Merged
Conversation
🔒 Aisle Security AnalysisWe found 1 potential security issue(s) in this PR:
1. 🟡 Information disclosure: external error replies include internal container/profile flags in re-auth command
Description
As a result, users in external channels can be shown internal operational identifiers (container names, deployment/profile names) that are not necessary for end-user remediation and may aid reconnaissance. Vulnerable flow:
Vulnerable code: const loginCommand = buildOAuthRefreshFailureLoginCommand(oauthRefreshFailure.provider);
return `... Re-auth with \`${loginCommand}\`, then try again.`;RecommendationAvoid including deployment-specific context (container/profile) in messages intended for external/untrusted recipients. Options:
Example: // For external chat messages: do not append --container/--profile
const loginCommand = formatCliCommand(
safeProvider
? `openclaw models auth login --provider ${safeProvider}`
: "openclaw models auth login",
{},
);If container/profile hints are required for internal operators, restrict them to control UI logs or admin-only channels instead of end-user chat responses. Analyzed PR: #63217 at commit Last updated on: 2026-04-08T16:03:28Z |
Contributor
Greptile SummaryThis PR fixes two related issues: a SecretRef timing bug where reply-run config was read before secret references were resolved (causing auth failures to mask the real OAuth issue), and missing user guidance when gateway OAuth refresh fails permanently. The fix moves Confidence Score: 5/5Safe to merge; only finding is a P2 UX improvement for the unknown-provider edge case in the reauth command string. All findings are P2 or lower. The core SecretRef timing fix and OAuth guidance surfacing are well-structured and covered by targeted tests. No logic, data-integrity, or security issues found. No files require special attention.
|
Comment on lines
+314
to
+320
| const loginCommand = oauthRefreshFailure.provider | ||
| ? `openclaw models auth login --provider ${oauthRefreshFailure.provider}` | ||
| : "openclaw models auth login --provider <provider>"; | ||
| if (oauthRefreshFailure.reason) { | ||
| return `⚠️ Model login expired on the gateway${oauthRefreshFailure.provider ? ` for ${oauthRefreshFailure.provider}` : ""}. Re-auth with \`${loginCommand}\`, then try again.`; | ||
| } | ||
| return `⚠️ Model login failed on the gateway${oauthRefreshFailure.provider ? ` for ${oauthRefreshFailure.provider}` : ""}. Please try again. If this keeps happening, re-auth with \`${loginCommand}\`.`; |
Contributor
There was a problem hiding this comment.
When oauthRefreshFailure.provider is null (i.e. the provider name could not be extracted from the error message), the user sees the literal string openclaw models auth login --provider <provider>. This is an unfilled template the user has to interpret rather than a copy-pasteable command.
A small improvement would be to drop the --provider flag when the provider is unknown, to avoid sending users a command they cannot run as-is:
Suggested change
| const loginCommand = oauthRefreshFailure.provider | |
| ? `openclaw models auth login --provider ${oauthRefreshFailure.provider}` | |
| : "openclaw models auth login --provider <provider>"; | |
| if (oauthRefreshFailure.reason) { | |
| return `⚠️ Model login expired on the gateway${oauthRefreshFailure.provider ? ` for ${oauthRefreshFailure.provider}` : ""}. Re-auth with \`${loginCommand}\`, then try again.`; | |
| } | |
| return `⚠️ Model login failed on the gateway${oauthRefreshFailure.provider ? ` for ${oauthRefreshFailure.provider}` : ""}. Please try again. If this keeps happening, re-auth with \`${loginCommand}\`.`; | |
| const loginCommand = oauthRefreshFailure.provider | |
| ? `openclaw models auth login --provider ${oauthRefreshFailure.provider}` | |
| : "openclaw models auth login"; |
Prompt To Fix With AI
This is a comment left during a code review.
Path: src/auto-reply/reply/agent-runner-execution.ts
Line: 314-320
Comment:
**Placeholder provider in user-facing reauth command**
When `oauthRefreshFailure.provider` is `null` (i.e. the provider name could not be extracted from the error message), the user sees the literal string `openclaw models auth login --provider <provider>`. This is an unfilled template the user has to interpret rather than a copy-pasteable command.
A small improvement would be to drop the `--provider` flag when the provider is unknown, to avoid sending users a command they cannot run as-is:
```suggestion
const loginCommand = oauthRefreshFailure.provider
? `openclaw models auth login --provider ${oauthRefreshFailure.provider}`
: "openclaw models auth login";
```
How can I resolve this? If you propose a fix, please make it concise.
Contributor
Author
There was a problem hiding this comment.
Addressed on 7b51bc8c58: provider ids parsed from OAuth refresh failures are now sanitized and validated before they are rendered into user-facing commands, and unknown or unsafe providers fall back to the generic openclaw models auth login command. Covered by the new unsafe-provider reply/doctor regressions.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a1415acba3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| const pendingToolTasks = new Set<Promise<void>>(); | ||
| const blockReplyTimeoutMs = opts?.blockReplyTimeoutMs ?? BLOCK_REPLY_SEND_TIMEOUT_MS; | ||
| followupRun.run.config = await resolveQueuedReplyExecutionConfig(followupRun.run.config); |
There was a problem hiding this comment.
Defer secret resolution until after queue-action check
This call now runs before the active-run queue policy is evaluated, so a second inbound message can fail before it ever reaches the enqueue-followup path when secret resolution throws (for example, gateway secrets.resolve unavailable or an unresolved target). In that case the follow-up message is not queued and is effectively dropped, whereas this code path should stay lightweight and queue first when another run is active.
Useful? React with 👍 / 👎.
Contributor
Author
There was a problem hiding this comment.
Addressed on 499ee3b519: direct reply secret resolution now runs only after the active-run queue policy has already chosen run-now, so concurrent inbound turns still enqueue/drop first instead of failing early. Covered by agent-runner-direct-runtime-config.test.ts.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7b51bc8c58
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Comment on lines
+134
to
136
| queued.run.config = await resolveQueuedReplyExecutionConfig(queued.run.config); | ||
| const replySessionKey = queued.run.sessionKey ?? sessionKey; | ||
| const runtimeConfig = resolveQueuedReplyRuntimeConfig(queued.run.config); |
There was a problem hiding this comment.
Preserve resolved queued config after secret resolution
After resolving SecretRefs, this code immediately calls resolveQueuedReplyRuntimeConfig again, which prefers the global runtime snapshot over queued.run.config. If the snapshot still contains unresolved SecretRefs (the same condition this patch is trying to fix), the freshly resolved config is discarded and preflight/model fallback helpers still read stale values, so queued followups can continue failing on unresolved secrets despite the new resolution step.
Useful? React with 👍 / 👎.
Contributor
Author
|
Follow-up hardening is in:
Verified on |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4540a1b455
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Comment on lines
+41
to
+42
| if (lower.includes("invalid refresh token")) { | ||
| return "invalid_refresh_token"; |
There was a problem hiding this comment.
Detect underscored invalid_refresh_token failures
Handle the common OAuth error token invalid_refresh_token in addition to the spaced phrase. Right now classifyOAuthRefreshFailureReason only checks for "invalid refresh token", so errors like "OAuth token refresh failed ... invalid_refresh_token" are classified as unknown/transient and downstream paths (reply failure text, doctor hints, and gateway status summaries) skip the stronger re-auth-required guidance for a permanent auth failure.
Useful? React with 👍 / 👎.
4540a1b to
68b7ffd
Compare
Contributor
Author
|
Merged via squash.
Thanks @mbelinky! |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 68b7ffd59e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Comment on lines
+121
to
+122
| const refreshReason = classifyOAuthRefreshFailureReason(msg ?? ""); | ||
| const msgShort = msg ? (refreshReason ? "re-auth required" : shorten(msg, 52)) : null; |
There was a problem hiding this comment.
Use OAuth error code when labeling re-auth required
In summarizeLogTail, permanence is inferred only from error.message, so payloads like {"error":{"code":"invalid_grant","message":"Bad request"}} are summarized without the re-auth required marker even though invalid_grant is a permanent OAuth refresh failure. This weakens the new guidance and can mislead operators into retrying instead of reauthenticating. Consider classifying from error.code (and/or combining code + message) before deciding msgShort.
Useful? React with 👍 / 👎.
eleqtrizit
pushed a commit
that referenced
this pull request
Apr 8, 2026
greidron
added a commit
to greidron/openclaw
that referenced
this pull request
Apr 10, 2026
* release: mirror bundled channel deps at root (openclaw#63065) Merged via squash. Prepared head SHA: ac26799 Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Reviewed-by: @scoootscooob * fix(test): keep warn log capture under openclaw temp dir * revert: undo background alive review findings fix * feat: add qa character vibes eval * test: stabilize plugin boundary invariants * test: isolate agent gateway cli command mocks * test: skip duplicate package boundary wrapper in ci * test: fix postpublish verifier sidecar handling * test: keep status tests off live usage probes * auto-reply: type status auth overrides * plugins: read contract inventory from manifests * test: inline cli metadata channel fixture * ci: skip duplicate full extension shard * test: isolate discord directory live token env * test: keep followup runner memory mock complete * ci: split parallel full suite into leaf shards * test: guard loader fixtures against broad sdk imports * test: keep bundled channel entry smokes descriptor-only * ci: reduce full suite test parallelism * test: avoid bundled test api smokes in matrix and telegram * test: keep discord and irc entry smokes descriptor-only * test: keep web provider artifact coverage manifest-only * test: keep provider policy artifact coverage narrow * test: keep web provider artifact test in boundary * test: keep status message tests off auth auto-detection * status: avoid plugin lookup for direct channel model overrides * channels: fast-path direct model override matches * test: restore manifest-only web provider coverage * fix: allow blank TLS manual port default (openclaw#63134) (thanks @Tyler-RNG) * make port optional for TLS manual connections * fix: restrict manual blank-port fallback to tls * fix: allow blank TLS manual port default (openclaw#63134) (thanks @Tyler-RNG) --------- Co-authored-by: Ayaan Zaidi <hi@obviy.us> * test: fix full suite CI test isolation * fix: align LLM idle timeout policy * test: exercise models json file mode without provider discovery * test: keep shared dm policy contract off channel facades * test: keep web provider artifact test in boundary * test: keep kilocode provider tests on plugin-owned helpers * ci: restore sequential full suite tests * test: keep public artifact coverage on cheap boundaries * test: keep openclaw tools registration tests on a fast shell * test: keep bundled metadata sidecar scan inventory-only * docs(inferrs): fix Gemma model id from gg-hf-gg to google (openclaw#62586) * fix: harden bundled plugin dependency release checks * ci: isolate full suite leaf shards * test: keep openclaw tools registration policy pure * fix: support Codex CLI QA auth * feat: add QA character eval reports * docs: document QA character eval workflow * refactor: dedupe media generation tool helpers * refactor: dedupe internal helper glue * refactor: dedupe shared helper branches * refactor: dedupe browser navigation guard tests * refactor: dedupe config and subagent tests * refactor: dedupe test helpers and script warning filter * refactor: dedupe plugin test harnesses * refactor: dedupe media runtime test mocks * refactor: dedupe plugin metadata test helpers * refactor: dedupe firecrawl and directive helpers * refactor: dedupe exec defaults tests * refactor: dedupe approval runtime tests * refactor: dedupe matrix exec approval tests * refactor: dedupe telegram exec approval tests * refactor: dedupe doctor codex oauth tests * refactor: dedupe agent command test fixtures * refactor: dedupe embedding provider test fixtures * refactor: share html entity tool call decoding * fix: keep minimax provider mocks package-local * test: keep pdf and update-plan registration tests pure * test: keep model reasoning override coverage on merge helpers * fix: default OpenAI reasoning effort to high * test: keep kimi implicit provider tests on provider catalog * fix(build): prune stale bundled plugin node_modules * fix(build): address bundled plugin prune review * fix(build): honor postinstall disable flag * test: keep chutes implicit provider tests on provider catalog * fix(plugin-sdk): export channel plugin base * docs: reorder changelog entries * test: keep bundled web-search owner checks on public artifacts * fix(build): keep tsdown prune best-effort * test: trust gateway exec fixture node path * fix: keep runtime task test harness behind task seams * test: explain gateway exec fixture trust * Reply: surface OAuth reauth failures (openclaw#63217) Merged via squash. Prepared head SHA: 68b7ffd Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * test: make character eval scenario natural * feat: add character eval model options * test: keep pi fs workspace tests on fs tool factories * test: keep media runtime tests on same-directory provider mocks * fix(android): auto-resume pairing approval * fix(android): prefer bootstrap auth on qr pairing * fix(android): reset auth on new setup codes * fix(android): tighten pairing retry behavior * fix(android): prefer stored device auth after pairing * fix: restore android qr pairing flow (openclaw#63199) * fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak (openclaw#63068) * fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak * fix(auto-reply): preserve substantive NO_REPLY leading text * fix(agents): preserve ACP silent-prefix cumulative deltas * fix(auto-reply): harden silent-token streaming paths * fix(auto-reply): normalize glued silent tokens consistently --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net> * fix(gateway): clear auto-fallback model override on session reset (openclaw#63155) * fix(gateway): clear auto-fallback model override on session reset When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in cb0a752 ("fix: preserve reset session behavior config") * fix(gateway): preserve explicit reset model selection * fix(gateway): track reset model override source * fix(gateway): preserve legacy reset model overrides * docs(changelog): add session reset merge note --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net> * test: stabilize ci test isolation * test: isolate volcengine byteplus auth resolver imports * fix: patch hono security advisories * fix: pass system prompt to codex cli * fix(plugins): prevent untrusted workspace plugins from hijacking bundled provider auth choices [AI] (openclaw#62368) * fix: address issue * fix: address review feedback * docs(changelog): add onboarding auth-choice guard entry * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback --------- Co-authored-by: Devin Robison <drobison@nvidia.com> * test: isolate provider runtime test mocks * feat(plugins): support provider auth aliases * feat(memory): add grounded REM backfill lane (openclaw#63273) Merged via squash. Prepared head SHA: 4450f25 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * feat(memory): harden grounded REM extraction (openclaw#63297) Merged via squash. Prepared head SHA: e188b7e Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * feat(ui): add dreaming diary controls and navigation (openclaw#63298) Merged via squash. Prepared head SHA: 0a2ae66 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * chore(ui): refresh zh-TW control ui locale * chore(ui): refresh zh-CN control ui locale * chore(ui): refresh pt-BR control ui locale * chore(ui): refresh de control ui locale * chore(ui): refresh es control ui locale * chore(ui): refresh ko control ui locale * chore(ui): refresh ja-JP control ui locale * chore(ui): refresh fr control ui locale * docs(matrix): tighten setup and config guidance * chore(ui): refresh tr control ui locale * chore(ui): refresh uk control ui locale * chore(ui): refresh pl control ui locale * chore(ui): refresh id control ui locale * test: stabilize full-suite execution * fix(matrix): contain sync outage failures (openclaw#62779) Merged via squash. Prepared head SHA: 901bb76 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * Align remote node exec event system messages with untrusted handling (openclaw#62659) * fix(nodes): downgrade remote exec system events * docs(changelog): add remote node exec event entry --------- Co-authored-by: Devin Robison <drobison@nvidia.com> * test: reuse image generate tool imports * test: reuse followup runner imports * docs(config): tighten wording in reference * test: harden provider mock isolation * fix(memory): accept embedded dreaming heartbeat tokens * test: harden Parallels macOS smoke fallback * build: narrow plugin SDK declaration build * fix(dotenv): block workspace runtime env vars (openclaw#62660) * fix(dotenv): block workspace runtime env vars Co-authored-by: zsx <git@zsxsoft.com> * docs(changelog): add workspace dotenv runtime-control entry * fix(dotenv): block workspace gateway port override --------- Co-authored-by: zsx <git@zsxsoft.com> Co-authored-by: Devin Robison <drobison@nvidia.com> * build: stage nostr runtime dependencies * fix: load QA live provider overrides * feat: parallelize character eval runs * auth: avoid external cli sync on profile upsert * test(doctor): mock memory-core runtime seam * auth: persist explicit profile upserts directly * Matrix: report startup failures as errors * fix(browser): harden browser control override loading (openclaw#62663) * fix(browser): harden browser control overrides * fix(lint): prepare boundary artifacts for extension oxlint * docs(changelog): add browser override hardening entry * fix(lint): avoid duplicate boundary prep --------- Co-authored-by: Devin Robison <drobison@nvidia.com> Co-authored-by: Devin Robison <drobison00@users.noreply.github.com> * test: reuse exec directive reply imports * test: reuse verbose directive reply imports * fix(browser): re-check interaction-driven navigations (openclaw#63226) * fix(browser): guard interaction-driven navigations * fix(browser): avoid rechecking unchanged interaction urls * fix(browser): guard delayed interaction navigations * fix(browser): guard interaction-driven navigations for full action duration * fix(browser): avoid waiting on interaction grace timer * fix(browser): ignore same-document hash-only URL changes in navigation guard * fix(browser): dedupe interaction nav guards * fix(browser): guard same-URL reloads in interaction navigation listeners * docs(changelog): add interaction navigation guard entry * fix(browser): drop duplicate ssrfPolicy props * fix(browser): tighten interaction navigation guards --------- Co-authored-by: Devin Robison <drobison@nvidia.com> * test: move directive state coverage to pure tests * fix: enable thinking support for the ollama api (openclaw#62712) Merged via squash. Prepared head SHA: c0b9950 Co-authored-by: hoyyeva <63033505+hoyyeva@users.noreply.github.com> Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com> Reviewed-by: @BruceMacD * Slack: treat ACP block text as visible output (openclaw#62858) Merged via squash. Prepared head SHA: 14f202e Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * fix: fail fast on qa live auth errors * fix: fail fast across qa scenario wait paths * test: cover qa scenario wait failure replies * fix: sanitize qa missing-key replies * test: cover sanitized qa missing-key replies * fix: align qa wait cursor semantics * test: cover mixed-traffic qa wait cursors * fix: classify curated qa missing-key replies * test: cover curated qa missing-key reply classification * fix: harden qa missing-key provider messages * test: cover unsafe qa missing-key providers * docs(changelog): add qa auth fail-fast entry (openclaw#63333) (thanks @shakkernerd) * fix(matrix/doctor): migrate legacy channels.matrix.dm.policy 'trusted' (fixes openclaw#62931) (openclaw#62942) Merged via squash. Prepared head SHA: d9f553b Co-authored-by: lukeboyett <46942646+lukeboyett@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * Memory/dreaming: feed grounded backfill into short-term promotion (openclaw#63370) Merged via squash. Prepared head SHA: 5dfe246 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * docs: update unreleased changelog * fix(gateway): classify dream diary actions * fix(memory): align dreaming status payloads * Memory/dreaming: harden grounded backfill follow-ups * test: reuse inline directive reply imports * Docs/memory: explain grounded backfill flows * fix(deps): patch basic-ftp advisory * test: move inline directive collisions to pure tests * Slack: dedupe partial streaming replies (openclaw#62859) Merged via squash. Prepared head SHA: cbecb50 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * test: replace exec directive e2e with pure coverage * fix(plugins): keep test helpers out of contract barrels (openclaw#63311) Merged via squash. Prepared head SHA: 769e90c Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf * test: move cron heartbeat delivery coverage below full turns * fix: inter-session messages must not overwrite established external lastRoute (openclaw#58013) Merged via squash. Prepared head SHA: 820ea20 Co-authored-by: duqaXxX <12242811+duqaXxX@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman * fix(gateway): suppress announce/reply skip chat leakage (openclaw#51739) Merged via squash. Prepared head SHA: 2f53f3b Co-authored-by: Pinghuachiu <9033138+Pinghuachiu@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman * Slack: key turn-local dedupe by dispatch kind Scope Slack turn-local delivery dedupe by reply dispatch kind so identical tool and final payloads on the same thread do not collapse into one send. Expose the existing dispatcher kind on the public reply-runtime seam and cover the Slack tracker and preview-fallback paths with regression tests. * Dreaming: surface grounded scene lane (openclaw#63395) Merged via squash. Prepared head SHA: 0c7f586 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * test: avoid runtime auth overlays in failure-state coverage * fix(ci): align ollama thinking expectations * chore(ui): refresh zh-CN control ui locale * chore(ui): refresh pt-BR control ui locale * chore(ui): refresh zh-TW control ui locale * chore(ui): refresh de control ui locale * test(docker): reduce e2e log noise * chore(ui): refresh es control ui locale * chore(ui): refresh fr control ui locale * chore(ui): refresh ja-JP control ui locale * chore(ui): refresh ko control ui locale * chore(ui): refresh uk control ui locale * chore(ui): refresh id control ui locale * chore(ui): refresh pl control ui locale * chore(ui): refresh tr control ui locale * fix: restore main ci * fix(ci): drop silent history before truncation * docs: reorder unreleased changelog * test(docker): quiet success-path e2e logs * style: sort session import * build: mirror bundled plugin runtime deps * plugins: load lightweight provider discovery entries * ci: narrow Windows node test lane * fix: filter provider auth aliases by plugin trust * fix: surface delayed browser navigation blocks * style: format memory and gateway touchups * Delete docs/plans directory Unused artifact * test: avoid remote ollama timeout in api-key preservation coverage * test: keep auth-choice default-model coverage on lightweight provider * test: keep undefined-token auth-choice coverage generic * fix: stabilize character eval and Qwen model routing * test: keep agent command tests off external auth overlays * fix openrouter model picker refs (openclaw#63416) * fix openrouter model picker refs Signed-off-by: sallyom <somalley@redhat.com> * test(ui): cover openrouter slash-id /model resolution --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: Vignesh Natarajan <vignesh.natarajan92@gmail.com> * ci: stabilize macOS and transcript policy tests * test: keep cli-provider agent command tests off external auth overlays * chore(lint): clear extension lint regressions and add openclaw#63416 changelog * test: update modelstudio catalog contract sentinel * test: update character eval public panel * fix: repair Windows dev-channel updater * test: move copilot models-json injection coverage to plan tests * plugin-sdk: split command status surface * plugin-sdk: keep command status compatibility path light * plugin-sdk: drop investigative weixin repro harness * tests: document config mock choice for eager warmup * fix: update command-status SDK baseline (openclaw#63174) (thanks @hxy91819) * test: cap broad live model sweeps * fix: drop raw gateway chat control replies * test: make shared-token reload deterministic * test: isolate agentic suite smoke tests * test: replace models-config matrix with narrow coverage * test: isolate onboard skills status mock * plugins: add lightweight anthropic vertex discovery * test: isolate model auth module state * test: isolate subagent registry resume imports * plugins: keep google provider policy lightweight * test: keep ollama unreachable discovery on localhost * test: mock auth profile external overlay in oauth tests * auth: avoid plugin setup scans during common auth resolution * fix(logging): break console/logger type cycle * fix(config): stop owner-display barrel cycles * fix(commands): split auth choice apply types * fix(infra): extract exec approvals allowlist types * fix(commands): split doctor prompt option types * chore: prepare 2026.4.9-beta.1 release * chore: refresh config schema version for 2026.4.9-beta.1 * chore: refresh plugin SDK API baseline * test: run local full suite project shards in parallel * wizard: add explicit skip option to plugin setup (openclaw#63436) * Wizard: allow skipping plugin setup * Agents: reset nodes tool test modules * tests: reset discord native-command seams in model picker (openclaw#63267) * ci: tolerate noisy npm pack json output * test: isolate slack thread-ts recovery * fix(msteams): isolate channel thread sessions by replyToId (openclaw#58615) (openclaw#62713) * fix(msteams): isolate thread sessions by replyToId (openclaw#58615) * fix(msteams): align thread ID extraction + fix test types * fix(msteams): route thread replies to correct thread via replyToId (openclaw#58030) (openclaw#62715) * fix(msteams): pin reply target at inbound time to prevent DM/channel leak (openclaw#54520) (openclaw#62716) * test: keep local full suite serial by default * chore: prepare 2026.4.9 stable release * Agents: guard legacy pi transport override * Agents: restore upstream pi runner sources --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: scoootscooob <zhentongfan@gmail.com> Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com> Co-authored-by: Tyler Warburton <Ethan.gold-Steinberg@protonmail.com> Co-authored-by: Ayaan Zaidi <hi@obviy.us> Co-authored-by: Eric Curtin <eric.curtin@docker.com> Co-authored-by: Mariano <mbelinky@gmail.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: Frank Yang <frank.ekn@gmail.com> Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net> Co-authored-by: Pavan Kumar Gondhi <pgondhi@nvidia.com> Co-authored-by: Devin Robison <drobison@nvidia.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: Agustin Rivera <31522568+eleqtrizit@users.noreply.github.com> Co-authored-by: zsx <git@zsxsoft.com> Co-authored-by: Devin Robison <drobison00@users.noreply.github.com> Co-authored-by: Eva H <63033505+hoyyeva@users.noreply.github.com> Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: lukeboyett <46942646+lukeboyett@users.noreply.github.com> Co-authored-by: Altay <altay@uinaf.dev> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: Accunza <12242811+duqaXxX@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Co-authored-by: Pinghuachiu <9033138+Pinghuachiu@users.noreply.github.com> Co-authored-by: Radek Sienkiewicz <mail@velvetshark.com> Co-authored-by: Sally O'Malley <somalley@redhat.com> Co-authored-by: Vignesh Natarajan <vignesh.natarajan92@gmail.com> Co-authored-by: Mason Huang <masonxhuang@tencent.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> Co-authored-by: pashpashpash <nik@vault77.ai> Co-authored-by: sudie-codes <suvenkat95@gmail.com>
25 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openclaw doctorand gateway status summaries to classify permanent OAuth refresh failures and print the reauth commandTesting
mb-server:OPENCLAW_TEST_PROFILE=serial OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test -- src/auto-reply/reply/agent-runner-direct-runtime-config.test.tsmb-server:OPENCLAW_TEST_PROFILE=serial OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test -- src/auto-reply/reply/followup-runner.test.ts -t "resolves queued embedded followups before preflight helpers read config"mb-server:OPENCLAW_TEST_PROFILE=serial OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test -- src/auto-reply/reply/agent-runner-execution.test.ts -t "surfaces gateway reauth guidance for known OAuth refresh failures"mb-server:OPENCLAW_TEST_PROFILE=serial OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test -- src/commands/doctor-auth.hints.test.tsmb-server:OPENCLAW_TEST_PROFILE=serial OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test -- src/commands/status-all/gateway.test.tsmb-server:OPENCLAW_LOCAL_CHECK=0 pnpm tsgo❌ existing unrelatedTS2883errors on untouched files underextensions/minimax,extensions/msteams,extensions/xai,src/agents/bash-tools.exec.ts, and shared test helpersNotes
jpclawhqalso required a separateopenai-codexreauth; that instance repair is not part of this PR