liuyu/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-06 05:51:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
56,484 Commits 2,300 Branches 254 Tags
116bc2a0f0c478bbce8042d7b295a601c0e5d654
Commit Graph

8114 Commits

Author SHA1 Message Date
Peter Steinberger
116bc2a0f0 docs: surface Windows Hub across docs 2026-06-03 16:09:24 -07:00
Peter Steinberger
1878ca0820 chore(release): prepare 2026.6.2 beta 2026-06-04 00:06:52 +01:00
Peter Steinberger
190fd034d5 docs: refresh Windows Hub platform guide 2026-06-03 15:52:00 -07:00
Peter Steinberger
e254346bc2 chore(release): prepare 2026.6.3 beta 2026-06-03 23:42:34 +01:00
Kevin Lin
fce002ad03 revert(codex): revert first-party marketplace allowlist 
Reverts openclaw/openclaw#82219.
 2026-06-03 15:35:35 -07:00
joshavant
10830bc4a7 docs: warn about install policy plugin update footguns 2026-06-03 14:51:45 -07:00
Vincent Koc
2b31ad2ee5 docs(plugin-sdk): refresh API baseline hash 2026-06-03 14:48:00 -07:00
Peter Steinberger
ed283490b5 docs(release): require verified Windows asset links 2026-06-03 22:42:53 +01:00
Peter Steinberger
bf368e7609 ci(release): promote Windows node installers 2026-06-03 22:39:58 +01:00
Vincent Koc
0f05aff312 docs(config): refresh channel config baseline hash 2026-06-03 14:27:38 -07:00
Josh Avant
154f439c81 Add operator install policy and remove dangerous-code install scanners (#89516) 
* feat: add operator install policy

* test: cover plain-file plugin install code

* fix: preserve locationless install policy findings

* refactor: remove install-time plugin scanner

* test: remove stale plugin install helper

* fix: preserve before-install builtin scan type

* fix: preserve plugin dependency denylist

---------

Co-authored-by: Mainframe <mainframe@MainfraacStudio.localdomain>
 2026-06-03 14:17:29 -07:00
zhang-guiping
60dcaa3cf5 fix #88773: [Bug]: Telegram DM exec requires approval despite allowlist + ask:off — works in webchat, not in Telegram (#89035) 
* fix exec ask policy source

* fix gateway test type fixtures

* docs: update exec ask parameter docs to match runtime behavior

* fix: preserve trusted per-call exec ask hardening while blocking model-supplied overrides for channel runs

* docs: align exec ask contract with runtime

* refactor(agents): simplify exec ask policy cleanup

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-06-03 18:33:08 +05:30
Vincent Koc
6ec579a0c2 docs(web): document chat ack timing metadata (#89802) 2026-06-03 04:18:51 -07:00
Ayaan Zaidi
41ee6b1dd6 feat(telegram): show commentary in progress drafts 2026-06-03 14:30:30 +05:30
Ayaan Zaidi
1bd1483b62 refactor(auto-reply): unify transient failure visibility 2026-06-03 13:55:36 +05:30
Ayaan Zaidi
a4b09d72b9 refactor(channels): share progress draft compositor 2026-06-03 10:54:19 +05:30
Gio Della-Libera
646974b7d8 fix(policy): reject unsupported policy keys (#87074) 
Merged via squash.

Prepared head SHA: 3ab4ff1d8f
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
 2026-06-02 15:01:57 -07:00
Val Alexander
be336cc1e4 feat(ui): add workboard keyboard movement controls 
Add compact keyboard-accessible Workboard status movement controls for writable operators. The control reuses the existing workboard.cards.move path, preserves drag/drop as the pointer enhancement, and suppresses mutation controls for read-only operators.\n\nVerification:\n- node scripts/run-vitest.mjs ui/src/ui/views/workboard.test.ts\n- corepack pnpm exec oxfmt --check --threads=1 ui/src/ui/views/workboard.ts ui/src/ui/views/workboard.test.ts ui/src/styles/workboard.css docs/plugins/workboard.md\n- git diff --check origin/main...HEAD\n- Chromium Control UI mock Gateway keyboard movement proof\n- .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main --no-web-search
 2026-06-02 16:08:29 -05:00
Gio Della-Libera
1d3cfc4b01 Policy: add data handling conformance checks (#87056) 
Merged via squash.

Prepared head SHA: 6a0e9730aa
Co-authored-by: giodl73-repo <
>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo
 2026-06-02 10:48:07 -07:00
Coy Geek
3509f7613e fix: audit and repair hooks token reuse with Gateway auth 
Keep startup non-breaking for existing installs when hooks.token reuses Gateway auth, but surface a startup warning, critical security audit finding, and doctor --fix repair that rotates persisted hooks.token.

Closes #87376.

Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
 2026-06-02 08:58:40 -04:00
Alix-007
1824aa07a0 fix(mistral): enable prompt cache keys 
Enable Mistral prompt cache keys without long-retention forwarding. Update cached-read pricing and doctor migration for existing Mistral provider config. Fixes #83709.
 2026-06-02 08:52:12 -04:00
兰之
10d10faa25 feat(plugin-sdk): add resolve_exec_env hook 
Summary:
- Add the plugin SDK `resolve_exec_env` hook for bounded exec environment contributions.
- Wire resolved exec env through exec preparation/final execution without exposing plugin env values to generic tool hooks.
- Cover lazy exec loading, host and command rewrites, node/gateway execution, filtering, and EXEC shell snapshot cache behavior.

Verification:
- `pnpm changed:lanes --json`
- `node scripts/run-vitest.mjs src/agents/bash-tools.exec.resolve-env-hook.test.ts src/agents/agent-tool-definition-adapter.test.ts src/agents/agent-tool-definition-adapter.after-tool-call.test.ts src/agents/shell-snapshot.test.ts src/plugins/hook-resolve-exec-env.test.ts`
- `pnpm check:test-types`
- `pnpm lint src/agents/bash-tools.exec.ts src/agents/bash-tools.exec.resolve-env-hook.test.ts`
- `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main`
- PR CI clean on 1bbad8d071: https://github.com/openclaw/openclaw/actions/runs/26817910293

Co-authored-by: Lanzhi <lizhan3@xiaomi.com>
 2026-06-02 08:00:42 -04:00
Yzx
b1bdc29d33 fix(providers): use native reasoning mode for Gemini instead of tagged (#89379) 
* fix(providers): use native reasoning mode for direct Gemini API, keep CLI tagged

Gemini 2.5+ delivers reasoning via native thinkingParts (thinkingConfig.
includeThoughts). Having tagged mode active at the same time injects a
<think>…</think>/<final>…</final> directive into the system prompt; the
model opens a <think> block before a tool call, never closes it, and
returns an empty post-tool turn (content:[], payloads=0 error, #69220).

Fix: override resolveReasoningOutputMode in buildGoogleProvider() only —
not in the shared GOOGLE_GEMINI_PROVIDER_HOOKS. The Gemini CLI backend
(google-gemini-cli) runs gemini --output-format json and parses a text
response field, not native thought parts; it must stay on tagged mode.
A regression test confirms google-gemini-cli remains "tagged".

Also remove the dead BUILTIN_REASONING_OUTPUT_MODES entry keyed on
"google-generative-ai" from provider-utils.ts — that string is only
ever the transport model.api value, never the provider id passed to
resolveReasoningOutputMode, so the map was unreachable.

Fixes #69220

* docs: clarify Gemini reasoning output modes

* fix(google): keep Antigravity reasoning tagged

* fix(google): default direct reasoning checks to native

* fix(google): import reasoning context from plugin entry

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-06-02 07:46:08 -04:00
Bek
bce3d5bf92 trace: Correlate channel diagnostics into one trace 
Correlates channel receive, agent lifecycle, model attempt diagnostics, and outbound delivery diagnostics into one trace waterfall so channel message runs can be inspected end-to-end.

Maintainer follow-up removed the internal `AgentHarnessV2` adapter surface and kept the harness path canonical through `src/agents/harness/lifecycle.ts`.

Proof:
- PR checks passed on `04e9189c15480d53663d533a04c9883164b4dd54`.
- `node scripts/run-vitest.mjs src/agents/harness/lifecycle.test.ts src/agents/harness/selection.test.ts src/channels/turn/kernel.test.ts`
- `pnpm check:changed` Testbox `tbx_01kt3xtrm70qc7nb90cqv5rah1`

Thanks @bek91.

Co-authored-by: Bek <bek.akhmedov@gmail.com>
 2026-06-02 06:38:00 -04:00
兰之
1cca70940c fix: hide sessions_spawn timeout overrides 
Remove model-facing per-call timeout overrides from sessions_spawn while keeping operator-controlled timeout behavior through agents.defaults.subagents.runTimeoutSeconds.

Reject stale camelCase and snake_case timeout arguments, update ACP/native timeout propagation, refresh docs and prompt snapshots, and cap ACP runtime option timeouts to the ACP control-plane maximum without shortening gateway dispatch or registry tracking.

Proof:
- node --import tsx - runtime probe against src/agents/tools/sessions-spawn-tool.ts
- node scripts/run-vitest.mjs src/agents/tools/sessions-spawn-tool.test.ts src/agents/acp-spawn.test.ts src/agents/openclaw-tools.subagents.sessions-spawn.lifecycle.test.ts
- pnpm docs:list
- git diff --check origin/main...HEAD
- .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
- .agents/skills/autoreview/scripts/autoreview --mode local
- GitHub checks: 132 pass, 30 skipped

Co-authored-by: Lanzhi <lizhan3@xiaomi.com>
Co-authored-by: chenhaoqiang <chenhaoqiang@xiaomi.com>
 2026-06-02 06:09:02 -04:00
Ayaan Zaidi
db576c4a2d refactor(agents): trim native compaction ownership follow-up 2026-06-02 14:39:35 +05:30
Cameron Beeley
5e52a9b513 docs(cli-backends): document ownsNativeCompaction opt-out contract 2026-06-02 14:39:35 +05:30
Tosko4
5f505236a6 docs(android): document device apps command 2026-06-02 13:44:45 +05:30
Tosko4
3d1ec37129 feat(android): add installed apps node command 2026-06-02 13:44:45 +05:30
Onur Solmaz
a4b4fed412 fix(memory): validate memory index identity 
* docs: add memory index identity plan

* fix(memory): validate memory index identity

* fix(memory): align status index identity with vector probe

* fix(memory): fail closed on stale fts-only search

* fix(memory): clear sessions-only identity reindex dirty state

* fix(memory): gate targeted session sync by index identity

* fix(memory): clear resolved index identity dirtiness

* fix(memory): block search on missing index identity

* fix(memory): preserve dirty events during identity reindex

* fix(memory): resolve provider aliases for index identity

* fix(memory): report missing identity states accurately

* fix(memory): mark missing session index identity dirty

* test(memory): expose provider alias resolver in mocks

* chore(memory): remove scratch implementation plan

* fix(memory): avoid automatic full reindex on provider cutover

* docs(memory): plan no-schema cutover repair

* fix(memory): pause vector search on index identity mismatch

* fix(memory): freeze dirty identity sync writes

* fix(memory): skip paused-index search retry

* test(memory): keep retry tests on same provider identity

* fix(memory): surface paused index recall

* chore(memory): remove scratch plan from pr

* fix(memory): preserve paused session dirtiness

* fix(memory): make paused recall warning explicit

* docs(memory): document explicit index repair
 2026-06-02 14:22:25 +08:00
WJzz1
6349af6502 docs: add ClawHub CLI page (#89297) 
Summary:
- Adds `docs/clawhub/cli.md` documenting OpenClaw skill/plugin ClawHub commands plus standalone ClawHub publish, sync, and transfer workflows.
- PR surface: Docs +82. Total +82 across 1 file.
- Reproducibility: not applicable. this is a docs-only missing-route repair rather than a runtime bug. Source  ... rrent main lacks `docs/clawhub/cli.md` while navigation and existing docs already reference `/clawhub/cli`.

Automerge notes:
- PR branch already contained follow-up commit before automerge: docs: add ClawHub CLI page
- PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-8929…

Validation:
- ClawSweeper review passed for head 11e071c344.
- Required merge gates passed before the squash merge.

Prepared head SHA: 11e071c344
Review: https://github.com/openclaw/openclaw/pull/89297#issuecomment-4598332147

Co-authored-by: Wang-Yeah623 <205193123+Wang-Yeah623@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: takhoffman
Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>
 2026-06-02 04:13:50 +00:00
Peter Steinberger
9ead0ae921 fix: repair live model inference edge cases 
Fix live model inference edge cases across provider streaming, model switching, outbound delivery, and gateway tool resolution.

Includes live/provider issue fixes and leaves #89100 explicitly partial for the remaining FM-2 group routing case.
 2026-06-01 23:03:27 -04:00
Dallin Romney
0904f3e553 revert: undo gateway memory watch warning (#89246) 2026-06-01 15:32:42 -07:00
Dallin Romney
2405bbcbaf fix(memory): warn on gateway watcher FD risk (#89185) 
* fix(memory): default gateway memory watch off

* fix(memory): warn on gateway watcher fd risk

* fix(config): avoid warning helper narrowing

* fix(config): remove redundant warning boolean cast

* docs(memory): clarify watcher default wording

* docs(memory): simplify watcher warning copy

* fix(config): scope watcher warning to local gateway
 2026-06-01 14:23:25 -07:00
Vyctor H. Brzezowski
05ea36a81f docs: refresh ClawHub showcase cards (#88734) 2026-06-01 13:08:56 -07:00
NianJiu
5a55135146 fix(memory): retry transient FileProvider-backed reads (#85351) 2026-06-01 12:40:20 -07:00
Vincent Koc
d10d71cdb6 fix(codex): stabilize app-server cleanup tests 2026-06-01 13:15:05 +02:00
Peter Steinberger
8e28c773fe chore(release): prepare 2026.6.1 2026-06-01 10:30:15 +01:00
Mason Huang
004835f4c7 fix(plugins): block untrusted workspace setup-only channel loads (#86953) 
Summary:
- This PR blocks disabled workspace-origin channel plugins from setup-only scoped imports, rejects their channel registrations at registry assembly, documents the trust rule, and adds regression coverage.
- PR surface: Source +46, Tests +610, Docs +13. Total +669 across 22 files.
- Reproducibility: yes. source inspection gives a high-confidence reproduction path: current main's setup-only ... ce channel plugin can be imported before this PR. I did not run the repro locally in this read-only review.

Automerge notes:
- PR branch already contained follow-up commit before automerge: test(plugins): cover workspace channel registry guard
- PR branch already contained follow-up commit before automerge: fix(plugins): isolate setup channel registration errors
- PR branch already contained follow-up commit before automerge: fix(channels): mark raw catalog listing internal
- PR branch already contained follow-up commit before automerge: test(channels): cover trusted catalog filtering
- PR branch already contained follow-up commit before automerge: test(channels): mock raw catalog helper
- PR branch already contained follow-up commit before automerge: docs(changelog): credit setup channel hardening

Validation:
- ClawSweeper review passed for head 11438bc1a0.
- Required merge gates passed before the squash merge.

Prepared head SHA: 11438bc1a0
Review: https://github.com/openclaw/openclaw/pull/86953#issuecomment-4545730044

Co-authored-by: masonxhuang <masonxhuang@tencent.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Mason Huang <masonxhuang@tencent.com>
Co-authored-by: Sebastien Tardif <sebtardif@ncf.ca>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
Approved-by: hxy91819
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
 2026-06-01 09:25:56 +00:00
Vincent Koc
f8e9ba3718 fix(codex): prevent aborted app-server turn handles 2026-06-01 10:12:36 +01:00
Peter Steinberger
1d4c1ba56d fix: harden memory envelope sanitization 
Co-authored-by: amittell <mittell@me.com>
 2026-06-01 09:30:08 +01:00
Peter Steinberger
6173a4babb docs(plugin-sdk): refresh API baseline 2026-06-01 06:29:51 +01:00
Peter Steinberger
db4990d260 refactor: compact copilot sessions through sdk state 
Route Copilot compaction through SDK-backed state, remove marker sidecars, preserve auth/session binding behavior in SQLite-backed plugin state, and route Copilot CLI budget compaction through native harness compaction.
 2026-06-01 01:18:46 -04:00
Peter Steinberger
d925249ac0 docs(plugin-sdk): refresh API baseline hash 2026-06-01 06:05:37 +01:00
amittell
945faf8e67 fix(memory-lancedb): reject envelope metadata sludge 
Summary:
- Strip memory-lancedb envelope and metadata sludge before auto-capture/recall, including pending history wrappers, current-message reply context, message-tool delivery hints, media annotations, and marker-free channel envelopes.
- Expose bundled chat-channel IDs/prefixes through the plugin SDK so sanitizer matching follows the channel catalog.
- Refactor cron tool schemas to fresh factory instances while preserving runtime nullable clears and provider-facing OpenAPI projection.

Verification:
- git diff --check origin/main...HEAD
- ./node_modules/.bin/oxfmt --check src/plugin-sdk/chat-channel-ids.ts src/plugin-sdk/chat-channel-ids.test.ts extensions/memory-lancedb/index.ts extensions/memory-lancedb/index.test.ts src/agents/tools/cron-tool.ts src/agents/tools/cron-tool.schema.test.ts
- pnpm plugin-sdk:api:check
- node scripts/run-vitest.mjs run src/plugin-sdk/chat-channel-ids.test.ts extensions/memory-lancedb src/agents/tools/cron-tool.schema.test.ts src/agents/tools/cron-tool.test.ts --reporter=dot
- pnpm lint:extensions --threads=8
- .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
- GitHub checks on 62d1da1257: 139 pass, 0 pending, 0 fail, 22 skipped.
 2026-06-01 00:57:25 -04:00
Peter Steinberger
5b79e81569 fix: harden CLI and plugin edge cases (#88896) 
* fix: harden CLI and plugin edge cases

* fix: preserve explicit TTS provider credentials

* fix: preserve direct TTS credentials

* fix: type TTS credential hydration config

* fix: preserve scoped TTS channel credentials

* fix: pin hydrated TTS runtime config

* fix: satisfy TTS hydration lint

* fix: preserve inherited TTS provider keys

* fix: read resolved TTS provider keys
 2026-06-01 00:30:12 -04:00
Peter Steinberger
3b802a7fbc docs(plugin-sdk): refresh API baseline hash 2026-06-01 04:59:39 +01:00
Firas Alswihry
70c59f59b2 feat(dreaming): score candidates with shadow trial results 
Add report-only memory-core dreaming shadow trial scoring and ranking helpers. Keep rank lookup keyed by durable candidate keys and document the advisory behavior. Thanks @iFiras-Max1.
 2026-05-31 23:40:20 -04:00
Peter Steinberger
ebcdb637bb perf(memory-core): defer embedding engine startup imports 2026-06-01 04:22:22 +01:00
Peter Steinberger
592b6e2916 docs(config): refresh config baseline hash 2026-06-01 04:20:57 +01:00