks @Iamadig; Ansible guide (#545) — thanks @pasogott; provider troubleshooting index; hook parameter expansion (#532) — thanks @mcinteerj; model allowlist notes; OAuth deep dive; showcase refresh.
- Apps/Branding: refreshed iOS/Android/macOS icons (#521) — thanks @fishfisher.
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix(release): include msteams in npm pack
2026-01-10 04:30:56 +01:00
- Packaging: include MS Teams send module in npm tarball.
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Sandbox/Browser: auto-start CDP endpoint; proxy CDP out of container for attachOnly; relax Bun fetch typing; align sandbox list output with config images.
- Agents/Runtime: gate heartbeat prompt to default sessions; /stop aborts between tool calls; require explicit system-event session keys; guard small context windows; fix model fallback stringification; sessions_spawn inherits provider; failover on billing/credits; respect auth cooldown ordering; restore Anthropic OAuth tool dispatch + tool-name bypass; avoid OpenAI invalid reasoning replay; harden Gmail hook model defaults.
- Agent history/schema: strip/skip empty assistant/error blocks to prevent session corruption/Claude 400s; scrub unsupported JSON Schema keywords + sanitize tool call IDs for Cloud Code Assist; simplify Gemini-compatible tool/session schemas; require raw for config.apply.
- Auto-reply/Streaming: default audioAsVoice false; preserve audio_as_voice propagation + buffer audio blocks + guard voice notes; block reply ordering (timeout) + forced-block fence-safe; avoid chunk splits inside parentheses + fence-close breaks + invalid UTF-16 truncation; preserve inline directive spacing + allow whitespace in reply tags; filter NO_REPLY prefixes + normalize routed replies; suppress <think> leakage with separate Reasoning; block streaming defaults (off by default, minChars/idle tuning) + coalesced blocks; dedupe followup queue; restore explicit responsePrefix default.
- Status/Commands: provider prefix in /status model display; usage filtering + provider mapping; auth label + usage snapshots (claude-cli fallback + optional claude.ai); show Verbose/Elevated only when enabled; compact usage/cost line + restore emoji-rich status; /status in directive-only + multi-directive handling; mention-bypass elevated handling; surface provider usage errors; wire /usage to /status; restore hidden gateway-daemon alias; fallback /model list when catalog unavailable.
- WhatsApp: vCard/contact cards (prefer FN, include numbers, show all contacts, keep summary counts, better empty summaries); preserve group JIDs + normalize targets; resolve @lid mappings/JIDs (Baileys/auth-dir) + inbound mapping; route queued replies to sender; improve web listener errors + remove provider name from errors; record outbound activity account id; fix web media fetch errors; broadcast group history consistency.
- Telegram: keep streamMode draft-only; long-poll conflict retries + update dedupe; grammY fetch mismatch fixes + restrict native fetch to Bun; suppress getUpdates stack traces; include user id in pairing; audio_as_voice handling fixes.
- Discord/Slack: thread context helpers + forum thread starters; avoid category parent overrides; gateway reconnect logs + HELLO timeout + stop provider after reconnect exhaustion; DM recipient parsing for numeric IDs; remove incorrect limited warning; reply threading + mrkdwn edge cases; remove ack reactions after reply; gateway debug event visibility.
- Signal: reaction handling safety; own-reaction matching (uuid+phone); UUID-only senders accepted; ignore reaction-only messages.
- MS Teams: download image attachments reliably; fix top-level replies; stop on shutdown + honor chunk limits; normalize poll providers/deps; pairing label fixes.
- iMessage: isolate group-ish threads by chat_id.
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:19:58 +00:00
- Gateway/Daemon/Doctor: atomic config writes; repair gateway service entrypoint + install switches; non-interactive legacy migrations; systemd unit alignment + KillMode=process; node bridge keepalive/pings; Launch at Login persistence; bundle MoltbotKit resources + Swift 6.2 compat dylib; relay version check + remove smoke test; regen Swift GatewayModels + keep agent provider string; cron jobId alias + channel alias migration + main session key normalization; heartbeat Telegram accountId resolution; avoid WhatsApp fallback for internal runs; gateway listener error wording; serveBaseUrl param; honor gateway --dev; fix wide-area discovery updates; align agents.defaults schema; provider account metadata in daemon status; refresh Carbon patch for gateway fixes; restore doctor prompter initialValue handling.
docs: rewrite changelog for 2026.1.9
2026-01-10 04:17:27 +01:00
- Control UI/TUI: persist per-session verbose off + hide tool cards; logs tab opens at bottom; relative asset paths + landing cleanup; session labels lookup/persistence; stop pinning main session in recents; start logs at bottom; TUI status bar refresh + timeout handling + hide reasoning label when off.
- Onboarding/Configure: QuickStart single-select provider picker; avoid Codex CLI false-expiry warnings; clarify WhatsApp owner prompt; fix Minimax hosted onboarding (agents.defaults + msteams heartbeat target); remove configure Control UI prompt; honor gateway --dev flag.
docs: finalize 2026.1.9 changelog top
2026-01-10 04:24:52 +01:00
### Maintenance
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
- Dependencies: bump pi-\* stack to 0.42.2.
docs: finalize 2026.1.9 changelog top
2026-01-10 04:24:52 +01:00
- Dependencies: Pi 0.40.0 bump (#543) — thanks @mcinteerj.
- Build: Docker build cache layer (#605) — thanks @zknicker.
chore: standardize Claude Code CLI naming (#915) Follow-up to #915.
2026-01-14 20:06:32 +00:00
- Auth: enable OAuth token refresh for Claude Code CLI credentials (`anthropic:claude-cli`) with bidirectional sync back to Claude Code storage (file on Linux/Windows, Keychain on macOS). This allows long-running agents to operate autonomously without manual re-authentication (#654 — thanks @radek-paclt).
docs: consolidate 2026.1.8 changelog
2026-01-08 09:11:28 +01:00
## 2026.1.8
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: consolidate 2026.1.8 changelog
2026-01-08 09:11:28 +01:00
- Security: DMs locked down by default across providers; pairing-first + allowlist guidance.
- Sandbox: per-agent scope defaults + workspace access controls; tool/session isolation tuned.
- Agent loop: compaction, pruning, streaming, and error handling hardened.
- Providers: Telegram/WhatsApp/Discord/Slack reliability, threading, reactions, media, and retries improved.
- Control UI: logs tab, streaming stability, focus mode, and large-output rendering fixes.
- CLI/Gateway/Doctor: daemon/logs/status, auth migration, and diagnostics significantly expanded.
feat: standardize timestamps to UTC
2026-01-05 23:02:13 +00:00
### Breaking
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix(security): lock down inbound DMs by default
2026-01-06 17:51:38 +01:00
- **SECURITY (update ASAP):** inbound DMs are now **locked down by default** on Telegram/WhatsApp/Signal/iMessage/Discord/Slack.
- Previously, if you didnt configure an allowlist, your bot could be **open to anyone** (especially discoverable Telegram bots).
- New default: DM pairing (`dmPolicy="pairing"` / `discord.dm.policy="pairing"` / `slack.dm.policy="pairing"`).
- To keep old “open to everyone” behavior: set `dmPolicy="open"` and include `"*"` in the relevant `allowFrom` (Discord/Slack: `discord.dm.allowFrom` / `slack.dm.allowFrom`).
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- Approve requests via `openclaw pairing list <provider>` + `openclaw pairing approve <provider> <code>`.
fix: normalize routed replies
2026-01-09 13:47:03 +01:00
- Sandbox: default `agent.sandbox.scope` to `"agent"` (one container/workspace per agent). Use `"session"` for per-session isolation; `"shared"` disables cross-session isolation.
- Timestamps in agent envelopes are now UTC (compact `YYYY-MM-DDTHH:mmZ`); removed `messages.timestampPrefix`. Add `agent.userTimezone` to tell the model the users local time (system prompt only).
feat!: redesign model config + auth profiles
2026-01-06 00:56:29 +00:00
- Model config schema changes (auth profiles + model lists); doctor auto-migrates and the gateway rewrites legacy configs on startup.
feat: gate slash commands and add compact
2026-01-06 02:06:06 +01:00
- Commands: gate all slash commands to authorized senders; add `/compact` to manually compact session context.
docs: add bun install support
2026-01-06 03:30:33 +01:00
- Groups: `whatsapp.groups`, `telegram.groups`, and `imessage.groups` now act as allowlists when set. Add `"*"` to keep allow-all behavior.
refactor: drop autoReply, add topic requireMention Co-authored-by: kitze <kristijan.mkd@gmail.com>
2026-01-07 11:59:48 +01:00
- Auto-reply: removed `autoReply` from Discord/Slack/Telegram channel configs; use `requireMention` instead (Telegram topics now support `requireMention` overrides).
feat(cli): move provider login/logout
2026-01-08 07:40:08 +01:00
- CLI: remove `update`, `gateway-daemon`, `gateway {install|uninstall|start|stop|restart|daemon status|wake|send|agent}`, and `telegram` commands; move `login/logout` to `providers login/logout` (top-level aliases hidden); use `daemon` for service control, `send`/`agent`/`wake` for RPC, and `nodes canvas` for canvas ops.
feat: standardize timestamps to UTC
2026-01-05 23:02:13 +00:00
fix: resolve npx gateway daemon install
2026-01-05 02:48:25 +01:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: consolidate 2026.1.8 changelog
2026-01-08 09:11:28 +01:00
- **CLI/Gateway/Doctor:** daemon runtime selection + improved logs/status/health/errors; auth/password handling for local CLI; richer close/timeout details; auto-migrate legacy config/sessions/state; integrity checks + repair prompts; `--yes`/`--non-interactive`; `--deep` gateway scans; better restart/service hints.
- **Agent loop + compaction:** compaction/pruning tuning, overflow handling, safer bootstrap context, and per-provider threading/confirmations; opt-in tool-result pruning + compact tracking.
- **Sandbox + tools:** per-agent sandbox overrides, workspaceAccess controls, session tool visibility, tool policy overrides, process isolation, and tool schema/timeout/reaction unification.
- **Providers (Telegram/WhatsApp/Discord/Slack/Signal/iMessage):** retry/backoff, threading, reactions, media groups/attachments, mention gating, typing behavior, and error/log stability; long polling + forum topic isolation for Telegram.
refactor: rename to openclaw
2026-01-30 03:15:10 +01:00
- **Gateway/CLI UX:** `openclaw logs`, cron list colors/aliases, docs search, agents list/add/delete flows, status usage snapshots, runtime/auth source display, and `/status`/commands auth unification.
docs: consolidate 2026.1.8 changelog
2026-01-08 09:11:28 +01:00
- **Control UI/Web:** logs tab, focus mode polish, config form resilience, streaming stability, tool output caps, windowed chat history, and reconnect/password URL auth.
- **macOS/Android/TUI/Build:** macOS gateway races, QR bundling, JSON5 config safety, Voice Wake hardening; Android EXIF rotation + APK naming/versioning; TUI key handling; tooling/bundling fixes.
- **Packaging/compat:** npm dist folder coverage, Node 25 qrcode-terminal import fixes, Bun/Playwright/WebSocket patches, and Docker Bun install.
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- **Docs:** new FAQ/ClawHub/config examples/showcase entries and clarified auth, sandbox, and systemd docs.
chore: update deps
2026-01-05 05:27:58 +01:00
### Maintenance
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
docs: consolidate 2026.1.8 changelog
2026-01-08 09:11:28 +01:00
- Skills additions (Himalaya email, CodexBar, 1Password).
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
- Dependency refreshes (pi-\* stack, Slack SDK, discord-api-types, file-type, zod, Biome, Vite).
fix: include sessions in npm pack and update qrcode import
2026-01-05 03:28:25 +01:00
docs: consolidate 2026.1.5 changelog
2026-01-05 02:39:42 +01:00
## 2026.1.5
feat: add image model config + tool
2026-01-04 19:35:00 +01:00
### Highlights
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix: normalize routed replies
2026-01-09 13:47:03 +01:00
- Models: add image-specific model config (`agent.imageModel` + fallbacks) and scan support.
feat: add image model config + tool
2026-01-04 19:35:00 +01:00
- Agent tools: new `image` tool routed to the image model (when configured).
feat: opt-in login shell env fallback
2026-01-05 00:59:25 +01:00
- Config: default model shorthands (`opus`, `sonnet`, `gpt`, `gpt-mini`, `gemini`, `gemini-flash`).
feat(config): add default model shorthands
2026-01-05 01:02:30 +01:00
- Docs: document built-in model shorthands + precedence (user config wins).
docs: add bun install support
2026-01-06 03:30:33 +01:00
- Bun: optional local install/build workflow without maintaining a Bun lockfile (see `docs/bun.md`).
feat: add image model config + tool
2026-01-04 19:35:00 +01:00
docs: add changelog entry for cron tool fix
2026-01-04 16:16:20 +00:00
### Fixes
chore: Run `pnpm format:fix`.
2026-01-31 21:13:13 +09:00
fix(ui): render markdown in tool result cards
2026-01-05 01:22:19 +01:00
- Control UI: render Markdown in tool result cards.
fix(ui): avoid overlapping guild action buttons
2026-01-05 01:21:33 +01:00
- Control UI: prevent overlapping action buttons in Discord guild rules on narrow layouts.
docs(changelog): add android notification tap fix
2026-01-04 17:02:46 +00:00
- Android: tapping the foreground service notification brings the app to the front. (#179) — thanks @Syhids
fix: use id for cron tool params
2026-01-05 02:15:11 +01:00
- Cron tool uses `id` for update/remove/run/runs (aligns with gateway params). (#180) — thanks @adamgall
fix: make control ui chat scroll page
2026-01-05 00:15:13 +00:00
- Control UI: chat view uses page scroll with sticky header/sidebar and fixed composer (no inner scroll frame).
test: cover macos location permission status
2026-01-04 18:46:57 +01:00
- macOS: treat location permission as always-only to avoid iOS-only enums. (#165) — thanks @Nachx639
fix(mac): add Sendable conformance to generated Swift protocol structs (#195) * fix(mac): add Sendable conformance to generated Swift protocol structs * fix(mac): make generated protocol types Sendable * chore(mac): drop redundant Sendable extensions * docs(changelog): thank @andranik-sahakyan for Sendable fix * chore(swiftformat): exclude generated protocol models --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-04 14:39:21 -08:00
- macOS: make generated gateway protocol models `Sendable` for Swift 6 strict concurrency. (#195) — thanks @andranik-sahakyan
fix: prefer tailnet IP for local gateway calls
2026-01-05 02:19:26 +01:00
- macOS: bundle QR code renderer modules so DMG gateway boot doesn't crash on missing qrcode-terminal vendor files.
fix: preserve JSON5 config parsing
2026-01-05 04:58:37 +00:00
- macOS: parse JSON5 config safely to avoid wiping user settings when comments are present.
fix(whatsapp): suppress typing during heartbeats - Prevent typing indicator during heartbeat runs - Add regression tests Co-authored-by: Jake <mcinteerj@gmail.com>
2026-01-05 12:03:36 +13:00
- WhatsApp: suppress typing indicator during heartbeat background tasks. (#190) — thanks @mcinteerj
docs: add changelog entry for WhatsApp offline read receipts
2026-01-05 01:33:19 +01:00
- WhatsApp: mark offline history sync messages as read without auto-reply. (#193) — thanks @mcinteerj
fix(discord): avoid duplicate block replies
2026-01-05 00:46:46 +01:00
- Discord: avoid duplicate replies when a provider emits late streaming `text_end` events (OpenAI/GPT).
fix: prefer tailnet IP for local gateway calls
2026-01-05 02:19:26 +01:00
- CLI: use tailnet IP for local gateway calls when bind is tailnet/auto (fixes #176).
chore: update openclaw naming
2026-01-30 21:01:02 +01:00
- Env: load global `$OPENCLAW_STATE_DIR/.env` (`~/.openclaw/.env`) as a fallback after CWD `.env`.
feat: opt-in login shell env fallback
2026-01-05 00:59:25 +01:00
- Env: optional login-shell env fallback (opt-in; imports expected keys without overriding existing env).
fix: OpenAI tool schema compatibility
2026-01-05 00:15:42 +01:00
- Agent tools: OpenAI-compatible tool JSON Schemas (fix `browser`, normalize union schemas).
build(control-ui): prefer bun for UI build
2026-01-06 09:08:25 +01:00
- Onboarding: when running from source, auto-build missing Control UI assets (`bun run ui:build`).
fix: route system events per session
2026-01-04 22:11:04 +01:00
- Discord/Slack: route reaction + system notifications to the correct session (no main-session bleed).
fix: normalize routed replies
2026-01-09 13:47:03 +01:00
- Agent tools: honor `agent.tools` allow/deny policy even when sandbox is off.
docs(changelog): note OpenAI duplicate reply fix
2026-01-05 00:39:34 +01:00
- Discord: avoid duplicate replies when OpenAI emits repeated `message_end` events.
fix: unify control command handling
2026-01-05 01:31:36 +01:00
- Commands: unify /status (inline) and command auth across providers; group bypass for authorized control commands; remove Discord /clawd slash handler.
chore: oxfmt
2026-02-02 23:10:41 -08:00
- CLI: run `openclaw agent` via the Gateway by default; use `--local` to force embedded mode.
Reference in New Issue Copy Permalink