openclaw

Author	SHA1	Message	Date
Altay	6859619e98	test(agents): add provider-backed failover regressions (#36735 ) * test(agents): add provider-backed failover fixtures * test(agents): cover more provider error docs * test(agents): tighten provider doc fixtures	2026-03-06 00:42:59 +03:00
Rodrigo Uroz	036c329716	Compaction/Safeguard: add summary quality audit retries (#25556 ) Merged via squash. Prepared head SHA: be473efd1635616ebbae6e649d542ed50b4a827f Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-05 13:39:25 -08:00
jiangnan	029c473727	fix(failover): narrow service-unavailable to require overload indicator (#32828 ) (#36646 ) Merged via squash. Prepared head SHA: 46fb4306127972d7635f371fd9029fbb9baff236 Co-authored-by: jnMetaCode <12096460+jnMetaCode@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf	2026-03-06 00:01:57 +03:00
Altay	f014e255df	refactor(agents): share failover HTTP status classification (#36615 ) * fix(agents): classify transient failover statuses consistently * fix(agents): preserve legacy failover status mapping	2026-03-05 23:50:36 +03:00
不做了睡大觉	8ac7ce73b3	fix: avoid false global rate-limit classification from generic cooldown text (#32972 ) Merged via squash. Prepared head SHA: 813c16f5afce415da130a917d9ce9f968912b477 Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf	2026-03-05 22:58:21 +03:00
Sid	591264ef52	fix(agents): set preserveSignatures to isAnthropic in resolveTranscriptPolicy (#32813 ) Merged via squash. Prepared head SHA: f522d21ca59a42abac554435a0aa646f6a34698d Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-05 11:55:06 -08:00
Sid	6c0376145f	fix(agents): skip compaction API call when session has no real messages (#36451 ) Merged via squash. Prepared head SHA: 52dd6317895c7bd10855d2bd7dbbfc2f5279b68e Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-05 11:40:25 -08:00
Kai	60a6d11116	fix(embedded): classify model_context_window_exceeded as context overflow, trigger compaction (#35934 ) Merged via squash. Prepared head SHA: 20fa77289c80b2807a6779a3df70440242bc18ca Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-05 11:30:24 -08:00
Josh Avant	72cf9253fc	Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094 )	2026-03-05 12:53:56 -06:00
maweibin	09c68f8f0e	add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131 ) (#35177 ) Merged via squash. Prepared head SHA: d9a2869ad69db9449336a2e2846bd9de0e647ac6 Co-authored-by: maweibin <18023423+maweibin@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-05 13:06:59 -05:00
Vincent Koc	4dc0c66399	fix(subagents): strip leaked [[reply_to]] tags from completion announces (#34503 ) * fix(subagents): strip reply tags from completion delivery text * test(subagents): cover reply-tag stripping in cron completion sends * changelog: note iMessage reply-tag stripping in completion announces * Update CHANGELOG.md * Apply suggestion from @greptile-apps[bot] Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>	2026-03-05 07:50:55 -05:00
Sid	463fd4735e	fix(agents): guard context pruning against malformed thinking blocks (#35146 ) Merged via squash. Prepared head SHA: a196a565b1b8e806ffbf85172bcf1128796b45a2 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd	2026-03-05 05:52:24 +00:00
Sid	d9b69a6145	fix(agents): guard promoteThinkingTagsToBlocks against malformed content entries (#35143 ) Merged via squash. Prepared head SHA: 3971122f5fd27c66c8c9c5ce783f00e113b1f47b Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd	2026-03-05 05:37:33 +00:00
Sid	ce0c13191f	fix(agents): decode HTML entities in xAI/Grok tool call arguments (#35276 ) Merged via squash. Prepared head SHA: c4445d2938898ded9c046614f9315dbda65ec573 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd	2026-03-05 05:32:39 +00:00
Sid	987e473364	fix(agents): detect Venice provider proxying xAI/Grok models for schema cleaning (#35355 ) Merged via squash. Prepared head SHA: 8bfdec257bb6a6025cb69a0a213a433da32b15db Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd	2026-03-05 05:29:25 +00:00
Sid	8b8167d547	fix(agents): bypass pendingDescendantRuns guard for cron announce delivery (#35185 ) * fix(agents): bypass pendingDescendantRuns guard for cron announce delivery Standalone cron job completions were blocked from direct channel delivery when the cron run had spawned subagents that were still registered as pending. The pendingDescendantRuns guard exists for live orchestration coordination and should not apply to fire-and-forget cron announce sends. Thread the announceType through the delivery chain and skip both the child-descendant and requester-descendant pending-run guards when the announce originates from a cron job. Closes #34966 * fix: ensure outbound session entry for cron announce with named agents (#32432) Named agents may not have a session entry for their delivery target, causing the announce flow to silently fail (delivered=false, no error). Two fixes: 1. Call ensureOutboundSessionEntry when resolving the cron announce session key so downstream delivery can find channel metadata. 2. Fall back to direct outbound delivery when announce delivery fails to ensure cron output reaches the target channel. Closes #32432 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: guard announce direct-delivery fallback against suppression leaks (#32432) The `!delivered` fallback condition was too broad — it caught intentional suppressions (active subagents, interim messages, SILENT_REPLY_TOKEN) in addition to actual announce delivery failures. Add an `announceDeliveryWasAttempted` flag so the direct-delivery fallback only fires when `runSubagentAnnounceFlow` was actually called and failed. Also remove the redundant `if (route)` guard in `resolveCronAnnounceSessionKey` since `resolved` being truthy guarantees `route` is non-null. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(cron): harden announce synthesis follow-ups --------- Co-authored-by: scoootscooob <zhentongfan@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>	2026-03-04 21:31:33 -06:00
青雲	96021a2b17	fix: align AGENTS.md template section names with post-compaction extraction (#25029 ) (#25098 ) Merged via squash. Prepared head SHA: 8cd6cc8049aab5a94d8a9d5fb08f2e792c4ac5fd Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-04 12:16:00 -08:00
Kai	4242c5152f	agents: preserve totalTokens on request failure instead of using contextWindow (#34275 ) Merged via squash. Prepared head SHA: f9d111d0a79a07815d476356e98a28df3a0000ba Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-04 12:02:22 -08:00
Rodrigo Uroz	df0f2e349f	Compaction/Safeguard: require structured summary headings (#25555 ) Merged via squash. Prepared head SHA: 0b1df34806a7b788261290be55760fd89220de53 Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-04 10:54:42 -08:00
Shakker	7531a3e30a	test(ollama): add default header precedence coverage	2026-03-04 16:39:54 +00:00
echoVic	7597fc556c	fix(ollama): pass provider headers to Ollama stream function (#24285 ) createOllamaStreamFn() only accepted baseUrl, ignoring custom headers configured in models.providers.<provider>.headers. This caused 403 errors when Ollama endpoints are behind reverse proxies that require auth headers (e.g. X-OLLAMA-KEY via HAProxy). Add optional defaultHeaders parameter to createOllamaStreamFn() and merge them into every fetch request. Provider headers from config are now passed through at the call site in the embedded runner. Fixes #24285	2026-03-04 16:39:54 +00:00
Gustavo Madeira Santana	76bfd9b5e6	Agents: add generic poll-vote action support	2026-03-04 11:36:14 -05:00
Sid	3fa43ec221	fix(model): propagate custom provider headers to model objects (#27490 ) Merged via squash. Prepared head SHA: e4183b398fc7eb4c18b2b691cb0dd882ec993608 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd	2026-03-04 16:02:29 +00:00
Ayaan Zaidi	7b5e64ef2e	fix: preserve raw media invoke for HTTP tool clients (#34365 )	2026-03-04 17:17:39 +05:30
Ayaan Zaidi	ef4fa43df8	fix: prevent nodes media base64 context bloat (#34332 )	2026-03-04 16:53:30 +05:30
Bob	257e2f5338	fix: relay ACP sessions_spawn parent streaming (#34310 ) (thanks @vincentkoc) (#34310 ) Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>	2026-03-04 11:44:20 +01:00
Josh Avant	646817dd80	fix(outbound): unify resolved cfg threading across send paths (#33987 )	2026-03-04 00:20:44 -06:00
Vincent Koc	4d183af0cf	fix: code/cli acpx reliability 20260304 (#34020 ) * agents: switch claude-cli defaults to bypassPermissions * agents: add claude-cli default args coverage * agents: emit watchdog stall system event for cli runs * agents: test cli watchdog stall system event * acpx: fallback to sessions new when ensure returns no ids * acpx tests: mock sessions new fallback path * acpx tests: cover ensure-empty fallback flow * skills: clarify claude print mode without pty * docs: update cli-backends claude default args * docs: refresh cli live test default args * gateway tests: align live claude args defaults * changelog: credit claude/acpx reliability fixes * Agents: normalize legacy Claude permission flag overrides * Tests: cover legacy Claude permission override normalization * Changelog: note legacy Claude permission flag auto-normalization * ACPX: fail fast when ensure/new return no session IDs * ACPX tests: support empty sessions new fixture output * ACPX tests: assert ensureSession failure when IDs missing * CLI runner: scope watchdog heartbeat wake to session * CLI runner tests: assert session-scoped watchdog wake * Update CHANGELOG.md	2026-03-04 01:15:28 -05:00
Kesku	230fea1ca6	feat(web-search): switch Perplexity to native Search API (#33822 ) * feat: Add Perplexity Search API as web_search provider * docs fixes * domain_filter validation * address comments * provider-specific options in cache key * add validation for unsupported date filters * legacy fields * unsupported_language guard * cache key matches the request's precedence order * conflicting_time_filters guard * unsupported_country guard * invalid_date_range guard * pplx validate for ISO 639-1 format * docs: add Perplexity Search API changelog entry * unsupported_domain_filter guard --------- Co-authored-by: Shadow <hi@shadowing.dev>	2026-03-03 22:57:19 -06:00
Ayaan Zaidi	6962d2d79f	fix: harden sessions_spawn attachment schema landing (#33648 ) (thanks @anisoptera)	2026-03-04 10:05:41 +05:30
Isis Anisoptera	965ce31d84	fix(sessions-spawn): remove maxLength from attachment content schema to fix llama.cpp GBNF grammar overflow	2026-03-04 10:05:41 +05:30
Tak Hoffman	7f2708a8c3	fix(routing): unify session delivery invariants for duplicate suppression (#33786 ) * Routing: unify session delivery invariants * Routing: address PR review feedback * Routing: tighten topic and session-scope suppression * fix(chat): inherit routes for per-account channel-peer sessions	2026-03-03 21:40:38 -06:00
Tak Hoffman	9889c6da53	Runtime: stabilize tool/run state transitions under compaction and backpressure Synthesize runtime state transition fixes for compaction tool-use integrity and long-running handler backpressure. Sources: #33630, #33583 Co-authored-by: Kevin Shenghui <shenghuikevin@gmail.com> Co-authored-by: Theo Tarr <theodore@tarr.com>	2026-03-03 21:25:32 -06:00
Josh Avant	1c200ca7ae	follow-up: align ingress, atomic paths, and channel tests with credential semantics (#33733 ) Merged via squash. Prepared head SHA: c290c2ab6a3c3309adcbc4dc834f3c10d2ae1039 Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant	2026-03-03 20:29:46 -06:00
Gustavo Madeira Santana	6842877b2e	build: prevent mixed static/dynamic pi-model-discovery imports	2026-03-03 21:27:14 -05:00
Gustavo Madeira Santana	21e8d88c1d	build: fix ineffective dynamic imports with lazy boundaries (#33690 ) Merged via squash. Prepared head SHA: 38b3c23d6f8f2b4c8a36a88ee65b508102f1ec36 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-03 20:14:41 -05:00
Cui Chen	e8cb0484ce	fix(security): strip partial API token from status labels (#33262 ) Merged via squash. Prepared head SHA: 5fe81704e678dc5b18ca9416e5eb0750cfe49fb6 Co-authored-by: cu1ch3n <80438676+cu1ch3n@users.noreply.github.com> Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com> Reviewed-by: @grp06	2026-03-03 15:11:49 -08:00
Gustavo Madeira Santana	e4b4486a96	Agent: unify bootstrap truncation warning handling (#32769 ) Merged via squash. Prepared head SHA: 5d6d4ddfa620011e267d892b402751847d5ac0c3 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-03 16:28:38 -05:00
Shadow	e28ff1215c	fix: discord auto presence health signal (#33277 ) (thanks @thewilloftheshadow) (#33277 )	2026-03-03 11:20:59 -06:00
Jason L. West, Sr.	606cd0d591	feat(tool-truncation): use head+tail strategy to preserve errors during truncation (#20076 ) Merged via squash. Prepared head SHA: 6edebf22b1666807b1ea5cba5afb614c41dc3dd1 Co-authored-by: jlwestsr <52389+jlwestsr@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-03 08:11:14 -08:00
Rodrigo Uroz	c8b45a4c5c	Compaction/Safeguard: preserve recent turns verbatim (#25554 ) Merged via squash. Prepared head SHA: 7fb33c411c4aaea2795e490fcd0e647cf7ea6fb8 Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman	2026-03-03 07:00:49 -08:00
Altay	627813aba4	fix(heartbeat): scope exec wake dispatch to session key (#32724 ) Merged via squash. Prepared head SHA: 563fee0e65af07575f3df540cab2e1e5d5589f06 Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf	2026-03-03 14:47:40 +03:00
Sid	4ffe15c6b2	fix(telegram): warn when accounts.default is missing in multi-account setup (#32544 ) Merged via squash. Prepared head SHA: 7ebc3f65b21729137d352fa76bc31f2f849934c0 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-03 03:27:19 -05:00
Gustavo Madeira Santana	2370ea5d1b	agents: propagate config for embedded skill loading	2026-03-03 02:44:56 -05:00
Eugene	5341b5c71c	Diffs: Migrate tool usage guidance from before_prompt_build to a plugin skill (#32630 ) Merged via squash. Prepared head SHA: 585697a4e1556baa2cd79a7b449b120c4fd87e17 Co-authored-by: sircrumpet <4436535+sircrumpet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-03 01:50:59 -05:00
JT	de9031da22	fix: improve compaction summary instructions to preserve active work (#8903 ) fix: improve compaction summary instructions to preserve active work Expand staged-summary merge instructions to preserve active task status, batch progress, latest user request, and follow-up commitments so compaction handoffs retain in-flight work context. Co-authored-by: joetomasone <56984887+joetomasone@users.noreply.github.com> Co-authored-by: Josh Lehman <josh@martian.engineering>	2026-03-02 22:36:19 -08:00
Peter Steinberger	fe92113472	test(e2e): isolate module mocks across harnesses	2026-03-03 05:52:14 +00:00
Viz	a9ec75fe81	fix(gateway): flush throttled delta before emitChatFinal (#24856 ) * fix(gateway): flush throttled delta before emitChatFinal The 150ms throttle in emitChatDelta can suppress the last text chunk before emitChatFinal fires, causing streaming clients (e.g. ACP) to receive truncated responses. The final event carries the complete text, but clients that build responses incrementally from deltas miss the tail end. Flush one last unthrottled delta with the complete buffered text immediately before sending the final event. This ensures all streaming consumers have the full response without needing to reconcile deltas against the final payload. * fix(gateway): avoid duplicate delta flush when buffer unchanged Track the text length at the time of the last broadcast. The flush in emitChatFinal now only sends a delta if the buffer has grown since the last broadcast, preventing duplicate sends when the final delta passed the 150ms throttle and was already broadcast. * fix(gateway): honor heartbeat suppression in final delta flush * test(gateway): add final delta flush and dedupe coverage * fix(gateway): skip final flush for silent lead fragments * docs(changelog): note gateway final-delta flush fix credits --------- Co-authored-by: Jonathan Taylor <visionik@pobox.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>	2026-03-02 23:45:46 -05:00
Peter Steinberger	17bb87f432	fix(venice): retry model discovery on transient fetch failures	2026-03-03 03:21:00 +00:00
Josh Avant	806803b7ef	feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580 ) * feat(secrets): expand secret target coverage and gateway tooling * docs(secrets): align gateway and CLI secret docs * chore(protocol): regenerate swift gateway models for secrets methods * fix(config): restore talk apiKey fallback and stabilize runner test * ci(windows): reduce test worker count for shard stability * ci(windows): raise node heap for test shard stability * test(feishu): make proxy env precedence assertion windows-safe * fix(gateway): resolve auth password SecretInput refs for clients * fix(gateway): resolve remote SecretInput credentials for clients * fix(secrets): skip inactive refs in command snapshot assignments * fix(secrets): scope gateway.remote refs to effective auth surfaces * fix(secrets): ignore memory defaults when enabled agents disable search * fix(secrets): honor Google Chat serviceAccountRef inheritance * fix(secrets): address tsgo errors in command and gateway collectors * fix(secrets): avoid auth-store load in providers-only configure * fix(gateway): defer local password ref resolution by precedence * fix(secrets): gate telegram webhook secret refs by webhook mode * fix(secrets): gate slack signing secret refs to http mode * fix(secrets): skip telegram botToken refs when tokenFile is set * fix(secrets): gate discord pluralkit refs by enabled flag * fix(secrets): gate discord voice tts refs by voice enabled * test(secrets): make runtime fixture modes explicit * fix(cli): resolve local qr password secret refs * fix(cli): fail when gateway leaves command refs unresolved * fix(gateway): fail when local password SecretRef is unresolved * fix(gateway): fail when required remote SecretRefs are unresolved * fix(gateway): resolve local password refs only when password can win * fix(cli): skip local password SecretRef resolution on qr token override * test(gateway): cast SecretRef fixtures to OpenClawConfig * test(secrets): activate mode-gated targets in runtime coverage fixture * fix(cron): support SecretInput webhook tokens safely * fix(bluebubbles): support SecretInput passwords across config paths * fix(msteams): make appPassword SecretInput-safe in onboarding/token paths * fix(bluebubbles): align SecretInput schema helper typing * fix(cli): clarify secrets.resolve version-skew errors * refactor(secrets): return structured inactive paths from secrets.resolve * refactor(gateway): type onboarding secret writes as SecretInput * chore(protocol): regenerate swift models for secrets.resolve * feat(secrets): expand extension credential secretref support * fix(secrets): gate web-search refs by active provider * fix(onboarding): detect SecretRef credentials in extension status * fix(onboarding): allow keeping existing ref in secret prompt * fix(onboarding): resolve gateway password SecretRefs for probe and tui * fix(onboarding): honor secret-input-mode for local gateway auth * fix(acp): resolve gateway SecretInput credentials * fix(secrets): gate gateway.remote refs to remote surfaces * test(secrets): cover pattern matching and inactive array refs * docs(secrets): clarify secrets.resolve and remote active surfaces * fix(bluebubbles): keep existing SecretRef during onboarding * fix(tests): resolve CI type errors in new SecretRef coverage * fix(extensions): replace raw fetch with SSRF-guarded fetch * test(secrets): mark gateway remote targets active in runtime coverage * test(infra): normalize home-prefix expectation across platforms * fix(cli): only resolve local qr password refs in password mode * test(cli): cover local qr token mode with unresolved password ref * docs(cli): clarify local qr password ref resolution behavior * refactor(extensions): reuse sdk SecretInput helpers * fix(wizard): resolve onboarding env-template secrets before plaintext * fix(cli): surface secrets.resolve diagnostics in memory and qr * test(secrets): repair post-rebase runtime and fixtures * fix(gateway): skip remote password ref resolution when token wins * fix(secrets): treat tailscale remote gateway refs as active * fix(gateway): allow remote password fallback when token ref is unresolved * fix(gateway): ignore stale local password refs for none and trusted-proxy * fix(gateway): skip remote secret ref resolution on local call paths * test(cli): cover qr remote tailscale secret ref resolution * fix(secrets): align gateway password active-surface with auth inference * fix(cli): resolve inferred local gateway password refs in qr * fix(gateway): prefer resolvable remote password over token ref pre-resolution * test(gateway): cover none and trusted-proxy stale password refs * docs(secrets): sync qr and gateway active-surface behavior * fix: restore stability blockers from pre-release audit * Secrets: fix collector/runtime precedence contradictions * docs: align secrets and web credential docs * fix(rebase): resolve integration regressions after main rebase * fix(node-host): resolve gateway secret refs for auth * fix(secrets): harden secretinput runtime readers * gateway: skip inactive auth secretref resolution * cli: avoid gateway preflight for inactive secret refs * extensions: allow unresolved refs in onboarding status * tests: fix qr-cli module mock hoist ordering * Security: align audit checks with SecretInput resolution * Gateway: resolve local-mode remote fallback secret refs * Node host: avoid resolving inactive password secret refs * Secrets runtime: mark Slack appToken inactive for HTTP mode * secrets: keep inactive gateway remote refs non-blocking * cli: include agent memory secret targets in runtime resolution * docs(secrets): sync docs with active-surface and web search behavior * fix(secrets): keep telegram top-level token refs active for blank account tokens * fix(daemon): resolve gateway password secret refs for probe auth * fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled * fix(secrets): align token inheritance and exec timeout defaults * docs(secrets): clarify active-surface notes in cli docs * cli: require secrets.resolve gateway capability * gateway: log auth secret surface diagnostics * secrets: remove dead provider resolver module * fix(secrets): restore gateway auth precedence and fallback resolution * fix(tests): align plugin runtime mock typings --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-03-03 02:58:20 +00:00

1 2 3 4 5 ...

3066 Commits