merge: bring upstream/main (4927 commits) into storeclaw#6
Merged
merge: bring upstream/main (4927 commits) into storeclaw#6
Conversation
…w#30252) * fix(feishu): normalize all mentions in inbound agent context Convert Feishu mention placeholders to explicit <at user_id="..."> tags (including bot mentions), add mention semantics hints for the model, and remove unused mentionMessageBody parsing to keep context handling consistent. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): use replacer callback and escape only < > in normalizeMentions Switch String.replace to a function replacer to prevent $ sequences in display names from being interpolated as replacement patterns. Narrow escaping to < and > only — & does not need escaping in LLM prompt tag bodies and escaping it degrades readability (e.g. R&D → R&D). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): only use open_id in normalizeMentions tag, drop user_id fallback When a mention has no open_id, degrade to @name instead of emitting <at user_id="uid_...">. This keeps the tag user_id space exclusively open_id, so the bot self-reference hint (which uses botOpenId) is always consistent with what appears in the tags. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): register mention strip pattern for <at> tags in channel dock Add mentions.stripPatterns to feishuPlugin so that normalizeCommandBody receives a slash-clean string after normalizeMentions replaces Feishu placeholders with <at user_id="...">name</at> tags. Without this, group slash commands like @bot /help had their leading / obscured by the tag prefix and no longer triggered command handlers. Pattern mirrors the approach used by Slack (<@[^>]+>) and Discord (<@!?\d+>). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(feishu): strip bot mention in p2p to preserve DM slash commands In p2p messages the bot mention is a pure addressing prefix; converting it to <at user_id="..."> breaks slash commands because buildCommandContext skips stripMentions for DMs. Extend normalizeMentions with a stripKeys set and populate it with bot mention keys in p2p, so @bot /help arrives as /help. Non-bot mentions (mention-forward targets) are still normalized to <at> tags in both p2p and group contexts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Changelog: note Feishu inbound mention normalization --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
…w#31562) Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
) * fix(gateway): flush throttled delta before emitChatFinal The 150ms throttle in emitChatDelta can suppress the last text chunk before emitChatFinal fires, causing streaming clients (e.g. ACP) to receive truncated responses. The final event carries the complete text, but clients that build responses incrementally from deltas miss the tail end. Flush one last unthrottled delta with the complete buffered text immediately before sending the final event. This ensures all streaming consumers have the full response without needing to reconcile deltas against the final payload. * fix(gateway): avoid duplicate delta flush when buffer unchanged Track the text length at the time of the last broadcast. The flush in emitChatFinal now only sends a delta if the buffer has grown since the last broadcast, preventing duplicate sends when the final delta passed the 150ms throttle and was already broadcast. * fix(gateway): honor heartbeat suppression in final delta flush * test(gateway): add final delta flush and dedupe coverage * fix(gateway): skip final flush for silent lead fragments * docs(changelog): note gateway final-delta flush fix credits --------- Co-authored-by: Jonathan Taylor <visionik@pobox.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
…openclaw#24867) Complete the stop reason propagation chain so ACP clients can distinguish end_turn from max_tokens: - server-chat.ts: emitChatFinal accepts optional stopReason param, includes it in the final payload, reads it from lifecycle event data - translator.ts: read stopReason from the final payload instead of hardcoding end_turn Chain: LLM API → run.ts (meta.stopReason) → agent.ts (lifecycle event) → server-chat.ts (final payload) → ACP translator (PromptResponse)
…w#32546) thanks @Takhoffman Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
LINE auth boundary hardening synthesis for inbound webhook authn/z/authz: - account-scoped pairing-store access - strict DM/group allowlist boundary separation - fail-closed webhook auth/runtime behavior - replay and duplicate handling with in-flight continuity for concurrent redeliveries Source PRs: openclaw#26701, openclaw#26683, openclaw#25978, openclaw#17593, openclaw#16619, openclaw#31990, openclaw#26047, openclaw#30584, openclaw#18777 Related continuity context: openclaw#21955 Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com> Co-authored-by: davidahmann <46606159+davidahmann@users.noreply.github.com> Co-authored-by: harshang03 <58983401+harshang03@users.noreply.github.com> Co-authored-by: haosenwang1018 <167664334+haosenwang1018@users.noreply.github.com> Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com> Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com>
Merged via squash. Prepared head SHA: f8fc4bf Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
…penclaw#8903) fix: improve compaction summary instructions to preserve active work Expand staged-summary merge instructions to preserve active task status, batch progress, latest user request, and follow-up commitments so compaction handoffs retain in-flight work context. Co-authored-by: joetomasone <56984887+joetomasone@users.noreply.github.com> Co-authored-by: Josh Lehman <josh@martian.engineering>
Merged via squash. Prepared head SHA: 939f9f4 Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
…in skill (openclaw#32630) Merged via squash. Prepared head SHA: 585697a Co-authored-by: sircrumpet <4436535+sircrumpet@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
…w#32467) Merged via squash. Prepared head SHA: 9891265 Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Reviewed-by: @mukhtharcm
Merged via squash. Prepared head SHA: b9675d1 Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
… setup (openclaw#32544) Merged via squash. Prepared head SHA: 7ebc3f6 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
…enclaw#32860) * feat(macos): add tailscale serve gateway discovery fallback * fix: add changelog note for tailscale serve discovery fallback (openclaw#32860) (thanks @ngutman)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ma cleaning (openclaw#35355) Merged via squash. Prepared head SHA: 8bfdec2 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
…enclaw#35276) Merged via squash. Prepared head SHA: c4445d2 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
…ent entries (openclaw#35143) Merged via squash. Prepared head SHA: 3971122 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com> Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
…penclaw#35146) Merged via squash. Prepared head SHA: a196a56 Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
Synthesis of routing fixes from openclaw#35321, openclaw#34635, and openclaw#35356 for internal-client reply safety. - Require explicit `deliver: true` before inheriting any external delivery route. - Keep webchat/TUI/UI-origin traffic on internal routing by default. - Allow configured-main session inheritance only for non-Webchat/UI clients, and honor `session.mainKey`. - Add regression tests for UI no-inherit, configured-main CLI inherit, and deliver-flag behavior. Co-authored-by: alexyyyander <alexyyyander@users.noreply.github.com> Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com> Co-authored-by: Linux2010 <35169750+Linux2010@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
…openclaw#35230) * fix(gateway): pass actual version to Control UI client instead of "dev" The GatewayClient, CLI WS client, and browser Control UI all sent "dev" as their clientVersion during handshake, making it impossible to distinguish builds in gateway logs and health snapshots. - GatewayClient and CLI WS client now use the resolved VERSION constant - Control UI reads serverVersion from the bootstrap endpoint and forwards it when connecting - Bootstrap contract extended with serverVersion field Closes openclaw#35209 * Gateway: fix control-ui version version-reporting consistency * Control UI: guard deferred bootstrap connect after disconnect * fix(ui): accept same-origin http and relative gateway URLs for client version --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
Merged via squash. Prepared head SHA: e9a10cf Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd
…claw#34873) * docs: add ACP persistent binding experiment plan * docs: align ACP persistent binding spec to channel-local config * docs: scope Telegram ACP bindings to forum topics only * docs: lock bound /new and /reset behavior to in-place ACP reset * ACP: add persistent discord/telegram conversation bindings * ACP: fix persistent binding reuse and discord thread parent context * docs: document channel-specific persistent ACP bindings * ACP: split persistent bindings and share conversation id helpers * ACP: defer configured binding init until preflight passes * ACP: fix discord thread parent fallback and explicit disable inheritance * ACP: keep bound /new and /reset in-place * ACP: honor configured bindings in native command flows * ACP: avoid configured fallback after runtime bind failure * docs: refine ACP bindings experiment config examples * acp: cut over to typed top-level persistent bindings * ACP bindings: harden reset recovery and native command auth * Docs: add ACP bound command auth proposal * Tests: normalize i18n registry zh-CN assertion encoding * ACP bindings: address review findings for reset and fallback routing * ACP reset: gate hooks on success and preserve /new arguments * ACP bindings: fix auth and binding-priority review findings * Telegram ACP: gate ensure on auth and accepted messages * ACP bindings: fix session-key precedence and unavailable handling * ACP reset/native commands: honor fallback targets and abort on bootstrap failure * Config schema: validate ACP binding channel and Telegram topic IDs * Discord ACP: apply configured DM bindings to native commands * ACP reset tails: dispatch through ACP after command handling * ACP tails/native reset auth: fix target dispatch and restore full auth * ACP reset detection: fallback to active ACP keys for DM contexts * Tests: type runTurn mock input in ACP dispatch test * ACP: dedup binding route bootstrap and reset target resolution * reply: align ACP reset hooks with bound session key * docs: replace personal discord ids with placeholders * fix: add changelog entry for ACP persistent bindings (openclaw#34873) (thanks @dutifulbob) --------- Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
…aw#34841) * docs(telegram): recommend allowlist for single-user bots * docs(telegram): condense single-user allowlist note --------- Co-authored-by: echoVic <echovic@163.com>
…aming card (openclaw#35628) Merged via squash. Prepared head SHA: 62c3fec Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman
…cs tests (openclaw#27160) Merged via squash. Prepared head SHA: 6cefb1d Co-authored-by: turian <65918+turian@users.noreply.github.com> Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Reviewed-by: @mukhtharcm
…ces (openclaw#34503) * fix(subagents): strip reply tags from completion delivery text * test(subagents): cover reply-tag stripping in cron completion sends * changelog: note iMessage reply-tag stripping in completion announces * Update CHANGELOG.md * Apply suggestion from @greptile-apps[bot] Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
…ort mode (openclaw#36177) Verified: - pnpm build - pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports) - pnpm test:macmini Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
…penclaw#36197) Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports) - pnpm test:macmini Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
Merged via squash. Prepared head SHA: 8a25e60 Co-authored-by: tonydehnke <36720180+tonydehnke@users.noreply.github.com> Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com> Reviewed-by: @mukhtharcm
…ntrolled flag - Removes OpenClaw's default `--disable-blink-features=AutomationControlled` Chrome launch switch to avoid unsupported-flag warnings in newer Chrome (openclaw#35721). - Preserves compatibility for older Chrome via `browser.extraArgs` override behavior (source analysis: openclaw#35770, openclaw#35728, openclaw#35727, openclaw#35885). - Synthesis attribution: thanks @Sid-Qin, @kevinWangSheng, @ningding97, @Naylenv, @clawbie. Source PR refs: openclaw#35734, openclaw#35770, openclaw#35728, openclaw#35727, openclaw#35885 Co-authored-by: Sid-Qin <Sid-Qin@users.noreply.github.com> Co-authored-by: kevinWangSheng <kevinWangSheng@users.noreply.github.com> Co-authored-by: ningding97 <ningding97@users.noreply.github.com> Co-authored-by: Naylenv <Naylenv@users.noreply.github.com> Co-authored-by: clawbie <clawbie@users.noreply.github.com> Co-authored-by: Takhoffman <Takhoffman@users.noreply.github.com>
…enclaw#36430) When the Feishu API hangs or responds slowly, the sendChain never settles, causing the per-chat queue to remain in a processing state forever and blocking all subsequent messages in that thread. This adds a 30-second default timeout to all Feishu HTTP requests by providing a timeout-aware httpInstance to the Lark SDK client. Closes openclaw#36412 Co-authored-by: Ayane <wangruofei@soulapp.cn>
…law#36358) * fix(feishu): accept groupPolicy "allowall" as alias for "open" When users configure groupPolicy: "allowall" in Feishu channel config, the Zod schema rejects the value and the runtime policy check falls through to the allowlist path. With an empty allowFrom array, all group messages are silently dropped despite the intended "allow all" semantics. Accept "allowall" at the schema level (transform to "open") and add a runtime guard in isFeishuGroupAllowed so the value is handled even if it bypasses schema validation. Closes openclaw#36312 Made-with: Cursor * Feishu: tighten allowall alias handling and coverage --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
## Summary\n\nFeishu group slash command parsing is fixed for mentions and command probes across authorization paths.\n\nThis includes:\n- Normalizing bot mention text in group context for reliable slash detection in message parsing.\n- Adding command-probe normalization for group slash invocations.\n\nCo-authored-by: Sid Qin <sidqin0410@gmail.com>\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: openclaw#36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>\nCo-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
Synced origin/main to upstream/main, then merged into storeclaw. Conflict resolution: - CLAUDE.md: kept StoreClaw version (upstream uses symlink to AGENTS.md) - AGENTS.md: kept StoreClaw header + adopted new upstream guidelines - README.md: kept StoreClaw version - package.json: accepted upstream version bumps - .agents/: kept StoreClaw skills (force-added past upstream .gitignore) - Deleted-by-upstream test files: accepted upstream renames/refactors - Fixed duplicate declarations from merge (windows-acl, commands-models, get-reply-directives, bot-handlers.test) - All other conflicts: accepted upstream changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
origin/maintoupstream/main(force-pushed to make it a clean upstream mirror)origin/main(4,927 new upstream commits) intostoreclawConflict Resolution
CLAUDE.mdREADME.md.cursorrulesAGENTS.mdpackage.json.agents/skills/.gitignoreruledocs/channels/grammy.md,docs/concepts/sessions.mdPost-merge fixes
Fixed 4 files with duplicate declarations caused by merge artifacts:
src/security/windows-acl.tssrc/auto-reply/reply/commands-models.tssrc/auto-reply/reply/get-reply-directives.tssrc/line/bot-handlers.test.tsTest plan
pnpm checkpassespnpm buildcompilespnpm testpasses🤖 Generated with Claude Code