chore: sync main with sync-upstream by Rifelimo · Pull Request #2 · KrD-Hub/openclaw

Rifelimo · 2026-02-27T13:36:27Z

Summary

align main with the current sync-upstream tip
bring fork main up to latest upstream + local sync commits

Notes

direct push to main is blocked by branch protection
this PR is the compliant path to update main

… parity

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

@obviyus

…enclaw#28260) (thanks @obviyus)

…7151) Co-authored-by: Yutaka Sasaki <sskyu@minio.local>

* Gateway: add device-auth detail code resolver * Gateway: emit specific device-auth detail codes * Gateway tests: cover nonce and signature detail codes * Docs: add gateway device-auth migration diagnostics * Docs: add device-auth v2 troubleshooting signatures

…enclaw#26379) When Ollama responds successfully but returns zero models (e.g. on Linux with the bundled `ollama-stub.service`), `discoverOllamaModels` was logging at `warn` level: [agents/model-providers] No Ollama models found on local instance This appeared on every agent invocation even when Ollama was not intentionally configured, polluting production logs. An empty model list is a normal operational state — it warrants at most a debug note, not a warning. Fix: change `log.warn` → `log.debug` for the zero-models branch. The error paths (HTTP failure, fetch exception) remain at `warn` since those indicate genuine connectivity problems. Closes openclaw#26354

@obviyus

…8388) (thanks @obviyus)

@obviyus

…thanks @obviyus)

@osolmaz

…hanks @osolmaz) * refactor discord thread bindings to idle and max-age lifecycle * fix: migrate legacy thread binding expiry and reduce hot-path disk writes * refactor: remove remaining thread-binding ttl legacy paths * fix: harden thread-binding lifecycle persistence * Discord: fix thread binding types in message/reply paths * Infra: handle win32 unknown inode in file identity checks * Infra: relax win32 guarded-open identity checks * Config: migrate threadBindings ttlHours to idleHours * Revert "Infra: relax win32 guarded-open identity checks" This reverts commit de94126. * Revert "Infra: handle win32 unknown inode in file identity checks" This reverts commit 96fc5dd. * Discord: re-read live binding state before sweep unbind * fix: add changelog note for thread binding lifecycle update (openclaw#27845) (thanks @osolmaz) --------- Co-authored-by: Onur Solmaz <onur@textcortex.com>

@obviyus

…#28488) * fix(telegram): include replied media files in reply context * fix(telegram): keep reply media fields nullable * perf(telegram): defer reply-media fetch to debounce flush * fix(telegram): gate and preserve reply media attachments * fix(telegram): preserve cached-sticker reply media context * fix: update changelog for telegram reply-media context fixes (openclaw#28488) (thanks @obviyus)

…tch (openclaw#27094) Fix tool-call lookup failures when models emit whitespace-padded names by normalizing both transcript history and live streamed embedded-runner tool calls before dispatch. Co-authored-by: wangchunyue <80630709+openperf@users.noreply.github.com> Co-authored-by: Sid <sidqin0410@gmail.com> Co-authored-by: Philipp Spiess <hello@philippspiess.com>

@Evizero

Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: e418326 Co-authored-by: dsantoreis <220753637+dsantoreis@users.noreply.github.com> Co-authored-by: Evizero <10854026+Evizero@users.noreply.github.com> Reviewed-by: @Evizero

joshavant added 30 commits February 26, 2026 14:47

Secrets migrate: share helpers and narrow env scrub scope

a74067d

Secrets migrate: ensure unique backup ids per write

8e439e2

Agents: restore auth.json static scrub during pi auth discovery

4807e40

Secrets migrate: split plan/apply/backup modules

3633342

Onboard: persist env-backed API keys as secret refs

7e1557b

Onboard auth: use shared secret-ref helpers

5859008

Auth choice tests: assert env-backed keyRef persistence

56f73ae

Auth choice tests: expect env-backed key refs

103d02f

Onboard: require explicit mode for env secret refs

04aa856

Tests: align auth-choice helper expectations with secret mode

b50d2ce

Tests: update onboard credential expectations for explicit ref mode

09c7cb5

Onboard: store OpenAI auth in profiles instead of .env

68b9d89

Tests: narrow OpenAI default model assertion typing

fce4d76

Onboard auth: remove leftover merge marker

e8d1725

Onboard OpenAI: explicit secret-input-mode behavior

2ef109f

Onboard: move volcengine/byteplus auth from .env to profiles

59e5f12

Onboard non-interactive: avoid rewriting profile-backed keys

13b4993

Secrets: keep read-only runtime sync in-memory

4d94b05

Onboard: require explicit mode for env secret refs

cb11987

Docs: document secrets refs runtime and migration

c0a3801

Docs: add secrets and CLI secrets reference pages

9203d58

Docs: address review feedback on secrets docs

c5b89fb

feat(secrets): finalize external secrets runtime and migration hardening

0e69660

fix(secrets): harden sops migration sops rule matching

e8637c7

feat(secrets): expand onboarding secret-ref flows and custom-provider…

5e3a86f

… parity

test: sops invocation assertion

bb60cab

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

feat(security): add provider-based external secrets management

4e7a833

docs(secrets): align provider model and add exec resolver coverage

bde9cbb

test(secrets): skip strict file-permission resolver tests on windows

b84d779

test(secrets): skip windows ACL-sensitive file-provider runtime tests

060ede8

obviyus and others added 26 commits February 27, 2026 10:15

docs(changelog): note android node diagnostics and action updates (op…

2719398

…enclaw#28260) (thanks @obviyus)

fix: add npm link to fix CLI permission denied (exit 127) (openclaw#1…

f5adb66

…7151) Co-authored-by: Yutaka Sasaki <sskyu@minio.local>

CI: smoke test root Dockerfile openclaw CLI (openclaw#28308)

e8e6739

Docker: replace npm link with root CLI symlink (openclaw#28312)

22ad752

test: add android integration test script

7f6e822

docs: document android capability sweep in testing guide

6ed00ab

feat(android): wire runtime canvas capability refresh

0896bb0

feat(gateway): add node canvas capability refresh flow

54eaf17

test(gateway): add live android capability integration suite

72adf1e

docs(android): add integration test preconditions and pitfalls

9b64ad3

fix(android): retry A2UI after canvas capability refresh

34486f8

fix(android): return valid debug.ed25519 diagnostics JSON

d53b24d

fix(media): serve JavaScript assets with text/javascript

4b37b7b

fix(android): refresh scoped canvas URLs without trailing slash

8187fbc

fix(android): avoid duplicate A2UI readiness probe on happy path

6222d66

fix: update changelog for android capability refresh land (openclaw#2…

256021b

…8388) (thanks @obviyus)

fix(android): send object params for canvas capability refresh

3a35035

fix: document canvas capability refresh params fix (openclaw#28413) (…

0fb7add

…thanks @obviyus)

chore: add collaboration rules and OpenRouter env passthrough

d44f30d

docs: add krakra final mapping and production config template

0535c9d

Rifelimo requested a review from KrD-Hub as a code owner February 27, 2026 13:36

KrD-Hub approved these changes Feb 27, 2026

View reviewed changes

KrD-Hub merged commit 761b5d7 into main Feb 27, 2026
2 of 10 checks passed

KrD-Hub deleted the update-main-2026-02-27 branch February 27, 2026 13:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: sync main with sync-upstream#2

chore: sync main with sync-upstream#2
KrD-Hub merged 3755 commits intomainfrom
update-main-2026-02-27

Rifelimo commented Feb 27, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

Conversation

Rifelimo commented Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Notes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

Rifelimo commented Feb 27, 2026 •

edited

Loading