Keep startup non-breaking for existing installs when hooks.token reuses Gateway auth, but surface a startup warning, critical security audit finding, and doctor --fix repair that rotates persisted hooks.token.
Closes#87376.
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
Enable Mistral prompt cache keys without long-retention forwarding. Update cached-read pricing and doctor migration for existing Mistral provider config. Fixes#83709.
Run `before_agent_finalize` for embedded agents before terminal delivery so revise decisions can retry without leaking a final assistant reply.
The embedded subscription now defers terminal assistant events, block replies, and lifecycle delivery until the pre-terminal gate resolves; accepted revise decisions suppress delivery, while hook failures and continue decisions finalize normally. It also preserves existing replay-invalid liveness behavior while still preventing revise after side-effecting turns.
Closes#87585
Co-authored-by: ai-hpc <mail.speedy.hpc@hotmail.com>
Move QQBot credential backups, gateway sessions, known-user records, and ref-index rows into plugin SQLite KV stores. Import shipped JSON/JSONL state files on first use and keep auxiliary known-user/ref-index state best-effort so message delivery is not blocked by cache persistence failures.
Surface stale Codex OAuth sidecar references as unresolved auth failures in auth health, model status, and gateway status instead of hiding them as generic missing auth.
Also refresh the running gateway after doctor auth-profile repairs by reloading secrets/runtime auth snapshots and then refreshing the model auth-status cache.
Thanks @TurboTheTurtle.
Fixes#84252.
* fix(providers): use native reasoning mode for direct Gemini API, keep CLI tagged
Gemini 2.5+ delivers reasoning via native thinkingParts (thinkingConfig.
includeThoughts). Having tagged mode active at the same time injects a
<think>…</think>/<final>…</final> directive into the system prompt; the
model opens a <think> block before a tool call, never closes it, and
returns an empty post-tool turn (content:[], payloads=0 error, #69220).
Fix: override resolveReasoningOutputMode in buildGoogleProvider() only —
not in the shared GOOGLE_GEMINI_PROVIDER_HOOKS. The Gemini CLI backend
(google-gemini-cli) runs gemini --output-format json and parses a text
response field, not native thought parts; it must stay on tagged mode.
A regression test confirms google-gemini-cli remains "tagged".
Also remove the dead BUILTIN_REASONING_OUTPUT_MODES entry keyed on
"google-generative-ai" from provider-utils.ts — that string is only
ever the transport model.api value, never the provider id passed to
resolveReasoningOutputMode, so the map was unreachable.
Fixes#69220
* docs: clarify Gemini reasoning output modes
* fix(google): keep Antigravity reasoning tagged
* fix(google): default direct reasoning checks to native
* fix(google): import reasoning context from plugin entry
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Fixes#88355.
When a resumed Codex context-engine thread overflows and OpenClaw retries on a fresh native thread, clear the stale thread-bootstrap projection metadata from the fresh binding. This prevents later turns from treating that fresh thread as already projected when it only received the bare retry prompt.
Verification:
- Autoreview clean: no accepted/actionable findings reported.
- CI run 26717883204 green on head 5438f8ad34.
* fix(google): add gemini-3.1-flash-lite to provider catalog
Adds the missing gemini-3.1-flash-lite model definition to the
GOOGLE_GEMINI_TEXT_MODELS array. This resolves the ProviderFailoverError
when configuring google-vertex/gemini-3.1-flash-lite.
Fixes#89390
* test(google): cover Gemini flash lite catalog row
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Refactor the agent harness surface after PR #88821 by moving compaction dispatch into its own module, splitting the harness type into explicit capability interfaces, and renaming the private agent-core class declaration to `CoreAgentHarness` while preserving the exported `AgentHarness` contract.
Verification:
- `node scripts/run-vitest.mjs src/agents/harness/selection.test.ts src/agents/command/cli-compaction.test.ts src/agents/embedded-agent-runner/compact.hooks.test.ts packages/agent-core/src/agent-loop.test.ts packages/agent-core/src/harness/messages.test.ts`
- `pnpm build`
- autoreview clean
- `pnpm check:changed` passed on Testbox `tbx_01kt407hq8sv1csm287pdj3fmp`
- PR CI merge state `CLEAN`
Stabilize repeated `openclaw doctor --fix` state repairs for legacy plugin state and installed plugin index migrations.
- Import legacy-only plugin-state sidecar rows before deciding whether live conflicts require keeping the sidecar.
- Drop expired sidecar rows only when the sidecar can be archived, avoiding repeated false migration changes.
- Let richer current install records cover legacy records only when durable legacy fields are actually preserved, without erasing npm selector intent or malformed legacy metadata.
Proof:
- `node scripts/run-vitest.mjs src/commands/doctor-state-migrations.test.ts`
- `git diff --check origin/main...HEAD`
- `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main`
- PR CI clean for head `5f3a7e0749372a40cabd7a090cae155997481b71`
Co-authored-by: Dallin Romney <dallinromney@gmail.com>
QQBot credential backups now resolve under the active OpenClaw state directory instead of the old home-global QQBot data path. This keeps isolated gateway profiles from restoring each other's QQBot appId/clientSecret backups while preserving per-state-root recovery.
Proof: focused QQBot path/storage-laziness Vitest suite passed on Node 24.15.0, focused oxlint passed, source-runtime two-root backup proof passed, exact-head CI run 26814565282 passed, and ClawSweeper re-review run 26815054980 marked proof sufficient.
Closes#84313.
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
Surface active official external plugin version drift in gateway status diagnostics so users can see when a host/package update left npm or ClawHub plugins behind the running local gateway. The advisory uses the daemon service install records, compares against the running gateway version, gives detailed fix commands in deep status, and avoids local-state drift checks for remote gateway mode or explicit status probe URLs.
Co-authored-by: Hussein Nourelddine <hussein@gptc.com.kw>
Fixes status/update detection for npm-installed OpenClaw packages that ship npm-shrinkwrap while preserving pnpm and Bun install ownership.
Fixes#87732.
Supersedes #88283.
Proof: focused infra Vitest shard, autoreview clean, Crabbox install matrix, and PR CI all green.
Reset the session command lane when stuck-session recovery aborts and drains a ghost embedded run but queued lane work remains. This preserves pending user messages by using the existing lane recovery pump instead of leaving them stranded after recovery reports success.
Adds focused regression coverage for the abort=true, drained=true, queuedCount=1 path.
Fixes#89208.
Supersedes #89293.
Thanks @LiLan0125.
Co-authored-by: 李兰 0668001394 <li.lan3@xydigit.com>
Fix Discord progress-mode reasoning streams so delta chunks accumulate before display formatting, preserving raw Thinking/Reasoning-prefixed content and balanced truncation.\n\nFixes #83983.\n\nThanks @giodl73-repo for the fix and live Discord proof.
