Docs: fix cron.update param name id → jobId (#11365) by lailoo · Pull Request #11467 · openclaw/openclaw

lailoo · 2026-02-07T21:10:35Z

Summary

The runtime bug described in #11365 (using id causes schema validation error) was already fixed in commit 4dac298ae (2026-01-08) which added jobId as the canonical agent tool parameter, and 871c9e528 which added backward compatibility for id.

However, the documentation inconsistency remains:

docs/tools/index.md says update uses { id, patch }
docs/automation/cron-jobs.md says update uses { jobId, patch }
The agent tool system prompt (cron-tool.ts:236) says jobId

Since the agent tool schema uses jobId as the canonical name (with id as a compat fallback), the docs should match.

Changes

docs/tools/index.md: { id, patch } → { jobId, patch } with compat note
docs/zh-CN/tools/index.md: sync the same fix to Chinese translation

https://docs.openclaw.ai/tools

lailoo · 2026-02-07T21:17:24Z

Closing this PR after deeper verification.

The issue #11365 claims that using id in cron.update causes an error, but this is not reproducible in the current codebase:

Gateway RPC (src/gateway/server-methods/cron.ts:121): const jobId = p.id ?? p.jobId — id is the primary param, jobId is the fallback
Agent tool (src/agents/tools/cron-tool.ts:370): readStringParam(params, "jobId") ?? readStringParam(params, "id") — both accepted
Schema (cron-tool.ts:36-37): both jobId and id are Optional<String>
E2E tests (server.cron.e2e.test.ts): mostly use id

The original docs saying update uses { id, patch } were actually correct for the Gateway RPC layer. The inconsistency with cron-jobs.md (which uses jobId) reflects the two different layers, not a bug.

greptile-apps

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

greptile-apps · 2026-02-07T21:21:29Z

docs/zh-CN/tools/index.md

 注意：

 - `add` 期望完整的定时任务对象（与 `cron.add` RPC 相同的 schema）。
- `update` 使用 `{ id, patch }`。
+- `update` 使用 `{ jobId, patch }`（`id` 可作为兼容别名）。



Generated zh-CN docs edited

Repo guidelines state docs/zh-CN/** is generated and shouldn’t be edited directly; changes should flow from English docs through the i18n pipeline (glossary + scripts/docs-i18n). As-is, this manual edit is likely to get overwritten on the next regen and can desync translations. Please update via the i18n workflow (or confirm an explicit exception) rather than editing this file directly.

Prompt To Fix With AI

This is a comment left during a code review. Path: docs/zh-CN/tools/index.md Line: 412:416 Comment: **Generated zh-CN docs edited** Repo guidelines state `docs/zh-CN/**` is generated and shouldn’t be edited directly; changes should flow from English docs through the i18n pipeline (glossary + `scripts/docs-i18n`). As-is, this manual edit is likely to get overwritten on the next regen and can desync translations. Please update via the i18n workflow (or confirm an explicit exception) rather than editing this file directly. How can I resolve this? If you propose a fix, please make it concise.

lailoo · 2026-02-07T21:22:21Z

Closing after thorough verification.

The runtime error described in #11365 (unexpected property 'id'; must have required property 'jobId') cannot be reproduced on any traceable version of the codebase.\n\nThe Gateway CronUpdateParamsSchema has been a Type.Union accepting both { id, patch } and { jobId, patch } since the earliest commit that introduced the schema file (bcbfb357b). The additionalProperties: false on each variant means you must use one or the other (not both), but { id, patch } alone has always been valid.\n\nThe remaining docs inconsistency (tools/index.md says id, cron-jobs.md says jobId) is a style preference, not a bug — both work at every layer.

lailoo · 2026-02-07T21:26:24Z

Reopening — while the runtime bug was already fixed, the docs inconsistency is real:

docs/tools/index.md: says { id, patch }
docs/automation/cron-jobs.md: says { jobId, patch }
Agent tool system prompt (cron-tool.ts:236): says jobId

Unifying to jobId (with compat note) reduces confusion for both agents and users.

…@lailoo

…@lailoo)

sebslight · 2026-02-08T03:09:41Z

Merged via squash.

Merge commit: 0499656

Thanks @lailoo!

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> (cherry picked from commit 0499656)

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> (cherry picked from commit 0499656)

@Yida-Dev

* Add baidu qianfan model provider * Add baidu qianfan model provider * Fix format * Optimize doc * optimize doc * Fix import error * Add auth choice * Optimize format * Optimize doc * Fix key resolve * Optimize import * Support ERNIE-5.0-Thinking-Preview * Resolve conflicts * Fix conflicts * Docs: add PR sign-off template (openclaw#10561) * fix: guard resolveUserPath against undefined input (openclaw#10176) * fix: guard resolveUserPath against undefined input When subagent spawner omits workspaceDir, resolveUserPath receives undefined and crashes on .trim(). Add a falsy guard that falls back to process.cwd(), matching the behavior callers already expect. Closes openclaw#10089 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden runner workspace fallback (openclaw#10176) (thanks @Yida-Dev) * fix: harden workspace fallback scoping (openclaw#10176) (thanks @Yida-Dev) * refactor: centralize workspace fallback classification and redaction (openclaw#10176) (thanks @Yida-Dev) * test: remove explicit any from utils mock (openclaw#10176) (thanks @Yida-Dev) * security: reject malformed agent session keys for workspace resolution (openclaw#10176) (thanks @Yida-Dev) --------- Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * feat(memory): native Voyage AI support (openclaw#7078) * feat(memory): add native Voyage AI embedding support with batching Cherry-picked from PR openclaw#2519, resolved conflict in memory-search.ts (hasRemote -> hasRemoteConfig rename + added voyage provider) * fix(memory): optimize voyage batch memory usage with streaming and deduplicate code Cherry-picked from PR openclaw#2519. Fixed lint error: changed this.runWithConcurrency to use imported runWithConcurrency function after extraction to internal.ts * feat(memory): document Voyage embeddings + VOYAGE_API_KEY (openclaw#7078) (thanks @mcinteerj) (openclaw#10699) * feat(antigravity): update default model to Claude Opus 4.6 (openclaw#10720) * feat(antigravity): update default model to Claude Opus 4.6 Claude Opus 4.5 has been replaced by Claude Opus 4.6 on the Antigravity (Google Cloud Code Assist) platform. - Update DEFAULT_MODEL in google-antigravity-auth extension - Update testing docs to reference the new model * fix: update remaining antigravity opus 4.5 refs in zh-CN docs and tests Address review comments from Greptile: - Update zh-CN/testing.md antigravity model references - Update pi-tools-agent-config.test.ts model IDs * Antigravity: default OAuth model to Opus 4.6 (openclaw#10720) (thanks @calvin-hpnet) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(hooks): replace debug console.log with proper subsystem logging in session-memory (openclaw#10730) * fix: replace debug console.log with proper subsystem logging in session-memory * fix(hooks): normalize session-memory subsystem logging --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * docs(changelog): prepare 2026.2.6 * docs(changelog): include merged PRs since v2026.2.3 * chore(release): bump version to 2026.2.6 * fix(telegram): cast fetch for grammY ApiClientOptions * docs: fix markdownlint fragments + headings * docs(changelog): refresh 2026.2.6 since v2026.2.3 * docs(imessage): add macOS TCC troubleshooting * docs(imessage): improve macOS TCC troubleshooting guidance (openclaw#10781) * chore(deps): update deps * fix(agents): add Opus 4.6 forward-compat fallback * chore(deps): bump carbon beta * docs(changelog): curate 2026.2.6 * docs(changelog): highlight Opus 4.6 + Codex 5.3 first * Fix QMD CLI installation link in memory.md (openclaw#8647) Correct the installation link for the QMD CLI in the documentation. * chore(lockfile): fix pnpm-lock * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * Docs: fix broken /plugins links (openclaw#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix(build): unblock pnpm build dts * Fix repository links in formal-verification.md (openclaw#10200) Updated repository links for formal verification models. * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (openclaw#9119) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(dashboard): restore tokenized control ui links * chore(skills): remove bird skill * chore(onboard): move xAI up in auth list * chore(release): 2026.2.6-1 * chore(onboard): move xAI below Google * ci: add concurrency controls, consolidate macOS jobs, optimize Windows CI * ci: re-enable parallel vitest on Windows CI * docs(changelog): note CI pipeline optimization (openclaw#10784) (thanks @mcaxtr) * fix(build): support daemon-cli .mjs bundles in compat shim * fix(docker): support .mjs entrypoints in images and e2e * test(hooks): stabilize session-memory hook tests * chore(release): 2026.2.6-2 * chore(onboard): reorder xAI + Qianfan providers * chore(release): 2026.2.6-3 * fix: comprehensive BlueBubbles and channel cleanup (openclaw#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (openclaw#7402) * fix(security): add timeout to webhook body reading (openclaw#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (openclaw#6762) * fix: prevent plugins from auto-enabling without user consent (openclaw#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes openclaw#3932. * fix: apply hierarchical mediaMaxMb config to all channels (openclaw#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes openclaw#7847. * fix(bluebubbles): sanitize attachment filenames against header injection (openclaw#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (openclaw#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR openclaw#10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (openclaw#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (openclaw#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (openclaw#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (openclaw#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (openclaw#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (openclaw#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (openclaw#6023) * docs: add symptom-first troubleshooting hub and deep runbooks (openclaw#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (openclaw#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes openclaw#7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (openclaw#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Agents: include runtime shell (openclaw#1835) * Agents: include runtime shell * Agents: fix compact runtime build * chore: fix CLAUDE.md formatting, security regex for secret --------- Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> * Web UI: show Compaction divider in chat history (openclaw#11341) * adding PR review workflow * added more explicit instructions * docs: canonicalize docs paths and align zh navigation (openclaw#11428) * docs(navigation): canonicalize paths and align zh nav * chore(docs): remove stray .DS_Store * docs(scripts): add non-mint docs link audit * docs(nav): fix zh source paths and preserve legacy redirects (openclaw#11428) (thanks @sebslight) * chore(docs): satisfy lint for docs link audit script (openclaw#11428) (thanks @sebslight) * chore: bump pi to 0.52.8 * Fix typo in FAQ regarding model configuration command (openclaw#6048) * CI: skip heavy jobs on docs-only changes (openclaw#11328) * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Gateway: fix multi-agent sessions.usage discovery (openclaw#11523) * Gateway: fix multi-agent sessions.usage discovery * Gateway: resolve sessions.usage keys via sessionId * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * feat(sanitize): enhance context overflow error handling in user-facing text - Added tests to ensure proper sanitization of context overflow errors. - Introduced a new function to determine when to rewrite context overflow messages. - Updated the sanitization logic to improve user experience by providing clearer error messages while preserving conversational context. * feat: add agent stream normalization types, emitter, and middleware (phases 1-2) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * feat: add streamMiddleware option to Pi and SDK runners (phase 3) * feat: wire StreamingMiddleware into execution pipeline (phase 4) * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * feat: subscribe to StreamingMiddleware output, replace inline callbacks (phase 4) * Memory: harden QMD startup, timeouts, and fallback recovery * Memory: queue forced QMD sync and handle sqlite busy reads * Memory: chain forced QMD queue and fail over on busy index * Memory: make QMD cache eviction callback idempotent * Memory: add SQLITE_BUSY fallback regression test * feat: add agent stream normalization types, emitter, and middleware (phases 1-2) * feat: add streamMiddleware option to Pi and SDK runners (phase 3) * feat: wire StreamingMiddleware into execution pipeline (phase 4) * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. * Tests: harden flake hotspots and consolidate provider-auth suites (openclaw#11598) * Tests: harden flake hotspots and consolidate provider-auth suites * Tests: restore env vars by deleting missing snapshot values * Tests: use real newline in memory summary filter case * Tests(memory): use fake timers for qmd timeout coverage * Changelog: add tests hardening entry for openclaw#11598 * docs: clarify onboarding instructions for beginners (openclaw#10956) * chore: updated PR review skills and workflow info on tests + fake timers * Fix Nix repository link in README (openclaw#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> * Docs: fix cron.update param name id → jobId (openclaw#11365) (openclaw#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (openclaw#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (openclaw#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (openclaw#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix: more kernel/executor impl around stream normalization; test fixes --------- Co-authored-by: ideoutrea <ideoutrea@163.com> Co-authored-by: ide-rea <30512600+ide-rea@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Yida-Dev <92713555+Yida-Dev@users.noreply.github.com> Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: Jake <mcinteerj@gmail.com> Co-authored-by: calvin-hpnet <calvin@hpnet.co.uk> Co-authored-by: Shadril Hassan Shifat <63901551+shadril238@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: gitpds <pds@pds.dev> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> Co-authored-by: Raymond Berger <RayBB@users.noreply.github.com> Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com> Co-authored-by: DEOKLYONG MOON <dfjk71@khu.ac.kr> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com> Co-authored-by: Markus Buhatem Koch <markusbkoch@gmail.com> Co-authored-by: Marcus Castro <mcaxtr@gmail.com> Co-authored-by: 大猫子 <ll1042668699@gmail.com> Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> Co-authored-by: Abdullah <syedabdullah535@gmail.com> Co-authored-by: max <40643627+quotentiroler@users.noreply.github.com> Co-authored-by: succ985 <3186520056@qq.com> Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Advait Paliwal <advaitspaliwal@gmail.com> Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: Aviral <124311066+AnonO6@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Vignesh Natarajan <vigneshnatarajan92@gmail.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@users.noreply.github.com> Co-authored-by: Rohan Patil <rohanspatil801@gmail.com> Co-authored-by: danielcadenhead <danielcadenhead88@gmail.com> Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Oleg Kossoy <oleg.kossoy@gmail.com>

@Yida-Dev

* Add baidu qianfan model provider * Add baidu qianfan model provider * Fix format * Optimize doc * optimize doc * Fix import error * Add auth choice * Optimize format * Optimize doc * Fix key resolve * Optimize import * Support ERNIE-5.0-Thinking-Preview * Resolve conflicts * Fix conflicts * Docs: add PR sign-off template (openclaw#10561) * fix: guard resolveUserPath against undefined input (openclaw#10176) * fix: guard resolveUserPath against undefined input When subagent spawner omits workspaceDir, resolveUserPath receives undefined and crashes on .trim(). Add a falsy guard that falls back to process.cwd(), matching the behavior callers already expect. Closes openclaw#10089 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden runner workspace fallback (openclaw#10176) (thanks @Yida-Dev) * fix: harden workspace fallback scoping (openclaw#10176) (thanks @Yida-Dev) * refactor: centralize workspace fallback classification and redaction (openclaw#10176) (thanks @Yida-Dev) * test: remove explicit any from utils mock (openclaw#10176) (thanks @Yida-Dev) * security: reject malformed agent session keys for workspace resolution (openclaw#10176) (thanks @Yida-Dev) --------- Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * feat(memory): native Voyage AI support (openclaw#7078) * feat(memory): add native Voyage AI embedding support with batching Cherry-picked from PR openclaw#2519, resolved conflict in memory-search.ts (hasRemote -> hasRemoteConfig rename + added voyage provider) * fix(memory): optimize voyage batch memory usage with streaming and deduplicate code Cherry-picked from PR openclaw#2519. Fixed lint error: changed this.runWithConcurrency to use imported runWithConcurrency function after extraction to internal.ts * feat(memory): document Voyage embeddings + VOYAGE_API_KEY (openclaw#7078) (thanks @mcinteerj) (openclaw#10699) * feat(antigravity): update default model to Claude Opus 4.6 (openclaw#10720) * feat(antigravity): update default model to Claude Opus 4.6 Claude Opus 4.5 has been replaced by Claude Opus 4.6 on the Antigravity (Google Cloud Code Assist) platform. - Update DEFAULT_MODEL in google-antigravity-auth extension - Update testing docs to reference the new model * fix: update remaining antigravity opus 4.5 refs in zh-CN docs and tests Address review comments from Greptile: - Update zh-CN/testing.md antigravity model references - Update pi-tools-agent-config.test.ts model IDs * Antigravity: default OAuth model to Opus 4.6 (openclaw#10720) (thanks @calvin-hpnet) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(hooks): replace debug console.log with proper subsystem logging in session-memory (openclaw#10730) * fix: replace debug console.log with proper subsystem logging in session-memory * fix(hooks): normalize session-memory subsystem logging --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * docs(changelog): prepare 2026.2.6 * docs(changelog): include merged PRs since v2026.2.3 * chore(release): bump version to 2026.2.6 * fix(telegram): cast fetch for grammY ApiClientOptions * docs: fix markdownlint fragments + headings * docs(changelog): refresh 2026.2.6 since v2026.2.3 * docs(imessage): add macOS TCC troubleshooting * docs(imessage): improve macOS TCC troubleshooting guidance (openclaw#10781) * chore(deps): update deps * fix(agents): add Opus 4.6 forward-compat fallback * chore(deps): bump carbon beta * docs(changelog): curate 2026.2.6 * docs(changelog): highlight Opus 4.6 + Codex 5.3 first * Fix QMD CLI installation link in memory.md (openclaw#8647) Correct the installation link for the QMD CLI in the documentation. * chore(lockfile): fix pnpm-lock * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * Docs: fix broken /plugins links (openclaw#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix(build): unblock pnpm build dts * Fix repository links in formal-verification.md (openclaw#10200) Updated repository links for formal verification models. * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (openclaw#9119) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(dashboard): restore tokenized control ui links * chore(skills): remove bird skill * chore(onboard): move xAI up in auth list * chore(release): 2026.2.6-1 * chore(onboard): move xAI below Google * ci: add concurrency controls, consolidate macOS jobs, optimize Windows CI * ci: re-enable parallel vitest on Windows CI * docs(changelog): note CI pipeline optimization (openclaw#10784) (thanks @mcaxtr) * fix(build): support daemon-cli .mjs bundles in compat shim * fix(docker): support .mjs entrypoints in images and e2e * test(hooks): stabilize session-memory hook tests * chore(release): 2026.2.6-2 * chore(onboard): reorder xAI + Qianfan providers * chore(release): 2026.2.6-3 * fix: comprehensive BlueBubbles and channel cleanup (openclaw#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (openclaw#7402) * fix(security): add timeout to webhook body reading (openclaw#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (openclaw#6762) * fix: prevent plugins from auto-enabling without user consent (openclaw#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes openclaw#3932. * fix: apply hierarchical mediaMaxMb config to all channels (openclaw#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes openclaw#7847. * fix(bluebubbles): sanitize attachment filenames against header injection (openclaw#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (openclaw#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR openclaw#10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (openclaw#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (openclaw#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (openclaw#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (openclaw#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (openclaw#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (openclaw#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (openclaw#6023) * docs: add symptom-first troubleshooting hub and deep runbooks (openclaw#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (openclaw#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes openclaw#7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (openclaw#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Agents: include runtime shell (openclaw#1835) * Agents: include runtime shell * Agents: fix compact runtime build * chore: fix CLAUDE.md formatting, security regex for secret --------- Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> * Web UI: show Compaction divider in chat history (openclaw#11341) * adding PR review workflow * added more explicit instructions * docs: canonicalize docs paths and align zh navigation (openclaw#11428) * docs(navigation): canonicalize paths and align zh nav * chore(docs): remove stray .DS_Store * docs(scripts): add non-mint docs link audit * docs(nav): fix zh source paths and preserve legacy redirects (openclaw#11428) (thanks @sebslight) * chore(docs): satisfy lint for docs link audit script (openclaw#11428) (thanks @sebslight) * chore: bump pi to 0.52.8 * Fix typo in FAQ regarding model configuration command (openclaw#6048) * CI: skip heavy jobs on docs-only changes (openclaw#11328) * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Gateway: fix multi-agent sessions.usage discovery (openclaw#11523) * Gateway: fix multi-agent sessions.usage discovery * Gateway: resolve sessions.usage keys via sessionId * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * feat(sanitize): enhance context overflow error handling in user-facing text - Added tests to ensure proper sanitization of context overflow errors. - Introduced a new function to determine when to rewrite context overflow messages. - Updated the sanitization logic to improve user experience by providing clearer error messages while preserving conversational context. * feat: add agent stream normalization types, emitter, and middleware (phases 1-2) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * feat: add streamMiddleware option to Pi and SDK runners (phase 3) * feat: wire StreamingMiddleware into execution pipeline (phase 4) * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * feat: subscribe to StreamingMiddleware output, replace inline callbacks (phase 4) * Memory: harden QMD startup, timeouts, and fallback recovery * Memory: queue forced QMD sync and handle sqlite busy reads * Memory: chain forced QMD queue and fail over on busy index * Memory: make QMD cache eviction callback idempotent * Memory: add SQLITE_BUSY fallback regression test * feat: add agent stream normalization types, emitter, and middleware (phases 1-2) * feat: add streamMiddleware option to Pi and SDK runners (phase 3) * feat: wire StreamingMiddleware into execution pipeline (phase 4) * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. * Tests: harden flake hotspots and consolidate provider-auth suites (openclaw#11598) * Tests: harden flake hotspots and consolidate provider-auth suites * Tests: restore env vars by deleting missing snapshot values * Tests: use real newline in memory summary filter case * Tests(memory): use fake timers for qmd timeout coverage * Changelog: add tests hardening entry for openclaw#11598 * docs: clarify onboarding instructions for beginners (openclaw#10956) * chore: updated PR review skills and workflow info on tests + fake timers * Fix Nix repository link in README (openclaw#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> * Docs: fix cron.update param name id → jobId (openclaw#11365) (openclaw#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (openclaw#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (openclaw#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (openclaw#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix: more kernel/executor impl around stream normalization; test fixes * merge: align stream conflict hunks with origin/main --------- Co-authored-by: ideoutrea <ideoutrea@163.com> Co-authored-by: ide-rea <30512600+ide-rea@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Yida-Dev <92713555+Yida-Dev@users.noreply.github.com> Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: Jake <mcinteerj@gmail.com> Co-authored-by: calvin-hpnet <calvin@hpnet.co.uk> Co-authored-by: Shadril Hassan Shifat <63901551+shadril238@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: gitpds <pds@pds.dev> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> Co-authored-by: Raymond Berger <RayBB@users.noreply.github.com> Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com> Co-authored-by: DEOKLYONG MOON <dfjk71@khu.ac.kr> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com> Co-authored-by: Markus Buhatem Koch <markusbkoch@gmail.com> Co-authored-by: Marcus Castro <mcaxtr@gmail.com> Co-authored-by: 大猫子 <ll1042668699@gmail.com> Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> Co-authored-by: Abdullah <syedabdullah535@gmail.com> Co-authored-by: max <40643627+quotentiroler@users.noreply.github.com> Co-authored-by: succ985 <3186520056@qq.com> Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Advait Paliwal <advaitspaliwal@gmail.com> Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: Aviral <124311066+AnonO6@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Vignesh Natarajan <vigneshnatarajan92@gmail.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@users.noreply.github.com> Co-authored-by: Rohan Patil <rohanspatil801@gmail.com> Co-authored-by: danielcadenhead <danielcadenhead88@gmail.com> Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Oleg Kossoy <oleg.kossoy@gmail.com>

@Yida-Dev

* Add baidu qianfan model provider * Add baidu qianfan model provider * Fix format * Optimize doc * optimize doc * Fix import error * Add auth choice * Optimize format * Optimize doc * Fix key resolve * Optimize import * Support ERNIE-5.0-Thinking-Preview * Resolve conflicts * Fix conflicts * Docs: add PR sign-off template (openclaw#10561) * fix: guard resolveUserPath against undefined input (openclaw#10176) * fix: guard resolveUserPath against undefined input When subagent spawner omits workspaceDir, resolveUserPath receives undefined and crashes on .trim(). Add a falsy guard that falls back to process.cwd(), matching the behavior callers already expect. Closes openclaw#10089 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden runner workspace fallback (openclaw#10176) (thanks @Yida-Dev) * fix: harden workspace fallback scoping (openclaw#10176) (thanks @Yida-Dev) * refactor: centralize workspace fallback classification and redaction (openclaw#10176) (thanks @Yida-Dev) * test: remove explicit any from utils mock (openclaw#10176) (thanks @Yida-Dev) * security: reject malformed agent session keys for workspace resolution (openclaw#10176) (thanks @Yida-Dev) --------- Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * feat(memory): native Voyage AI support (openclaw#7078) * feat(memory): add native Voyage AI embedding support with batching Cherry-picked from PR openclaw#2519, resolved conflict in memory-search.ts (hasRemote -> hasRemoteConfig rename + added voyage provider) * fix(memory): optimize voyage batch memory usage with streaming and deduplicate code Cherry-picked from PR openclaw#2519. Fixed lint error: changed this.runWithConcurrency to use imported runWithConcurrency function after extraction to internal.ts * feat(memory): document Voyage embeddings + VOYAGE_API_KEY (openclaw#7078) (thanks @mcinteerj) (openclaw#10699) * feat(antigravity): update default model to Claude Opus 4.6 (openclaw#10720) * feat(antigravity): update default model to Claude Opus 4.6 Claude Opus 4.5 has been replaced by Claude Opus 4.6 on the Antigravity (Google Cloud Code Assist) platform. - Update DEFAULT_MODEL in google-antigravity-auth extension - Update testing docs to reference the new model * fix: update remaining antigravity opus 4.5 refs in zh-CN docs and tests Address review comments from Greptile: - Update zh-CN/testing.md antigravity model references - Update pi-tools-agent-config.test.ts model IDs * Antigravity: default OAuth model to Opus 4.6 (openclaw#10720) (thanks @calvin-hpnet) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(hooks): replace debug console.log with proper subsystem logging in session-memory (openclaw#10730) * fix: replace debug console.log with proper subsystem logging in session-memory * fix(hooks): normalize session-memory subsystem logging --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * docs(changelog): prepare 2026.2.6 * docs(changelog): include merged PRs since v2026.2.3 * chore(release): bump version to 2026.2.6 * fix(telegram): cast fetch for grammY ApiClientOptions * docs: fix markdownlint fragments + headings * docs(changelog): refresh 2026.2.6 since v2026.2.3 * docs(imessage): add macOS TCC troubleshooting * docs(imessage): improve macOS TCC troubleshooting guidance (openclaw#10781) * chore(deps): update deps * fix(agents): add Opus 4.6 forward-compat fallback * chore(deps): bump carbon beta * docs(changelog): curate 2026.2.6 * docs(changelog): highlight Opus 4.6 + Codex 5.3 first * Fix QMD CLI installation link in memory.md (openclaw#8647) Correct the installation link for the QMD CLI in the documentation. * chore(lockfile): fix pnpm-lock * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * Docs: fix broken /plugins links (openclaw#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix(build): unblock pnpm build dts * Fix repository links in formal-verification.md (openclaw#10200) Updated repository links for formal verification models. * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (openclaw#9119) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(dashboard): restore tokenized control ui links * chore(skills): remove bird skill * chore(onboard): move xAI up in auth list * chore(release): 2026.2.6-1 * chore(onboard): move xAI below Google * ci: add concurrency controls, consolidate macOS jobs, optimize Windows CI * ci: re-enable parallel vitest on Windows CI * docs(changelog): note CI pipeline optimization (openclaw#10784) (thanks @mcaxtr) * fix(build): support daemon-cli .mjs bundles in compat shim * fix(docker): support .mjs entrypoints in images and e2e * test(hooks): stabilize session-memory hook tests * chore(release): 2026.2.6-2 * chore(onboard): reorder xAI + Qianfan providers * chore(release): 2026.2.6-3 * fix: comprehensive BlueBubbles and channel cleanup (openclaw#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (openclaw#7402) * fix(security): add timeout to webhook body reading (openclaw#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (openclaw#6762) * fix: prevent plugins from auto-enabling without user consent (openclaw#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes openclaw#3932. * fix: apply hierarchical mediaMaxMb config to all channels (openclaw#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes openclaw#7847. * fix(bluebubbles): sanitize attachment filenames against header injection (openclaw#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (openclaw#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR openclaw#10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (openclaw#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (openclaw#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (openclaw#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (openclaw#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (openclaw#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (openclaw#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (openclaw#6023) * docs: add symptom-first troubleshooting hub and deep runbooks (openclaw#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (openclaw#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes openclaw#7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (openclaw#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Agents: include runtime shell (openclaw#1835) * Agents: include runtime shell * Agents: fix compact runtime build * chore: fix CLAUDE.md formatting, security regex for secret --------- Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> * Web UI: show Compaction divider in chat history (openclaw#11341) * adding PR review workflow * added more explicit instructions * docs: canonicalize docs paths and align zh navigation (openclaw#11428) * docs(navigation): canonicalize paths and align zh nav * chore(docs): remove stray .DS_Store * docs(scripts): add non-mint docs link audit * docs(nav): fix zh source paths and preserve legacy redirects (openclaw#11428) (thanks @sebslight) * chore(docs): satisfy lint for docs link audit script (openclaw#11428) (thanks @sebslight) * chore: bump pi to 0.52.8 * Fix typo in FAQ regarding model configuration command (openclaw#6048) * CI: skip heavy jobs on docs-only changes (openclaw#11328) * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Gateway: fix multi-agent sessions.usage discovery (openclaw#11523) * Gateway: fix multi-agent sessions.usage discovery * Gateway: resolve sessions.usage keys via sessionId * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * feat(sanitize): enhance context overflow error handling in user-facing text - Added tests to ensure proper sanitization of context overflow errors. - Introduced a new function to determine when to rewrite context overflow messages. - Updated the sanitization logic to improve user experience by providing clearer error messages while preserving conversational context. * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * Memory: harden QMD startup, timeouts, and fallback recovery * Memory: queue forced QMD sync and handle sqlite busy reads * Memory: chain forced QMD queue and fail over on busy index * Memory: make QMD cache eviction callback idempotent * Memory: add SQLITE_BUSY fallback regression test * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. * Tests: harden flake hotspots and consolidate provider-auth suites (openclaw#11598) * Tests: harden flake hotspots and consolidate provider-auth suites * Tests: restore env vars by deleting missing snapshot values * Tests: use real newline in memory summary filter case * Tests(memory): use fake timers for qmd timeout coverage * Changelog: add tests hardening entry for openclaw#11598 * docs: clarify onboarding instructions for beginners (openclaw#10956) * chore: updated PR review skills and workflow info on tests + fake timers * Fix Nix repository link in README (openclaw#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> * Docs: fix cron.update param name id → jobId (openclaw#11365) (openclaw#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (openclaw#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (openclaw#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (openclaw#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix(cron): share isolated announce flow + harden cron scheduling/delivery (openclaw#11641) * fix(cron): comprehensive cron scheduling and delivery fixes - Fix delivery target resolution for isolated agent cron jobs - Improve schedule parsing and validation - Add job retry logic and error handling - Enhance cron ops with better state management - Add timer improvements for more reliable cron execution - Add cron event type to protocol schema - Support cron events in heartbeat runner (skip empty-heartbeat check, use dedicated CRON_EVENT_PROMPT for relay) * fix: remove cron debug test and add changelog/docs notes (openclaw#11641) (thanks @tyler6204) * fix: context overflow compaction and subagent announce improvements (openclaw#11664) (thanks @tyler6204) * initial commit * feat: implement deriveSessionTotalTokens function and update usage tests * Added deriveSessionTotalTokens function to calculate total tokens based on usage and context tokens. * Updated usage tests to include cases for derived session total tokens. * Refactored session usage calculations in multiple files to utilize the new function for improved accuracy. * fix: restore overflow truncation fallback + changelog/test hardening (openclaw#11551) (thanks @tyler6204) * fix(ui): smooth chat refresh scroll and suppress new-messages badge flash * fix(discord): support forum channel thread-create (openclaw#10062) * fix(discord): support forum channel thread-create * fix: harden discord forum thread-create (openclaw#10062) (thanks @jarvis89757) --------- Co-authored-by: Shakker <shakkerdroid@gmail.com> * feat(telegram): add spoiler tag support (openclaw#11543) * feat(telegram): add spoiler tag support Render markdown ||spoiler|| syntax as <tg-spoiler> tags in Telegram HTML output. The markdown IR already parses spoiler syntax, but the Telegram renderer was missing the style marker. This adds the spoiler marker to renderTelegramHtml(). Fixes spoiler text appearing as raw ||text|| instead of hidden text. * fix: enable Telegram spoiler rendering (openclaw#11543) (thanks @ezhikkk) --------- Co-authored-by: Параша <parasha@openclaw.local> Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com> * fix(doctor): suppress repeated legacy state migration warnings (openclaw#11709) * fix(doctor): suppress repeated state migration warning * fix: harden state-dir mirror detection + warnings (openclaw#11709) (thanks @gumadeiras) * test: cover mirror hardening edge cases (openclaw#11709) (thanks @gumadeiras) * CI: scope heavy jobs, build once, and remove duplicate validation work (openclaw#11570) * CI: scope jobs and reuse build artifacts * CI: fix scope fallback and remove unused artifact job * CI: remove setup-node pnpm cache inputs * CI: add pnpm store cache and dist artifact smoke * CI: extract pnpm cache action and consume dist artifact * chore: centralizing warning filters * chore: suppress warnings for node default output path * chore: project hygiene — fix workspace:*, sandbox USER, dead config (openclaw#11289) * chore: project hygiene fixes (workspace:*, sandbox USER, dead config) * chore: also fix workspace:* in zalouser dependencies * docs: add security & trust documentation Add threat model (MITRE ATLAS), contribution guide, and security directory README. Update SECURITY.md with trust page reporting instructions and Jamieson O'Reilly as Security & Trust. Co-Authored-By: theonejvo <theonejvo@users.noreply.github.com> * Centralize date/time formatting utilities (openclaw#11831) * chore: fix vitest standalone configs and update package description (openclaw#11865) * chore: fix vitest standalone configs and update package description - vitest.live.config.ts and vitest.e2e.config.ts now extend root config - Inherits testTimeout (120s), resolve.alias, pool, setupFiles, excludes - ui/vitest.node.config.ts gets explicit 120s timeout - package.json description updated for multi-channel AI gateway - Removed unused src/utils/time-format.ts * chore: filter inherited excludes in live/e2e vitest configs * refactor: dedupe GroupPolicy/DmPolicy in extensions Import from openclaw/plugin-sdk instead of re-declaring identical types. * Add GitHub Copilot models to xhigh list (openclaw#11646) * Add GitHub Copilot models to xhigh list * fix(thinking): add xhigh copilot tests and changelog (openclaw#11646) (thanks @seans-openclawbot) --------- Co-authored-by: Sean Dai <sdai@gatech.edu> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Exec approvals: render forwarded commands in monospace (openclaw#11937) * fix(exec-approvals): format forwarded commands as code * fix(exec-approvals): place fenced command blocks on new line (openclaw#11937) (thanks @sebslight) * docs: fix changelog PR reference Fix Exec approvals command text formatting issue for safer approval scanning. * Gateway/Plugins: device pairing + phone control plugins (openclaw#11755) * iOS: alpha node app + setup-code onboarding (openclaw#11756) * Memory/QMD: warn when scope denies search * Docs i18n: make translation prompt language-pluggable * Docs: seed ja-JP translations * Docs: use ja-jp Mintlify language code * Docs: note ja-JP docs POC in changelog (openclaw#11988) (thanks @joshp123) * Docs: fix language switcher order + Japanese locale * Docs: note language switcher ordering + JP flag fix (openclaw#12023) (thanks @joshp123) * fix(paths): respect OPENCLAW_HOME for all internal path resolution (openclaw#12091) * fix(paths): respect OPENCLAW_HOME for all internal path resolution (openclaw#11995) Add home-dir module (src/infra/home-dir.ts) that centralizes home directory resolution with precedence: OPENCLAW_HOME > HOME > USERPROFILE > os.homedir(). Migrate all path-sensitive callsites: config IO, agent dirs, session transcripts, pairing store, cron store, doctor, CLI profiles. Add envHomedir() helper in config/paths.ts to reduce lambda noise. Document OPENCLAW_HOME in docs/help/environment.md. * fix(paths): handle OPENCLAW_HOME '~' fallback (openclaw#12091) (thanks @sebslight) * docs: mention OPENCLAW_HOME in install and getting started (openclaw#12091) (thanks @sebslight) * fix(status): show OPENCLAW_HOME in shortened paths (openclaw#12091) (thanks @sebslight) * docs(changelog): clarify OPENCLAW_HOME and HOME precedence (openclaw#12091) (thanks @sebslight) * changelog: split openclaw#12091 entry into Added + Fixes * fix(config): clamp maxTokens to contextWindow to prevent invalid configurations Closes openclaw#5308 When users configure maxTokens larger than contextWindow (e.g., maxTokens: 40960 with contextWindow: 32768), the model may fail silently. This fix clamps maxTokens to be at most contextWindow, preventing such invalid configurations. * test(config): cover maxTokens clamping * chore(changelog): note maxTokens clamp (openclaw#5516) (thanks @lailoo) (openclaw#12139) * fix: more merge fixes * fix: fix gauranteed rejection when declaredCommands undefined * fix: resolve build errors and eslint warnings - Add missing parseDatedFilename function to memory/internal.ts - Remove reference to undefined thinkingWarning variable - Fix node.invoke guard to maintain backward compatibility - Rename unused runtimeConfig variable to _runtimeConfig Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: ideoutrea <ideoutrea@163.com> Co-authored-by: ide-rea <30512600+ide-rea@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Yida-Dev <92713555+Yida-Dev@users.noreply.github.com> Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: Jake <mcinteerj@gmail.com> Co-authored-by: calvin-hpnet <calvin@hpnet.co.uk> Co-authored-by: Shadril Hassan Shifat <63901551+shadril238@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: gitpds <pds@pds.dev> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> Co-authored-by: Raymond Berger <RayBB@users.noreply.github.com> Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com> Co-authored-by: DEOKLYONG MOON <dfjk71@khu.ac.kr> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com> Co-authored-by: Markus Buhatem Koch <markusbkoch@gmail.com> Co-authored-by: Marcus Castro <mcaxtr@gmail.com> Co-authored-by: 大猫子 <ll1042668699@gmail.com> Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> Co-authored-by: Abdullah <syedabdullah535@gmail.com> Co-authored-by: max <40643627+quotentiroler@users.noreply.github.com> Co-authored-by: succ985 <3186520056@qq.com> Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Advait Paliwal <advaitspaliwal@gmail.com> Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: Aviral <124311066+AnonO6@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Vignesh Natarajan <vigneshnatarajan92@gmail.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@users.noreply.github.com> Co-authored-by: Rohan Patil <rohanspatil801@gmail.com> Co-authored-by: danielcadenhead <danielcadenhead88@gmail.com> Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Oleg Kossoy <oleg.kossoy@gmail.com> Co-authored-by: jarvis89757 <jarvis@techflow.studio> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: ezhikkk <105670095+ezhikkk@users.noreply.github.com> Co-authored-by: Параша <parasha@openclaw.local> Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com> Co-authored-by: theonejvo <theonejvo@users.noreply.github.com> Co-authored-by: seans-openclawbot <seandai.apps@gmail.com> Co-authored-by: Sean Dai <sdai@gatech.edu> Co-authored-by: Mariano Belinky <mbelinky@gmail.com> Co-authored-by: Josh Palmer <joshp123@users.noreply.github.com> Co-authored-by: George Pickett <gpickett00@gmail.com>

@Yida-Dev

* Add baidu qianfan model provider * Add baidu qianfan model provider * Fix format * Optimize doc * optimize doc * Fix import error * Add auth choice * Optimize format * Optimize doc * Fix key resolve * Optimize import * Support ERNIE-5.0-Thinking-Preview * Resolve conflicts * Fix conflicts * Docs: add PR sign-off template (openclaw#10561) * fix: guard resolveUserPath against undefined input (openclaw#10176) * fix: guard resolveUserPath against undefined input When subagent spawner omits workspaceDir, resolveUserPath receives undefined and crashes on .trim(). Add a falsy guard that falls back to process.cwd(), matching the behavior callers already expect. Closes openclaw#10089 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden runner workspace fallback (openclaw#10176) (thanks @Yida-Dev) * fix: harden workspace fallback scoping (openclaw#10176) (thanks @Yida-Dev) * refactor: centralize workspace fallback classification and redaction (openclaw#10176) (thanks @Yida-Dev) * test: remove explicit any from utils mock (openclaw#10176) (thanks @Yida-Dev) * security: reject malformed agent session keys for workspace resolution (openclaw#10176) (thanks @Yida-Dev) --------- Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * feat(memory): native Voyage AI support (openclaw#7078) * feat(memory): add native Voyage AI embedding support with batching Cherry-picked from PR openclaw#2519, resolved conflict in memory-search.ts (hasRemote -> hasRemoteConfig rename + added voyage provider) * fix(memory): optimize voyage batch memory usage with streaming and deduplicate code Cherry-picked from PR openclaw#2519. Fixed lint error: changed this.runWithConcurrency to use imported runWithConcurrency function after extraction to internal.ts * feat(memory): document Voyage embeddings + VOYAGE_API_KEY (openclaw#7078) (thanks @mcinteerj) (openclaw#10699) * feat(antigravity): update default model to Claude Opus 4.6 (openclaw#10720) * feat(antigravity): update default model to Claude Opus 4.6 Claude Opus 4.5 has been replaced by Claude Opus 4.6 on the Antigravity (Google Cloud Code Assist) platform. - Update DEFAULT_MODEL in google-antigravity-auth extension - Update testing docs to reference the new model * fix: update remaining antigravity opus 4.5 refs in zh-CN docs and tests Address review comments from Greptile: - Update zh-CN/testing.md antigravity model references - Update pi-tools-agent-config.test.ts model IDs * Antigravity: default OAuth model to Opus 4.6 (openclaw#10720) (thanks @calvin-hpnet) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(hooks): replace debug console.log with proper subsystem logging in session-memory (openclaw#10730) * fix: replace debug console.log with proper subsystem logging in session-memory * fix(hooks): normalize session-memory subsystem logging --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * docs(changelog): prepare 2026.2.6 * docs(changelog): include merged PRs since v2026.2.3 * chore(release): bump version to 2026.2.6 * fix(telegram): cast fetch for grammY ApiClientOptions * docs: fix markdownlint fragments + headings * docs(changelog): refresh 2026.2.6 since v2026.2.3 * docs(imessage): add macOS TCC troubleshooting * docs(imessage): improve macOS TCC troubleshooting guidance (openclaw#10781) * chore(deps): update deps * fix(agents): add Opus 4.6 forward-compat fallback * chore(deps): bump carbon beta * docs(changelog): curate 2026.2.6 * docs(changelog): highlight Opus 4.6 + Codex 5.3 first * Fix QMD CLI installation link in memory.md (openclaw#8647) Correct the installation link for the QMD CLI in the documentation. * chore(lockfile): fix pnpm-lock * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * Docs: fix broken /plugins links (openclaw#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix(build): unblock pnpm build dts * Fix repository links in formal-verification.md (openclaw#10200) Updated repository links for formal verification models. * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (openclaw#9119) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(dashboard): restore tokenized control ui links * chore(skills): remove bird skill * chore(onboard): move xAI up in auth list * chore(release): 2026.2.6-1 * chore(onboard): move xAI below Google * ci: add concurrency controls, consolidate macOS jobs, optimize Windows CI * ci: re-enable parallel vitest on Windows CI * docs(changelog): note CI pipeline optimization (openclaw#10784) (thanks @mcaxtr) * fix(build): support daemon-cli .mjs bundles in compat shim * fix(docker): support .mjs entrypoints in images and e2e * test(hooks): stabilize session-memory hook tests * chore(release): 2026.2.6-2 * chore(onboard): reorder xAI + Qianfan providers * chore(release): 2026.2.6-3 * fix: comprehensive BlueBubbles and channel cleanup (openclaw#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (openclaw#7402) * fix(security): add timeout to webhook body reading (openclaw#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (openclaw#6762) * fix: prevent plugins from auto-enabling without user consent (openclaw#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes openclaw#3932. * fix: apply hierarchical mediaMaxMb config to all channels (openclaw#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes openclaw#7847. * fix(bluebubbles): sanitize attachment filenames against header injection (openclaw#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (openclaw#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR openclaw#10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (openclaw#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (openclaw#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (openclaw#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (openclaw#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (openclaw#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (openclaw#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (openclaw#6023) * docs: add symptom-first troubleshooting hub and deep runbooks (openclaw#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (openclaw#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes openclaw#7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (openclaw#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Agents: include runtime shell (openclaw#1835) * Agents: include runtime shell * Agents: fix compact runtime build * chore: fix CLAUDE.md formatting, security regex for secret --------- Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> * Web UI: show Compaction divider in chat history (openclaw#11341) * adding PR review workflow * added more explicit instructions * docs: canonicalize docs paths and align zh navigation (openclaw#11428) * docs(navigation): canonicalize paths and align zh nav * chore(docs): remove stray .DS_Store * docs(scripts): add non-mint docs link audit * docs(nav): fix zh source paths and preserve legacy redirects (openclaw#11428) (thanks @sebslight) * chore(docs): satisfy lint for docs link audit script (openclaw#11428) (thanks @sebslight) * chore: bump pi to 0.52.8 * Fix typo in FAQ regarding model configuration command (openclaw#6048) * CI: skip heavy jobs on docs-only changes (openclaw#11328) * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Gateway: fix multi-agent sessions.usage discovery (openclaw#11523) * Gateway: fix multi-agent sessions.usage discovery * Gateway: resolve sessions.usage keys via sessionId * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * feat(sanitize): enhance context overflow error handling in user-facing text - Added tests to ensure proper sanitization of context overflow errors. - Introduced a new function to determine when to rewrite context overflow messages. - Updated the sanitization logic to improve user experience by providing clearer error messages while preserving conversational context. * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * Memory: harden QMD startup, timeouts, and fallback recovery * Memory: queue forced QMD sync and handle sqlite busy reads * Memory: chain forced QMD queue and fail over on busy index * Memory: make QMD cache eviction callback idempotent * Memory: add SQLITE_BUSY fallback regression test * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. * Tests: harden flake hotspots and consolidate provider-auth suites (openclaw#11598) * Tests: harden flake hotspots and consolidate provider-auth suites * Tests: restore env vars by deleting missing snapshot values * Tests: use real newline in memory summary filter case * Tests(memory): use fake timers for qmd timeout coverage * Changelog: add tests hardening entry for openclaw#11598 * docs: clarify onboarding instructions for beginners (openclaw#10956) * chore: updated PR review skills and workflow info on tests + fake timers * Fix Nix repository link in README (openclaw#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> * Docs: fix cron.update param name id → jobId (openclaw#11365) (openclaw#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (openclaw#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (openclaw#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (openclaw#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix(cron): share isolated announce flow + harden cron scheduling/delivery (openclaw#11641) * fix(cron): comprehensive cron scheduling and delivery fixes - Fix delivery target resolution for isolated agent cron jobs - Improve schedule parsing and validation - Add job retry logic and error handling - Enhance cron ops with better state management - Add timer improvements for more reliable cron execution - Add cron event type to protocol schema - Support cron events in heartbeat runner (skip empty-heartbeat check, use dedicated CRON_EVENT_PROMPT for relay) * fix: remove cron debug test and add changelog/docs notes (openclaw#11641) (thanks @tyler6204) * fix: context overflow compaction and subagent announce improvements (openclaw#11664) (thanks @tyler6204) * initial commit * feat: implement deriveSessionTotalTokens function and update usage tests * Added deriveSessionTotalTokens function to calculate total tokens based on usage and context tokens. * Updated usage tests to include cases for derived session total tokens. * Refactored session usage calculations in multiple files to utilize the new function for improved accuracy. * fix: restore overflow truncation fallback + changelog/test hardening (openclaw#11551) (thanks @tyler6204) * fix(ui): smooth chat refresh scroll and suppress new-messages badge flash * fix(discord): support forum channel thread-create (openclaw#10062) * fix(discord): support forum channel thread-create * fix: harden discord forum thread-create (openclaw#10062) (thanks @jarvis89757) --------- Co-authored-by: Shakker <shakkerdroid@gmail.com> * feat(telegram): add spoiler tag support (openclaw#11543) * feat(telegram): add spoiler tag support Render markdown ||spoiler|| syntax as <tg-spoiler> tags in Telegram HTML output. The markdown IR already parses spoiler syntax, but the Telegram renderer was missing the style marker. This adds the spoiler marker to renderTelegramHtml(). Fixes spoiler text appearing as raw ||text|| instead of hidden text. * fix: enable Telegram spoiler rendering (openclaw#11543) (thanks @ezhikkk) --------- Co-authored-by: Параша <parasha@openclaw.local> Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com> * fix(doctor): suppress repeated legacy state migration warnings (openclaw#11709) * fix(doctor): suppress repeated state migration warning * fix: harden state-dir mirror detection + warnings (openclaw#11709) (thanks @gumadeiras) * test: cover mirror hardening edge cases (openclaw#11709) (thanks @gumadeiras) * CI: scope heavy jobs, build once, and remove duplicate validation work (openclaw#11570) * CI: scope jobs and reuse build artifacts * CI: fix scope fallback and remove unused artifact job * CI: remove setup-node pnpm cache inputs * CI: add pnpm store cache and dist artifact smoke * CI: extract pnpm cache action and consume dist artifact * chore: centralizing warning filters * chore: suppress warnings for node default output path * chore: project hygiene — fix workspace:*, sandbox USER, dead config (openclaw#11289) * chore: project hygiene fixes (workspace:*, sandbox USER, dead config) * chore: also fix workspace:* in zalouser dependencies * docs: add security & trust documentation Add threat model (MITRE ATLAS), contribution guide, and security directory README. Update SECURITY.md with trust page reporting instructions and Jamieson O'Reilly as Security & Trust. Co-Authored-By: theonejvo <theonejvo@users.noreply.github.com> * Centralize date/time formatting utilities (openclaw#11831) * chore: fix vitest standalone configs and update package description (openclaw#11865) * chore: fix vitest standalone configs and update package description - vitest.live.config.ts and vitest.e2e.config.ts now extend root config - Inherits testTimeout (120s), resolve.alias, pool, setupFiles, excludes - ui/vitest.node.config.ts gets explicit 120s timeout - package.json description updated for multi-channel AI gateway - Removed unused src/utils/time-format.ts * chore: filter inherited excludes in live/e2e vitest configs * refactor: dedupe GroupPolicy/DmPolicy in extensions Import from openclaw/plugin-sdk instead of re-declaring identical types. * Add GitHub Copilot models to xhigh list (openclaw#11646) * Add GitHub Copilot models to xhigh list * fix(thinking): add xhigh copilot tests and changelog (openclaw#11646) (thanks @seans-openclawbot) --------- Co-authored-by: Sean Dai <sdai@gatech.edu> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Exec approvals: render forwarded commands in monospace (openclaw#11937) * fix(exec-approvals): format forwarded commands as code * fix(exec-approvals): place fenced command blocks on new line (openclaw#11937) (thanks @sebslight) * docs: fix changelog PR reference Fix Exec approvals command text formatting issue for safer approval scanning. * Gateway/Plugins: device pairing + phone control plugins (openclaw#11755) * iOS: alpha node app + setup-code onboarding (openclaw#11756) * Memory/QMD: warn when scope denies search * Docs i18n: make translation prompt language-pluggable * Docs: seed ja-JP translations * Docs: use ja-jp Mintlify language code * Docs: note ja-JP docs POC in changelog (openclaw#11988) (thanks @joshp123) * Docs: fix language switcher order + Japanese locale * Docs: note language switcher ordering + JP flag fix (openclaw#12023) (thanks @joshp123) * fix(paths): respect OPENCLAW_HOME for all internal path resolution (openclaw#12091) * fix(paths): respect OPENCLAW_HOME for all internal path resolution (openclaw#11995) Add home-dir module (src/infra/home-dir.ts) that centralizes home directory resolution with precedence: OPENCLAW_HOME > HOME > USERPROFILE > os.homedir(). Migrate all path-sensitive callsites: config IO, agent dirs, session transcripts, pairing store, cron store, doctor, CLI profiles. Add envHomedir() helper in config/paths.ts to reduce lambda noise. Document OPENCLAW_HOME in docs/help/environment.md. * fix(paths): handle OPENCLAW_HOME '~' fallback (openclaw#12091) (thanks @sebslight) * docs: mention OPENCLAW_HOME in install and getting started (openclaw#12091) (thanks @sebslight) * fix(status): show OPENCLAW_HOME in shortened paths (openclaw#12091) (thanks @sebslight) * docs(changelog): clarify OPENCLAW_HOME and HOME precedence (openclaw#12091) (thanks @sebslight) * changelog: split openclaw#12091 entry into Added + Fixes * fix(config): clamp maxTokens to contextWindow to prevent invalid configurations Closes openclaw#5308 When users configure maxTokens larger than contextWindow (e.g., maxTokens: 40960 with contextWindow: 32768), the model may fail silently. This fix clamps maxTokens to be at most contextWindow, preventing such invalid configurations. * test(config): cover maxTokens clamping * chore(changelog): note maxTokens clamp (openclaw#5516) (thanks @lailoo) (openclaw#12139) * fix: more merge fixes * fix: fix gauranteed rejection when declaredCommands undefined * fix: resolve build errors and eslint warnings - Add missing parseDatedFilename function to memory/internal.ts - Remove reference to undefined thinkingWarning variable - Fix node.invoke guard to maintain backward compatibility - Rename unused runtimeConfig variable to _runtimeConfig Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * chore: lancedb embedding/llm-extraction refactoring * Docs: refine LG webOS TV skill (openclaw#360) * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * docs: fix markdownlint fragments + headings * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * chore(onboard): move xAI up in auth list * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * Memory: harden QMD startup, timeouts, and fallback recovery * fix: context overflow compaction and subagent announce improvements (openclaw#11664) (thanks @tyler6204) * initial commit * feat: implement deriveSessionTotalTokens function and update usage tests * Added deriveSessionTotalTokens function to calculate total tokens based on usage and context tokens. * Updated usage tests to include cases for derived session total tokens. * Refactored session usage calculations in multiple files to utilize the new function for improved accuracy. * fix: restore overflow truncation fallback + changelog/test hardening (openclaw#11551) (thanks @tyler6204) * chore: centralizing warning filters * Docs: seed ja-JP translations * Docs: use ja-jp Mintlify language code * Docs: fix language switcher order + Japanese locale * chore: lancedb embedding/llm-extraction refactoring * fix: minor bug in lancedb refactoring --------- Co-authored-by: ideoutrea <ideoutrea@163.com> Co-authored-by: ide-rea <30512600+ide-rea@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Yida-Dev <92713555+Yida-Dev@users.noreply.github.com> Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: Jake <mcinteerj@gmail.com> Co-authored-by: calvin-hpnet <calvin@hpnet.co.uk> Co-authored-by: Shadril Hassan Shifat <63901551+shadril238@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: gitpds <pds@pds.dev> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> Co-authored-by: Raymond Berger <RayBB@users.noreply.github.com> Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com> Co-authored-by: DEOKLYONG MOON <dfjk71@khu.ac.kr> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com> Co-authored-by: Markus Buhatem Koch <markusbkoch@gmail.com> Co-authored-by: Marcus Castro <mcaxtr@gmail.com> Co-authored-by: 大猫子 <ll1042668699@gmail.com> Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> Co-authored-by: Abdullah <syedabdullah535@gmail.com> Co-authored-by: max <40643627+quotentiroler@users.noreply.github.com> Co-authored-by: succ985 <3186520056@qq.com> Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Advait Paliwal <advaitspaliwal@gmail.com> Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: Aviral <124311066+AnonO6@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Vignesh Natarajan <vigneshnatarajan92@gmail.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@users.noreply.github.com> Co-authored-by: Rohan Patil <rohanspatil801@gmail.com> Co-authored-by: danielcadenhead <danielcadenhead88@gmail.com> Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Oleg Kossoy <oleg.kossoy@gmail.com> Co-authored-by: jarvis89757 <jarvis@techflow.studio> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: ezhikkk <105670095+ezhikkk@users.noreply.github.com> Co-authored-by: Параша <parasha@openclaw.local> Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com> Co-authored-by: theonejvo <theonejvo@users.noreply.github.com> Co-authored-by: seans-openclawbot <seandai.apps@gmail.com> Co-authored-by: Sean Dai <sdai@gatech.edu> Co-authored-by: Mariano Belinky <mbelinky@gmail.com> Co-authored-by: Josh Palmer <joshp123@users.noreply.github.com> Co-authored-by: George Pickett <gpickett00@gmail.com>

@Yida-Dev

* Add baidu qianfan model provider * Add baidu qianfan model provider * Fix format * Optimize doc * optimize doc * Fix import error * Add auth choice * Optimize format * Optimize doc * Fix key resolve * Optimize import * Support ERNIE-5.0-Thinking-Preview * Resolve conflicts * Fix conflicts * Docs: add PR sign-off template (openclaw#10561) * fix: guard resolveUserPath against undefined input (openclaw#10176) * fix: guard resolveUserPath against undefined input When subagent spawner omits workspaceDir, resolveUserPath receives undefined and crashes on .trim(). Add a falsy guard that falls back to process.cwd(), matching the behavior callers already expect. Closes openclaw#10089 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden runner workspace fallback (openclaw#10176) (thanks @Yida-Dev) * fix: harden workspace fallback scoping (openclaw#10176) (thanks @Yida-Dev) * refactor: centralize workspace fallback classification and redaction (openclaw#10176) (thanks @Yida-Dev) * test: remove explicit any from utils mock (openclaw#10176) (thanks @Yida-Dev) * security: reject malformed agent session keys for workspace resolution (openclaw#10176) (thanks @Yida-Dev) --------- Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * feat(memory): native Voyage AI support (openclaw#7078) * feat(memory): add native Voyage AI embedding support with batching Cherry-picked from PR openclaw#2519, resolved conflict in memory-search.ts (hasRemote -> hasRemoteConfig rename + added voyage provider) * fix(memory): optimize voyage batch memory usage with streaming and deduplicate code Cherry-picked from PR openclaw#2519. Fixed lint error: changed this.runWithConcurrency to use imported runWithConcurrency function after extraction to internal.ts * feat(memory): document Voyage embeddings + VOYAGE_API_KEY (openclaw#7078) (thanks @mcinteerj) (openclaw#10699) * feat(antigravity): update default model to Claude Opus 4.6 (openclaw#10720) * feat(antigravity): update default model to Claude Opus 4.6 Claude Opus 4.5 has been replaced by Claude Opus 4.6 on the Antigravity (Google Cloud Code Assist) platform. - Update DEFAULT_MODEL in google-antigravity-auth extension - Update testing docs to reference the new model * fix: update remaining antigravity opus 4.5 refs in zh-CN docs and tests Address review comments from Greptile: - Update zh-CN/testing.md antigravity model references - Update pi-tools-agent-config.test.ts model IDs * Antigravity: default OAuth model to Opus 4.6 (openclaw#10720) (thanks @calvin-hpnet) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(hooks): replace debug console.log with proper subsystem logging in session-memory (openclaw#10730) * fix: replace debug console.log with proper subsystem logging in session-memory * fix(hooks): normalize session-memory subsystem logging --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * docs(changelog): prepare 2026.2.6 * docs(changelog): include merged PRs since v2026.2.3 * chore(release): bump version to 2026.2.6 * fix(telegram): cast fetch for grammY ApiClientOptions * docs: fix markdownlint fragments + headings * docs(changelog): refresh 2026.2.6 since v2026.2.3 * docs(imessage): add macOS TCC troubleshooting * docs(imessage): improve macOS TCC troubleshooting guidance (openclaw#10781) * chore(deps): update deps * fix(agents): add Opus 4.6 forward-compat fallback * chore(deps): bump carbon beta * docs(changelog): curate 2026.2.6 * docs(changelog): highlight Opus 4.6 + Codex 5.3 first * Fix QMD CLI installation link in memory.md (openclaw#8647) Correct the installation link for the QMD CLI in the documentation. * chore(lockfile): fix pnpm-lock * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * Docs: fix broken /plugins links (openclaw#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix(build): unblock pnpm build dts * Fix repository links in formal-verification.md (openclaw#10200) Updated repository links for formal verification models. * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (openclaw#9119) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(dashboard): restore tokenized control ui links * chore(skills): remove bird skill * chore(onboard): move xAI up in auth list * chore(release): 2026.2.6-1 * chore(onboard): move xAI below Google * ci: add concurrency controls, consolidate macOS jobs, optimize Windows CI * ci: re-enable parallel vitest on Windows CI * docs(changelog): note CI pipeline optimization (openclaw#10784) (thanks @mcaxtr) * fix(build): support daemon-cli .mjs bundles in compat shim * fix(docker): support .mjs entrypoints in images and e2e * test(hooks): stabilize session-memory hook tests * chore(release): 2026.2.6-2 * chore(onboard): reorder xAI + Qianfan providers * chore(release): 2026.2.6-3 * fix: comprehensive BlueBubbles and channel cleanup (openclaw#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (openclaw#7402) * fix(security): add timeout to webhook body reading (openclaw#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (openclaw#6762) * fix: prevent plugins from auto-enabling without user consent (openclaw#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes openclaw#3932. * fix: apply hierarchical mediaMaxMb config to all channels (openclaw#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes openclaw#7847. * fix(bluebubbles): sanitize attachment filenames against header injection (openclaw#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (openclaw#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR openclaw#10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (openclaw#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (openclaw#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (openclaw#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (openclaw#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (openclaw#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (openclaw#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (openclaw#6023) * docs: add symptom-first troubleshooting hub and deep runbooks (openclaw#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (openclaw#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes openclaw#7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (openclaw#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Agents: include runtime shell (openclaw#1835) * Agents: include runtime shell * Agents: fix compact runtime build * chore: fix CLAUDE.md formatting, security regex for secret --------- Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> * Web UI: show Compaction divider in chat history (openclaw#11341) * adding PR review workflow * added more explicit instructions * docs: canonicalize docs paths and align zh navigation (openclaw#11428) * docs(navigation): canonicalize paths and align zh nav * chore(docs): remove stray .DS_Store * docs(scripts): add non-mint docs link audit * docs(nav): fix zh source paths and preserve legacy redirects (openclaw#11428) (thanks @sebslight) * chore(docs): satisfy lint for docs link audit script (openclaw#11428) (thanks @sebslight) * chore: bump pi to 0.52.8 * Fix typo in FAQ regarding model configuration command (openclaw#6048) * CI: skip heavy jobs on docs-only changes (openclaw#11328) * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Gateway: fix multi-agent sessions.usage discovery (openclaw#11523) * Gateway: fix multi-agent sessions.usage discovery * Gateway: resolve sessions.usage keys via sessionId * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * feat(sanitize): enhance context overflow error handling in user-facing text - Added tests to ensure proper sanitization of context overflow errors. - Introduced a new function to determine when to rewrite context overflow messages. - Updated the sanitization logic to improve user experience by providing clearer error messages while preserving conversational context. * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * Memory: harden QMD startup, timeouts, and fallback recovery * Memory: queue forced QMD sync and handle sqlite busy reads * Memory: chain forced QMD queue and fail over on busy index * Memory: make QMD cache eviction callback idempotent * Memory: add SQLITE_BUSY fallback regression test * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. * Tests: harden flake hotspots and consolidate provider-auth suites (openclaw#11598) * Tests: harden flake hotspots and consolidate provider-auth suites * Tests: restore env vars by deleting missing snapshot values * Tests: use real newline in memory summary filter case * Tests(memory): use fake timers for qmd timeout coverage * Changelog: add tests hardening entry for openclaw#11598 * docs: clarify onboarding instructions for beginners (openclaw#10956) * chore: updated PR review skills and workflow info on tests + fake timers * Fix Nix repository link in README (openclaw#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> * Docs: fix cron.update param name id → jobId (openclaw#11365) (openclaw#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (openclaw#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (openclaw#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (openclaw#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix(cron): share isolated announce flow + harden cron scheduling/delivery (openclaw#11641) * fix(cron): comprehensive cron scheduling and delivery fixes - Fix delivery target resolution for isolated agent cron jobs - Improve schedule parsing and validation - Add job retry logic and error handling - Enhance cron ops with better state management - Add timer improvements for more reliable cron execution - Add cron event type to protocol schema - Support cron events in heartbeat runner (skip empty-heartbeat check, use dedicated CRON_EVENT_PROMPT for relay) * fix: remove cron debug test and add changelog/docs notes (openclaw#11641) (thanks @tyler6204) * fix: context overflow compaction and subagent announce improvements (openclaw#11664) (thanks @tyler6204) * initial commit * feat: implement deriveSessionTotalTokens function and update usage tests * Added deriveSessionTotalTokens function to calculate total tokens based on usage and context tokens. * Updated usage tests to include cases for derived session total tokens. * Refactored session usage calculations in multiple files to utilize the new function for improved accuracy. * fix: restore overflow truncation fallback + changelog/test hardening (openclaw#11551) (thanks @tyler6204) * fix(ui): smooth chat refresh scroll and suppress new-messages badge flash * fix(discord): support forum channel thread-create (openclaw#10062) * fix(discord): support forum channel thread-create * fix: harden discord forum thread-create (openclaw#10062) (thanks @jarvis89757) --------- Co-authored-by: Shakker <shakkerdroid@gmail.com> * feat(telegram): add spoiler tag support (openclaw#11543) * feat(telegram): add spoiler tag support Render markdown ||spoiler|| syntax as <tg-spoiler> tags in Telegram HTML output. The markdown IR already parses spoiler syntax, but the Telegram renderer was missing the style marker. This adds the spoiler marker to renderTelegramHtml(). Fixes spoiler text appearing as raw ||text|| instead of hidden text. * fix: enable Telegram spoiler rendering (openclaw#11543) (thanks @ezhikkk) --------- Co-authored-by: Параша <parasha@openclaw.local> Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com> * fix(doctor): suppress repeated legacy state migration warnings (openclaw#11709) * fix(doctor): suppress repeated state migration warning * fix: harden state-dir mirror detection + warnings (openclaw#11709) (thanks @gumadeiras) * test: cover mirror hardening edge cases (openclaw#11709) (thanks @gumadeiras) * CI: scope heavy jobs, build once, and remove duplicate validation work (openclaw#11570) * CI: scope jobs and reuse build artifacts * CI: fix scope fallback and remove unused artifact job * CI: remove setup-node pnpm cache inputs * CI: add pnpm store cache and dist artifact smoke * CI: extract pnpm cache action and consume dist artifact * chore: centralizing warning filters * chore: suppress warnings for node default output path * chore: project hygiene — fix workspace:*, sandbox USER, dead config (openclaw#11289) * chore: project hygiene fixes (workspace:*, sandbox USER, dead config) * chore: also fix workspace:* in zalouser dependencies * docs: add security & trust documentation Add threat model (MITRE ATLAS), contribution guide, and security directory README. Update SECURITY.md with trust page reporting instructions and Jamieson O'Reilly as Security & Trust. Co-Authored-By: theonejvo <theonejvo@users.noreply.github.com> * Centralize date/time formatting utilities (openclaw#11831) * chore: fix vitest standalone configs and update package description (openclaw#11865) * chore: fix vitest standalone configs and update package description - vitest.live.config.ts and vitest.e2e.config.ts now extend root config - Inherits testTimeout (120s), resolve.alias, pool, setupFiles, excludes - ui/vitest.node.config.ts gets explicit 120s timeout - package.json description updated for multi-channel AI gateway - Removed unused src/utils/time-format.ts * chore: filter inherited excludes in live/e2e vitest configs * refactor: dedupe GroupPolicy/DmPolicy in extensions Import from openclaw/plugin-sdk instead of re-declaring identical types. * Add GitHub Copilot models to xhigh list (openclaw#11646) * Add GitHub Copilot models to xhigh list * fix(thinking): add xhigh copilot tests and changelog (openclaw#11646) (thanks @seans-openclawbot) --------- Co-authored-by: Sean Dai <sdai@gatech.edu> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Exec approvals: render forwarded commands in monospace (openclaw#11937) * fix(exec-approvals): format forwarded commands as code * fix(exec-approvals): place fenced command blocks on new line (openclaw#11937) (thanks @sebslight) * docs: fix changelog PR reference Fix Exec approvals command text formatting issue for safer approval scanning. * Gateway/Plugins: device pairing + phone control plugins (openclaw#11755) * iOS: alpha node app + setup-code onboarding (openclaw#11756) * Memory/QMD: warn when scope denies search * Docs i18n: make translation prompt language-pluggable * Docs: seed ja-JP translations * Docs: use ja-jp Mintlify language code * Docs: note ja-JP docs POC in changelog (openclaw#11988) (thanks @joshp123) * Docs: fix language switcher order + Japanese locale * Docs: note language switcher ordering + JP flag fix (openclaw#12023) (thanks @joshp123) * fix(paths): respect OPENCLAW_HOME for all internal path resolution (openclaw#12091) * fix(paths): respect OPENCLAW_HOME for all internal path resolution (openclaw#11995) Add home-dir module (src/infra/home-dir.ts) that centralizes home directory resolution with precedence: OPENCLAW_HOME > HOME > USERPROFILE > os.homedir(). Migrate all path-sensitive callsites: config IO, agent dirs, session transcripts, pairing store, cron store, doctor, CLI profiles. Add envHomedir() helper in config/paths.ts to reduce lambda noise. Document OPENCLAW_HOME in docs/help/environment.md. * fix(paths): handle OPENCLAW_HOME '~' fallback (openclaw#12091) (thanks @sebslight) * docs: mention OPENCLAW_HOME in install and getting started (openclaw#12091) (thanks @sebslight) * fix(status): show OPENCLAW_HOME in shortened paths (openclaw#12091) (thanks @sebslight) * docs(changelog): clarify OPENCLAW_HOME and HOME precedence (openclaw#12091) (thanks @sebslight) * changelog: split openclaw#12091 entry into Added + Fixes * fix(config): clamp maxTokens to contextWindow to prevent invalid configurations Closes openclaw#5308 When users configure maxTokens larger than contextWindow (e.g., maxTokens: 40960 with contextWindow: 32768), the model may fail silently. This fix clamps maxTokens to be at most contextWindow, preventing such invalid configurations. * test(config): cover maxTokens clamping * chore(changelog): note maxTokens clamp (openclaw#5516) (thanks @lailoo) (openclaw#12139) * fix: more merge fixes * fix: fix gauranteed rejection when declaredCommands undefined * fix: resolve build errors and eslint warnings - Add missing parseDatedFilename function to memory/internal.ts - Remove reference to undefined thinkingWarning variable - Fix node.invoke guard to maintain backward compatibility - Rename unused runtimeConfig variable to _runtimeConfig Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * chore: lancedb embedding/llm-extraction refactoring * Docs: revise PR and issue submission guides (openclaw#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * docs: fix markdownlint fragments + headings * fix: cron scheduler reliability, store hardening, and UX improvements (openclaw#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (openclaw#10776) (thanks @tyler6204) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (openclaw#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (openclaw#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * chore(onboard): move xAI up in auth list * fix: add .caf to AUDIO_FILE_EXTENSIONS (openclaw#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (openclaw#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * feat(gateway): add agents.create/update/delete methods (openclaw#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (openclaw#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (openclaw#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes openclaw#11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (openclaw#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix: recover from context overflow caused by oversized tool results (openclaw#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (openclaw#11579) (thanks @tyler6204) * Memory: harden QMD startup, timeouts, and fallback recovery * fix: context overflow compaction and subagent announce improvements (openclaw#11664) (thanks @tyler6204) * initial commit * feat: implement deriveSessionTotalTokens function and update usage tests * Added deriveSessionTotalTokens function to calculate total tokens based on usage and context tokens. * Updated usage tests to include cases for derived session total tokens. * Refactored session usage calculations in multiple files to utilize the new function for improved accuracy. * fix: restore overflow truncation fallback + changelog/test hardening (openclaw#11551) (thanks @tyler6204) * chore: centralizing warning filters * Docs: seed ja-JP translations * Docs: use ja-jp Mintlify language code * Docs: fix language switcher order + Japanese locale * chore: lancedb embedding/llm-extraction refactoring * fix: minor bug in lancedb refactoring * additional test fixes * crap loads of lint fixes * fix: restore nullish fallback for context.outputs spread in worker.ts When context is undefined or lacks an outputs object, spreading ...context?.outputs can throw TypeError in some transpilation targets. Restores the previous ...(context?.outputs ?? {}) guard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: guard against undefined context.outputs spread in worker.ts Extract context?.outputs into a temp variable with ?? {} fallback before spreading, avoiding potential TypeError when context or its outputs property is undefined. Uses a temp variable instead of inline ?? {} to prevent oxfmt from stripping the guard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: ideoutrea <ideoutrea@163.com> Co-authored-by: ide-rea <30512600+ide-rea@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Yida-Dev <92713555+Yida-Dev@users.noreply.github.com> Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: Jake <mcinteerj@gmail.com> Co-authored-by: calvin-hpnet <calvin@hpnet.co.uk> Co-authored-by: Shadril Hassan Shifat <63901551+shadril238@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: gitpds <pds@pds.dev> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> Co-authored-by: Raymond Berger <RayBB@users.noreply.github.com> Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com> Co-authored-by: DEOKLYONG MOON <dfjk71@khu.ac.kr> Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com> Co-authored-by: Markus Buhatem Koch <markusbkoch@gmail.com> Co-authored-by: Marcus Castro <mcaxtr@gmail.com> Co-authored-by: 大猫子 <ll1042668699@gmail.com> Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> Co-authored-by: Abdullah <syedabdullah535@gmail.com> Co-authored-by: max <40643627+quotentiroler@users.noreply.github.com> Co-authored-by: succ985 <3186520056@qq.com> Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Advait Paliwal <advaitspaliwal@gmail.com> Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: Aviral <124311066+AnonO6@users.noreply.github.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Vignesh Natarajan <vigneshnatarajan92@gmail.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@users.noreply.github.com> Co-authored-by: Rohan Patil <rohanspatil801@gmail.com> Co-authored-by: danielcadenhead <danielcadenhead88@gmail.com> Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Oleg Kossoy <oleg.kossoy@gmail.com> Co-authored-by: jarvis89757 <jarvis@techflow.studio> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: ezhikkk <105670095+ezhikkk@users.noreply.github.com> Co-authored-by: Параша <parasha@openclaw.local> Co-authored-by: Muhammed Mukhthar CM <mukhtharcm@gmail.com> Co-authored-by: theonejvo <theonejvo@users.noreply.github.com> Co-authored-by: seans-openclawbot <seandai.apps@gmail.com> Co-authored-by: Sean Dai <sdai@gatech.edu> Co-authored-by: Mariano Belinky <mbelinky@gmail.com> Co-authored-by: Josh Palmer <joshp123@users.noreply.github.com> Co-authored-by: George Pickett <gpickett00@gmail.com>

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>

* Security: owner-only tools + command auth hardening (#9202) * Security: gate whatsapp_login by sender auth * Security: treat undefined senderAuthorized as unauthorized (opt-in) * fix: gate whatsapp_login to owner senders (#8768) (thanks @victormier) * fix: add explicit owner allowlist for tools (#8768) (thanks @victormier) * fix: normalize escaped newlines in send actions (#8768) (thanks @victormier) --------- Co-authored-by: Victor Mier <victormier@gmail.com> * Telegram: remove last @ts-nocheck from bot-handlers.ts (#9206) * Telegram: remove @ts-nocheck from bot-handlers.ts, use Grammy types directly, deduplicate StickerMetadata * Telegram: remove last @ts-nocheck from bot-handlers.ts (#9206) * Message: clarify media schema + fix MEDIA newline * fix: enforce owner allowlist for commands * fix: infer --auth-choice from API key flags during non-interactive onboarding (#9241) * fix: infer --auth-choice from API key flags during non-interactive onboarding When --anthropic-api-key (or other provider key flags) is passed without an explicit --auth-choice, the auth choice defaults to "skip", silently discarding the API key. This means the gateway starts without credentials and fails on every inbound message with "No API key found for provider". Add inferAuthChoiceFromFlags() to derive the correct auth choice from whichever provider API key flag was supplied, so credentials are persisted to auth-profiles.json as expected. Fixes #8481 * fix: infer auth choice from API key flags (#8484) (thanks @f-trycua) * refactor: centralize auth choice inference flags (#8484) (thanks @f-trycua) --------- Co-authored-by: f-trycua <f@trycua.com> * chore: sync plugin versions to 2026.2.3 * fix(mac): resolve cron schedule formatters * chore(mac): update appcast for 2026.2.3 * chore: update 2026.2.3 notes * Fix import error * fix: gracefully downgrade xhigh thinking level in cron isolated agent (#9363) When thinkingDefault is set to "xhigh" but the configured model does not support it (e.g. Claude), the cron isolated-agent path throws a hard error causing the job to fail. The interactive chat path already handles this by silently downgrading to "high". Apply the same graceful downgrade in the cron path: log a warning and fall back to "high" instead of crashing. Co-authored-by: hyf0-agent <hyf0-agent@users.noreply.github.com> * Add auth choice * Optimize format * Optimize doc * Fix key resolve * Optimize import * fix: restore discord owner hint from allowlists * fix: remove unused cron import * fix(cli): resolve bundled chrome extension path * test(cli): use unique temp dir for extension install * fix(cli): support bundled extension path in dist root * style(cli): satisfy lint rules in extension path resolver * fix: resolve bundled chrome extension assets (#8914) (thanks @kelvinCB) * Tests: add test coverage for security/windows-acl.ts Adds comprehensive unit tests for Windows ACL inspection utilities: - resolveWindowsUserPrincipal: username resolution with fallback - parseIcaclsOutput: icacls output parsing - summarizeWindowsAcl: ACL entry classification (trusted/world/group) - inspectWindowsAcl: async ACL inspection with mocked exec - formatWindowsAclSummary: summary string formatting - formatIcaclsResetCommand: reset command string generation - createIcaclsResetCommand: structured reset command generation All 26 tests passing. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: stabilize windows acl tests and command auth registry (#9335) (thanks @M00N7682) * test: register discord plugin in allowlist test * chore: bump version to 2026.2.4 * fix: resolve discord owner allowFrom matches * fix(telegram): preserve DM topic threadId in deliveryContext When receiving messages in Telegram DM topics (Topics in Private Chats), the threadId was not saved in the session's deliveryContext, causing replies to go to General chat instead of the topic. Now we pass threadId to updateLastRoute for DM topics. Fixes #8891 * test(telegram): add DM topic threadId deliveryContext test for #8891 Verifies that threadId is passed to updateLastRoute for DM topics. Test fails on main branch, passes with the fix. * fix: preserve telegram DM topic threadId (#9039) (thanks @lailoo) * Update deps. * chore: Typecheck test helper files. * Docs: streamline start and install docs (#9648) * docs(start): streamline getting started flow * docs(nav): reorganize start and install sections * docs(style): move custom css to style.css * docs(navigation): align zh-CN ordering * docs(navigation): localize zh-Hans labels * docs(install): rename install overview page * CLI: sort commands alphabetically in help output Fixes #7964 Added sortSubcommands: true to configureHelp() to display commands in alphabetical order when running 'openclaw --help'. * fix: update changelog for help sorting (#8068) (thanks @deepsoumya617) * docs(onboarding): add bootstrapping page (#9767) * docs: fix onboarding rendering issues * chore: reset appcast to 2026.2.3 * fix(telegram): pass parentPeer for forum topic binding inheritance (#9789) Fixes #9545 and #9351. When a message comes from a Telegram forum topic, the peer ID includes the topic suffix (e.g., `-1001234567890:topic:99`). Users configure bindings with the base group ID, which previously did not match. This adds `parentPeer` to `resolveAgentRoute()` calls for forum groups, enabling binding inheritance from the parent group to all topics. - Extract `buildTelegramParentPeer()` helper in bot/helpers.ts - Pass parentPeer in bot-message-context.ts, bot-handlers.ts, bot-native-commands.ts, and bot.ts (reaction handler) - Add tests for forum topic routing and topic precedence * docs(onboarding): streamline CLI onboarding docs (#9830) * fix: auto-inject Telegram forum topic threadId in message tool When using Telegram DM topics (forum topics), messages sent via the message tool (media, buttons, etc.) land in General Topic instead of the user's current topic. This happens because Slack has resolveSlackAutoThreadId for auto-threading but Telegram had no equivalent. Add resolveTelegramAutoThreadId that mirrors the Slack pattern: - When channel is telegram and no explicit threadId is provided - Check if toolContext.currentThreadTs (the topic ID) is set - Verify the target matches the originating chat - Inject the threadId into params so the Telegram plugin action handler picks it up for sendMessage/sendMedia The subagent announce path already correctly passes threadId via requesterOrigin (set from agentThreadId in sessions-spawn-tool), so no changes needed there. * test: cover telegram topic threadId auto-injection and subagent origin threading * fix: pass threadId/to/accountId from parent to subagent gateway call When spawning a subagent, the requesterOrigin's threadId, to, and accountId were not forwarded to the callGateway({method:'agent'}) params. This meant the subagent's runContext had no currentThreadTs or currentChannelId, so resolveTelegramAutoThreadId could not auto-inject the forum topic thread ID when the subagent used the message tool. Changes: - sessions-spawn-tool: pass to, accountId, threadId from requesterOrigin - run-context: populate currentChannelId from opts.to as fallback Fixes subagent messages landing in General Topic instead of the correct Telegram DM topic thread. * fix: telegram topic auto-threading — use parseTelegramTarget, add tests (#7235) (thanks @Lukavyi) * update handle * docs: fix incorrect model.fallback to model.fallbacks in Ollama config (#9384) (#9749) Both English and Chinese documentation had incorrect configuration template using 'fallback' instead of 'fallbacks' in agents.defaults.model config. Co-authored-by: damaozi <1811866786@qq.com> * fix(cli): avoid NODE_OPTIONS for --disable-warning (#9691) (thanks @18-RAJAT) Fixes npm pack failing on modern Node where --disable-warning is disallowed in NODE_OPTIONS. * feat: add Claude Opus 4.6 to built-in model catalog (#9853) * feat: add Claude Opus 4.6 to built-in model catalog - Update default model from claude-opus-4-5 to claude-opus-4-6 - Add opus-4.6 model ID normalization - Add claude-opus-4-6 to live model filter prefixes - Update image tool to prefer claude-opus-4-6 for vision - Add CLI backend alias for opus-4.6 - Update onboard auth default selections to include opus-4.6 - Update model picker placeholder Closes #9811 * test: update tests for claude-opus-4-6 default - Fix model-alias-defaults test to use claude-opus-4-6 - Fix image-tool test to expect claude-opus-4-6 in fallbacks * feat: support claude-opus-4-6 * docs: update changelog for opus 4.6 (#9853) (thanks @TinyTb) * chore: bump pi to 0.52.0 --------- Co-authored-by: Slurpy <slurpy@openclaw.ai> Co-authored-by: Peter Steinberger <steipete@gmail.com> * 🤖 Feishu: expand channel support What: - add post parsing, doc link extraction, routing, replies, reactions, typing, and user lookup - fix media download/send flows and make doc fetches domain-aware - update Feishu docs and clawtributor credits Why: - raise Feishu parity with other channels and avoid dropped group messages - keep replies threaded while supporting Lark domains - document new configuration and credit the contributor Tests: - pnpm build - pnpm check - pnpm test (gateway suite timed out; reran pnpm vitest run --config vitest.gateway.config.ts) Co-authored-by: 九灵云 <server@jiulingyun.cn> * 🤖 Feishu: tighten mention gating What: - require the bot open_id match for group mention detection when available Why: - prevent replies when other users are mentioned and the bot id is known Tests: - pnpm test * fix: remove orphaned tool_results during compaction pruning When pruneHistoryForContextShare drops chunks of messages, it could drop an assistant message with tool_use blocks while leaving corresponding tool_result messages in the kept portion. These orphaned tool_results cause Anthropic's API to reject the session with 'unexpected tool_use_id'. Fix by calling repairToolUseResultPairing after each chunk drop to clean up any orphaned tool_results. This reuses existing battle-tested code from session-transcript-repair.ts. Fixes #9769, #9724, #9672 * fix cron scheduling and reminder delivery regressions (#9733) * fix(cron): prevent timer from allowing process exit (fixes #9694) The cron timer was using .unref(), which caused the Node.js event loop to exit or sleep if no other handles were active. This prevented cron jobs from firing in some environments. * fix(cron): infer delivery target for isolated jobs (fixes #9683) When creating isolated agentTurn jobs (e.g. reminders) without explicit delivery options, the job would default to 'announce' but fail to resolve the target conversation. Now, we infer the channel and recipient from the agent's current session key. * fix(cron): enhance delivery inference for threaded sessions and null inputs (#9733) Improves the delivery inference logic in the cron tool to correctly handle threaded session keys and cases where delivery is explicitly set to null. This ensures that the appropriate delivery mode and target are inferred based on the agent's session key, enhancing the reliability of job execution. * fix: preserve telegram topic delivery inference (#9733) (thanks @tyler6204) * fix: simplify cron delivery merge spread (#9733) (thanks @tyler6204) * chore: add agent credentials to gitignore (#9874) Protect sensitive files from accidental commit: - memory/ (moltbook credentials, session data) - .agent/*.json (agent config, moltbook.json) Workflows in .agent/workflows/ remain tracked. Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Docs: escape hash symbol in help channel names in issue template (#9695) * feat(skills): add QR code skill (#8817) feat(skills): add QR code generation and reading skill Adds qr-code skill with: - qr_generate.py - Generate QR codes with customizable size/error correction - qr_read.py - Decode QR codes from images - SKILL.md documentation Co-authored-by: Omar-Khaleel * chore(agentsmd): add tsgo command to AGENTS.md (#9894) Add `pnpm tsgo` command to AGENTS.md development reference Co-authored-by: vincentkoc <vincentkoc@users.noreply.github.com> * fix(runtime): bump minimum Node.js version to 22.12.0 (#5370) * fix(runtime): bump minimum Node.js version to 22.12.0 Aligns the runtime guard with the declared package.json engines requirement. The Matrix plugin (and potentially others) requires Node >= 22.12.0, but the runtime guard previously allowed 22.0.0+. This caused confusing errors like 'Cannot find module @vector-im/matrix-bot-sdk' when the real issue was an unsupported Node version. - Update MIN_NODE from 22.0.0 to 22.12.0 - Update error message to reflect the correct version - Update tests to use 22.12.0 as the minimum valid version Fixes #5292 * fix: update test versions to match MIN_NODE=22.12.0 --------- Co-authored-by: Markus Glucksberg <markus@glucksberg.com> * fix: clear stale token metrics on /new and /reset (#8929) When starting a new session via /new or /reset, the token usage fields (totalTokens, inputTokens, outputTokens, contextTokens) survived from the previous session via the spread pattern in session init. This caused /status to display misleading context usage from the old session. Clear all four token metrics explicitly in the isNewSession block, alongside the existing compactionCount reset. Also add diagnostic logging for session forking via ParentSessionKey to help trace context inheritance. * chore: apply local workspace updates (#9911) * chore: apply local workspace updates * fix: resolve prep findings after rebase (#9898) (thanks @gumadeiras) * refactor: centralize model allowlist normalization (#9898) (thanks @gumadeiras) * fix: guard model allowlist initialization (#9911) * docs: update changelog scope for #9911 * docs: remove model names from changelog entry (#9911) * fix: satisfy type-aware lint in model allowlist (#9911) * fix: allow multiple compaction retries on context overflow (#8928) Previously, overflowCompactionAttempted was a boolean flag set once, preventing recovery when a single compaction wasn't enough. Change to a counter allowing up to 3 attempts before giving up. Also add diagnostic logging on overflow events to help debug early-overflow issues. Fixes sessions that hit context overflow during long agentic turns with many tool calls, where one compaction round isn't sufficient to bring context below limits. * fix(errors): show clear billing error instead of cryptic API response (#8391) * fix(errors): return clear billing error message instead of cryptic raw error (#8136) When an LLM API provider returns a credit/billing-related error (HTTP 402, insufficient credits, low balance, etc.), OpenClaw now shows a clear, actionable message instead of passing through the raw/cryptic error text: ⚠️ API provider returned a billing error — your API key has run out of credits or has an insufficient balance. Check your provider's billing dashboard and top up or switch to a different API key. Changes: - formatAssistantErrorText: detect billing errors via isBillingErrorMessage() and return a user-friendly message (placed before the generic HTTP/JSON error fallthrough) - sanitizeUserFacingText: same billing detection for the sanitization path - pi-embedded-runner/run.ts: add billingFailure detection in the profile exhaustion fallback, so the FailoverError message is billing-specific - Added 3 new tests for credit balance, HTTP 402, and insufficient credits * fix: extract billing error message to shared constant * Revert "feat(skills): add QR code skill (#8817)" This reverts commit ad13c265ba1fd22dadfe30325ed998d9a3d95e5c. * docs: improve DM security guidance with concrete example Add a more prominent security warning for multi-user DM setups: - Add blockquote security warning about context leakage - Include concrete example showing the privacy risk - Add "When to enable this" checklist - Clarify that default is fine for single-user setups Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: tighten secure DM example * docs: note secure DM guidance update (#9377) (thanks @Shrinija17) * Agents: bump pi-mono to 0.52.5 (#9949) * Agents: bump pi-mono to 0.52.5 * Changelog: add PR reference for pi bump * docs: restructure Get Started tab and improve onboarding flow (#9950) * docs: restructure Get Started tab and improve onboarding flow - Flatten nested Onboarding group into linear First Steps flow - Add 'What is OpenClaw?' narrative section to landing page - Split wizard.md into streamlined overview + full reference (reference/wizard.md) - Move Pairing to Channels > Configuration - Move Bootstrapping to Agents > Fundamentals - Move macOS app onboarding to Platforms > macOS companion app - Move Lore to Help > Community - Remove duplicate install instructions from openclaw.md - Mirror navigation changes in zh-CN tabs - No content deleted — all detail preserved or relocated * docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths - Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render, northflank) from platforms/ and root to install/ - Add 'Hosting and deployment' group to Install tab - Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access' - Swap Platforms tab before Gateway & Ops to fix path-prefix routing - Move macOS app onboarding into First steps (parallel to CLI wizard) - Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App' - Add redirects for all moved paths - Update all internal links (en + zh-CN) - Fix img tag syntax in onboarding.md * fix(telegram): accept messages from group members in allowlisted groups (#9775) * fix(telegram): accept messages from group members in allowlisted groups Issue #4559: Telegram bot was silently dropping messages from non-paired users in allowlisted group chats due to overly strict sender filtering. The fix adds a check to distinguish between: 1. Group itself is allowlisted → accept messages from any member 2. Group is NOT allowlisted → only accept from allowlisted senders Changes: - Check if group ID is in the allowlist (or allowlist is wildcard) - Only reject sender if they're not in allowlist AND group is not allowlisted - Improved logging to indicate the actual reason for rejection This preserves security controls while fixing the UX issue where group members couldn't participate unless individually allowlisted. Backwards compatible: existing allowlists continue to work as before. * style: format telegram fix for oxfmt compliance * refactor(telegram): clarify group allowlist semantics in fix for #4559 Changes: - Rename 'isGroupInAllowlist' to 'isGroupChatIdInAllowlist' for clarity - Expand comments to explain the semantic distinction: * Group chat ID in allowlist -> accept any group member (fixes #4559) * Group chat ID NOT in allowlist -> enforce sender allowlist (preserves security) - This addresses concerns about config semantics raised in code review The fix maintains backward compatibility: - 'groupAllowFrom' with group chat IDs now correctly acts as group enablement - 'groupAllowFrom' with sender IDs continues to work as sender allowlist - Operators should use group chat IDs for group enablement, sender IDs for sender control Note: If operators were using 'groupAllowFrom' with group IDs expecting sender-level filtering, they should migrate to a separate sender allowlist config. This is the intended behavior per issue #4559. * Telegram: allow per-group groupPolicy overrides * Telegram: support per-group groupPolicy overrides (#9775) (thanks @nicolasstanley) --------- Co-authored-by: George Pickett <gpickett00@gmail.com> * chore: remove tracked .DS_Store files * Fix: Enable scrolling on the dashboard config page (#1822) * Fix: Enable scrolling in dashboard * Fix: Enable scrolling in dashboard * Fix: Enable scrolling in dashboard * feat: add xAI Grok provider support * fix(onboard): align xAI default model to grok-4 * chore: changelog for xAI onboarding (#9885) (thanks @grp06) * fix(cron): prevent recomputeNextRuns from skipping due jobs in onTimer (#9823) * fix(cron): prevent recomputeNextRuns from skipping due jobs in onTimer ensureLoaded(forceReload) called recomputeNextRuns before runDueJobs, which recalculated nextRunAtMs to a strictly future time. Since setTimeout always fires a few ms late, the due check (now >= nextRunAtMs) always failed and every/cron jobs never executed. Fixes #9788. * docs: add changelog entry for cron timer race fix (#9823) (thanks @pycckuu) --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * fix(cron): re-arm timer in finally to survive transient errors (#9948) * fix(cron): handle legacy atMs field in schedule when computing next run (#9932) * fix(cron): handle legacy atMs field in schedule when computing next run The cron scheduler only checked for `schedule.at` (string) but legacy jobs may have `schedule.atMs` (number) from before the schema migration. This caused nextRunAtMs to stay null because: 1. Store migration runs on load but may not persist immediately 2. Race conditions or file mtime issues can skip migration 3. computeJobNextRunAtMs/computeNextRunAtMs only checked `at`, not `atMs` Fix: Make both functions defensive by checking `atMs` first (number), then `atMs` (string, for edge cases), then falling back to `at` (string). This ensures jobs fire correctly even if: - Migration hasn't run yet - Old data was written by a previous version - The store was manually edited Fixes #9930 * fix: validate numeric atMs to prevent NaN/Infinity propagation Addresses review feedback - numeric atMs values are now validated with Number.isFinite() && atMs > 0 before use. This prevents corrupted or manually edited stores from causing hot timer loops via setTimeout(..., NaN). * fix(exec-approvals): coerce bare string allowlist entries to objects (#9790) * fix(exec-approvals): coerce bare string allowlist entries (#9903) (thanks @mcaxtr) * security: add skill/plugin code safety scanner (#9806) * security: add skill/plugin code safety scanner module * security: integrate skill scanner into security audit * security: add pre-install code safety scan for plugins * style: fix curly brace lint errors in skill-scanner.ts * docs: add changelog entry for skill code safety scanner * style: append ellipsis to truncated evidence strings * fix(security): harden plugin code safety scanning * fix: scan skills on install and report code-safety details * fix: dedupe audit-extra import * fix(security): make code safety scan failures observable * fix(test): stabilize smoke + gateway timeouts (#9806) (thanks @abdelsfane) --------- Co-authored-by: Darshil <ddhameliya@mail.sfsu.edu> Co-authored-by: Darshil <81693876+dvrshil@users.noreply.github.com> Co-authored-by: George Pickett <gpickett00@gmail.com> * Thinking: accept extra-high alias and sync Codex FAQ wording * Changelog: note #9976 thinking alias + Codex 5.3 docs sync * fix: normalize xhigh aliases and docs sync (#9976) * fix(agents): skip tool extraction for aborted/errored assistant messages (#4598) Fixes tool call/tool_result pairing issues that cause permanent session corruption when assistant messages have stopReason "error" or "aborted". Includes 4 unit tests. * fix(cron): handle undefined sessionTarget in list output (#9649) (#9752) * fix(cron): handle undefined sessionTarget in list output (#9649) When sessionTarget is undefined, pad() would crash with 'Cannot read properties of undefined (reading trim)'. Use '-' as fallback value. * test(cron): add regression test for undefined sessionTarget (#9649) Verifies that printCronList handles jobs with undefined sessionTarget without crashing. Test fails on main branch, passes with the fix. * fix: use correct CronSchedule format in tests (#9752) (thanks @lailoo) Tests were using { kind: 'at', atMs: number } but the CronSchedule type requires { kind: 'at', at: string } where 'at' is an ISO date string. --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * chore: Update deps. * Model: add strict gpt-5.3-codex fallback for OpenAI Codex (fixes #9989) (#9995) * Model: allow forward-compatible OpenAI Codex GPT-5 IDs * Model: scope Codex fallback to gpt-5.3-codex * fix: reorder codex fallback before providerCfg, add ordering test, changelog (#9989) (thanks @w1kke) --------- Co-authored-by: Robin <4robinlehmann@gmail.com> * fix(nextcloud-talk): sign message text instead of JSON body (#2092) Nextcloud Talk's ChecksumVerificationService verifies HMAC against the extracted message/reaction text, not the full JSON body. This fixes 401 authentication errors when sending messages via the bot API. - sendMessageNextcloudTalk: sign 'message' text only - sendReactionNextcloudTalk: sign 'reaction' string only * fix(slack): add mention stripPatterns for /new and /reset commands (#9971) * fix(slack): add mention stripPatterns for /new and /reset commands Fixes #9937 The Slack dock was missing mentions.stripPatterns that Discord has. This caused /new and /reset to fail when sent with a mention (e.g. @bot /reset) because <@USERID> wasn't stripped before matching. * fix(slack): strip mentions for /new and /reset (#9971) (thanks @ironbyte-rgb) --------- Co-authored-by: ironbyte-rgb <amontaboi76@gmail.com> Co-authored-by: George Pickett <gpickett00@gmail.com> * feat(feishu): replace built-in SDK with community plugin Replace the built-in Feishu SDK with the community-maintained clawdbot-feishu plugin by @m1heng. Changes: - Remove src/feishu/ directory (19 files) - Remove src/channels/plugins/outbound/feishu.ts - Remove src/channels/plugins/normalize/feishu.ts - Remove src/config/types.feishu.ts - Remove feishu exports from plugin-sdk/index.ts - Remove FeishuConfig from types.channels.ts New features in community plugin: - Document tools (read/create/edit Feishu docs) - Wiki tools (navigate/manage knowledge base) - Drive tools (folder/file management) - Bitable tools (read/write table records) - Permission tools (collaborator management) - Emoji reactions support - Typing indicators - Rich media support (bidirectional image/file transfer) - @mention handling - Skills for feishu-doc, feishu-wiki, feishu-drive, feishu-perm Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(feishu): add targeted eslint-disable comments for SDK integration Add line-specific eslint-disable-next-line comments for SDK type casts and union type issues, rather than file-level disables. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(feishu): fix webhook mode silent exit and receive_id_type default - monitor.ts: throw error for webhook mode instead of silently returning, so gateway properly marks channel as failed - targets.ts: default receive_id_type to "user_id" instead of "open_id" for non-prefixed IDs, fixing message delivery for enterprise user IDs Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: update pnpm-lock.yaml for feishu extension deps Add lockfile entries for: - @larksuiteoapi/node-sdk@^1.56.1 - @sinclair/typebox@0.34.47 - zod@^4.3.6 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(feishu): sync with clawdbot-feishu #137 (multi-account support) - Sync latest changes from clawdbot-feishu including multi-account support - Add eslint-disable comments for SDK-related any types - Remove unused imports - Fix no-floating-promises in monitor.ts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * security: redact credentials from config.get gateway responses (#9858) * security: add skill/plugin code safety scanner module * security: integrate skill scanner into security audit * security: add pre-install code safety scan for plugins * style: fix curly brace lint errors in skill-scanner.ts * docs: add changelog entry for skill code safety scanner * security: redact credentials from config.get gateway responses The config.get gateway method returned the full config snapshot including channel credentials (Discord tokens, Slack botToken/appToken, Telegram botToken, Feishu appSecret, etc.), model provider API keys, and gateway auth tokens in plaintext. Any WebSocket client—including the unauthenticated Control UI when dangerouslyDisableDeviceAuth is set—could read every secret. This adds redactConfigSnapshot() which: - Deep-walks the config object and masks any field whose key matches token, password, secret, or apiKey patterns - Uses the existing redactSensitiveText() to scrub the raw JSON5 source - Preserves the hash for change detection - Includes 15 test cases covering all channel types * security: make gateway config writes return redacted values * test: disable control UI by default in gateway server tests * fix: redact credentials in gateway config APIs (#9858) (thanks @abdelsfane) --------- Co-authored-by: George Pickett <gpickett00@gmail.com> * fix: release session locks on process termination (#1962) Adds cleanup handlers to release held file locks when the process terminates via SIGTERM, SIGINT, or normal exit. This prevents orphaned lock files that would block future sessions. Fixes #1951 * fix(ollama): add streaming config and fix OLLAMA_API_KEY env var support (#9870) * fix(ollama): add streaming config and fix OLLAMA_API_KEY env var support Adds configurable streaming parameter to model configuration and sets streaming to false by default for Ollama models. This addresses the corrupted response issue caused by upstream SDK bug badlogic/pi-mono#1205 where interleaved content/reasoning deltas in streaming responses cause garbled output. Changes: - Add streaming param to AgentModelEntryConfig type - Set streaming: false default for Ollama models - Add OLLAMA_API_KEY to envMap (was missing, preventing env var auth) - Document streaming configuration in Ollama provider docs - Add tests for Ollama model configuration Users can now configure streaming per-model and Ollama authentication via OLLAMA_API_KEY environment variable works correctly. Fixes #8839 Related: badlogic/pi-mono#1205 * docs(ollama): use gpt-oss:20b as primary example Updates documentation to use gpt-oss:20b as the primary example model since it supports tool calling. The model examples now show: - gpt-oss:20b as the primary recommended model (tool-capable) - llama3.3 and qwen2.5-coder:32b as additional options This provides users with a clear, working example that supports OpenClaw's tool calling features. * chore: remove unused vi import from ollama test * fix: untrack dist/control-ui build artifacts (#1856) The dist/control-ui/ files were committed before the dist/ gitignore rule was effective. These build artifacts get regenerated during builds, causing dirty repo errors that block the auto-update mechanism. Removes the files from git tracking while keeping them locally and respecting the existing dist/ gitignore entry. Fixes #1838 Co-authored-by: Claude <noreply@anthropic.com> * add PR review workflow templates * fix: wire onToolResult callback for verbose tool summaries (#2022) HOTFIX: Tool summaries were not being sent to chat channels when verbose mode was enabled. The onToolResult callback was defined in the types but never wired up in dispatch-from-config.ts. This adds the missing callback alongside onBlockReply, using the same dispatcher.sendBlockReply() path to deliver tool summaries to WhatsApp, Telegram, and other chat channels. Fixes verbose tool summaries not appearing in WhatsApp despite /verbose on. * fix: Gateway canvas host bypasses auth and serves files unauthenticated * fix(gateway): require auth for canvas host and a2ui assets (#9518) (thanks @coygeek) * Add proper `onToolResult` fallback. * chore: Add VS Code defaults and extensions so that Oxlint/Oxfmt work automatically. * fix(docs): correct OpenCode Zen description in code comment (#9998) * fix(docs): correct OpenCode Zen description in code comment OpenCode Zen is a pay-as-you-go token-based API, not a $200/month subscription. The subscription tiers ($20/$100/$200) are OpenCode Black, a separate product. This fixes the misleading comment that conflated Zen with Black. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: align OpenCode Zen billing copy (#9998) (thanks @therealZpoint-bot) --------- Co-authored-by: Claude <claude@archibald.local> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix: `onToolResult` fallback is not expected. * fix: Do not `process.exit(0)` in the middle of a test. * chore: Fix audit test on Windows. * Cap sessions_history payloads to prevent context overflow (#10000) * Cap sessions_history payloads to prevent context overflow * fix: harden sessions_history payload caps * fix: cap sessions_history payloads to prevent context overflow (#10000) (thanks @gut-puncture) --------- Co-authored-by: Shailesh Rana <shaileshrana@ShaileshMM.local> Co-authored-by: George Pickett <gpickett00@gmail.com> * Chore: Update memory.md with current default workspace path (#9559) Removed 'clawd' workspace reference - updated with current default workspace path of '~/.openclaw/workspace' * fix: silence unused hook token url param (#9436) * fix: Gateway authentication token exposed in URL query parameters * fix: silence unused hook token url param * fix: remove gateway auth tokens from URLs (#9436) (thanks @coygeek) * test: fix Windows path separators in audit test (#9436) --------- Co-authored-by: George Pickett <gpickett00@gmail.com> * docs: add activeHours to heartbeat field notes and examples (#9366) Co-authored-by: unisone <unisone@users.noreply.github.com> * docs: update clawtributors (add @unisone) * chore: run lint step after build during preflight check * fix: add fallback for Control UI asset resolution in global installs * fix: remove dead restore control-ui step from update runner * Web UI: add token usage dashboard (#10072) * feat(ui): Token Usage dashboard with session analytics Adds a comprehensive Token Usage view to the dashboard: Backend: - Extended session-cost-usage.ts with per-session daily breakdown - Added date range filtering (startMs/endMs) to API endpoints - New sessions.usage, sessions.usage.timeseries, sessions.usage.logs endpoints - Cost breakdown by token type (input/output/cache read/write) Frontend: - Two-column layout: Daily chart + breakdown | Sessions list - Interactive daily bar chart with click-to-filter and shift-click range select - Session detail panel with usage timeline, conversation logs, context weight - Filter chips for active day/session selections - Toggle between tokens/cost view modes (default: cost) - Responsive design for smaller screens UX improvements: - 21-day default date range - Debounced date input (400ms) - Session list shows filtered totals when days selected - Context weight breakdown shows skills, tools, files contribution * fix(ui): restore gatewayUrl validation and syncUrlWithSessionKey signature - Restore normalizeGatewayUrl() to validate ws:/wss: protocol - Restore isTopLevelWindow() guard for iframe security - Revert syncUrlWithSessionKey signature (host param was unused) * feat(ui): Token Usage dashboard with session analytics Adds a comprehensive Token Usage view to the dashboard: Backend: - Extended session-cost-usage.ts with per-session daily breakdown - Added date range filtering (startMs/endMs) to API endpoints - New sessions.usage, sessions.usage.timeseries, sessions.usage.logs endpoints - Cost breakdown by token type (input/output/cache read/write) Frontend: - Two-column layout: Daily chart + breakdown | Sessions list - Interactive daily bar chart with click-to-filter and shift-click range select - Session detail panel with usage timeline, conversation logs, context weight - Filter chips for active day/session selections - Toggle between tokens/cost view modes (default: cost) - Responsive design for smaller screens UX improvements: - 21-day default date range - Debounced date input (400ms) - Session list shows filtered totals when days selected - Context weight breakdown shows skills, tools, files contribution * fix: usage dashboard data + cost handling (#8462) (thanks @mcinteerj) * Usage: enrich metrics dashboard * Usage: add latency + model trends * Gateway: improve usage log parsing * UI: add usage query helpers * UI: client-side usage filter + debounce * Build: harden write-cli-compat timing * UI: add conversation log filters * UI: fix usage dashboard lint + state * Web UI: default usage dates to local day * Protocol: sync session usage params (#8462) (thanks @mcinteerj, @TakHoffman) --------- Co-authored-by: Jake McInteer <mcinteerj@gmail.com> * fix: CLI harden update restart imports and fix nested bundle version resolution * Docs: add PR and issue submission guides (#10150) * Docs: add PR and issue submission guides * Docs: fix LLM-assisted wording * Update: harden control UI asset handling in update flow (#10146) * Update: harden control UI asset handling in update flow * fix: harden update doctor entrypoint guard (#10146) (thanks @gumadeiras) * Support ERNIE-5.0-Thinking-Preview * Resolve conflicts * Fix conflicts * Docs: sharpen Install tab to stop duplicating Getting Started (#10416) * docs(install): reframe install overview to stop duplicating getting started * docs(install): link default installer row to getting started, not internals * docs(install): use Mintlify components for install overview * docs(install): fix card grid layout with CardGroup * docs(install): platform tabs for global install, npm/pnpm as accordion * docs(install): add PowerShell no-onboard alternative * docs(install): add repo link to from-source clone step * docs(install): capitalize OpenClaw in repo link * docs(install): add pnpm link --global to from-source steps * docs(install): rewrite install overview for clarity and flow * docs(install): use tooltip for Windows WSL2 recommendation * docs(install): use Note box for Windows WSL2 recommendation * docs(install): group install methods under single heading * docs(install): standardize tab labels across installer sections * docs(install): rewrite Node.js page with install instructions and better structure * docs(install): clarify Node.js page intro * docs(install): scope auto-install note to installer script, link Node page * docs(install): fix installer script link to internals page * docs: rename Install methods nav group to Other install methods * docs(install): link to on-page anchor, use Tip box for recommended * docs(install): wrap install methods in AccordionGroup with Tip box * docs: move Node.js page from Install to Help > Environment and debugging * docs(install): add complete flags and env vars reference to installer internals * docs(install): use stable troubleshooting anchor for Node.js link * docs(install): fix Node page installer anchor * docs(install): fix broken installer script anchor in requirements note * feat: add markdownlint configuration for documentation formatting and linting * docs: linting * docs(markdownlint): enable autofixable rules and normalize links * revert(docs): undo markdownlint autofix churn * Docs: enable markdownlint autofixables except list numbering (#10476) * docs(markdownlint): enable autofixable rules except list numbering * docs(zalo): fix malformed bot platform link * Docs: revamp installer internals for readability and accuracy (#10499) * docs(install): revamp installer internals for readability and accuracy Restructure the installer internals page with better flow and Mintlify components (CardGroup, Steps, Tabs, AccordionGroup). All flags, env vars, and behavioral descriptions cross-checked against install.sh, install-cli.sh, and install.ps1 source code. - Add CardGroup chooser and Quick Commands section at top - Organize each script into consistent Flow → Examples → Reference pattern - Move flags/env var tables into collapsible Accordions - Consolidate troubleshooting into AccordionGroup at bottom - Add missing flags (--version, --beta, --verbose, --help, etc.) - Add missing env vars (OPENCLAW_VERSION, OPENCLAW_BETA, etc.) - Document install-cli.sh fully (was one paragraph) - Fix non-interactive checkout detection behavior (defaults to npm) - Use --proto/--tlsv1.2 in curl examples to match script usage - No content deleted; all original info preserved or relocated * fix(docs): correct in-page anchor hrefs for installer cards * docs(install): replace CardGroup with table for installer overview * Docs: add PR sign-off template (#10561) * fix: guard resolveUserPath against undefined input (#10176) * fix: guard resolveUserPath against undefined input When subagent spawner omits workspaceDir, resolveUserPath receives undefined and crashes on .trim(). Add a falsy guard that falls back to process.cwd(), matching the behavior callers already expect. Closes #10089 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden runner workspace fallback (#10176) (thanks @Yida-Dev) * fix: harden workspace fallback scoping (#10176) (thanks @Yida-Dev) * refactor: centralize workspace fallback classification and redaction (#10176) (thanks @Yida-Dev) * test: remove explicit any from utils mock (#10176) (thanks @Yida-Dev) * security: reject malformed agent session keys for workspace resolution (#10176) (thanks @Yida-Dev) --------- Co-authored-by: Yida-Dev <reyifeijun@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Docs: revise PR and issue submission guides (#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide * feat(memory): native Voyage AI support (#7078) * feat(memory): add native Voyage AI embedding support with batching Cherry-picked from PR #2519, resolved conflict in memory-search.ts (hasRemote -> hasRemoteConfig rename + added voyage provider) * fix(memory): optimize voyage batch memory usage with streaming and deduplicate code Cherry-picked from PR #2519. Fixed lint error: changed this.runWithConcurrency to use imported runWithConcurrency function after extraction to internal.ts * feat(memory): document Voyage embeddings + VOYAGE_API_KEY (#7078) (thanks @mcinteerj) (#10699) * feat(antigravity): update default model to Claude Opus 4.6 (#10720) * feat(antigravity): update default model to Claude Opus 4.6 Claude Opus 4.5 has been replaced by Claude Opus 4.6 on the Antigravity (Google Cloud Code Assist) platform. - Update DEFAULT_MODEL in google-antigravity-auth extension - Update testing docs to reference the new model * fix: update remaining antigravity opus 4.5 refs in zh-CN docs and tests Address review comments from Greptile: - Update zh-CN/testing.md antigravity model references - Update pi-tools-agent-config.test.ts model IDs * Antigravity: default OAuth model to Opus 4.6 (#10720) (thanks @calvin-hpnet) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(hooks): replace debug console.log with proper subsystem logging in session-memory (#10730) * fix: replace debug console.log with proper subsystem logging in session-memory * fix(hooks): normalize session-memory subsystem logging --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * docs(changelog): prepare 2026.2.6 * docs(changelog): include merged PRs since v2026.2.3 * chore(release): bump version to 2026.2.6 * fix(telegram): cast fetch for grammY ApiClientOptions * docs: fix markdownlint fragments + headings * docs(changelog): refresh 2026.2.6 since v2026.2.3 * docs(imessage): add macOS TCC troubleshooting * docs(imessage): improve macOS TCC troubleshooting guidance (#10781) * chore(deps): update deps * fix(agents): add Opus 4.6 forward-compat fallback * chore(deps): bump carbon beta * docs(changelog): curate 2026.2.6 * docs(changelog): highlight Opus 4.6 + Codex 5.3 first * Fix QMD CLI installation link in memory.md (#8647) Correct the installation link for the QMD CLI in the documentation. * chore(lockfile): fix pnpm-lock * fix: cron scheduler reliability, store hardening, and UX improvements (#10776) * refactor: update cron job wake mode and run mode handling - Changed default wake mode from 'next-heartbeat' to 'now' in CronJobEditor and related CLI commands. - Updated cron-tool tests to reflect changes in run mode, introducing 'due' and 'force' options. - Enhanced cron-tool logic to handle new run modes and ensure compatibility with existing job structures. - Added new tests for delivery plan consistency and job execution behavior under various conditions. - Improved normalization functions to handle wake mode and session target casing. This refactor aims to streamline cron job configurations and enhance the overall user experience with clearer defaults and improved functionality. * test: enhance cron job functionality and UI - Added tests to ensure the isolated agent correctly announces the final payload text when delivering messages via Telegram. - Implemented a new function to pick the last deliverable payload from a list of delivery payloads. - Enhanced the cron service to maintain legacy "every" jobs while minute cron jobs recompute schedules. - Updated the cron store migration tests to verify the addition of anchorMs to legacy every schedules. - Improved the UI for displaying cron job details, including job state and delivery information, with new styles and layout adjustments. These changes aim to improve the reliability and user experience of the cron job system. * test: enhance sessions thinking level handling - Added tests to verify that the correct thinking levels are applied during session spawning. - Updated the sessions-spawn-tool to include a new parameter for overriding thinking levels. - Enhanced the UI to support additional thinking levels, including "xhigh" and "full", and improved the handling of current options in dropdowns. These changes aim to improve the flexibility and accuracy of thinking level configurations in session management. * feat: enhance session management and cron job functionality - Introduced passthrough arguments in the test-parallel script to allow for flexible command-line options. - Updated session handling to hide cron run alias session keys from the sessions list, improving clarity. - Enhanced the cron service to accurately record job start times and durations, ensuring better tracking of job execution. - Added tests to verify the correct behavior of the cron service under various conditions, including zero-delay timers. These changes aim to improve the usability and reliability of session and cron job management. * feat: implement job running state checks in cron service - Added functionality to prevent manual job runs if a job is already in progress, enhancing job management. - Updated the `isJobDue` function to include checks for running jobs, ensuring accurate scheduling. - Enhanced the `run` function to return a specific reason when a job is already running. - Introduced a new test case to verify the behavior of forced manual runs during active job execution. These changes aim to improve the reliability and clarity of cron job execution and management. * feat: add session ID and key to CronRunLogEntry model - Introduced `sessionid` and `sessionkey` properties to the `CronRunLogEntry` struct for enhanced tracking of session-related information. - Updated the initializer and Codable conformance to accommodate the new properties, ensuring proper serialization and deserialization. These changes aim to improve the granularity of logging and session management within the cron job system. * fix: improve session display name resolution - Updated the `resolveSessionDisplayName` function to ensure that both label and displayName are trimmed and default to an empty string if not present. - Enhanced the logic to prevent returning the key if it matches the label or displayName, improving clarity in session naming. These changes aim to enhance the accuracy and usability of session display names in the UI. * perf: skip cron store persist when idle timer tick produces no changes recomputeNextRuns now returns a boolean indicating whether any job state was mutated. The idle path in onTimer only persists when the return value is true, eliminating unnecessary file writes every 60s for far-future or idle schedules. * fix: prep for merge - explicit delivery mode migration, docs + changelog (#10776) (thanks @tyler6204) * Docs: fix broken /plugins links (#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix(build): unblock pnpm build dts * Fix repository links in formal-verification.md (#10200) Updated repository links for formal verification models. * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (#9119) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval (#10818) * fix(memory): add input_type to Voyage AI embeddings for improved retrieval Voyage AI recommends passing input_type='document' when indexing and input_type='query' when searching. This improves retrieval quality by optimising the embedding space for each direction. Changes: - embedQuery now passes input_type: 'query' - embedBatch now passes input_type: 'document' - Batch API request_params includes input_type: 'document' - Tests updated to verify input_type is passed correctly * Changelog: note Voyage embeddings input_type fix (#10818) (thanks @mcinteerj) --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix(dashboard): restore tokenized control ui links * chore(skills): remove bird skill * chore(onboard): move xAI up in auth list * chore(release): 2026.2.6-1 * chore(onboard): move xAI below Google * ci: add concurrency controls, consolidate macOS jobs, optimize Windows CI * ci: re-enable parallel vitest on Windows CI * docs(changelog): note CI pipeline optimization (#10784) (thanks @mcaxtr) * fix(build): support daemon-cli .mjs bundles in compat shim * fix(docker): support .mjs entrypoints in images and e2e * test(hooks): stabilize session-memory hook tests * chore(release): 2026.2.6-2 * chore(onboard): reorder xAI + Qianfan providers * chore(release): 2026.2.6-3 * fix: comprehensive BlueBubbles and channel cleanup (#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (#7402) * fix(security): add timeout to webhook body reading (#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (#6762) * fix: prevent plugins from auto-enabling without user consent (#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes #3932. * fix: apply hierarchical mediaMaxMb config to all channels (#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes #7847. * fix(bluebubbles): sanitize attachment filenames against header injection (#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR #10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (#6023) * docs: add symptom-first troubleshooting hub and deep runbooks (#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes #7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * Agents: include runtime shell (#1835) * Agents: include runtime shell * Agents: fix compact runtime build * chore: fix CLAUDE.md formatting, security regex for secret --------- Co-authored-by: Tak hoffman <takayukihoffman@gmail.com> Co-authored-by: quotentiroler <max.nussbaumer@maxhealth.tech> * Web UI: show Compaction divider in chat history (#11341) * adding PR review workflow * added more explicit instructions * docs: canonicalize docs paths and align zh navigation (#11428) * docs(navigation): canonicalize paths and align zh nav * chore(docs): remove stray .DS_Store * docs(scripts): add non-mint docs link audit * docs(nav): fix zh source paths and preserve legacy redirects (#11428) (thanks @sebslight) * chore(docs): satisfy lint for docs link audit script (#11428) (thanks @sebslight) * chore: bump pi to 0.52.8 * Fix typo in FAQ regarding model configuration command (#6048) * CI: skip heavy jobs on docs-only changes (#11328) * fix: add .caf to AUDIO_FILE_EXTENSIONS (#10982) * fix: add .caf to AUDIO_FILE_EXTENSIONS for iMessage voice messages * fix: add caf audio extension regression coverage (#10982) (thanks @succ985) --------- Co-authored-by: succ985 <succ985@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * Gateway: fix multi-agent sessions.usage discovery (#11523) * Gateway: fix multi-agent sessions.usage discovery * Gateway: resolve sessions.usage keys via sessionId * feat(gateway): add agents.create/update/delete methods (#11045) * feat(gateway): add agents.create/update/delete methods * fix(lint): preserve memory-lancedb load error cause * feat(gateway): trash agent files on agents.delete * chore(protocol): regenerate Swift gateway models * fix(gateway): stabilize agents.create dirs and agentDir * feat(gateway): support avatar in agents.create * fix: prep agents.create/update/delete handlers (#11045) (thanks @advaitpaliwal) - Reuse movePathToTrash from browser/trash.ts (has ~/.Trash fallback on non-macOS) - Fix partial-failure: workspace setup now runs before config write - Always write Name to IDENTITY.md regardless of emoji/avatar - Add unit tests for agents.create, agents.update, agents.delete - Add CHANGELOG entry --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> * feat(sanitize): enhance context overflow error handling in user-facing text - Added tests to ensure proper sanitization of context overflow errors. - Introduced a new function to determine when to rewrite context overflow messages. - Updated the sanitization logic to improve user experience by providing clearer error messages while preserving conversational context. * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (#11448) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes #11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> * fix: recover from context overflow caused by oversized tool results (#11579) * fix: gracefully handle oversized tool results causing context overflow When a subagent reads a very large file or gets a huge tool result (e.g., gh pr diff on a massive PR), it can exceed the model's context window in a single prompt. Auto-compaction can't help because there's no older history to compact — just one giant tool result. This adds two layers of defense: 1. Pre-emptive: Hard cap on tool result size (400K chars ≈ 100K tokens) applied in the session tool result guard before persistence. This prevents extremely large tool results from being stored in full, regardless of model context window size. 2. Recovery: When context overflow is detected and compaction fails, scan session messages for oversized tool results relative to the model's actual context window (30% max share). If found, truncate them in the session via branching (creating a new branch with truncated content) and retry the prompt. The truncation preserves the beginning of the content (most useful for understanding what was read) and appends a notice explaining the truncation and suggesting offset/limit parameters for targeted reads. Includes comprehensive tests for: - Text truncation with newline-boundary awareness - Context-window-proportional size calculation - In-memory message truncation - Oversized detection heuristics - Guard-level size capping during persistence * fix: prep fixes for tool result truncation PR (#11579) (thanks @tyler6204) * Memory: harden QMD startup, timeouts, and fallback recovery * Memory: queue forced QMD sync and handle sqlite busy reads * Memory: chain forced QMD queue and fail over on busy index * Memory: make QMD cache eviction callback idempotent * Memory: add SQLITE_BUSY fallback regression test * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. * Tests: harden flake hotspots and consolidate provider-auth suites (#11598) * Tests: harden flake hotspots and consolidate provider-auth suites * Tests: restore env vars by deleting missing snapshot values * Tests: use real newline in memory summary filter case * Tests(memory): use fake timers for qmd timeout coverage * Changelog: add tests hardening entry for #11598 * docs: clarify onboarding instructions for beginners (#10956) * chore: updated PR review skills and workflow info on tests + fake timers * Fix Nix repository link in README (#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> * Docs: fix cron.update param name id → jobId (#11365) (#11467) * Docs: fix cron.update param name id → jobId (#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (#4824) * fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas device-identity.ts and canvas-host/server.ts used hardcoded path.join(os.homedir(), '.openclaw', ...) ignoring OPENCLAW_STATE_DIR env var and the resolveStateDir() logic from config/paths.ts. This caused ~/.openclaw/identity and ~/.openclaw/canvas directories to be created even when state dir was overridden or resided elsewhere. * fix: format and remove duplicate imports * fix: scope state-dir patch + add regression tests (#4824) (thanks @kossoy) * fix: align state-dir fallbacks in hooks and agent paths (#4824) (thanks @kossoy) --------- Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> * fix(cron): share isolated announce flow + harden cron scheduling/delivery (#11641) * fix(cron): comprehensive cron scheduling and delivery fixes - Fix delivery target resolution for isolated agent cron jobs - Improve schedule parsing and validation - Add job retry logic and error handling - Enhance cron ops with better state management - Add timer improvements for more reliable cron execution - Add cron event type to protocol schema - Support cron events in heartbeat runner (skip empty-heartbeat check, use dedicated CRON_EVENT_PROMPT for relay) * fix: remove cron debug test and add changelog/docs notes (#11641) (thanks @tyler6204) * fix: context overflow compaction and subagent announce improvements (#11664) (thanks @tyler6204) * initial commit * feat: implement deriveSessionTotalTokens function and update usage tests * Added deriveSessionTotalTokens function to calculate total tokens based on usage and context tokens. * Updated usage tests to include cases for derived session total tokens. * Refactored session usage calculations in multiple files to utilize the new function for improved accuracy. * fix: restore overflow truncation fallback + changelog/test hardening (#11551) (thanks @tyler6204) * fix(ui): smooth chat refresh scroll and suppress new-messages badge flash * fix(discord): support forum channel thread-create (#10062) * fix(discord): support forum channel thread-create * fix: harden discord forum thread-create (#10062) (thanks @jarvis89757) --------- Co-authored-by: Shakker <shakkerdroid@gmail.com> * feat(telegram): add spoiler tag support (#11543) * feat(telegram): add spoiler tag support Render markdown ||spoiler|| syntax as <tg-spoiler> tags in Telegram HTML output. The markdown IR already parses spoiler syntax, but the Telegram renderer was missing the style marker. This adds the spoiler marker to renderTel…

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>

* docs: update changelog for mention patterns (#3303) (thanks @HirokiKobayashi-R) (cherry picked from commit 16a5549ec0b64528f6513627512abafdabe41e39) * chore: update clawtributors (add @HirokiKobayashi-R) (cherry picked from commit 34291321b4fa2b5aea5e12e93cab2cf15cc94cb9) * docs(changelog): rewrite 2026.1.29 notes (cherry picked from commit 51520601210380db154393179ecdb004fd4c23e7) # Conflicts: # CHANGELOG.md * chore: update clawtributors (cherry picked from commit c9fe062824cabdf919cfbedc1b915375b5e684d1) * docs: move deepwiki link (cherry picked from commit bf6ec64fd9ca20a6a7f78465e404f397d8c7863d) # Conflicts: # README.md * Add files via upload (cherry picked from commit ddad65588f709ae7375b6292f1f27146e01f026f) * Update README with responsive logo for dark mode (cherry picked from commit 4de0bae45a29ddbe419325f64ee369ab00b546d3) # Conflicts: # README.md * Update logo and contributor name in docs Replaced the static image with a responsive logo using the <picture> element for light/dark mode support. Updated contributor name from 'Clawd' to 'Molty'. (cherry picked from commit 12e8a8410fc0be2229f2193551d1ac5f1a2a2ee6) # Conflicts: # docs/index.md * docs: reorder 2026.1.29 changelog (cherry picked from commit 23c424899c4669caff57b18b9be3a9c2f3f13a99) # Conflicts: # CHANGELOG.md * chore: release 2026.1.29 (cherry picked from commit 62e4ad23d3f6cb11ea779df76f10b5597b784402) # Conflicts: # docs/index.md # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/package.json # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/package.json # extensions/zalouser/package.json # package.json * Update index.md (cherry picked from commit 613724c26e831146dacc48e2dc0b92fbe9405ddd) # Conflicts: # docs/index.md * docs: move WhatsApp image below dashboard (cherry picked from commit 87267fad4f0a84c9adbadd3fd05e3dde9437fbe9) * docs: update lore with final form (cherry picked from commit 6af205a13adfec1fd1eb27d2f3d3546b0b4e8f86) # Conflicts: # docs/start/lore.md * chore: remove legacy clawdhub files (cherry picked from commit 192a6ee8700615da107fcd4c52e22a1fdbe1c117) # Conflicts: # docs/tools/clawdhub.md # skills/clawdhub/SKILL.md * Fix typo in agent.md from p-mono to pi-mono (cherry picked from commit 9a1b4409680fd6a440d831e272473e58e2921c20) # Conflicts: # docs/concepts/agent.md * docs: use straight quotes for code terms in installer guide (cherry picked from commit 23f0efbf09b1487d7e2dc06b25a22cd68cdb6aef) # Conflicts: # docs/install/installer.md * docs: fix missing apostrophes in FAQ headers (cherry picked from commit 49a3e3795ae07d6de807cf7630e3c576a41df30b) # Conflicts: # docs/help/faq.md * docs: Internal linking of channel pages (cherry picked from commit 9334dd8017d32cfed1acdfa331e3b7783a84c7bc) # Conflicts: # docs/start/wizard.md * docs: fix GitHub branding capitalization (cherry picked from commit 7c96bde3b3db74dcf57bff0138eefd5d03ba1d08) * docs: update remaining clawdbot/moltbot references to openclaw - .pre-commit-config.yaml: update comment header - AGENTS.md: update plugin-sdk import path and state directory paths - skills/bluebubbles/SKILL.md: update plugin-sdk import reference - skills/discord/SKILL.md: update example sticker name (cherry picked from commit 0175cedf0e07b6528e2400d3d071fb36e9f9f050) # Conflicts: # skills/discord/SKILL.md * Update deployment link in railway documentation (cherry picked from commit 2f0592dbc65b4d17166941ecc05b016afa2e77c4) # Conflicts: # docs/railway.mdx * feat(ui): refresh session list after chat commands in Web UI (cherry picked from commit 0b7aa8cf1d2a318795ee23dc1ef10fc9873a365f) # Conflicts: # ui/src/ui/app-chat.ts # ui/src/ui/app-gateway.ts # ui/src/ui/app.ts * Fix typo from 'p-mono' to 'pi-mono' in agent.md (cherry picked from commit 97895a02393973483e07113e9651c93dabeeeae8) # Conflicts: # docs/concepts/agent.md * docs: add pi and pi-dev documentation (cherry picked from commit 9cb5e22861027c098e0367d3b68c9f763bbcc4f8) * chore: add .pi folder (cherry picked from commit 4b1956ab497379b6fcdf589f7cd87247b7df0e89) * chore: remove changelog section from pr.md prompt (cherry picked from commit cc366f4baa94a5baa0b1260e6cf9e31a7d1853f1) * Add prompt injection attacks to out of scope section (cherry picked from commit a767c584c7b6f5c110f35e263449264d3db49583) # Conflicts: # SECURITY.md * Docs: add actionable cron quick start (#5446) * Docs: add cron quick start examples * Docs: de-duplicate cron tool-call examples * Docs: fix cron code block fences (cherry picked from commit 75093ebe1cac1276dab5b5691c421df3e8f51ace) # Conflicts: # docs/automation/cron-jobs.md * Docs: fix index logo dark mode (#5474) (cherry picked from commit 8978d166592b867f1328360d61627bdf395c1d56) # Conflicts: # docs/index.md * docs: start 2026.1.31 changelog (cherry picked from commit 83e64c1ac9893804645148f781889b23e5bbd12b) # Conflicts: # CHANGELOG.md * docs: format cron jobs doc (cherry picked from commit 57ea4e88972d957903c10c567f3a67797304c17e) * fix(lobster): block arbitrary exec via lobsterPath/cwd (GHSA-4mhr-g7xj-cg8j) (#5335) * fix(lobster): prevent arbitrary exec via lobsterPath/cwd * fix(lobster): harden lobsterPath errors + normalize cwd sandboxing * fix(lobster): ignore tool-provided lobsterPath; validate + use plugin config * fix(lobster): use plugin config lobsterPath + add tests (#5335) (thanks @vignesh07) * fix(lobster): make Windows spawn fallback handle ENOENT (#5335) (thanks @vignesh07) --------- Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> (cherry picked from commit 1295b67057b5fc341bdd0f41d0130bc9b09470a7) # Conflicts: # CHANGELOG.md # extensions/lobster/src/lobster-tool.test.ts # extensions/lobster/src/lobster-tool.ts * Docs: add nav titles across docs (#5689) (cherry picked from commit abcaa8c7a9f3a28b4845347acddafe6076362a9a) # Conflicts: # docs/automation/webhook.md # docs/channels/twitch.md # docs/cli/dns.md # docs/cli/docs.md # docs/debug/node-issue.md # docs/gateway/configuration-examples.md # docs/help/faq.md # docs/index.md # docs/platforms/digitalocean.md # docs/platforms/hetzner.md # docs/platforms/oracle.md # docs/providers/github-copilot.md # docs/providers/openrouter.md # docs/providers/xiaomi.md # docs/start/pairing.md # docs/tools/clawdhub.md # docs/tools/index.md * Docs: point nav groups at index pages (#5694) (cherry picked from commit e6c38e078a9d148b318c71ee95d08c40d677aadd) # Conflicts: # docs/docs.json * fix(docs): update Twitter URLs to X for consistency (cherry picked from commit 9297ea48e51e5850f6b944e78c735d3334b8d12e) * fix(docs): use canonical openclaw.ai domain instead of openclaw.bot (cherry picked from commit 7a2c4d3cf19bbb7168ce956b0ce1f0ca51d600d5) # Conflicts: # docs/gateway/troubleshooting.md # docs/help/faq.md # docs/help/troubleshooting.md # docs/install/index.md # docs/install/installer.md # docs/install/uninstall.md # docs/install/updating.md # docs/platforms/digitalocean.md # docs/platforms/exe-dev.md # docs/platforms/oracle.md # docs/platforms/raspberry-pi.md # docs/reference/RELEASING.md # docs/start/getting-started.md * fix(docs): update MiniMax plugin URL from legacy moltbot org (cherry picked from commit bce8c0eb1276bb81b96602369295e2309fa8479b) # Conflicts: # docs/providers/minimax.md * fix(docs): remove invalid channels. prefix from Discord URL (cherry picked from commit a10603f9f092f9ef74a31f08b200363cc260a8f6) * Docs: mention weak gateway auth tokens (cherry picked from commit 66e33abd7b3f898610347fc95a9dec7a34687ce4) * docs: fix Venice AI typo (Venius → Venice) Co-authored-by: jonisjongithub <jonisjongithub@users.noreply.github.com> Co-authored-by: Clawdbot <bot@clawd.bot> (cherry picked from commit 96c9ffdedcb40b6027f2a52d6c5c324905c22f6c) * feat: code (cherry picked from commit b2aff036addc933de0405afad9a11e25783dd72c) # Conflicts: # extensions/minimax-portal-auth/index.ts * Docs: note MiniMax OAuth updates (#5402) (thanks @Maosghoul) (cherry picked from commit 73c405f74aa82cf035431ce28654b4f4239d37fd) # Conflicts: # CHANGELOG.md * docs: document cacheRetention parameter (#6270) * docs: document cacheRetention parameter (#6240) * docs: standardize cacheRetention value quoting style * style: format anthropic.md table * Docs: align cacheRetention inline example --------- Co-authored-by: Sebastian <sebslight@gmail.com> (cherry picked from commit 7a8a39a141086522c609c7b2922ab6c552cc5772) # Conflicts: # docs/concepts/session-pruning.md # docs/providers/anthropic.md * docs: fix anchor link for Google Vertex/Antigravity/Gemini section (#5967) * docs: fix anchor link for Google Vertex/Antigravity/Gemini section * Docs: fix model provider MDX markers --------- Co-authored-by: Sebastian <sebslight@gmail.com> (cherry picked from commit 7fabe03a8bb6689106945a0c81848535ca0522b2) # Conflicts: # docs/concepts/model-providers.md * Docs: fix Moonshot MDX comment marker (#6311) (cherry picked from commit 8582ed4d4f918e2b41e6d76dae4e3cc408fa0ba6) # Conflicts: # docs/providers/moonshot.md * docs(install): add pnpm approve-builds step for global installs (#5663) * docs(install): add pnpm approve-builds step for global installs pnpm requires explicit approval for packages with build scripts. Without running `pnpm approve-builds -g`, openclaw and its dependencies (node-llama-cpp, sharp, protobufjs) won't have their postinstall scripts executed, causing runtime errors. Fixes #5579 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(install): clarify pnpm reinstall step after approve-builds Address review feedback: after running `pnpm approve-builds -g`, users need to re-run the install command for postinstall scripts to actually execute. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> (cherry picked from commit 3ae049b5012cb61b5f241a5287a9d587369a4736) # Conflicts: # docs/install/index.md * docs(skills): update canvas URL prefix to /__openclaw__/ (#4729) Update remaining __moltbot__ references in canvas skill documentation to match the CANVAS_HOST_PATH constant (/__openclaw__/canvas). (cherry picked from commit 701d43892fa1152a06f472b8ae44f170c99e0492) # Conflicts: # skills/canvas/SKILL.md * Docs: Fix typo in docs/tools/skills.md (#3050) (cherry picked from commit 28a05f994092c52e5e84a66b267b8aa47f592d38) * docs: fix heading numbering and add missing section onboarding.md (#3461) (cherry picked from commit 76211500e81893c300fcec9ab129899b3270a297) * Docs: Direct link to BotFather on Telegram (#4064) * Docs: Direct link to BotFather on Telegram, sparing users from searching and potentially encountering impostors. * Update numbering syntax Update numbering syntax to match PR to latest doc layout. * Docs: add BotFather verification note --------- Co-authored-by: Sebastian <sebslight@gmail.com> (cherry picked from commit 8ff75eaf12b37ff9f65f579454e8a26be28783b0) # Conflicts: # CHANGELOG.md # docs/channels/telegram.md * docs: add device pairing section to Control UI docs (#5003) * docs: add device pairing section to Control UI docs Explains that new browser connections require one-time pairing approval, what error message users will see, and how to approve devices using the CLI. This was a gap in the documentation that caused confusion for users connecting via Tailscale Serve. * docs: clarify Control UI pairing error * docs: clarify device revoke flags --------- Co-authored-by: Lucifer (via OpenClaw) <lucy@neuwirth.cc> Co-authored-by: Sebastian <sebslight@gmail.com> (cherry picked from commit 63b13c7e2fe5bacb17a6a19979c1952be48bd200) * fix(docker): avoid using host port in gateway command (#5110) (thanks @mise42) (cherry picked from commit bc5b0c82acc9301e5acf93c80f3d56f3fc87ab50) # Conflicts: # docker-compose.yml * Docs: add Mintlify language navigation (cherry picked from commit 3cf35b0710216e50fb9545d7a963a861447fa00e) # Conflicts: # docs/docs.json * docs: add Mintlify language navigation (#6416) (thanks @joshp123) (cherry picked from commit 6453f5c395a521b576444f5bce2104059c38fd33) * fix(skill): update session-logs paths from .clawdbot to .openclaw (#4502) Co-authored-by: Jarvis <jarvis@openclaw.ai> Co-authored-by: CLAWDINATOR Bot <clawdinator[bot]@users.noreply.github.com> Co-authored-by: Shadow <shadow@openclaw.ai> (cherry picked from commit d3e53eaf276077530679901ebae00d3e94f2eb78) # Conflicts: # CHANGELOG.md * Docs: add zh-CN titles (cherry picked from commit 964b14d59c8fa7fe9cd82591843d7750e5c0a3ac) # Conflicts: # docs/zh-CN/index.md # docs/zh-CN/start/getting-started.md # docs/zh-CN/start/wizard.md * docs: add zh-CN titles (#6487) (thanks @joshp123) (cherry picked from commit 17287bc8d01b12a293e0452a76b1c117dd1e42c1) * docs(discord): clarify exec approvals UI (#6550) * docs(discord): clarify exec approvals UI * Add link for slash command in Discord exec approvals Updated documentation to include a link for the slash command used in Discord exec approvals. * docs(discord): move exec approvals note * docs(discord): document exec approvals config * docs(discord): reorder exec approvals config --------- Co-authored-by: Luke K (pr-0f3t) <2609441+lc0rp@users.noreply.github.com> (cherry picked from commit 8f366babe4d427523b16203c2c351550cf6f6b18) * Docs: clarify Moonshot endpoints (#4763) Co-authored-by: hansbbans <hansbbans@users.noreply.github.com> (cherry picked from commit a863ac9862f595c77cde31dc0c2d60664ed3da29) * Docs: update clawtributors (cherry picked from commit 6c03fe1a4d06c80cf4f456e3c7b99151b6fd406c) # Conflicts: # README.md * chore: fix Pi prompt template argument syntax (#6543) - Fix @1 -> $1 in landpr.md - Fix $@ -> $1 in reviewpr.md - Remove stray /reviewpr line from reviewpr.md - Delete old pr.md (replaced by reviewpr.md and landpr.md) (cherry picked from commit 395810a60b06817e15d748f8f2d7dbafe6591a59) # Conflicts: # .pi/prompts/pr.md * chore: oxfmt fixes (cherry picked from commit 443ee26af3f45272df545af2d4ccccaa1feaea0b) # Conflicts: # docker-compose.yml # docs/channels/telegram.md # docs/concepts/model-providers.md # docs/providers/moonshot.md # skills/canvas/SKILL.md * docs: preserve moonshot sync markers (cherry picked from commit 92803facf6c1bc3b038c29db8505f0f5da58ed1e) # Conflicts: # CHANGELOG.md # docs/concepts/model-providers.md # docs/providers/moonshot.md * docs: improve exe.dev setup instructions (#4675) * improve exe.dev setup instructions 1. Fix device approval command 2. Clarify where Gateway token can be found * Update device approval instructions in exe-dev.md Clarify instructions for approving devices in OpenClaw. (cherry picked from commit d54605bd82fb932c7172a2577c0f12c9b8cb86b4) # Conflicts: # docs/platforms/exe-dev.md * chore: update changelog and relay formatting (cherry picked from commit 238200f6527ded4e747b88ace131c707a7931e64) # Conflicts: # CHANGELOG.md * chore: update changelog (cherry picked from commit a68e32d95b8e88c3d859dc78cb4d0f177209f997) # Conflicts: # CHANGELOG.md * chore: expand changelog (cherry picked from commit 1968a4b7d24b101e78f23df54f25ad991f90ea9b) # Conflicts: # CHANGELOG.md * chore: trim docs changelog (cherry picked from commit 99346314f58860dca5d53747f4b40e128b658c1e) # Conflicts: # CHANGELOG.md * chore: add TLS 1.3 minimum changelog (#5970) (thanks @loganaden) (cherry picked from commit 92112a61db519296a7258d508677aa6c49f9a558) # Conflicts: # CHANGELOG.md * fix(twitch): enforce allowFrom allowlist (cherry picked from commit 8c7901c984866a776eb59662dc9d8b028de4f0d0) # Conflicts: # CHANGELOG.md # docs/channels/twitch.md * Docs: clarify node host SSH tunnel flow Co-authored-by: Dmytro Semchuk <x0m4ek@users.noreply.github.com> (cherry picked from commit 63c9fac9fca850b82dea603686691844bb587768) # Conflicts: # docs/nodes/index.md * Docs: update clawtributors (cherry picked from commit 0fa55ed2b4ec3d55b282332e63766007cc69420d) # Conflicts: # README.md * chore: Add `pnpm check` for fast repo checks. (cherry picked from commit 902f96805654a316ec24f9f8c95d5b659a063fee) # Conflicts: # AGENTS.md # CONTRIBUTING.md # docs/reference/RELEASING.md # docs/testing.md # package.json * docs: add ClawHub registry overview (cherry picked from commit 4682c2e3e20cd9388077b90474780077094d4bf5) * docs: merge 2026.2.2 changelog into 2026.2.1 (cherry picked from commit d5f6caba3fbf6a2b50de8e4bcc0bc6906d4c53cd) # Conflicts: # CHANGELOG.md * docs: clarify docker power-user setup (cherry picked from commit be9a2fb134182a4197d65989bbfaa7f54d6d3ae6) * docs: add changelog entry for plugin install hardening (cherry picked from commit f6d98a908af82437e823c15cc20d4feafbd005da) # Conflicts: # CHANGELOG.md * Docs: expand ClawHub overview (cherry picked from commit 385e66cbd52b93458003635d39eb289b798c4715) # Conflicts: # docs/tools/clawdhub.md * docs: fold 2026.2.2 into 2026.2.1 (cherry picked from commit 8b64705e059ace205714fe7a55babbcab3b24e9e) # Conflicts: # CHANGELOG.md * docs: update 2026.2.1 changelog (cherry picked from commit ed4529e24673fb19ea506bb04b2c6d3deed6a451) # Conflicts: # CHANGELOG.md * docs: note docker allow-unconfigured behavior (cherry picked from commit d134a8c7f3e20e304e4ca71d394752f27cfbc019) # Conflicts: # docs/install/docker.md * Docs: add zh-CN translations (cherry picked from commit 149dc7c4e76f2b264cd714c95b3e5ee399db3092) * Docs: fix zh-CN template time wording What: replace <2/<30 text in zh-CN AGENTS template with safe wording Why: avoid MDX parse errors during docs build Tests: not run (doc text change) (cherry picked from commit e9d117d22168f9c05c3cbfd256aab99915f50f22) * docs: add changelog for zh-CN translations (#6619) (thanks @joshp123) (cherry picked from commit 4023b76ed39fe4b999f06137d738cc93cac93bf8) # Conflicts: # CHANGELOG.md * Docs: fix zh-CN ClawHub link What: wrap clawhub.com in an explicit URL link in zh-CN skills doc Why: avoid Mintlify broken-link parser treating trailing punctuation as part of the URL Tests: not run (doc text change) (cherry picked from commit b4cce3ac7a97efccbab400e2f3d4270b14e989ed) * Docs: use explicit ClawHub markdown link What: switch clawhub.com reference to explicit Markdown link syntax Why: MDX parser rejects angle-bracket autolinks Tests: not run (doc text change) (cherry picked from commit 673583a38b8e7e72970b64490685ddf477a70aa6) * Docs: normalize zh-CN terminology + tone What: switch to 你/你的 tone; standardize Skills/Gateway网关/local loopback/私信 wording Why: align zh-CN docs with issue 6995 feedback + idiomatic tech style Tests: pnpm docs:build (cherry picked from commit 5676a6b38de81a13194223ac688e20087d5b74e7) * Docs: expand zh-Hans nav and fix assets (cherry picked from commit e0aa8457c2511e7f9c72a2e912e3307b112fdfb5) * Docs: expand zh-Hans nav (#7242) (thanks @joshp123) (cherry picked from commit 7cee8c2345908fe23c2be0f6bc0e107a579d8b7e) * docs: update changelog for PR #7226 (cherry picked from commit 1b34446bf55bcad9a03e2734c052f6580a5e11c1) * chore: fix formatting and CI (cherry picked from commit 37111435490e3378303c01a1f8dc3ff35211edec) # Conflicts: # ui/src/ui/app-scroll.test.ts # ui/src/ui/app.ts * iOS: wire node services and tests (cherry picked from commit 7b0a0f3dace575c33dafb61d4a13cdef4dd0d64e) # Conflicts: # apps/ios/Sources/Gateway/GatewayConnectionController.swift # apps/ios/Sources/Info.plist # apps/ios/Sources/Model/NodeAppModel.swift # apps/ios/SwiftSources.input.xcfilelist # apps/ios/Tests/GatewayConnectionControllerTests.swift # apps/ios/Tests/NodeAppModelInvokeTests.swift # apps/shared/MoltbotKit/Sources/MoltbotKit/CalendarCommands.swift # apps/shared/MoltbotKit/Sources/MoltbotKit/ContactsCommands.swift # apps/shared/MoltbotKit/Sources/MoltbotKit/DeviceCommands.swift # apps/shared/MoltbotKit/Sources/MoltbotKit/MotionCommands.swift # apps/shared/MoltbotKit/Sources/MoltbotKit/PhotosCommands.swift # apps/shared/MoltbotKit/Sources/MoltbotKit/RemindersCommands.swift * Docs: add zh-CN landing notice + AI image (cherry picked from commit 91e445c2601a55560769169c3d881058f9a7e9dd) * Docs: add zh-CN landing note (#7303) (thanks @joshp123) (cherry picked from commit ea9eed14f8589a58e59b6d5b37849daf0f6c72d0) * Docs: expand zh-CN landing note (cherry picked from commit c83bdb73a4a9a37e6e1de3269b36be671923cf80) * fix(telegram): recover from grammY long-poll timeouts (#7466) (thanks @macmimi23) (cherry picked from commit 561a10c491e28d04deb64b7abd9d89e4456561d0) # Conflicts: # CHANGELOG.md * Docs: fix compatibility shim note (cherry picked from commit 0eae9f456cc978a5fc7d2d66026ebd4283830610) # Conflicts: # CHANGELOG.md # docs/install/updating.md * Changelog: note tool call repair (cherry picked from commit 31face57402fc736bd4fcd474d5d3f20d73daadd) * Docs: simplify transcript hygiene scope (cherry picked from commit 118507953b1f743db7554163f1a434d223cf91ae) # Conflicts: # docs/reference/transcript-hygiene.md * Docs: clarify whats new FAQ heading (#7394) (cherry picked from commit c8af8e95559c2e117426e815dd1a6c5b6816a1d4) # Conflicts: # docs/help/faq.md * chore: fix formatting (cherry picked from commit 7dfa99a6f70c161ca88459be8b419cbfb9b75d7d) # Conflicts: # docs/reference/templates/BOOTSTRAP.md # skills/healthcheck/SKILL.md * chore: fix formatting (cherry picked from commit d5593d647c2f1aed1fef6f938f4d6ae95a503af3) # Conflicts: # docs/reference/templates/BOOTSTRAP.md * Add how to trigger model downloads for qmd in documentation (cherry picked from commit 20578da20407eea19bd725f2d1a8d0dbc186b9d8) # Conflicts: # docs/concepts/memory.md * Docs: align QMD state dir with OpenClaw (cherry picked from commit 11a968f5c30fcc373acab31276a52dba399a5231) * chore: oxfmt (cherry picked from commit 4322ca6f4ac031086abbb3ea9ed2d89368a3216f) # Conflicts: # CHANGELOG.md * docs: finish renaming memory state dir references (cherry picked from commit b37626ce6b1fb7476cc740c40d87090e6fa6367d) # Conflicts: # CHANGELOG.md # docs/concepts/memory.md * chore: update changelog for completion caching (cherry picked from commit 3014a91b0779f7629bf1d91675a99629e2798cb3) * Skills: refine healthcheck guidance (cherry picked from commit fc40ba8e7eb1345afdb1c8d274219cd702b73354) # Conflicts: # skills/healthcheck/SKILL.md * fix(voice-call): harden inbound policy (cherry picked from commit f8dfd034f5d9235c5485f492a9e4ccc114e97fdb) # Conflicts: # CHANGELOG.md # extensions/voice-call/src/manager.ts # extensions/voice-call/src/media-stream.ts # extensions/voice-call/src/providers/twilio.ts * fix(matrix): harden allowlists (cherry picked from commit 8f3bfbd1c4fb967a2ddb5b4b9a05784920814bcf) # Conflicts: # CHANGELOG.md # docs/channels/matrix.md # extensions/matrix/src/channel.ts # extensions/matrix/src/matrix/monitor/handler.ts * docs: Update information architecture for OpenClaw docs (#7622) * docs: restructure navigation into 5 tabs for better IA * dedupe redirects * use 8 tabs * add missing /index extensions * update zh navigation * remove `default: true` and rearrange languages * add missing redirects * format:fix * docs: update IA tabs + restore /images redirect (#7622) (thanks @ethanpalm) --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> (cherry picked from commit f57e70912cad81bc99680026865ffd1051c89ef5) # Conflicts: # CHANGELOG.md # docs/docs.json * chore: prepare 2026.2.2 release (cherry picked from commit 1c4db91593358839a67f6e68576258cf31fa811e) # Conflicts: # CHANGELOG.md # apps/android/app/build.gradle.kts # apps/ios/Sources/Info.plist # apps/ios/Tests/Info.plist # apps/ios/project.yml # apps/macos/Sources/Moltbot/Resources/Info.plist # docs/platforms/mac/release.md # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/CHANGELOG.md # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/minimax-portal-auth/package.json # extensions/msteams/CHANGELOG.md # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/CHANGELOG.md # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/CHANGELOG.md # extensions/twitch/package.json # extensions/voice-call/CHANGELOG.md # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/CHANGELOG.md # extensions/zalo/package.json # extensions/zalouser/CHANGELOG.md # extensions/zalouser/package.json # package.json * fix(ui): note agent file refresh in changelog (cherry picked from commit f52ca0a712c7c9a7ca917974177515ebe7530393) # Conflicts: # CHANGELOG.md * Docs: refresh zh-CN translations + i18n guidance What: - update zh-CN glossary, translation prompt, and TM - regenerate zh-CN docs and apply targeted fixes - add zh-CN AGENTS guidance for translation pipeline Why: - address zh-CN terminology and spacing feedback from #6995 Tests: - pnpm build && pnpm check && pnpm test (cherry picked from commit 9f03791aa94a506ec5f6fec90425118221df5f1f) * Docs(zh-CN): add AGENTS translation workflow (cherry picked from commit 4027b3583e9a79cb80f3ead487d4e2b7c21ab1ec) * Docs: guard zh-CN i18n workflow What: - document zh-CN docs pipeline and generated-doc guardrails - note Discord escalation when the pipeline drags Why: - prevent accidental edits to generated translations Tests: - pnpm build - pnpm check - pnpm test Co-authored-by: Josh Palmer <joshpalmer123@gmail.com> (cherry picked from commit fd8f8843bd02dbc4cf225af27f59563de14b8622) # Conflicts: # CHANGELOG.md * Docs: drop healthcheck from bootstrap (cherry picked from commit 61a7fc5e0e135e04e3418050dc0142a870fa12e4) # Conflicts: # docs/reference/templates/BOOTSTRAP.md * chore: update changelog for #8193 (thanks @gildo) (cherry picked from commit b64c1a56a13893aab4e22ccd35c2006f4950938f) # Conflicts: # CHANGELOG.md * style: update chat new-messages button (cherry picked from commit 9f16de253354a0c064b0f54ed0479bf11c230d06) # Conflicts: # ui/src/ui/views/chat.ts * docs(skills): split tmux send-keys for TUI (#7737) * docs(skills): split tmux send-keys for TUI * docs(skills): soften TUI send-keys wording --------- Co-authored-by: wangnov <1694546283@qq.com> (cherry picked from commit 089d03453da1e643e1703aa846ac1cc3b44ff1e7) * docs: note tmux send-keys TUI guidance (#7737) (thanks @Wangnov) (cherry picked from commit efc9d0a4988fc4bdea2028d23332e62a5cc06fa8) # Conflicts: # CHANGELOG.md * docs: add changelog for #7178 (thanks @Yeom-JinHo) (cherry picked from commit 44d1aa31f3e2a35275ff48135b4e832c34050521) * docs: document secure DM mode preset (#7872) * docs: document secure DM mode preset * fix: resolve merge conflict in resizable-divider (cherry picked from commit 6fdb136688d462e2a55c7bd728e153fb9d47ac95) * docs: update Feishu plugin docs (cherry picked from commit 5292367324adc951cdce877623dfe88dda5da5ba) # Conflicts: # docs/channels/feishu.md # docs/reference/RELEASING.md * feat: Add Docs Chat Widget with RAG-powered Q&A (#7908) * feat: add docs chat prototype and related scripts - Introduced a minimal documentation chatbot that builds a search index from markdown files and serves responses via an API. - Added scripts for building the index and serving the chat API. - Updated package.json with new commands for chat index building and serving. - Created a new Vercel configuration file for deployment. - Added a README for the docs chat prototype detailing usage and integration. * feat: enhance docs chat with vector-based RAG pipeline - Added vector index building and serving capabilities to the docs chat. - Introduced new scripts for generating embeddings and serving the chat API using vector search. - Updated package.json with new commands for vector index operations. - Enhanced README with instructions for the new RAG pipeline and legacy keyword pipeline. - Removed outdated Vercel configuration file. * feat: enhance chat widget with markdown rendering and style updates - Integrated dynamic loading of markdown rendering for chat responses. - Implemented a fallback for markdown rendering to ensure consistent display. - Updated CSS variables for improved theming and visual consistency. - Enhanced chat bubble and input styles for better user experience. - Added new styles for markdown content in chat bubbles, including code blocks and lists. * feat: add copy buttons to chat widget for enhanced user interaction - Implemented copy buttons for chat responses and code blocks in the chat widget. - Updated CSS styles for improved visibility and interaction of copy buttons. - Adjusted textarea height for better user experience. - Enhanced functionality to allow users to easily copy text from chat bubbles and code snippets. * feat: update chat widget styles for improved user experience - Changed accent color for better visibility. - Enhanced preformatted text styles for code blocks, including padding and word wrapping. - Adjusted positioning and styles of copy buttons for chat responses and code snippets. - Improved hover effects for copy buttons to enhance interactivity. * feat: enhance chat widget styles for better responsiveness and scrollbar design - Updated chat panel dimensions for improved adaptability on various screen sizes. - Added custom scrollbar styles for better aesthetics and usability. - Adjusted chat bubble styles for enhanced visibility and interaction. - Improved layout for expanded chat widget on smaller screens. * feat: refine chat widget code block styles and copy button functionality - Adjusted padding and margin for preformatted text in chat responses for better visual consistency. - Introduced a compact style for single-line code blocks to enhance layout. - Updated copy button logic to skip short code blocks, improving user experience when copying code snippets. * feat: add resize handle functionality to chat widget for adjustable panel width - Implemented a draggable resize handle for the chat widget's sidebar, allowing users to adjust the panel width. - Added CSS styles for the resize handle, including hover effects and responsive behavior. - Integrated drag-to-resize logic to maintain user-set width across interactions. - Ensured the panel resets to default width when closed, enhancing user experience. * feat: implement rate limiting and error handling in chat API - Added rate limiting functionality to the chat API, allowing a maximum number of requests per IP within a specified time window. - Implemented error handling for rate limit exceeded responses, including appropriate headers and retry instructions. - Enhanced error handling for other API errors, providing user-friendly messages for various failure scenarios. - Updated README to include new environment variables for rate limiting configuration. * feat: integrate Upstash Vector for enhanced document retrieval in chat API - Implemented Upstash Vector as a cloud-based storage solution for document chunks, replacing the local LanceDB option. - Added auto-detection of storage mode based on environment variables for seamless integration. - Updated the chat API to utilize the new retrieval mechanism, enhancing response accuracy and performance. - Enhanced README with setup instructions for Upstash and updated environment variable requirements. - Introduced new scripts and configurations for managing the vector index and API interactions. * feat: add create-markdown-preview.js for markdown rendering - Introduced a new script for framework-agnostic HTML rendering of markdown content. - The script includes various parsing functions to handle different markdown elements. - Updated the chat widget to load the vendored version of @create-markdown/preview for improved markdown rendering. * docs: update README for Upstash Vector index setup and environment variables - Enhanced instructions for creating a Vector index in Upstash, including detailed settings and important notes. - Clarified environment variable requirements for both Upstash and LanceDB modes. - Improved formatting and organization of setup steps for better readability. - Added health check and API endpoint details for clearer usage guidance. * feat: add TRUST_PROXY environment variable for IP address handling - Introduced the TRUST_PROXY variable to control the trust of X-Forwarded-For headers when behind a reverse proxy. - Updated the README to document the new environment variable and its default value. - Enhanced the getClientIP function to conditionally trust proxy headers based on the TRUST_PROXY setting. * feat: add ALLOWED_ORIGINS environment variable for CORS configuration - Introduced the ALLOWED_ORIGINS variable to specify allowed origins for CORS, enhancing security and flexibility. - Updated the README to document the new environment variable and its usage. - Refactored CORS handling in the server code to utilize the ALLOWED_ORIGINS setting for dynamic origin control. * fix: ensure complete markdown rendering in chat widget - Added logic to flush any remaining buffered bytes from the decoder, ensuring that all text is rendered correctly in the assistant bubble. - Updated the assistant bubble's innerHTML to reflect the complete markdown content after streaming completes. * feat: enhance DocsStore with improved vector handling and similarity conversion - Added a constant for the distance metric used in vector searches, clarifying the assumption of L2 distance. - Updated the createTable method to ensure all chunk properties are correctly mapped during table creation. - Improved the similarity score calculation by providing a clear explanation of the conversion from L2 distance, ensuring accurate ranking of results. * chore: fix code formatting * Revert "chore: fix code formatting" This reverts commit 6721f5b0b7bf60b76c519ccadfa41742f19ecf87. * chore: format code for improved readability - Reformatted code in serve.ts to enhance readability by adjusting indentation and line breaks. - Ensured consistent style for function return types and object properties throughout the file. * feat: Update API URL selection logic in chat widget - Enhanced the API URL configuration to prioritize explicit settings, defaulting to localhost for development and using a production URL otherwise. - Improved clarity in the code by adding comments to explain the logic behind the API URL selection. * chore: Update documentation structure for improved organization - Changed the path for the "Start Here" page to "start/index" for better clarity. - Reformatted the "Web & Interfaces" and "Help" groups to use multi-line arrays for improved readability. * feat: Enhance markdown preview integration and improve chat widget asset loading - Wrapped the markdown preview functionality in an IIFE to expose a global API for easier integration. - Updated the chat widget to load the markdown preview library dynamically, checking for existing instances to avoid duplicate loads. - Adjusted asset paths in the chat widget to ensure correct loading based on the environment (local or production). - Added CORS headers in the Vercel configuration for improved API accessibility. * fix: Update chat API URL to include '/api' for correct endpoint access - Modified the chat configuration and widget files to append '/api' to the API URL, ensuring proper endpoint usage in production and local environments. * refactor: Simplify docs-chat configuration and remove unused scripts - Removed outdated scripts and configurations related to the docs-chat feature, including build and serve scripts, as well as the associated package.json and README files. - Streamlined the API URL configuration in the chat widget for better clarity and maintainability. - Updated the package.json to remove unnecessary scripts related to the now-deleted functionality. * refactor: Update documentation structure for improved clarity - Changed the path for the "Start Here" page from "start/index" to "index" to enhance navigation and organization within the documentation. * chore: Remove unused dependencies from package.json and pnpm-lock.yaml - Deleted `@lancedb/lancedb`, `@upstash/vector`, and `openai` from both package.json and pnpm-lock.yaml to streamline the project and reduce bloat. * chore: Clean up .gitignore by removing obsolete entries - Deleted unused entries related to the docs-chat vector database from .gitignore to maintain a cleaner configuration. * chore: Remove deprecated chat configuration and markdown preview script - Deleted the `create-markdown-preview.js` script and the `docs-chat-config.js` file to eliminate unused assets and streamline the project. - Updated the `docs-chat-widget.js` to directly reference the markdown library from a CDN, enhancing maintainability. * chore: Update markdown rendering in chat widget to use marked library - Replaced the deprecated `create-markdown-preview` library with the `marked` library for markdown rendering. - Adjusted the script loading mechanism to fetch `marked` from a CDN, improving performance and maintainability. - Enhanced the markdown rendering function to ensure security by disabling HTML pass-through and opening links in new tabs. * Delete docs/start/index.md (cherry picked from commit fa4b28d7af7464b07271bfef6c028e4135548f44) * Changelog: move cron entries to 2026.2.3 (cherry picked from commit c396877dd9860dc5d4a5a1d37abd419f663536ea) # Conflicts: # CHANGELOG.md * Revert "feat: Add Docs Chat Widget with RAG-powered Q&A (#7908)" (#8834) This reverts commit fa4b28d7af7464b07271bfef6c028e4135548f44. (cherry picked from commit 2196456d4a44d1e54651dce5ee89046a829185e5) * Add baidu qianfan model provider (cherry picked from commit 1de05ad068ac0371b4b520a12697a9973faea54d) # Conflicts: # docs/providers/qianfan.md * Optimize doc (cherry picked from commit 8c53dfb74f2484c323ffa835995978443f160baf) * fix(web ui): agent model selection (cherry picked from commit 9822985ea649b93f0deaa8a8a34928159795c55e) # Conflicts: # ui/src/styles/components.css # ui/src/ui/app-render.ts # ui/src/ui/views/agents.ts * chore: replace landpr prompt with end-to-end landing workflow (#8916) (cherry picked from commit eab0a07f71734551fcc88c830bef407c1cdd5297) * 🤖 docs: mirror landing revamp for zh-CN What: - add zh-CN versions of landing revamp pages (features, quickstart, docs directory, network model, credits) - refresh zh-CN index and hubs, plus glossary entries Why: - keep Chinese docs aligned with the new English landing experience - ensure navigation surfaces the new entry points Tests: - pnpm build && pnpm check && pnpm test (cherry picked from commit aaeecc8c8ddc52ded041d1c840bc9af5e2398054) # Conflicts: # docs/.i18n/glossary.zh-CN.json # docs/zh-CN/index.md # docs/zh-CN/start/hubs.md * 🤖 docs: note zh-CN landing revamp (#8994) (thanks @joshp123) What: - add changelog entry for the zh-CN landing revamp docs Why: - record the doc update and thank the contributor Tests: - pnpm lint && pnpm build && pnpm test (cherry picked from commit 2b1da4f5d86fa5e4dda630b7fc57213d973d4b26) # Conflicts: # CHANGELOG.md * changelog: add shell completion auto-fix entry (cherry picked from commit 43590d8287df1a4e26d953ccd982f093ccf87d0f) * chore: sync plugin versions to 2026.2.3 (cherry picked from commit f895c9fba12f0860f52f2689432023919b9b4b8f) # Conflicts: # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/feishu/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/CHANGELOG.md # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/msteams/CHANGELOG.md # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/CHANGELOG.md # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/CHANGELOG.md # extensions/twitch/package.json # extensions/voice-call/CHANGELOG.md # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/CHANGELOG.md # extensions/zalo/package.json # extensions/zalouser/CHANGELOG.md # extensions/zalouser/package.json * chore: update 2026.2.3 notes (cherry picked from commit 54ddbc466085b42526983f6c90d152fdd7bf365f) # Conflicts: # CHANGELOG.md # appcast.xml * Optimize format (cherry picked from commit ad759c94460c922e6b16951c9b8c1d09f7723baf) # Conflicts: # docs/providers/qianfan.md * Optimize doc (cherry picked from commit ff948a6dd7bb0ae1cd257541c1bb6715e07e91c5) # Conflicts: # docs/providers/qianfan.md * Docs: streamline start and install docs (#9648) * docs(start): streamline getting started flow * docs(nav): reorganize start and install sections * docs(style): move custom css to style.css * docs(navigation): align zh-CN ordering * docs(navigation): localize zh-Hans labels (cherry picked from commit 675c26b2b013cf1d8c95122cc8f50e3c2e7b8497) # Conflicts: # docs/docs.json # docs/start/docs-directory.md # docs/start/getting-started.md # docs/start/onboarding.md # docs/start/quickstart.md # docs/start/setup.md # docs/start/wizard.md * docs(install): rename install overview page (cherry picked from commit 34424ce5362908c2b0a51dd8f6adad209c7f63dc) * docs(onboarding): add bootstrapping page (#9767) (cherry picked from commit 3011b00d39e9fd6b64977efa573ef9c4f6295d1e) # Conflicts: # docs/start/onboarding.md * docs: fix onboarding rendering issues (cherry picked from commit c8f4bca0c4219527b96730211b607ac9b26b88d6) # Conflicts: # docs/start/onboarding.md * docs(onboarding): streamline CLI onboarding docs (#9830) (cherry picked from commit 9e0030b75f2ea20b1cc5e60df2a7c6418000a1e3) # Conflicts: # docs/cli/onboard.md # docs/start/wizard.md * update handle (cherry picked from commit 1473fb19a521f68221fe3c5c527290505acc4bfb) * docs: fix incorrect model.fallback to model.fallbacks in Ollama config (#9384) (#9749) Both English and Chinese documentation had incorrect configuration template using 'fallback' instead of 'fallbacks' in agents.defaults.model config. Co-authored-by: damaozi <1811866786@qq.com> (cherry picked from commit 679bb087db6f7ac59215171c213db55a3472aaad) # Conflicts: # docs/providers/ollama.md * feat(skills): add QR code skill (#8817) feat(skills): add QR code generation and reading skill Adds qr-code skill with: - qr_generate.py - Generate QR codes with customizable size/error correction - qr_read.py - Decode QR codes from images - SKILL.md documentation Co-authored-by: Omar-Khaleel (cherry picked from commit ad13c265ba1fd22dadfe30325ed998d9a3d95e5c) * chore(agentsmd): add tsgo command to AGENTS.md (#9894) Add `pnpm tsgo` command to AGENTS.md development reference Co-authored-by: vincentkoc <vincentkoc@users.noreply.github.com> (cherry picked from commit db8e9b37c6dc798a74a988a68bd709f4661f4b2b) * Revert "feat(skills): add QR code skill (#8817)" This reverts commit ad13c265ba1fd22dadfe30325ed998d9a3d95e5c. (cherry picked from commit 6b7d3c3062cdf5e1cf5e50860a56b867c8b2f66c) * docs: tighten secure DM example (cherry picked from commit 873182ec2d2c41546567ba97111d969ccacebf7d) # Conflicts: # docs/concepts/session.md * docs: note secure DM guidance update (#9377) (thanks @Shrinija17) (cherry picked from commit 8fdc0a284154c4343ef92a4c88e1c0338779ec92) # Conflicts: # CHANGELOG.md * docs: restructure Get Started tab and improve onboarding flow (#9950) * docs: restructure Get Started tab and improve onboarding flow - Flatten nested Onboarding group into linear First Steps flow - Add 'What is OpenClaw?' narrative section to landing page - Split wizard.md into streamlined overview + full reference (reference/wizard.md) - Move Pairing to Channels > Configuration - Move Bootstrapping to Agents > Fundamentals - Move macOS app onboarding to Platforms > macOS companion app - Move Lore to Help > Community - Remove duplicate install instructions from openclaw.md - Mirror navigation changes in zh-CN tabs - No content deleted — all detail preserved or relocated * docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths - Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render, northflank) from platforms/ and root to install/ - Add 'Hosting and deployment' group to Install tab - Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access' - Swap Platforms tab before Gateway & Ops to fix path-prefix routing - Move macOS app onboarding into First steps (parallel to CLI wizard) - Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App' - Add redirects for all moved paths - Update all internal links (en + zh-CN) - Fix img tag syntax in onboarding.md (cherry picked from commit c18452598aa0b6977ad8962c689bed03e144986d) # Conflicts: # docs/docs.json # docs/help/faq.md # docs/index.md # docs/start/clawd.md # docs/start/wizard.md # docs/zh-CN/gateway/remote.md # docs/zh-CN/help/faq.md # docs/zh-CN/install/docker.md # docs/zh-CN/platforms/digitalocean.md # docs/zh-CN/platforms/index.md # docs/zh-CN/platforms/oracle.md # docs/zh-CN/platforms/raspberry-pi.md # docs/zh-CN/start/getting-started.md # docs/zh-CN/vps.md * chore: remove tracked .DS_Store files (cherry picked from commit 8577d015b24e5d9ba65f0ab02c271659b86d1855) * chore: changelog for xAI onboarding (#9885) (thanks @grp06) (cherry picked from commit 68393bfa36cbbd2bf2acf088f51bf8dbb74bfd90) * Changelog: note #9976 thinking alias + Codex 5.3 docs sync (cherry picked from commit 7db839544d081103c22e5a7db4195245ef2c97af) # Conflicts: # CHANGELOG.md * add PR review workflow templates (cherry picked from commit 0a485924757174995a7bd6feae5b2da6e20bc58d) * Chore: Update memory.md with current default workspace path (#9559) Removed 'clawd' workspace reference - updated with current default workspace path of '~/.openclaw/workspace' (cherry picked from commit b1430aaaca7613aa74f618ed7a83f6413a843435) * docs: add activeHours to heartbeat field notes and examples (#9366) Co-authored-by: unisone <unisone@users.noreply.github.com> (cherry picked from commit d2aee7da6833898d847120c03c1d822d2267aa40) # Conflicts: # docs/gateway/heartbeat.md * docs: update clawtributors (add @unisone) (cherry picked from commit ac0c2f260f6bb60f4236a9d49abfcdfe45f9b622) # Conflicts: # README.md * Docs: add PR and issue submission guides (#10150) * Docs: add PR and issue submission guides * Docs: fix LLM-assisted wording (cherry picked from commit 50e687d17d7c7cd825efc23a67b76360c3c77ba8) * Docs: sharpen Install tab to stop duplicating Getting Started (#10416) * docs(install): reframe install overview to stop duplicating getting started * docs(install): link default installer row to getting started, not internals * docs(install): use Mintlify components for install overview * docs(install): fix card grid layout with CardGroup * docs(install): platform tabs for global install, npm/pnpm as accordion * docs(install): add PowerShell no-onboard alternative * docs(install): add repo link to from-source clone step * docs(install): capitalize OpenClaw in repo link * docs(install): add pnpm link --global to from-source steps * docs(install): rewrite install overview for clarity and flow * docs(install): use tooltip for Windows WSL2 recommendation * docs(install): use Note box for Windows WSL2 recommendation * docs(install): group install methods under single heading * docs(install): standardize tab labels across installer sections * docs(install): rewrite Node.js page with install instructions and better structure * docs(install): clarify Node.js page intro * docs(install): scope auto-install note to installer script, link Node page * docs(install): fix installer script link to internals page * docs: rename Install methods nav group to Other install methods * docs(install): link to on-page anchor, use Tip box for recommended * docs(install): wrap install methods in AccordionGroup with Tip box * docs: move Node.js page from Install to Help > Environment and debugging * docs(install): add complete flags and env vars reference to installer internals * docs(install): use stable troubleshooting anchor for Node.js link * docs(install): fix Node page installer anchor * docs(install): fix broken installer script anchor in requirements note (cherry picked from commit 18b480dd3ee7fc79605988c474b6f440f8083436) # Conflicts: # docs/install/index.md # docs/install/installer.md # docs/install/node.md * docs: linting (cherry picked from commit 1bf9f237f719385517ba5f6c709875a18c1a53b6) # Conflicts: # docs/channels/slack.md # docs/concepts/session.md # docs/help/faq.md # docs/platforms/mac/voice-overlay.md # docs/tui.md * docs(markdownlint): enable autofixable rules and normalize links (cherry picked from commit c7aec0660ea9075612c28d2e10eeb1829f0767d2) # Conflicts: # .markdownlint-cli2.jsonc # docs/automation/gmail-pubsub.md # docs/bedrock.md # docs/brave-search.md # docs/channels/bluebubbles.md # docs/channels/line.md # docs/channels/matrix.md # docs/channels/msteams.md # docs/channels/nextcloud-talk.md # docs/channels/nostr.md # docs/channels/slack.md # docs/channels/telegram.md # docs/channels/twitch.md # docs/channels/zalo.md # docs/channels/zalouser.md # docs/concepts/groups.md # docs/concepts/memory.md # docs/concepts/model-providers.md # docs/concepts/system-prompt.md # docs/concepts/typebox.md # docs/debug/node-issue.md # docs/experiments/research/memory.md # docs/gateway/authentication.md # docs/gateway/configuration.md # docs/gateway/local-models.md # docs/gateway/security/index.md # docs/help/faq.md # docs/index.md # docs/install/docker.md # docs/install/northflank.mdx # docs/install/railway.mdx # docs/install/render.mdx # docs/install/uninstall.md # docs/install/updating.md # docs/platforms/ios.md # docs/platforms/mac/dev-setup.md # docs/plugin.md # docs/providers/cloudflare-ai-gateway.md # docs/providers/deepgram.md # docs/providers/moonshot.md # docs/providers/ollama.md # docs/providers/vercel-ai-gateway.md # docs/reference/AGENTS.default.md # docs/reference/RELEASING.md # docs/reference/credits.md # docs/reference/device-models.md # docs/reference/templates/AGENTS.md # docs/reference/templates/HEARTBEAT.md # docs/start/clawd.md # docs/start/setup.md # docs/tools/browser-linux-troubleshooting.md # docs/tools/browser.md # docs/tools/chrome-extension.md # docs/tools/llm-task.md # docs/tools/skills.md # docs/tools/web.md # docs/tui.md # docs/web/dashboard.md * revert(docs): undo markdownlint autofix churn (cherry picked from commit 0a1f4f666a66846a67a103d10eeddb29d2ec422f) # Conflicts: # docs/automation/gmail-pubsub.md # docs/bedrock.md # docs/brave-search.md # docs/channels/bluebubbles.md # docs/channels/matrix.md # docs/channels/msteams.md # docs/channels/nextcloud-talk.md # docs/channels/nostr.md # docs/channels/telegram.md # docs/channels/twitch.md # docs/channels/zalo.md # docs/channels/zalouser.md # docs/concepts/groups.md # docs/concepts/memory.md # docs/concepts/system-prompt.md # docs/concepts/typebox.md # docs/debug/node-issue.md # docs/experiments/research/memory.md # docs/gateway/authentication.md # docs/gateway/configuration.md # docs/gateway/local-models.md # docs/gateway/security/index.md # docs/help/faq.md # docs/install/docker.md # docs/install/northflank.mdx # docs/install/railway.mdx # docs/install/render.mdx # docs/install/uninstall.md # docs/install/updating.md # docs/platforms/ios.md # docs/platforms/mac/dev-setup.md # docs/plugin.md # docs/providers/deepgram.md # docs/providers/moonshot.md # docs/providers/ollama.md # docs/providers/vercel-ai-gateway.md # docs/reference/AGENTS.default.md # docs/reference/RELEASING.md # docs/reference/device-models.md # docs/reference/templates/AGENTS.md # docs/reference/templates/HEARTBEAT.md # docs/start/clawd.md # docs/start/setup.md # docs/tools/browser-linux-troubleshooting.md # docs/tools/browser.md # docs/tools/chrome-extension.md # docs/tools/llm-task.md # docs/tools/skills.md # docs/tools/web.md # docs/tui.md # docs/web/dashboard.md * Docs: enable markdownlint autofixables except list numbering (#10476) * docs(markdownlint): enable autofixable rules except list numbering * docs(zalo): fix malformed bot platform link (cherry picked from commit 578a6e27aa76adab85471b322321d9b6d4227322) # Conflicts: # docs/brave-search.md # docs/channels/bluebubbles.md # docs/channels/matrix.md # docs/channels/msteams.md # docs/channels/nextcloud-talk.md # docs/channels/telegram.md # docs/channels/twitch.md # docs/concepts/system-prompt.md # docs/concepts/typebox.md # docs/debug/node-issue.md # docs/gateway/configuration.md # docs/gateway/local-models.md # docs/gateway/security/index.md # docs/help/faq.md # docs/install/northflank.mdx # docs/install/railway.mdx # docs/install/render.mdx # docs/install/updating.md # docs/platforms/mac/dev-setup.md # docs/providers/moonshot.md # docs/providers/ollama.md # docs/tools/skills.md # docs/tools/web.md # docs/web/dashboard.md * Docs: revamp installer internals for readability and accuracy (#10499) * docs(install): revamp installer internals for readability and accuracy Restructure the installer internals page with better flow and Mintlify components (CardGroup, Steps, Tabs, AccordionGroup). All flags, env vars, and behavioral descriptions cross-checked against install.sh, install-cli.sh, and install.ps1 source code. - Add CardGroup chooser and Quick Commands section at top - Organize each script into consistent Flow → Examples → Reference pattern - Move flags/env var tables into collapsible Accordions - Consolidate troubleshooting into AccordionGroup at bottom - Add missing flags (--version, --beta, --verbose, --help, etc.) - Add missing env vars (OPENCLAW_VERSION, OPENCLAW_BETA, etc.) - Document install-cli.sh fully (was one paragraph) - Fix non-interactive checkout detection behavior (defaults to npm) - Use --proto/--tlsv1.2 in curl examples to match script usage - No content deleted; all original info preserved or relocated * fix(docs): correct in-page anchor hrefs for installer cards * docs(install): replace CardGroup with table for installer overview (cherry picked from commit 991cf4d7fec5ce7215c02200325e54c7e3f38251) # Conflicts: # docs/install/installer.md * Docs: add PR sign-off template (#10561) (cherry picked from commit 5842bcaaf72c7dcb883790f7c837df5530f3dae3) * Docs: revise PR and issue submission guides (#10617) * Docs: revise PR submission guide * Docs: revise issue submission guide (cherry picked from commit e3d3893d5dbec30c2046166b6a71bacfe641ef78) * docs(changelog): prepare 2026.2.6 (cherry picked from commit 3b768a285134285ae52bafdbe57d48e37f838ca0) # Conflicts: # CHANGELOG.md * docs(changelog): include merged PRs since v2026.2.3 (cherry picked from commit ac5944cde71b8f7efa96b250a1f48575a75694b2) # Conflicts: # CHANGELOG.md * docs: fix markdownlint fragments + headings (cherry picked from commit 5163833be5c5759798f1132b93958894ada6bf90) # Conflicts: # docs/install/installer.md * docs(changelog): refresh 2026.2.6 since v2026.2.3 (cherry picked from commit 7be921c4340cbac1d62ef0d993977b31c18f9819) # Conflicts: # CHANGELOG.md * docs(imessage): add macOS TCC troubleshooting (cherry picked from commit fe308a3aa187870f752c25e21a61b4f60c4a9b50) * docs(imessage): improve macOS TCC troubleshooting guidance (#10781) (cherry picked from commit 93bf75279fbb2820e811d7cdabcaaf545018b575) # Conflicts: # docs/channels/imessage.md * docs(changelog): curate 2026.2.6 (cherry picked from commit c237a82b42f8fe885608560a389d0e368d5a019b) # Conflicts: # CHANGELOG.md * docs(changelog): highlight Opus 4.6 + Codex 5.3 first (cherry picked from commit f831c48e56705184195b69ebbf662f785b032ae4) * Fix QMD CLI installation link in memory.md (#8647) Correct the installation link for the QMD CLI in the documentation. (cherry picked from commit c80a09fc2f19c31b717bee9d06f5074ddf78ee4a) * Docs: fix broken /plugins links (#9308) * Docs: fix broken /plugins links to /plugin The documentation linked to /plugins which doesn't exist. The correct path is /plugin (singular) which contains the plugins overview documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: drop manual zh-CN doc edits from plugins link fix --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> (cherry picked from commit d1dc60774ba10bfdfa6d2167760e1172579227c9) # Conflicts: # docs/cli/memory.md * Fix repository links in formal-verification.md (#10200) Updated repository links for formal verification models. (cherry picked from commit 3d2fe9284eb6617bdb00f295c9e87472bd70e6b2) * Revert previous change from 'Clawdbot' to 'OpenClaw' in lore (#9119) (cherry picked from commit 4c1da23a710bd7a1ded7ca840bc51481b727c8e7) * chore(skills): remove bird skill (cherry picked from commit 31a7e4f9375f64ee3177bdc955cbe73dadfd96b1) # Conflicts: # docs/tools/exec-approvals.md # skills/bird/SKILL.md * docs(changelog): note CI pipeline optimization (#10784) (thanks @mcaxtr) (cherry picked from commit 875324e7c730f4ab99db14a405cf51ebf1228811) * chore(release): 2026.2.6-2 (cherry picked from commit ad4dd0422ea46d21ad336151ca6f2a63119e80f1) # Conflicts: # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/feishu/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/CHANGELOG.md # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/minimax-portal-auth/package.json # extensions/msteams/CHANGELOG.md # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/CHANGELOG.md # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/CHANGELOG.md # extensions/twitch/package.json # extensions/voice-call/CHANGELOG.md # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/CHANGELOG.md # extensions/zalo/package.json # extensions/zalouser/CHANGELOG.md # extensions/zalouser/package.json # package.json * chore(release): 2026.2.6-3 (cherry picked from commit 9f703a44dc954349d4c9571cba2f16b7fb3d2adc) # Conflicts: # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/feishu/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/CHANGELOG.md # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/minimax-portal-auth/package.json # extensions/msteams/CHANGELOG.md # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/CHANGELOG.md # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/CHANGELOG.md # extensions/twitch/package.json # extensions/voice-call/CHANGELOG.md # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/CHANGELOG.md # extensions/zalo/package.json # extensions/zalouser/CHANGELOG.md # extensions/zalouser/package.json # package.json * docs: add symptom-first troubleshooting hub and deep runbooks (#11196) * docs(troubleshooting): add symptom-first troubleshooting runbooks * docs(troubleshooting): fix approvals command examples * docs(troubleshooting): wrap symptom cases in accordions * docs(automation): clarify userTimezone missing-key behavior * docs(troubleshooting): fix first-60-seconds ladder order (cherry picked from commit 9a3f62cb86cd505d8ee490aa6a1fe9600d96ad65) # Conflicts: # docs/channels/troubleshooting.md # docs/gateway/troubleshooting.md # docs/help/troubleshooting.md * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list (#8105) * docs: add missing HEARTBEAT.md and MEMORY.md to bootstrap files list Fixes #7928 The documentation for skipBootstrap and workspace setup was missing HEARTBEAT.md and MEMORY.md from the bootstrap files list. Changes: - docs/gateway/configuration.md: Add HEARTBEAT.md and MEMORY.md - docs/zh-CN/gateway/configuration.md: Same for Chinese version - docs/start/openclaw.md: Add HEARTBEAT.md, clarify MEMORY.md is optional - docs/zh-CN/start/openclaw.md: Same for Chinese version * fix: reference PR number instead of issue in CHANGELOG * docs(workspace): align bootstrap file docs with runtime (#8105) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> (cherry picked from commit a4d5c7f6730a4648b20163f4194c43140df35da0) # Conflicts: # docs/start/clawd.md * adding PR review workflow (cherry picked from commit 6d1daf2ba5c8778f7cf0f6230c615e20b89eec2c) * added more explicit instructions (cherry picked from commit cde29fef715e4edf633be260051cdabab3db5dba) * Fix typo in FAQ regarding model configuration command (#6048) (cherry picked from commit 9201e140cb523fc9bac1362d6afef0efda415b88) # Conflicts: # docs/help/faq.md * Update CHANGELOG.md for version 2026.2.6-4: Added RPC methods for agent management, fixed context overflow recovery, improved LAN IP handling, enhanced memory retrieval, and updated media understanding for audio transcription. (cherry picked from commit a30c4f45c38434af6f4cac5bcc2cdd6b0bc6b336) # Conflicts: # CHANGELOG.md * docs: clarify onboarding instructions for beginners (#10956) (cherry picked from commit 9866a857a79a70bfe958034a2f462ff3a6150764) # Conflicts: # README.md * chore: updated PR review skills and workflow info on tests + fake timers (cherry picked from commit c27b03794afa19128c92430ced70ddac194b0842) * Fix Nix repository link in README (#7910) Updated Nix repository link in README. Co-authored-by: Josh <141778+bolapara@users.noreply.github.com> Co-authored-by: Seb Slight <19554889+sebslight@users.noreply.github.com> (cherry picked from commit 05a57e94a4b63d37bb5f063c2fe0466fa8299674) # Conflicts: # README.md * Docs: fix cron.update param name id → jobId (#11365) (#11467) * Docs: fix cron.update param name id → jobId (#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> (cherry picked from commit 0499656c5905e82f2bc492960708b8ef879a5e28) * fix(ui): smooth chat refresh scroll and suppress new-messages badge flash (cherry picked from commit bc475f0172d15a896596d35969441ff57e1356f2) # Conflicts: # CHANGELOG.md # ui/s…

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com> (cherry picked from commit 0499656)

@lailoo

…w#11467) * Docs: fix cron.update param name id → jobId (openclaw#11365) * Docs: sync zh-CN cron.update param name id → jobId * docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks @lailoo) --------- Co-authored-by: damaozi <1811866786@qq.com> Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>

openclaw-barnacle bot added the docs Improvements or additions to documentation label Feb 7, 2026

greptile-apps bot reviewed Feb 7, 2026

View reviewed changes

sebslight self-assigned this Feb 8, 2026

damaozi and others added 3 commits February 7, 2026 22:03

Docs: fix cron.update param name id → jobId (openclaw#11365)

41fa6f2

Docs: sync zh-CN cron.update param name id → jobId

e1f8b52

docs: revert manual zh-CN generated docs edit (openclaw#11467) (thanks …

04d3c9d

…@lailoo)

sebslight force-pushed the docs/cron-update-jobid-11365 branch from b80c283 to 04d3c9d Compare February 8, 2026 03:07

sebslight merged commit 0499656 into openclaw:main Feb 8, 2026
17 checks passed

github-actions bot mentioned this pull request Feb 8, 2026

cherry-pick: upstream docs commits (2026-02-08) hughdidit/DAISy-Agency#110

Closed

6 tasks

akoscz mentioned this pull request Feb 8, 2026

feat: pluggable secrets manager integration ($secret{NAME} syntax) #11539

Closed

3 tasks

github-actions bot mentioned this pull request Feb 8, 2026

cherry-pick: upstream docs commits (2026-02-08-2013) hughdidit/DAISy-Agency#118

Merged

6 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Docs: fix cron.update param name id → jobId (#11365)#11467

Docs: fix cron.update param name id → jobId (#11365)#11467
sebslight merged 3 commits intoopenclaw:mainfrom
lailoo:docs/cron-update-jobid-11365

lailoo commented Feb 7, 2026 •

edited

Loading

Uh oh!

lailoo commented Feb 7, 2026

Uh oh!

greptile-apps bot left a comment

Uh oh!

greptile-apps bot Feb 7, 2026

Uh oh!

lailoo commented Feb 7, 2026

Uh oh!

lailoo commented Feb 7, 2026

Uh oh!

Uh oh!

sebslight commented Feb 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

lailoo commented Feb 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changes

Uh oh!

lailoo commented Feb 7, 2026

Uh oh!

greptile-apps bot left a comment

Choose a reason for hiding this comment

Uh oh!

greptile-apps bot Feb 7, 2026

Choose a reason for hiding this comment

Uh oh!

lailoo commented Feb 7, 2026

Uh oh!

lailoo commented Feb 7, 2026

Uh oh!

Uh oh!

sebslight commented Feb 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

lailoo commented Feb 7, 2026 •

edited

Loading