fix(browser): honor image sanitization config for screenshots by xx205 · Pull Request #84595 · openclaw/openclaw

xx205 · 2026-05-20T13:56:20Z

Summary

forward agents.defaults.imageMaxDimensionPx into browser screenshot tool results
forward the same image sanitization limits into snapshot --labels image results
add regression coverage for both browser image-returning paths

Problem

browser screenshot normalized images to the browser layer's <= 2000px limit first, but then returned them through imageResultFromFile() without passing runtime image sanitization config.

That meant the final tool image still fell back to the default 1200px sanitize limit, even when agents.defaults.imageMaxDimensionPx was configured higher. The same omission existed for browser snapshot --labels.

Fix

Thread runtime image sanitization limits into both browser image-returning call sites:

browser:screenshot
browser:snapshot when labels=true

This keeps browser tool image behavior aligned with the documented global image sanitization setting and with other OpenClaw image paths that already forward this config.

Verification

focused browser extension test suite passed:
- extensions/browser/src/browser-tool.test.ts (51 passed)
direct runtime check with the same input image showed:
- default config: final browser screenshot output still reduced to 1200x625
- imageMaxDimensionPx = 1920: final output became 1920x1000
- imageMaxDimensionPx = 2000: final output stayed at 2000x1042
- imageMaxDimensionPx = 3000: final output still stayed at 2000x1042, as expected because browser pre-normalization already caps screenshots at 2000px

Real behavior proof

Behavior or issue addressed: browser screenshot and browser snapshot --labels image results ignored agents.defaults.imageMaxDimensionPx on the final tool-image sanitize step, so a browser screenshot could still come out at 1200px even when the config was set higher.

Real environment tested: local OpenClaw checkout on macOS using the real browser screenshot normalization path plus the browser tool image-result path with a local PNG test image as the input.

Exact steps or command run after this patch: ran the browser screenshot runtime check against the patched branch, varying agents.defaults.imageMaxDimensionPx across default, 1920, 2000, and 3000, then inspected the generated image metadata.

Evidence after fix:

live output from runtime image metadata inspection:
normalized browser layer: 2000x1042, 246537 bytes, image/jpeg
default final output:    1200x625,  107491 bytes, image/jpeg
configured 1920:         1920x1000, 214162 bytes, image/jpeg
configured 2000:         2000x1042, 246537 bytes, image/jpeg
configured 3000:         2000x1042, 246537 bytes, image/jpeg

Observed result after fix: after the patch, browser-originated image results now honor the configured sanitize limit up to the browser layer's own 2000px ceiling. 1920 produces 1920x1000, 2000 produces 2000x1042, and 3000 does not exceed 2000x1042 because browser pre-normalization already caps that path.

What was not tested: a full remote provider call was not run; this proof covers the local browser screenshot normalization path and the actual browser tool image packaging and sanitize path.

clawsweeper · 2026-05-20T14:02:23Z

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

ClawSweeper keeps one durable marker-backed review comment per issue or PR.
Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
Maintainers can also comment @clawsweeper review to request a fresh review only.
Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch threads agents.defaults.imageMaxDimensionPx into browser screenshot and labeled snapshot image results, adds regression coverage and a changelog entry, and includes small repair-pass type/lint cleanup.

Reproducibility: yes. source-level reproduction is high confidence: current main calls imageResultFromFile without imageSanitization on both browser image-returning paths, while the shared sanitizer falls back to 1200px without an override.

PR rating
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Summary: Small, focused bug fix with direct runtime proof, source-backed root cause, and regression tests for both affected browser image-returning paths.

What the crustacean ranks mean

🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The PR body includes after-fix live runtime metadata output showing configured screenshot dimensions across default, 1920, 2000, and 3000 limits, directly exercising the changed image packaging path.

Risk before merge

This read-only review did not independently rerun the exact-head browser suite or a full remote provider/browser session; the verdict relies on source inspection, supplied live metadata proof, and recorded validation.

Maintainer options:

Decide the mitigation before merge
Land the narrow browser plugin fix after exact-head checks, preserving the default 1200px behavior while honoring configured higher limits within the browser layer's own cap.
Pause or close
Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No separate repair lane is needed; this automerge-opted PR has sufficient proof and no actionable findings, so exact-head checks can gate merge.

Security
Cleared: The diff threads an existing numeric config into local browser image result packaging and tests; it does not add dependencies, permissions, secret handling, downloads, or new execution paths.

Review details

Best possible solution:

Land the narrow browser plugin fix after exact-head checks, preserving the default 1200px behavior while honoring configured higher limits within the browser layer's own cap.

Do we have a high-confidence way to reproduce the issue?

Yes, source-level reproduction is high confidence: current main calls imageResultFromFile without imageSanitization on both browser image-returning paths, while the shared sanitizer falls back to 1200px without an override.

Is this the best way to solve the issue?

Yes; threading the existing runtime image limit into the existing imageResultFromFile sanitizer parameter is the narrow maintainable fix and keeps the plugin boundary intact.

Label justifications:

P2: This fixes documented browser tool image behavior with limited blast radius and focused regression coverage.
rating: 🦞 diamond lobster: Current PR rating is 🦞 diamond lobster because proof is 🦞 diamond lobster, patch quality is 🦞 diamond lobster, and Small, focused bug fix with direct runtime proof, source-backed root cause, and regression tests for both affected browser image-returning paths.
status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The PR body includes after-fix live runtime metadata output showing configured screenshot dimensions across default, 1920, 2000, and 3000 limits, directly exercising the changed image packaging path.
proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix live runtime metadata output showing configured screenshot dimensions across default, 1920, 2000, and 3000 limits, directly exercising the changed image packaging path.

What I checked:

Current screenshot path omits sanitizer config: On current main, browser:screenshot returns imageResultFromFile with label, path, and details only, so the documented image limit is not passed into final image packaging. (extensions/browser/src/browser-tool.ts:769, 1a7669bc63a0)
Current labeled snapshot path omits sanitizer config: On current main, browser:snapshot with labels also calls imageResultFromFile without imageSanitization. (extensions/browser/src/browser-tool.actions.ts:461, 1a7669bc63a0)
Shared sanitizer falls back to 1200px: The shared image sanitizer uses opts.maxDimensionPx ?? DEFAULT_IMAGE_MAX_DIMENSION_PX, and the default constant is 1200, matching the reported fallback when browser paths omit config. (src/agents/tool-images.ts:292, 1a7669bc63a0)
Config is documented and typed: agents.defaults.imageMaxDimensionPx is documented as controlling transcript/tool image downscaling and is present in the config schema/type contract. Public docs: docs/gateway/config-agents.md. (docs/gateway/config-agents.md:316, 1a7669bc63a0)
Adjacent image tools already pass config-derived limits: Current nodes and canvas image paths resolve agents.defaults.imageMaxDimensionPx and pass the resulting sanitizer limits into image packaging, supporting the PR's alignment claim. (src/agents/tools/nodes-tool.ts:135, 1a7669bc63a0)
PR diff fixes both affected browser call sites: The provided PR diff for head c01fde7990cf7c7555b05189e238d840b2fed8e1 adds resolveRuntimeImageSanitization() and passes it to both browser:screenshot and labeled browser:snapshot image results. (extensions/browser/src/browser-tool.ts:771, c01fde7990cf)

Likely related people:

Ayaan Zaidi: Current checkout blame points the browser image packaging call sites and shared image sanitizer defaults to this commit in local history. (role: recent area contributor; confidence: medium; commits: 357e3ecc65e3; files: extensions/browser/src/browser-tool.ts, extensions/browser/src/browser-tool.actions.ts, src/agents/image-sanitization.ts)
Peter Steinberger: Git history shows the browser plugin runtime package and browser tests were moved into the plugin in commits authored by this person, covering the affected files and test surface. (role: browser plugin refactor owner; confidence: medium; commits: 197510f69302, 9a7ceceffaa8; files: extensions/browser/src/browser-tool.ts, extensions/browser/src/browser-tool.actions.ts, extensions/browser/src/browser-tool.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 1a7669bc63a0.

clawsweeper · 2026-05-20T14:13:07Z

ClawSweeper PR egg

✨ Hatched: 🥚 common Tiny Merge Sprite

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

Merged PRs are hatchable.
Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: polishes edge cases.
Image traits: location CI tidepool; accessory rollback rope; palette amber, ink, and glacier blue; mood bright-eyed; pose stepping out of a freshly hatched shell; shell translucent glimmer shell; lighting subtle sparkle highlights; background soft code-shaped tiles.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Tiny Merge Sprite in ClawSweeper.

What is this egg doing here?

Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Takhoffman · 2026-05-20T15:13:55Z

@clawsweeper merge

Takhoffman · 2026-05-20T17:55:07Z

@clawsweeper automerge

clawsweeper · 2026-05-20T17:57:35Z

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=c01fde7990cf7c7555b05189e238d840b2fed8e1)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-20T20:09:33Z
Merge commit: d5cc0d53b7e3

What merged:

The branch threads agents.defaults.imageMaxDimensionPx into browser screenshot and labeled snapshot image results, adds regression coverage and a changelog entry, and includes small repair-pass type/lint cleanup.
Reproducibility: yes. source-level reproduction is high confidence: current main calls imageResultFromFil ... both browser image-returning paths, while the shared sanitizer falls back to 1200px` without an override.

Automerge notes:

PR branch already contained follow-up commit before automerge: fix(browser): honor image sanitization config for screenshots
PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-8459…

The automerge loop is complete.

Automerge progress:

2026-05-20 19:36:43 UTC automerge wait e05874ff5bb5 (blocked) in 15m 36s Run: https://github.com/openclaw/clawsweeper/actions/runs/26180395315 GitHub checks failed: checks-node-core-runtime-infra-state:FAILURE

2026-05-20 19:36:44 UTC repair finished e05874ff5bb5 (pushed) in 15m 37s Run: https://github.com/openclaw/clawsweeper/actions/runs/26180395315 repair_contributor_branch

2026-05-20 19:42:39 UTC review passed e05874ff5bb5 (structured ClawSweeper verdict: pass (sha=e05874ff5bb5159cb372d7d3bdc304223378d...)

2026-05-20 19:42:58 UTC repair queued e05874ff5bb5 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452

2026-05-20 19:45:55 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 automerge-openclaw-openclaw-84595

2026-05-20 19:48:13 UTC validation plan (passed) in 2m 18s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 pnpm check:changed; pnpm lint; pnpm check:test-types

2026-05-20 19:48:21 UTC Codex write preflight (passed) in 2m 26s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 danger-full-access

2026-05-20 19:57:41 UTC Codex edit 1 e05874ff5bb5 (complete) in 11m 47s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 exit 0

2026-05-20 17:55:07 UTC review queued e05874ff5bb5 (queued)

2026-05-20 20:01:39 UTC validation and review 1 c01fde7990cf (complete) in 15m 44s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 already-current

2026-05-20 20:01:46 UTC repair completed c01fde7990cf (branch updated) in 15m 51s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 initial automerge rebase is delegated to Codex repair

2026-05-20 20:01:46 UTC review queued c01fde7990cf (after repair)

2026-05-20 20:09:29 UTC automerge wait c01fde7990cf (ready) in 23m 34s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 checks and exact-head review are ready

2026-05-20 20:09:31 UTC repair finished c01fde7990cf (pushed) in 23m 36s Run: https://github.com/openclaw/clawsweeper/actions/runs/26185771452 repair_contributor_branch

2026-05-20 20:09:21 UTC review passed c01fde7990cf (structured ClawSweeper verdict: pass (sha=c01fde7990cf7c7555b05189e238d840b2fed...)

2026-05-20 20:09:35 UTC merged c01fde7990cf (merged by ClawSweeper automerge)

…5 (validation-1)

* fix(infra): restore symlink rejection in tryReadSecretFileSync The local wrapper added in 9e4eca0 swallowed all errors from @openclaw/fs-safe@0.2.7's tryReadSecretFileSync via a bare try/catch, silently downgrading every rejectSymlink: true caller (Telegram, LINE, Zalo, IRC, Nextcloud Talk credential files) to accept symlinked credential files. It also broke the infra-state CI shard's symlink expectation that #84595 had just realigned with the new fail-closed upstream contract. Restore the direct re-export so the upstream contract surfaces: undefined for blank/missing/not-found, FsSafeError for symlink, oversize, non-regular file, and hardlink validation failures. * test(plugins): align stale symlink tests with fail-closed contract 5 token/account resolver tests still asserted the pre-fs-safe-0.2.7 "silent skip" behavior (token: "", source: "none") on rejected symlinks; they passed only because the swallow-all wrapper in secret-file.ts hid the throw. Restoring the upstream fail-closed contract surfaces the throw, so update the tests to expect FsSafeError. inspectTelegramAccount reports credential status (its return type has an explicit configured_unavailable state for "configured but unreadable"), so its callsite is the right boundary to catch the FsSafeError and map it to configured_unavailable rather than letting the throw bubble. Affected: - extensions/zalo/src/token.test.ts - extensions/line/src/accounts.test.ts - extensions/telegram/src/token.test.ts - extensions/irc/src/accounts.test.ts - extensions/nextcloud-talk/src/setup.test.ts - extensions/telegram/src/account-inspect.ts (catch + report status)

…026.5.20) (#615) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://github.com/openclaw/openclaw)) | patch | `2026.5.19` → `2026.5.20` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/567) for more information. --- ### Release Notes <details> <summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary> ### [`v2026.5.20`](https://github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#2026520) [Compare Source](openclaw/openclaw@v2026.5.19...v2026.5.20) ##### Changes - Exec approvals: remove the old `cat SKILL.md && printf ... && <skill-wrapper>` allowlist compatibility path so skill files must be loaded with the read tool and only the real skill executable is auto-allowed. - Discord: let voice sessions follow configured Discord users into voice channels, with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation. ([#84264](openclaw/openclaw#84264)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Discord/voice: include bounded `IDENTITY.md`, `USER.md`, and `SOUL.md` profile context in realtime voice session instructions by default, with `voice.realtime.bootstrapContextFiles: []` available to disable it. ([#84499](openclaw/openclaw#84499)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Dependencies: bump the bundled Codex harness to `@openai/codex` `0.132.0` and refresh the app-server model-list docs for the new catalog. - CLI/policy: add the bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair. ([#80407](openclaw/openclaw#80407)) Thanks [@giodl73-repo](https://github.com/giodl73-repo). - Agents/config: allow `agents.list[].experimental.localModelLean` so lean local-model mode can be enabled for one configured agent instead of globally. - Providers/xAI: add device-code OAuth login so remote and headless setups can authorize xAI without a localhost browser callback. ([#84005](openclaw/openclaw#84005)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Providers/OpenRouter: honor provider-level `params.provider` routing policy for OpenRouter requests, with model and agent params overriding the defaults. Thanks [@amknight](https://github.com/amknight). ##### Fixes - CLI/tasks: include stale-running task maintenance decisions in `openclaw tasks maintenance --json` so retained and reconcile candidates explain backing-session, cron, CLI, and wedged-subagent state. ([#84691](openclaw/openclaw#84691)) Thanks [@efpiva](https://github.com/efpiva). - Codex app-server: keep system-prompt reports working when bootstrap hooks provide workspace files with only a path and content, so hook-supplied SOUL/IDENTITY/TOOLS/USER context still reports injected characters correctly. ([#84736](openclaw/openclaw#84736)) Thanks [@JARVIS-Glasses](https://github.com/JARVIS-Glasses). - Providers/MiniMax music: stop advertising `durationSeconds` control and remove prompt-injected duration hints, so `music_generate` reports MiniMax duration as an unsupported override instead of suggesting MiniMax can enforce track length. Fixes [#84508](openclaw/openclaw#84508). Thanks [@neeravmakwana](https://github.com/neeravmakwana). - Doctor: warn when sandbox tool policy hides configured MCP server tools before provider requests. ([#84699](openclaw/openclaw#84699)) Thanks [@nxmxbbd](https://github.com/nxmxbbd). - WhatsApp: update Baileys to `7.0.0-rc12`. - Build: suppress per-locale `rolldown-plugin-dts:fake-js` CommonJS dts warnings emitted while bundling the intentionally-inlined `zod/v4/locales/*.d.cts` files, so `pnpm build` output stays readable after the 0.25.1 plugin bump. Thanks [@romneyda](https://github.com/romneyda). - CLI/nodes: route lazy plugin-registration logs to stderr for JSON-mode `openclaw nodes` commands so stdout stays parseable. ([#84684](openclaw/openclaw#84684)) Thanks [@TurboTheTurtle](https://github.com/TurboTheTurtle). - Approvals: route manual `/approve` decisions through the trusted approval runtime so active exec and plugin approvals no longer look unknown or expired. - Mac app: update the About settings copyright year to 2026. ([#84385](openclaw/openclaw#84385)) Thanks [@pejmanjohn](https://github.com/pejmanjohn). - Dependencies: update `@openclaw/fs-safe` to `0.2.7` so OpenClaw's default Python-helper-off policy keeps best-effort Node write fallbacks for private stores, secret writes, run logs, and media attachments on Linux/macOS. - Infra/secrets: restore the fail-closed contract for `tryReadSecretFileSync` so credential loaders that pass `rejectSymlink: true` (Telegram, LINE, Zalo, IRC, Nextcloud Talk tokens) refuse symlinked credential files instead of silently accepting them, and the infra-state CI shard's secret-file symlink test passes again. Thanks [@romneyda](https://github.com/romneyda). - Browser: honor the configured image sanitization limit for screenshots and labeled snapshots so browser-captured images follow the same resize policy as other image results. ([#84595](openclaw/openclaw#84595)) - Doctor: remove unrecognized `models.providers.*.models[*].compat.thinkingFormat` values during `doctor --fix` so stale provider model config can validate after upgrade. Fixes [#77803](openclaw/openclaw#77803). - Doctor: warn when `openclaw.json` stores plaintext secret-bearing config fields, including model provider API keys and sensitive provider headers. ([#84718](openclaw/openclaw#84718)) Thanks [@lukaIvanic](https://github.com/lukaIvanic). - Status: show the configured default, session-selected model, reason, clear hint, and docs link when a session remains pinned to a model that differs from `agents.defaults.model.primary`. - WebChat: clear stale typing indicators when session change events mark the active chat run complete. - Mac app: keep local packaging signed with a stable app identity for permission testing and fix Control UI production builds under current Vite/Highlight.js exports. - macOS app: update the embedded Peekaboo bridge to 3.2.1 so OpenClaw-hosted UI automation works with current Peekaboo CLI capture flows. - Cron: deliver preferred final assistant output for successful scheduled runs when trailing plain tool warnings remain in diagnostics instead of marking the run failed. - fix(mattermost): fail closed on missing channel type \[AI]. ([#84091](openclaw/openclaw#84091)) Thanks [@pgondhi987](https://github.com/pgondhi987). - Recheck rebuilt system.run argv \[AI]. ([#84090](openclaw/openclaw#84090)) Thanks [@pgondhi987](https://github.com/pgondhi987). - CLI: keep the private QA subcommand out of exported command descriptors unless `OPENCLAW_ENABLE_PRIVATE_QA_CLI=1`, so root help and subcommand markers match runtime registration. ([#84519](openclaw/openclaw#84519)) - CLI/cron: bound `openclaw cron show` job lookup pagination so non-advancing or unbounded `cron.list` responses fail instead of hanging the command. Fixes [#83856](openclaw/openclaw#83856). ([#83989](openclaw/openclaw#83989)) - Agents/messages: stop message-tool-only turns after a successful source-channel `message` send while keeping transcript mirrors under the session write lock. ([#84289](openclaw/openclaw#84289)) - Agents: filter silent heartbeat response-tool transcript artifacts out of embedded context snapshots so later user turns are not polluted by heartbeat no-op messages. ([#83477](openclaw/openclaw#83477)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Agents/OpenAI: log repeated strict tool-schema downgrade diagnostics once per provider/model/tool signature, reducing duplicate debug noise while preserving `strict=false` fallback behavior. Fixes [#82930](openclaw/openclaw#82930). ([#82933](openclaw/openclaw#82933)) Thanks [@galiniliev](https://github.com/galiniliev). - Agents/code mode: spell out the `exec` tool's JavaScript/TypeScript, no Node module, and catalog-bridge constraints in model-visible schema text so agents can use enabled tools without trial-and-error. ([#84269](openclaw/openclaw#84269)) Thanks [@Kaspre](https://github.com/Kaspre). - Codex: give `image_generate` dynamic-tool calls a 120s default watchdog when no per-call or configured image timeout is set, so image generation no longer falls back to the generic 30s bridge timeout. ([#84254](openclaw/openclaw#84254)) Thanks [@moritzmmayerhofer](https://github.com/moritzmmayerhofer). - Codex: avoid duplicate dynamic tool terminal diagnostics while large diagnostic backlogs drain without blocking tool responses. ([#82937](openclaw/openclaw#82937)) Thanks [@galiniliev](https://github.com/galiniliev). - CLI/message: include a stable top-level `messageId` in `openclaw message --json` output when channel sends return one. ([#84191](openclaw/openclaw#84191)) Thanks [@100menotu001](https://github.com/100menotu001). - Cron: preserve legacy top-level array `jobs.json` stores when loading or adding scheduled jobs so old cron jobs are no longer treated as an empty store during upgrade. Fixes [#60799](openclaw/openclaw#60799). ([#84433](openclaw/openclaw#84433)) Thanks [@IWhatsskill](https://github.com/IWhatsskill). - Gateway/agents: use an agent's `identity.name` in Gateway agent summaries when `agents.list[].name` is unset, so configured agent labels remain visible in clients. ([#84355](openclaw/openclaw#84355); refs [#57835](openclaw/openclaw#57835)) Thanks [@luoyanglang](https://github.com/luoyanglang). - Channels/replies: keep normal `/verbose` failed-tool progress compact in message-tool replies and prevent late text-only tool output from appearing after the final answer. ([#84303](openclaw/openclaw#84303)) Thanks [@VACInc](https://github.com/VACInc). - Plugins/hooks: apply a default 30-second timeout to `before_compaction` and `after_compaction` hooks so a hung plugin handler no longer blocks compaction completion. ([#84153](openclaw/openclaw#84153)) - Discord: preserve disabled presentation buttons when adapting and rendering Discord message controls. ([#84188](openclaw/openclaw#84188)) Thanks [@100menotu001](https://github.com/100menotu001). - Twitch: add a test-only client-manager registry reset helper so non-isolated Twitch tests can clear cached managers between cases. Fixes [#83887](openclaw/openclaw#83887). ([#84244](openclaw/openclaw#84244)) Thanks [@hclsys](https://github.com/hclsys). - Cron: run main-session scheduled work on a cron-owned wake lane while preserving reply delivery context, so background cron turns no longer block human main-session chat. Fixes [#82766](openclaw/openclaw#82766). ([#82767](openclaw/openclaw#82767)) Thanks [@galiniliev](https://github.com/galiniliev). - Cron: use structured embedded-run denial metadata for isolated scheduled tasks so blocked exec requests fail the job without treating ordinary assistant prose as a denial. ([#84067](openclaw/openclaw#84067)) Thanks [@abnershang](https://github.com/abnershang). - Cron: keep recovered tool warnings diagnostic for successful scheduled runs so final cron output is delivered instead of being replaced by a post-processing warning. ([#84045](openclaw/openclaw#84045)) Thanks [@abnershang](https://github.com/abnershang). - Plugins/perf: thread explicit plugin discovery results through `loadBundledCapabilityRuntimeRegistry`, `resolveBundledPluginSources`, and `listChannelCatalogEntries` so callers that already hold a discovery result skip redundant filesystem walks. Thanks [@SebTardif](https://github.com/SebTardif). - harden update restart script creation \[AI]. ([#84088](openclaw/openclaw#84088)) Thanks [@pgondhi987](https://github.com/pgondhi987). - Docker: keep the bundled Codex plugin in official release image keep lists so the default OpenAI agent harness remains available after Docker pruning. Fixes [#83613](openclaw/openclaw#83613). ([#83626](openclaw/openclaw#83626)) Thanks [@YuanHanzhong](https://github.com/YuanHanzhong). - CLI/channels: preserve the first line of `openclaw channels logs` output when the rolling tail window starts exactly on a line boundary, mirroring the already-fixed `readLogSlice` behavior in `src/logging/log-tail.ts`. - Control UI: treat terminal session status as authoritative over stale active-run flags so completed terminal runs stop showing abort/live UI. ([#84057](openclaw/openclaw#84057)) - CLI: preserve embedded equals signs in inline root option values instead of truncating after the second separator. ([#83995](openclaw/openclaw#83995)) Thanks [@ThiagoCAltoe](https://github.com/ThiagoCAltoe). - Matrix/config: accept `messages.queue.byChannel.matrix` queue overrides and keep queue provider schema/type keys aligned for Matrix, Google Chat, and Mattermost. Thanks [@bdjben](https://github.com/bdjben). - CLI: format `openclaw acp client` failures through the shared error formatter so object-shaped errors stay readable instead of printing `[object Object]`. Fixes [#83904](openclaw/openclaw#83904). ([#84080](openclaw/openclaw#84080)) - Providers/Ollama: default unknown-capabilities models to tool-capable so discovered native Ollama models can use tools when `/api/show` omits capabilities. ([#84055](openclaw/openclaw#84055)) Thanks [@dutifulbob](https://github.com/dutifulbob). - Installer/Windows: launch `install.ps1` onboarding as an attached child process so fresh native Windows installs do not freeze visibly at `Starting setup...` or corrupt the wizard's terminal rendering. - CLI/update: keep restart health checks working across one-version CLI/Gateway protocol skew and use the managed Gateway service Node for all follow-up commands even when the package root is unchanged, so `openclaw update` no longer silently switches the gateway to a different Node binary when multiple Node installations are present. Thanks [@amknight](https://github.com/amknight). - CLI/gateway: include the running Gateway version in `gateway status` JSON output, preserving existing server metadata while falling back to status RPC data for read probes. Fixes [#56222](openclaw/openclaw#56222). Thanks [@galiniliev](https://github.com/galiniliev). - Memory/search: close local embedding providers when active-memory searches time out so pending local model loads and embedding contexts are aborted and released. ([#83858](openclaw/openclaw#83858)) Thanks [@brokemac79](https://github.com/brokemac79). - CLI/nodes: request pending node surface approval scopes before `openclaw nodes approve` so exec-capable node approval can use admin-scoped Gateway credentials instead of failing with `missing scope: operator.admin`. ([#84392](openclaw/openclaw#84392)) Thanks [@joshavant](https://github.com/joshavant). - Gateway: reject slow node event sends before outbound buffers grow unbounded and log the rejected payload diagnostic. ([#84387](openclaw/openclaw#84387)) Thanks [@samzong](https://github.com/samzong). - Agents: include bounded trajectory queued-writer diagnostics in `pi-trajectory-flush` timeout warnings so flush stalls show pending writes, queued bytes, and append state. Fixes [#82961](openclaw/openclaw#82961). ([#82962](openclaw/openclaw#82962)) Thanks [@galiniliev](https://github.com/galiniliev). - Agents/subagents: recover stale completion announces by retrying unsupported transcript-wait wakes without transcript waiting and forcing a message-tool handoff when the requester run is already stale. Fixes [#83699](openclaw/openclaw#83699). ([#83700](openclaw/openclaw#83700)) Thanks [@galiniliev](https://github.com/galiniliev). - Agents/subagents: constrain wildcard subagent target allowlists to configured agents while preserving explicitly listed compatibility targets. Fixes [#84040](openclaw/openclaw#84040). ([#84357](openclaw/openclaw#84357)) Thanks [@joshavant](https://github.com/joshavant). - Providers/Anthropic: route Anthropic model refs selected with Claude CLI auth through the Claude CLI runtime so shorthand refs such as `anthropic/opus-4.7` no longer fall back to embedded Anthropic billing. Fixes [#84222](openclaw/openclaw#84222). ([#84374](openclaw/openclaw#84374)) Thanks [@joshavant](https://github.com/joshavant). - Agents: honor explicit `models.providers.<id>.timeoutSeconds` values above the default idle watchdog for cloud and self-hosted providers, so long first-token waits no longer fall back at \~120s when the provider timeout is higher. ([#83979](openclaw/openclaw#83979)) Thanks [@yujiawei](https://github.com/yujiawei). - Agents/Codex: keep encrypted Responses reasoning replay provenance-bound so stale mirrored Codex transcripts drop invalid encrypted content before request assembly while preserving matching same-session replay. Fixes [#83836](openclaw/openclaw#83836). ([#84367](openclaw/openclaw#84367)) Thanks [@joshavant](https://github.com/joshavant). - Agents/subagents: skip stale embedded-run wake probes for dormant completion requesters, so late subagent completions go straight to requester-agent/direct handoff instead of producing `reason=no_active_run` queue noise. ([#82964](openclaw/openclaw#82964)) Thanks [@galiniliev](https://github.com/galiniliev). - CLI: retry config snapshot reads after a transient failure so one rejected read no longer poisons later commands in the same process. ([#83931](openclaw/openclaw#83931)) Thanks [@honor2030](https://github.com/honor2030). - Media: decode URL path basenames before using them as remote media fallback filenames, so files like `My%20Report.pdf` are surfaced as `My Report.pdf`. Fixes [#84050](openclaw/openclaw#84050). ([#84052](openclaw/openclaw#84052)) Thanks [@jbetala7](https://github.com/jbetala7). - WhatsApp: clarify inbound group diagnostics so observed but unregistered groups point to `channels.whatsapp.groups` without changing routing or sender authorization. ([#83846](openclaw/openclaw#83846)) Thanks [@neeravmakwana](https://github.com/neeravmakwana). - WhatsApp: drain pending outbound deliveries on a 30s periodic timer in addition to the reconnect handler, so messages enqueued while the provider is already connected no longer wait for the next reconnect to send. ([#79083](openclaw/openclaw#79083)) Thanks [@Oviemudiaga](https://github.com/Oviemudiaga). - CLI/TUI: include gateway plugin slash commands in TUI autocomplete, so connected sessions can suggest plugin-owned commands exposed by the running Gateway. ([#83640](openclaw/openclaw#83640)) Thanks [@se7en-agent](https://github.com/se7en-agent). - Gateway/mobile: restore QR setup-code handoff of bounded operator tokens for iOS and Android onboarding while keeping admin and pairing scopes out of bootstrap. ([#83684](openclaw/openclaw#83684)) Thanks [@ngutman](https://github.com/ngutman). - iOS: repair Release archive compilation for the TestFlight build. ([#84255](openclaw/openclaw#84255)) Thanks [@ngutman](https://github.com/ngutman). - Agents/compaction: bound plugin-owned CLI transcript compaction with the host safety timeout so a hung context engine can no longer stall post-turn cleanup. ([#84083](openclaw/openclaw#84083)) Thanks [@100yenadmin](https://github.com/100yenadmin). - Control UI/usage: truncate long context skill, tool, and file names in the usage panel while keeping the full name available on hover. ([#42197](openclaw/openclaw#42197)) Thanks [@Rain120](https://github.com/Rain120). - Codex: respect explicit `models auth order set` and `config.auth.order` precedence over stale `lastGood` in `/codex account`, and show `no working credential` when every explicit-order profile is ineligible instead of marking a lower-ranked profile as active. Fixes [#84386](openclaw/openclaw#84386). ([#84412](openclaw/openclaw#84412)) Thanks [@openperf](https://github.com/openperf). - Agents: honor `messages.suppressToolErrors` for mutating tool failures so configured chat surfaces do not receive separate warning payloads. ([#81561](openclaw/openclaw#81561)) Thanks [@moeedahmed](https://github.com/moeedahmed). - Agents/fallback: surface billing guidance for mixed rate-limit plus billing fallback exhaustion instead of generic failure copy. Fixes [#79396](openclaw/openclaw#79396). ([#79489](openclaw/openclaw#79489)) Thanks [@aayushprsingh](https://github.com/aayushprsingh). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.erwanleboucher.dev/eleboucher/homelab/pulls/615

…aw#84595) Summary: - The branch threads `agents.defaults.imageMaxDimensionPx` into browser screenshot and labeled snapshot image results, adds regression coverage and a changelog entry, and includes small repair-pass type/lint cleanup. - Reproducibility: yes. source-level reproduction is high confidence: current `main` calls `imageResultFromFil ... both browser image-returning paths, while the shared sanitizer falls back to `1200px` without an override. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(browser): honor image sanitization config for screenshots - PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-8459… Validation: - ClawSweeper review passed for head c01fde7. - Required merge gates passed before the squash merge. Prepared head SHA: c01fde7 Review: openclaw#84595 (comment) Co-authored-by: Xu Xiang <xx205@outlook.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: takhoffman Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>

…law#84711) * fix(infra): restore symlink rejection in tryReadSecretFileSync The local wrapper added in 9e4eca0 swallowed all errors from @openclaw/fs-safe@0.2.7's tryReadSecretFileSync via a bare try/catch, silently downgrading every rejectSymlink: true caller (Telegram, LINE, Zalo, IRC, Nextcloud Talk credential files) to accept symlinked credential files. It also broke the infra-state CI shard's symlink expectation that openclaw#84595 had just realigned with the new fail-closed upstream contract. Restore the direct re-export so the upstream contract surfaces: undefined for blank/missing/not-found, FsSafeError for symlink, oversize, non-regular file, and hardlink validation failures. * test(plugins): align stale symlink tests with fail-closed contract 5 token/account resolver tests still asserted the pre-fs-safe-0.2.7 "silent skip" behavior (token: "", source: "none") on rejected symlinks; they passed only because the swallow-all wrapper in secret-file.ts hid the throw. Restoring the upstream fail-closed contract surfaces the throw, so update the tests to expect FsSafeError. inspectTelegramAccount reports credential status (its return type has an explicit configured_unavailable state for "configured but unreadable"), so its callsite is the right boundary to catch the FsSafeError and map it to configured_unavailable rather than letting the throw bubble. Affected: - extensions/zalo/src/token.test.ts - extensions/line/src/accounts.test.ts - extensions/telegram/src/token.test.ts - extensions/irc/src/accounts.test.ts - extensions/nextcloud-talk/src/setup.test.ts - extensions/telegram/src/account-inspect.ts (catch + report status)

…aw#84595) Summary: - The branch threads `agents.defaults.imageMaxDimensionPx` into browser screenshot and labeled snapshot image results, adds regression coverage and a changelog entry, and includes small repair-pass type/lint cleanup. - Reproducibility: yes. source-level reproduction is high confidence: current `main` calls `imageResultFromFil ... both browser image-returning paths, while the shared sanitizer falls back to `1200px` without an override. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(browser): honor image sanitization config for screenshots - PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-8459… Validation: - ClawSweeper review passed for head c01fde7. - Required merge gates passed before the squash merge. Prepared head SHA: c01fde7 Review: openclaw#84595 (comment) Co-authored-by: Xu Xiang <xx205@outlook.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: takhoffman Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>

…law#84711) * fix(infra): restore symlink rejection in tryReadSecretFileSync The local wrapper added in 9e4eca0 swallowed all errors from @openclaw/fs-safe@0.2.7's tryReadSecretFileSync via a bare try/catch, silently downgrading every rejectSymlink: true caller (Telegram, LINE, Zalo, IRC, Nextcloud Talk credential files) to accept symlinked credential files. It also broke the infra-state CI shard's symlink expectation that openclaw#84595 had just realigned with the new fail-closed upstream contract. Restore the direct re-export so the upstream contract surfaces: undefined for blank/missing/not-found, FsSafeError for symlink, oversize, non-regular file, and hardlink validation failures. * test(plugins): align stale symlink tests with fail-closed contract 5 token/account resolver tests still asserted the pre-fs-safe-0.2.7 "silent skip" behavior (token: "", source: "none") on rejected symlinks; they passed only because the swallow-all wrapper in secret-file.ts hid the throw. Restoring the upstream fail-closed contract surfaces the throw, so update the tests to expect FsSafeError. inspectTelegramAccount reports credential status (its return type has an explicit configured_unavailable state for "configured but unreadable"), so its callsite is the right boundary to catch the FsSafeError and map it to configured_unavailable rather than letting the throw bubble. Affected: - extensions/zalo/src/token.test.ts - extensions/line/src/accounts.test.ts - extensions/telegram/src/token.test.ts - extensions/irc/src/accounts.test.ts - extensions/nextcloud-talk/src/setup.test.ts - extensions/telegram/src/account-inspect.ts (catch + report status)

…aw#84595) Summary: - The branch threads `agents.defaults.imageMaxDimensionPx` into browser screenshot and labeled snapshot image results, adds regression coverage and a changelog entry, and includes small repair-pass type/lint cleanup. - Reproducibility: yes. source-level reproduction is high confidence: current `main` calls `imageResultFromFil ... both browser image-returning paths, while the shared sanitizer falls back to `1200px` without an override. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(browser): honor image sanitization config for screenshots - PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-8459… Validation: - ClawSweeper review passed for head c01fde7. - Required merge gates passed before the squash merge. Prepared head SHA: c01fde7 Review: openclaw#84595 (comment) Co-authored-by: Xu Xiang <xx205@outlook.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: takhoffman Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>

…law#84711) * fix(infra): restore symlink rejection in tryReadSecretFileSync The local wrapper added in 9e4eca0 swallowed all errors from @openclaw/fs-safe@0.2.7's tryReadSecretFileSync via a bare try/catch, silently downgrading every rejectSymlink: true caller (Telegram, LINE, Zalo, IRC, Nextcloud Talk credential files) to accept symlinked credential files. It also broke the infra-state CI shard's symlink expectation that openclaw#84595 had just realigned with the new fail-closed upstream contract. Restore the direct re-export so the upstream contract surfaces: undefined for blank/missing/not-found, FsSafeError for symlink, oversize, non-regular file, and hardlink validation failures. * test(plugins): align stale symlink tests with fail-closed contract 5 token/account resolver tests still asserted the pre-fs-safe-0.2.7 "silent skip" behavior (token: "", source: "none") on rejected symlinks; they passed only because the swallow-all wrapper in secret-file.ts hid the throw. Restoring the upstream fail-closed contract surfaces the throw, so update the tests to expect FsSafeError. inspectTelegramAccount reports credential status (its return type has an explicit configured_unavailable state for "configured but unreadable"), so its callsite is the right boundary to catch the FsSafeError and map it to configured_unavailable rather than letting the throw bubble. Affected: - extensions/zalo/src/token.test.ts - extensions/line/src/accounts.test.ts - extensions/telegram/src/token.test.ts - extensions/irc/src/accounts.test.ts - extensions/nextcloud-talk/src/setup.test.ts - extensions/telegram/src/account-inspect.ts (catch + report status)

…aw#84595) Summary: - The branch threads `agents.defaults.imageMaxDimensionPx` into browser screenshot and labeled snapshot image results, adds regression coverage and a changelog entry, and includes small repair-pass type/lint cleanup. - Reproducibility: yes. source-level reproduction is high confidence: current `main` calls `imageResultFromFil ... both browser image-returning paths, while the shared sanitizer falls back to `1200px` without an override. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(browser): honor image sanitization config for screenshots - PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-8459… Validation: - ClawSweeper review passed for head c01fde7. - Required merge gates passed before the squash merge. Prepared head SHA: c01fde7 Review: openclaw#84595 (comment) Co-authored-by: Xu Xiang <xx205@outlook.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: takhoffman Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com>

…law#84711) * fix(infra): restore symlink rejection in tryReadSecretFileSync The local wrapper added in d024283 swallowed all errors from @openclaw/fs-safe@0.2.7's tryReadSecretFileSync via a bare try/catch, silently downgrading every rejectSymlink: true caller (Telegram, LINE, Zalo, IRC, Nextcloud Talk credential files) to accept symlinked credential files. It also broke the infra-state CI shard's symlink expectation that openclaw#84595 had just realigned with the new fail-closed upstream contract. Restore the direct re-export so the upstream contract surfaces: undefined for blank/missing/not-found, FsSafeError for symlink, oversize, non-regular file, and hardlink validation failures. * test(plugins): align stale symlink tests with fail-closed contract 5 token/account resolver tests still asserted the pre-fs-safe-0.2.7 "silent skip" behavior (token: "", source: "none") on rejected symlinks; they passed only because the swallow-all wrapper in secret-file.ts hid the throw. Restoring the upstream fail-closed contract surfaces the throw, so update the tests to expect FsSafeError. inspectTelegramAccount reports credential status (its return type has an explicit configured_unavailable state for "configured but unreadable"), so its callsite is the right boundary to catch the FsSafeError and map it to configured_unavailable rather than letting the throw bubble. Affected: - extensions/zalo/src/token.test.ts - extensions/line/src/accounts.test.ts - extensions/telegram/src/token.test.ts - extensions/irc/src/accounts.test.ts - extensions/nextcloud-talk/src/setup.test.ts - extensions/telegram/src/account-inspect.ts (catch + report status)