negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
15,869 Commits 1 Branch 0 Tags
7e29d604ba4c4cd248dead0058e09bad633cecde
Commit Graph

972 Commits

Author SHA1 Message Date
Peter Steinberger
7e29d604ba test(agents): dedupe agent and cron test scaffolds 2026-03-02 07:13:10 +00:00
Tyler Yust
f918b336d1 fix: agent-only announce path, BB message IDs, sender identity, SSRF allowlist (#23970) 
* fix(agents): defer announces until descendant cleanup settles

* fix(bluebubbles): harden message metadata extraction

* feat(contributors): rank by composite score (commits, PRs, LOC, tenure)

* refactor(control-ui): move method guard after path checks to improve request handling

* fix subagent completion announce when only current run is pending

* fix(subagents): keep orchestrator runs active until descendants finish

* fix: prepare PR feedback follow-ups (#23970) (thanks @tyler6204)
 2026-03-01 22:52:11 -08:00
Peter Steinberger
5b8f492a48 fix(security): harden spoofed system marker handling 2026-03-02 06:19:16 +00:00
Peter Steinberger
a13586619b test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
Peter Steinberger
6b78544f82 refactor(commands): unify repeated ACP and routing flows 2026-03-02 05:20:19 +00:00
Peter Steinberger
6fc0787bf0 chore(deps): bump workspace dependencies 2026-03-02 04:22:33 +00:00
Mark L
0f2dce0483 fix(agents): prioritize per-model thinking defaults (#30439) 
* fix(agents): honor per-model thinking defaults

* fix(agents): preserve thinking fallback with model defaults

---------

Co-authored-by: Mark L <73659136+markliuyuxiang@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-02 04:00:02 +00:00
Peter Steinberger
0202d79df4 fix(inbound-meta): land #30984 include account_id context (@Stxle2) 
Landed from contributor PR #30984 by @Stxle2.

Co-authored-by: Stxle2 <166609401+Stxle2@users.noreply.github.com>
 2026-03-02 03:36:48 +00:00
Ayaan Zaidi
c13b35b83d feat(telegram): improve DM topics support (#30579) (thanks @kesor) 2026-03-02 09:06:45 +05:30
Peter Steinberger
072e1e9e38 test(session): cover internal route without external fallback 2026-03-02 03:33:12 +00:00
graysurf
95db5bb5e8 fix(session): preserve external lastTo routing for internal turns 2026-03-02 03:33:12 +00:00
Vincent Koc
1a42ea3abf fix(auto-reply): normalize block-reply callback to Promise for timeout path (#31200) 
* Auto-reply: wrap block reply callback in Promise.resolve for timeout safety

* Build: add strict smoke build script for CI regression gating

* CI: gate strict TS smoke build in check workflow

* docs(changelog): add auto-reply block reply timeout fix under Unreleased

* docs(changelog): credit original #19779 contributor and vincentkoc
 2026-03-01 19:23:38 -08:00
Jose E Velez
0c8fa63b93 feat: lightweight bootstrap context mode for heartbeat/cron runs (openclaw#26064) thanks @jose-velez 
Verified:
- pnpm build
- pnpm check (fails on pre-existing unrelated repo issues in extensions/diffs and src/agents/tools/nodes-tool.test.ts)
- pnpm vitest run src/agents/bootstrap-files.test.ts src/infra/heartbeat-runner.model-override.test.ts src/cli/cron-cli.test.ts
- pnpm test:macmini (fails on pre-existing extensions/diffs import errors; touched suites pass)

Co-authored-by: jose-velez <10926182+jose-velez@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 20:13:24 -06:00
Peter Steinberger
a6a742f3d0 fix(auto-reply): land #31080 from @scoootscooob 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-02 01:17:42 +00:00
Peter Steinberger
412eabc42b fix(session): retire stale dm main route after dmScope migration (#31010) 2026-03-02 00:33:54 +00:00
Peter Steinberger
fbd832d64f refactor(config): share byte-size parsing for memory flush 2026-03-02 00:32:33 +00:00
Peter Steinberger
9e727893ff refactor(session): consolidate transcript snapshot reads 2026-03-02 00:32:33 +00:00
Peter Steinberger
d729ab2150 fix(session): harden usage accounting and memory flush recovery 2026-03-02 00:07:29 +00:00
Peter Steinberger
b99666a47a fix(security): harden inbound metadata sentinel stripping 2026-03-01 23:11:48 +00:00
Agent
3a93a7bb1e fix(security): enforce auth for abort triggers and models 2026-03-01 21:30:07 +00:00
Onur
8292401719 ACP: rename stream char limits to output/sessionUpdate 2026-03-01 20:39:24 +01:00
Onur
053e5eb506 ACP: remove maxMetaEventsPerTurn limit 2026-03-01 20:39:24 +01:00
Onur
ca31683ca3 Tests: fix dispatch-acp mock typings for tsgo 2026-03-01 20:39:24 +01:00
Onur
f4538b22f7 ACP: fix projector dedupe regressions 2026-03-01 20:39:24 +01:00
Onur
be73eb28b3 ACP: improve live text batching readability 2026-03-01 20:39:24 +01:00
Onur
dd2fcade3e ACP: make live mode flush incremental chunks 2026-03-01 20:39:24 +01:00
Onur
43c57005a6 ACP: start typing lifecycle at turn start and harden delivery 2026-03-01 20:39:24 +01:00
Onur
c8b958e573 ACP: add hidden-boundary separator for hidden tool events 2026-03-01 20:39:24 +01:00
Onur
acd6ddb829 ACP: hide tool_call tags by default 2026-03-01 20:39:24 +01:00
Onur
c3a1fe01ae ACP: make final_only defer all projected output 2026-03-01 20:39:24 +01:00
Onur
4a82012461 ACP: default stream delivery to final_only 2026-03-01 20:39:24 +01:00
Onur
4e2efaf659 ACP: simplify stream config to repeatSuppression 2026-03-01 20:39:24 +01:00
Onur
752398a6ba Refactor: split ACP dispatch delivery and settings 2026-03-01 20:39:24 +01:00
Onur
54ed2efc20 Tests: complete ACP meta dedupe coverage 2026-03-01 20:39:24 +01:00
Onur
2466a9bb13 ACP: carry dedupe/projector updates onto configurable acpx branch 2026-03-01 20:39:24 +01:00
Glucksberg
6dbbc58a8d fix(slack): use SLACK_USER_TOKEN when connecting to Slack (#28103) 
* fix(slack): use SLACK_USER_TOKEN when connecting to Slack (closes #26480)

* test(slack): fix account fixture typing for user token source

---------

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 11:05:35 -06:00
pushkarsingh32
4ba0a4d4fb fix(slack): wrap session key in backticks to prevent emoji shortcode parsing (openclaw#30266) thanks @pushkarsingh32 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: pushkarsingh32 <29558481+pushkarsingh32@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 09:23:50 -06:00
Jarvis
fcb6859784 fix(memoryFlush): correct context token accounting for flush gating (#5343) 
Merged via squash.

Prepared head SHA: afaa7bae3b18a470928a14eea306c9b91957ba90
Co-authored-by: jarvis-medmatic <252428873+jarvis-medmatic@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-02-28 16:54:57 -08:00
Yassine Amjad
61989091a4 fix(reply): fix duplicate block replies by unblocking coalesced payloads (#5080) 
Merged via squash.

Prepared head SHA: 399e1259cb935e46123864143c7f8879b5ff459c
Co-authored-by: yassine20011 <59234686+yassine20011@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-02-28 14:51:43 -08:00
fuller-stack-dev
70a4f25ab1 fix(security): remove post-compaction audit injection message (#28507) 
* fix: remove post-compaction audit injection (Layer 3)

Remove the post-compaction read audit that injects fake system messages
into conversations after context compaction. This audit:

- Hardcodes WORKFLOW_AUTO.md (a file that doesn't exist in standard
  workspaces) as a required read after every compaction
- Leaks raw regex syntax (memory\/\d{4}-\d{2}-\d{2}\.md) in
  user-facing warning messages
- Injects messages via enqueueSystemEvent that appear as user-role
  messages, tricking agents into reading attacker-controlled files
- Creates a persistent prompt injection vector (see #27697)

Layer 1 (compaction summary) and Layer 2 (workspace context refresh
from AGENTS.md via post-compaction-context.ts) remain intact and are
sufficient for post-compaction context recovery.

Deleted files:
- src/auto-reply/reply/post-compaction-audit.ts
- src/auto-reply/reply/post-compaction-audit.test.ts

Modified files:
- src/auto-reply/reply/agent-runner.ts (removed imports, audit map,
  flag setting, and Layer 3 audit block)

Fixes #27697, fixes #26851, fixes #20484, fixes #22339, fixes #25600
Relates to #26461

* fix: resolve lint failures from post-compaction audit removal

* Tests: add regression for removed post-compaction audit warnings

---------

Co-authored-by: Wilfred (OpenClaw Agent) <jay@openclaw.dev>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-27 17:15:59 -08:00
Onur Solmaz
a7929abad8 Discord: thread bindings idle + max-age lifecycle (#27845) (thanks @osolmaz) 
* refactor discord thread bindings to idle and max-age lifecycle

* fix: migrate legacy thread binding expiry and reduce hot-path disk writes

* refactor: remove remaining thread-binding ttl legacy paths

* fix: harden thread-binding lifecycle persistence

* Discord: fix thread binding types in message/reply paths

* Infra: handle win32 unknown inode in file identity checks

* Infra: relax win32 guarded-open identity checks

* Config: migrate threadBindings ttlHours to idleHours

* Revert "Infra: relax win32 guarded-open identity checks"

This reverts commit de94126771db072ecda6a014e80700310e76df61.

* Revert "Infra: handle win32 unknown inode in file identity checks"

This reverts commit 96fc5ddfb39762aa078d70dd4b4d3754e49a159b.

* Discord: re-read live binding state before sweep unbind

* fix: add changelog note for thread binding lifecycle update (#27845) (thanks @osolmaz)

---------

Co-authored-by: Onur Solmaz <onur@textcortex.com>
 2026-02-27 10:02:39 +01:00
Peter Steinberger
bce643a0bd refactor(security): enforce account-scoped pairing APIs 2026-02-26 21:57:52 +01:00
Peter Steinberger
a1628d89ec refactor: unify outbound session context wiring 2026-02-26 21:03:28 +01:00
Shakker
fe842b5f14 test(auto-reply): cover inbound timestamp guard 2026-02-26 17:10:09 +00:00
Liu Yuan
c596658b8d feat(auto-reply): make agent time-aware with message timestamps 
Add human-readable timestamp field to the Conversation info JSON block.

Before:
  {
    "conversation_label": "D id:123"
  }

After:
  {
    "conversation_label": "D id:123",
    "timestamp": "Sun 2026-02-15 13:35 GMT+8"
  }

Benefits:
- Better time awareness for time-related questions
- Understand conversation gaps and response delays
- Handle delayed message delivery
- Context for relative time references ("just now", "later")
 2026-02-26 17:10:09 +00:00
Peter Steinberger
273973d374 refactor: unify typing dispatch lifecycle and policy boundaries 2026-02-26 17:36:16 +01:00
Peter Steinberger
37a138c554 fix: harden typing lifecycle and cross-channel suppression 2026-02-26 17:01:09 +01:00
joshavant
67e9554645 test(session): normalize parent fork parentSession path assertion 2026-02-26 14:47:22 +00:00
SidQin-cyber
79176cc4e5 fix(typing): force cleanup when dispatch idle is never received 
Add a grace timer after markRunComplete so the typing controller
cleans up even when markDispatchIdle is never called, preventing
indefinite typing keepalive loops in cron and announce flows.

Made-with: Cursor
(cherry picked from commit 684eaf2893542d648daa1ca0b0c1a32c264bb8bd)
 2026-02-26 13:40:58 +00:00
Peter Steinberger
4b259ab81b fix(models): normalize trailing @profile parsing across resolver paths 
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Marcus Castro <mcaxtr@gmail.com>
Co-authored-by: Brandon Wise <brandonawise@gmail.com>
 2026-02-26 14:34:15 +01:00