Skip to content

Commit 770df80

Browse files
zhangguiping-xydtzhangguiping-xydt
authored
Merge branch 'main' into feat/issue-79380
2 parents cee7251 + e1a9817 commit 770df80

2,177 files changed

Lines changed: 18173 additions & 9315 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/codeql/codeql-network-runtime-boundary-critical-quality.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,16 @@ queries:
77
- uses: ./.github/codeql/openclaw-boundary/queries/managed-proxy-runtime-mutation.ql
88

99
paths:
10-
- src
11-
- extensions
10+
- src/cli/gateway-cli/run-loop.ts
11+
- src/infra/gateway-lock.ts
12+
- src/infra/jsonl-socket.ts
13+
- src/infra/net
14+
- src/infra/push-apns-http2.ts
15+
- src/infra/ssh-tunnel.ts
16+
- src/proxy-capture
17+
- extensions/codex-supervisor/src/json-rpc-client.ts
18+
- extensions/irc/src
19+
- extensions/qa-lab/src
1220
- packages/net-policy/src
1321

1422
paths-ignore:

.github/workflows/codeql-critical-quality.yml

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,9 @@ jobs:
210210
else
211211
while IFS= read -r file; do
212212
case "${file}" in
213+
.github/codeql/codeql-network-runtime-boundary-critical-quality.yml|.github/codeql/openclaw-boundary/queries/raw-socket-callsite-classification.ql|.github/codeql/openclaw-boundary/queries/managed-proxy-runtime-mutation.ql)
214+
network_runtime=true
215+
;;
213216
.github/codeql/*|.github/workflows/codeql-critical-quality.yml)
214217
agent=true
215218
channel=true
@@ -222,7 +225,6 @@ jobs:
222225
plugin_sdk_package=true
223226
plugin_sdk_reply=true
224227
provider=true
225-
network_runtime=true
226228
session_diagnostics=true
227229
;;
228230
src/agents/sessions/tools/*)
@@ -304,7 +306,7 @@ jobs:
304306
case "${file}" in
305307
src/**/*.test.ts|src/**/*.test.tsx|extensions/**/*.test.ts|extensions/**/*.test.tsx)
306308
;;
307-
src/*.ts|src/**/*.ts|extensions/*.ts|extensions/**/*.ts|packages/net-policy/src/*|packages/net-policy/src/**/*)
309+
packages/net-policy/src/*|packages/net-policy/src/**/*|src/cli/gateway-cli/run-loop.ts|src/infra/net/*|src/infra/net/**/*|src/infra/ssh-tunnel.ts|src/infra/gateway-lock.ts|src/infra/jsonl-socket.ts|src/infra/push-apns-http2.ts|src/proxy-capture/*|src/proxy-capture/**/*|extensions/codex-supervisor/src/json-rpc-client.ts|extensions/irc/src/*|extensions/qa-lab/src/*)
308310
network_runtime=true
309311
;;
310312
esac
@@ -431,20 +433,48 @@ jobs:
431433
with:
432434
submodules: false
433435

436+
- name: Fast PR network boundary diff scan
437+
if: ${{ github.event_name == 'pull_request' }}
438+
env:
439+
GH_TOKEN: ${{ github.token }}
440+
PR_NUMBER: ${{ github.event.pull_request.number }}
441+
REPOSITORY: ${{ github.repository }}
442+
run: |
443+
set -euo pipefail
444+
445+
added_lines="$(mktemp)"
446+
gh api --paginate "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --jq '
447+
.[]
448+
| select(.filename | test("^(src/cli/gateway-cli/run-loop\\.ts|src/infra/(gateway-lock|jsonl-socket|push-apns-http2|ssh-tunnel)\\.ts|src/infra/net/|src/proxy-capture/|extensions/codex-supervisor/src/json-rpc-client\\.ts|extensions/irc/src/|extensions/qa-lab/src/|packages/net-policy/src/)"))
449+
| .filename as $file
450+
| (.patch // "")
451+
| split("\n")[]
452+
| select(startswith("+") and (startswith("+++") | not))
453+
| "\($file): \(.)"
454+
' > "$added_lines"
455+
456+
if grep -En '(from|require\().*["'\''](node:)?(net|tls|http2)["'\'']|\b(net|tls|http2)\.(connect|createConnection)\b|new Socket\(|HTTP_PROXY|HTTPS_PROXY|NO_PROXY|GLOBAL_AGENT_|OPENCLAW_PROXY_' "$added_lines"; then
457+
echo "Network runtime boundary-sensitive added lines require full CodeQL review." >&2
458+
exit 1
459+
fi
460+
434461
- name: Initialize CodeQL
462+
if: ${{ github.event_name != 'pull_request' }}
435463
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
436464
with:
437465
languages: javascript-typescript
438466
config-file: ./.github/codeql/codeql-network-runtime-boundary-critical-quality.yml
439467

440468
- name: Analyze
441469
id: analyze
470+
if: ${{ github.event_name != 'pull_request' }}
442471
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
443472
with:
444473
output: sarif-results
445474
category: "/codeql-critical-quality/network-runtime-boundary"
446475

447476
- name: Fail on network runtime boundary findings
477+
if: ${{ github.event_name != 'pull_request' }}
448478
env:
449479
SARIF_OUTPUT: sarif-results
450480
run: |

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,9 @@ Docs: https://docs.openclaw.ai
3030

3131
### Fixes
3232

33+
- Agents/Codex: keep public OpenAI API-key profiles from being treated as native Codex app-server auth while preserving persisted Codex OAuth sessions.
34+
- Control UI: keep collapsed tool cards labeled with the tool name and action instead of generic output text. Thanks @shakkernerd.
35+
- Agents/Codex: surface Skill Workshop guidance in Codex app-server prompts when `skill_workshop` is available. Thanks @shakkernerd.
3336
- CLI: keep `plugins list --json` on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph.
3437
- Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
3538
- Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, and legacy one-shot delete-after-run behavior. (#88285)
@@ -56,7 +59,11 @@ Docs: https://docs.openclaw.ai
5659
- CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
5760
- CI/tooling: route script edits through conventional owner tests when matching `test/scripts` or `src/scripts` coverage already exists.
5861
- CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
62+
- Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
63+
- Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
5964
- Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
65+
- Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
66+
- Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
6067
- Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
6168
- Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.
6269

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2871,7 +2871,7 @@ fun providerDisplayName(provider: String): String =
28712871
when (provider.trim().lowercase()) {
28722872
"openai" -> "OpenAI"
28732873
"openrouter" -> "OpenRouter"
2874-
"openai-codex", "codex" -> "Codex"
2874+
"codex" -> "Codex"
28752875
"ollama", "ollama-local" -> "Ollama Local"
28762876
else ->
28772877
provider

apps/android/app/src/main/java/ai/openclaw/app/ui/ProvidersModelsScreen.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -270,7 +270,7 @@ private fun providerPriority(provider: String): Int =
270270
"google" -> 2
271271
"openrouter" -> 3
272272
"ollama", "ollama-local" -> 4
273-
"codex", "openai-codex" -> 5
273+
"codex" -> 5
274274
else -> 100
275275
}
276276

apps/macos/Tests/OpenClawIPCTests/MenuSessionsInjectorTests.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ struct MenuSessionsInjectorTests {
9797
plan: "Pro",
9898
error: nil),
9999
GatewayUsageProvider(
100-
provider: "openai-codex",
100+
provider: "openai",
101101
displayName: "Codex",
102102
windows: [GatewayUsageWindow(label: "day", usedPercent: 3, resetAt: nil)],
103103
plan: nil,

apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6880,6 +6880,54 @@ public struct ChatHistoryParams: Codable, Sendable {
68806880
}
68816881
}
68826882

6883+
public struct ChatMessageGetParams: Codable, Sendable {
6884+
public let sessionkey: String
6885+
public let agentid: String?
6886+
public let messageid: String
6887+
public let maxchars: Int?
6888+
6889+
public init(
6890+
sessionkey: String,
6891+
agentid: String? = nil,
6892+
messageid: String,
6893+
maxchars: Int?)
6894+
{
6895+
self.sessionkey = sessionkey
6896+
self.agentid = agentid
6897+
self.messageid = messageid
6898+
self.maxchars = maxchars
6899+
}
6900+
6901+
private enum CodingKeys: String, CodingKey {
6902+
case sessionkey = "sessionKey"
6903+
case agentid = "agentId"
6904+
case messageid = "messageId"
6905+
case maxchars = "maxChars"
6906+
}
6907+
}
6908+
6909+
public struct ChatMessageGetResult: Codable, Sendable {
6910+
public let ok: Bool
6911+
public let message: AnyCodable?
6912+
public let unavailablereason: AnyCodable?
6913+
6914+
public init(
6915+
ok: Bool,
6916+
message: AnyCodable?,
6917+
unavailablereason: AnyCodable?)
6918+
{
6919+
self.ok = ok
6920+
self.message = message
6921+
self.unavailablereason = unavailablereason
6922+
}
6923+
6924+
private enum CodingKeys: String, CodingKey {
6925+
case ok
6926+
case message
6927+
case unavailablereason = "unavailableReason"
6928+
}
6929+
}
6930+
68836931
public struct ChatSendParams: Codable, Sendable {
68846932
public let sessionkey: String
68856933
public let agentid: String?

apps/shared/OpenClawKit/Tests/OpenClawKitTests/ChatViewModelTests.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2192,7 +2192,7 @@ extension TestChatTransportState {
21922192
path: nil,
21932193
count: 1,
21942194
defaults: OpenClawChatSessionsDefaults(
2195-
modelProvider: "openai-codex",
2195+
modelProvider: "openai",
21962196
model: "gpt-5.5",
21972197
contextTokens: nil,
21982198
thinkingLevels: [

docs/.generated/plugin-sdk-api-baseline.sha256

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
cf29066e9465cb5ac1387d1d482d0939b9176220ecc69964da9af1a471939269 plugin-sdk-api-baseline.json
2-
ab43993cf713a96b191c55cf89bb215c18ecdc2d8edf50f31369ce3b162c56e3 plugin-sdk-api-baseline.jsonl
1+
3cc84cf3d30697d541ba98a5c1835784a4254a9193e51b009372e1620948e430 plugin-sdk-api-baseline.json
2+
515c9e2972f0d79dbed27ffae815a96d432a341005046d603a82a235c4108340 plugin-sdk-api-baseline.jsonl

docs/cli/browser.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,7 @@ File + dialog helpers:
205205
206206
```bash
207207
openclaw browser upload /tmp/openclaw/uploads/file.pdf --ref <ref>
208+
openclaw browser upload media://inbound/file.pdf --ref <ref>
208209
openclaw browser waitfordownload
209210
openclaw browser download <ref> report.pdf
210211
openclaw browser dialog --accept
@@ -215,6 +216,10 @@ Managed Chrome profiles save ordinary click-triggered downloads into the OpenCla
215216
downloads directory (`/tmp/openclaw/downloads` by default, or the configured temp
216217
root). Use `waitfordownload` or `download` when the agent needs to wait for a
217218
specific file and return its path; those explicit waiters own the next download.
219+
Uploads accept files from the OpenClaw temp uploads root and OpenClaw-managed
220+
inbound media, including `media://inbound/<id>` and sandbox-relative
221+
`media/inbound/<id>` references. Nested media refs, traversal, and arbitrary
222+
local paths remain rejected.
218223
When an action opens a modal dialog, the action response returns
219224
`blockedByDialog` with `browserState.dialogs.pending`; pass `--dialog-id` to
220225
answer it directly. Dialogs handled outside OpenClaw appear under

0 commit comments

Comments
 (0)