feat: support encrypted PDF extraction by steipete · Pull Request #87751 · openclaw/openclaw

steipete · 2026-05-28T18:21:27Z

Summary:

Add PDF password support to the fallback clawpdf document-extraction path.
Preserve the exact password string, including whitespace, and normalize clawpdf password failures into a clear tool error.
Document fallback-only password support and native-provider rejection for passworded PDF requests.

Verification:

pnpm docs:list
pnpm test src/media/pdf-extract.test.ts extensions/document-extract/document-extractor.test.ts src/agents/tools/pdf-tool.test.ts src/agents/tools/pdf-tool.helpers.test.ts
.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main, clean
GitHub CI run 26596421352, success

Behavior addressed: Password-protected PDFs can be read through the fallback clawpdf extractor when the caller supplies a password.
Real environment tested: Local macOS focused tests on the rebased PR branch plus GitHub CI.
Exact steps or command run after this patch: See Verification.
Evidence after fix: Focused tests passed; autoreview reported no accepted/actionable findings; GitHub CI run 26596421352 passed.
Observed result after fix: Password is threaded to clawpdf fallback extraction and native provider PDF paths reject unsupported password usage clearly.
What was not tested: Live native-provider encrypted-PDF upload, because password support is intentionally fallback-only.

clawsweeper · 2026-05-28T18:24:30Z

Codex review: needs real behavior proof before merge. Reviewed May 28, 2026, 3:18 PM ET / 19:18 UTC.

Summary
The branch adds a password parameter to the PDF tool, threads it through fallback document extraction to clawpdf, rejects password use on native PDF providers, and updates docs/tests.

PR surface: Source +39, Tests +116, Docs +18. Total +173 across 9 files.

Reproducibility: yes. for the review finding: source inspection shows password ? ... truthy guards in the PR patch, and clawpdf@0.2.0 also only passes the password pointer when truthy. I did not run a live encrypted PDF because this is a read-only review.

Review metrics: 1 noteworthy metric.

Public input/API fields: 2 added. The PR adds a PDF tool password parameter and a document-extractor request field, both of which become user/plugin-facing contracts before merge.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦐 gold shrimp
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

[P2] Add redacted real behavior proof showing a password-protected PDF succeeds through fallback extraction after this patch.
[P1] Fix or explicitly reject/document empty-string PDF passwords end-to-end, including the clawpdf behavior.
[P1] Get maintainer-visible acceptance for the new document-extractor request field before merge.

Proof guidance:

[P1] Needs real behavior proof before merge: The PR body provides focused tests/autoreview only; it still needs redacted real behavior proof such as terminal output, logs, screenshot, recording, or artifact showing an encrypted PDF succeeding through fallback extraction. Redact private data such as API keys, phone numbers, IPs, and non-public endpoints; updating the PR body should trigger a fresh ClawSweeper review, or a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

[P1] The PR adds DocumentExtractionRequest.password to an exported plugin SDK surface; maintainers need to accept that contract before merge.
[P2] The submitted proof is test/check-only, so there is no redacted real run showing fallback extraction opening an encrypted PDF after the patch.
[P1] Current head still drops empty-string passwords through truthy guards, and clawpdf@0.2.0 does the same internally, so the claimed exact-password behavior is incomplete.

Maintainer options:

Approve and tighten the API contract first (recommended)
Before merge, maintainers should explicitly accept DocumentExtractionRequest.password and require the PR to fix or document empty-password handling end-to-end.
Accept fallback-only scope as an additive contract
Maintainers can intentionally land the optional request field if they record that native providers and any unsupported empty-password case are out of scope.
Pause if the SDK field is not wanted
If password should stay tool-local rather than plugin-facing, pause this PR and redesign the fallback handoff before exposing it through the SDK.

Next step before merge

[P1] Maintainers need to approve the plugin SDK request-field contract and require contributor real behavior proof; automation cannot supply the contributor's live encrypted-PDF evidence.

Security
Cleared: No concrete supply-chain or secret-handling regression found; the diff adds a password value path but does not change dependencies, CI, persistence, or logging, and existing transcript redaction treats password fields as secret.

Review findings

[P2] Forward empty PDF passwords as explicit strings — src/agents/tools/pdf-tool.ts:494

Review details

Best possible solution:

Land fallback-only PDF password support after maintainer API approval, an explicit empty-password contract, focused coverage, and redacted real behavior proof; keep native providers rejecting passworded PDFs until they support that path.

Do we have a high-confidence way to reproduce the issue?

Yes for the review finding: source inspection shows password ? ... truthy guards in the PR patch, and clawpdf@0.2.0 also only passes the password pointer when truthy. I did not run a live encrypted PDF because this is a read-only review.

Is this the best way to solve the issue?

No, not yet. Threading the password through fallback extraction is the right general shape, but the PR still needs empty-string handling or a documented non-empty contract, maintainer approval for the SDK field, and real behavior proof.

Full review comments:

[P2] Forward empty PDF passwords as explicit strings — src/agents/tools/pdf-tool.ts:494
The new schema accepts any string and the PR says it preserves exact password text, but this truthy spread drops password: "" before fallback extraction; the same guard repeats in src/media/pdf-extract.ts, src/media/document-extractors.runtime.ts, and extensions/document-extract/document-extractor.ts, and clawpdf@0.2.0 also treats empty password as absent. An encrypted PDF whose user password is the empty string still cannot use the new path, so either support "" end-to-end or reject/document non-empty passwords only.
Confidence: 0.92

Overall correctness: patch is incorrect
Overall confidence: 0.89

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 2a5a9fd7202d.

Label changes

Label justifications:

P2: This is a bounded feature/improvement with real user value, but it has merge-readiness blockers rather than an urgent production regression.
merge-risk: 🚨 compatibility: The PR changes an exported plugin SDK request shape and PDF tool input contract, so maintainers need explicit API/upgrade acceptance beyond green tests.
rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🦐 gold shrimp.
status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body provides focused tests/autoreview only; it still needs redacted real behavior proof such as terminal output, logs, screenshot, recording, or artifact showing an encrypted PDF succeeding through fallback extraction. Redact private data such as API keys, phone numbers, IPs, and non-public endpoints; updating the PR body should trigger a fresh ClawSweeper review, or a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

PR surface:

Source +39, Tests +116, Docs +18. Total +173 across 9 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	5	41	2	+39
Tests	3	116	0	+116
Docs	1	18	0	+18
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	9	175	2	+173

What I checked:

Repository policy read: Root and scoped docs/extensions/agents/tools/plugins AGENTS.md files were read; plugin SDK compatibility and PR real-behavior proof policy apply to this review. (AGENTS.md:1, 2a5a9fd7202d)
Current main has no password path: Current main PDF tool schema and extraction calls do not accept or forward a PDF password, so this PR is adding a new user-facing capability rather than closing as already implemented. (src/agents/tools/pdf-tool.ts:61, 2a5a9fd7202d)
Plugin SDK surface is exported: openclaw/plugin-sdk/document-extractor re-exports DocumentExtractionRequest, and package.json exposes that subpath, so adding password changes an exported plugin API request shape. (src/plugin-sdk/document-extractor.ts:1, 2a5a9fd7202d)
PR still uses truthy password guards: Head f74bc3f adds password?: string, but forwards it only behind truthy spreads/checks in the tool, media extraction, document-extractor runtime, and bundled extractor path, so password: "" is treated as absent. (src/agents/tools/pdf-tool.ts:494, f74bc3fe3d23)
Dependency contract checked: clawpdf@0.2.0 defines OpenPdfOptions.password?: string and PdfPasswordError with code password, but its implementation also sends a password pointer only when options.password is truthy.
Contributor proof is test-only: The PR body reports focused local tests and autoreview, and explicitly says live native-provider encrypted-PDF upload was not tested; no redacted terminal output, logs, screenshot, recording, or artifact shows a real encrypted PDF succeeding after the patch. (f74bc3fe3d23)

Likely related people:

steipete: Current-main blame for the PDF tool schema, document-extractor request type, bundled PDF extractor, and PDF docs all traces to 5b79ab0901; the PR also targets the clawpdf path owned by that recent work. (role: feature/history owner; confidence: medium; commits: 5b79ab0901; files: src/agents/tools/pdf-tool.ts, src/plugins/document-extractor-types.ts, extensions/document-extract/document-extractor.ts)

What the crustacean ranks mean

🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

ClawSweeper keeps one durable marker-backed review comment per issue or PR.
Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
Maintainers can also comment @clawsweeper review to request a fresh review only.
Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4cd9bec8b8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-05-28T19:07:31Z

            maxPages: configuredMaxPages,
            maxPixels: PDF_MAX_PIXELS,
            minTextChars: PDF_MIN_TEXT_CHARS,
+            ...(password ? { password } : {}),


Preserve empty PDF passwords

When a caller passes password: "" for an encrypted PDF whose user password is the empty string, this truthy spread drops the password before extraction; the same truthy checks in src/media/pdf-extract.ts, src/media/document-extractors.runtime.ts, and extensions/document-extract/document-extractor.ts then also omit it from clawpdf.open. Since the new schema accepts any string and the tests intentionally preserve password whitespace, an empty string should be forwarded as an explicit password rather than treated as absent.

Useful? React with 👍 / 👎.

…026.5.28) (#759) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://github.com/openclaw/openclaw)) | patch | `2026.5.27` → `2026.5.28` | --- ### Release Notes <details> <summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary> ### [`v2026.5.28`](https://github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#2026528) [Compare Source](openclaw/openclaw@v2026.5.27...v2026.5.28) ##### Highlights - Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort while live OpenClaw locks survive cleanup, stale restart continuations are avoided, and Codex app-server/helper failures no longer tear down shared runtime state. ([#87218](openclaw/openclaw#87218), [#86875](openclaw/openclaw#86875), [#87409](openclaw/openclaw#87409), [#87399](openclaw/openclaw#87399), [#87375](openclaw/openclaw#87375), [#88129](openclaw/openclaw#88129)) - Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, runtime-config message actions, WhatsApp profile auth roots, Telegram polling, and Microsoft Teams service URL trust checks. ([#73706](openclaw/openclaw#73706), [#75670](openclaw/openclaw#75670), [#87366](openclaw/openclaw#87366), [#87451](openclaw/openclaw#87451), [#87334](openclaw/openclaw#87334), [#84535](openclaw/openclaw#84535), [#82492](openclaw/openclaw#82492), [#83304](openclaw/openclaw#83304), [#87160](openclaw/openclaw#87160)) - Mobile and chat surfaces got a broader refresh: the iOS Pro UI, hosted push relay default, realtime Talk tab playback, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker behavior now preserve more state across reconnects and empty searches. ([#87367](openclaw/openclaw#87367), [#87531](openclaw/openclaw#87531), [#87682](openclaw/openclaw#87682), [#88096](openclaw/openclaw#88096), [#88105](openclaw/openclaw#88105)) Thanks [@ngutman](https://github.com/ngutman) and [@BunsDev](https://github.com/BunsDev). - Browser, channel, and automation inputs are stricter: Browser tool timeouts, viewport/tab indices, Gateway ports, cron retry handling, Discord component ids, schema array refs, Telegram callback pages, and channel progress callbacks now reject malformed values earlier and preserve the intended delivery context. ([#82887](openclaw/openclaw#82887)) - Provider, media, and document coverage expands with Claude Opus 4.8, Fal Krea image schemas, NVIDIA featured models, MiniMax streaming music responses, encrypted PDF extraction, voice model catalogs, GitHub Copilot agent runtime support, and a Codex Supervisor plugin path for delegated Codex workflows. ([#87845](openclaw/openclaw#87845), [#87890](openclaw/openclaw#87890), [#80775](openclaw/openclaw#80775), [#84764](openclaw/openclaw#84764), [#87751](openclaw/openclaw#87751), [#87794](openclaw/openclaw#87794)) - CLI, auth, doctor, and provider paths fail faster and recover more clearly: malformed numeric/version options are rejected, workspace dotenv provider credentials are ignored, heartbeat defaults, OAuth/token lifetimes, and local service startup requests are bounded, agent auth health labels are clearer, legacy `api_key` auth profiles migrate to canonical form, and restart guidance is actionable. ([#87398](openclaw/openclaw#87398), [#86281](openclaw/openclaw#86281), [#87361](openclaw/openclaw#87361), [#88133](openclaw/openclaw#88133), [#83655](openclaw/openclaw#83655), [#87559](openclaw/openclaw#87559), [#88088](openclaw/openclaw#88088), [#85924](openclaw/openclaw#85924)) Thanks [@vincentkoc](https://github.com/vincentkoc) and [@giodl73-repo](https://github.com/giodl73-repo). - Plugin and Gateway hot paths do less repeated work while preserving cache correctness for install records, config JSON parsing, tool search catalogs, session stores, manifest model rows, auto-enabled plugin config, browser tokens, viewer assets, and release-split external plugin packages. ([#86699](openclaw/openclaw#86699)) - Release, QA, and E2E validation now bound more log, artifact, harness, and cross-OS waits so failing lanes produce proof instead of hanging or false-greening. ##### Changes - Status: show active subagent details in status output. - Diffs: split the default language pack and expand default Diffs language coverage while keeping the host floor aligned. ([#87370](openclaw/openclaw#87370), [#87372](openclaw/openclaw#87372)) Thanks [@RomneyDa](https://github.com/RomneyDa). - ClawHub: add plugin display names plus skill verification and trust surfaces. ([#87354](openclaw/openclaw#87354), [#86699](openclaw/openclaw#86699)) Thanks [@thewilloftheshadow](https://github.com/thewilloftheshadow) and [@Patrick-Erichsen](https://github.com/Patrick-Erichsen). - iOS: refresh the dev app with Pro Command, Chat, Agents, Settings, hosted push relay defaults, and realtime Talk playback wired to gateway sessions, diagnostics, chat, and realtime Talk. ([#87367](openclaw/openclaw#87367), [#88096](openclaw/openclaw#88096), [#88105](openclaw/openclaw#88105)) Thanks [@Solvely-Colin](https://github.com/Solvely-Colin) and [@ngutman](https://github.com/ngutman). - Docs: clarify Codex computer-use setup, paste-token stdin auth setup, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, install deployment cards, device-token admin gating, CLI setup flow compatibility, Notte cloud browser CDP setup, and backport targets. ([#87313](openclaw/openclaw#87313), [#63050](openclaw/openclaw#63050), [#87685](openclaw/openclaw#87685)) Thanks [@bdjben](https://github.com/bdjben), [@liaoandi](https://github.com/liaoandi), and [@thewilloftheshadow](https://github.com/thewilloftheshadow). - PDF/tools: use ClawPDF for PDF extraction, support encrypted PDF extraction, and surface MCP structured content in agent tool results. ([#87670](openclaw/openclaw#87670), [#87751](openclaw/openclaw#87751)) - Providers: add Claude Opus 4.8 support, Fal Krea image model schemas, NVIDIA featured model catalogs, MiniMax streaming music responses, and provider-backed voice model catalogs. ([#87845](openclaw/openclaw#87845), [#87890](openclaw/openclaw#87890), [#80775](openclaw/openclaw#80775), [#84764](openclaw/openclaw#84764), [#87794](openclaw/openclaw#87794)) Thanks [@eleqtrizit](https://github.com/eleqtrizit) and [@vincentkoc](https://github.com/vincentkoc). - Codex/GitHub: add the GitHub Copilot agent runtime and the Codex Supervisor plugin package. - Plugins: externalize GitHub Copilot and Tokenjuice as official install-on-demand plugins with npm and ClawHub publish metadata. - Workboard: add agent coordination tools for tracking and handing off active agent work. - Discord: show commentary in progress drafts so live Discord runs expose useful in-progress context. ([#85200](openclaw/openclaw#85200)) - Plugin SDK: add a reply payload sending hook for plugins that need to deliver channel-owned replies and flatten package types for SDK declarations. ([#82823](openclaw/openclaw#82823), [#87165](openclaw/openclaw#87165)) Thanks [@piersonr](https://github.com/piersonr) and [@RomneyDa](https://github.com/RomneyDa). - Policy: add policy comparison, ingress-channel conformance, and sandbox-posture conformance checks. ([#85572](openclaw/openclaw#85572), [#85744](openclaw/openclaw#85744), [#86768](openclaw/openclaw#86768)) ##### Fixes - Agents: fall back to local config pruning when the optional `agents delete` Gateway probe cannot authenticate, so offline installs can still delete agents without removing shared workspaces. - Tighten phone-control mutation authorization \[AI]. ([#87150](openclaw/openclaw#87150)) Thanks [@pgondhi987](https://github.com/pgondhi987). - Clarify directive persistence authorization policy \[AI]. ([#86369](openclaw/openclaw#86369)) Thanks [@pgondhi987](https://github.com/pgondhi987). - Agents/Codex: keep spawned agent cwd/workspace state separated, forward ACP spawn attachments, keep hook context prompt-local, release session locks on timeout abort and runtime teardown without deleting live OpenClaw-owned locks during cleanup, avoid session event queue self-wait, clean up exec abort listeners, stream assistant deltas incrementally, recover raw missing-thread compaction failures, preserve rotated compaction session identity, keep compaction-timeout snapshots continuable, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts and prune stale bridge files, close native hook relay replacement races, keep Claude live tool progress visible for watchdog recovery, suppress abandoned requester completion handoff, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format `skills` command output, bind node auto-review to prepared plans, retry Claude CLI transcript probes, and bound compaction/steering retries. ([#87218](openclaw/openclaw#87218), [#86875](openclaw/openclaw#86875), [#86123](openclaw/openclaw#86123), [#88129](openclaw/openclaw#88129), [#87399](openclaw/openclaw#87399), [#87375](openclaw/openclaw#87375), [#72574](openclaw/openclaw#72574), [#87383](openclaw/openclaw#87383), [#87400](openclaw/openclaw#87400), [#83022](openclaw/openclaw#83022), [#87671](openclaw/openclaw#87671), [#87738](openclaw/openclaw#87738), [#87747](openclaw/openclaw#87747), [#87706](openclaw/openclaw#87706), [#87546](openclaw/openclaw#87546), [#87541](openclaw/openclaw#87541), [#81048](openclaw/openclaw#81048)) Thanks [@mbelinky](https://github.com/mbelinky), [@Alix-007](https://github.com/Alix-007), [@luoyanglang](https://github.com/luoyanglang), [@yetval](https://github.com/yetval), [@sjf](https://github.com/sjf), [@joshavant](https://github.com/joshavant), [@benjamin1492](https://github.com/benjamin1492), [@c19354837](https://github.com/c19354837), [@fuller-stack-dev](https://github.com/fuller-stack-dev), [@pfrederiksen](https://github.com/pfrederiksen), and [@dodge1218](https://github.com/dodge1218). - Codex Supervisor: keep real-home app-server MCP session listing on the loaded state path, bound stored history scans, and close WebSocket probes cleanly. - Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, resolve Gateway message actions against the active runtime config, preserve Telegram SecretRef prompt config and polling keepalives, preserve WhatsApp profile auth roots, QR display, document filenames, and plugin hook config, suppress Discord recovered tool warnings, preserve the Discord voice outbound helper, cap Discord/Signal/Zalo channel request and container timeouts, and block untrusted Teams service URLs while keeping TeamsSDK patterns aligned. ([#73706](openclaw/openclaw#73706), [#75670](openclaw/openclaw#75670), [#87366](openclaw/openclaw#87366), [#87451](openclaw/openclaw#87451), [#87465](openclaw/openclaw#87465), [#87334](openclaw/openclaw#87334), [#84535](openclaw/openclaw#84535), [#76262](openclaw/openclaw#76262), [#83304](openclaw/openclaw#83304), [#82492](openclaw/openclaw#82492), [#87581](openclaw/openclaw#87581), [#77114](openclaw/openclaw#77114), [#86426](openclaw/openclaw#86426), [#85529](openclaw/openclaw#85529), [#87160](openclaw/openclaw#87160)) Thanks [@zeroaltitude](https://github.com/zeroaltitude), [@lukeboyett](https://github.com/lukeboyett), [@jarvis-mns1](https://github.com/jarvis-mns1), [@xiaotian](https://github.com/xiaotian), [@funmerlin](https://github.com/funmerlin), [@joshavant](https://github.com/joshavant), [@eleqtrizit](https://github.com/eleqtrizit), [@heyitsaamir](https://github.com/heyitsaamir), [@amittell](https://github.com/amittell), [@lidge-jun](https://github.com/lidge-jun), [@liorb-mountapps](https://github.com/liorb-mountapps), [@masatohoshino](https://github.com/masatohoshino), [@bladin](https://github.com/bladin), and [@giodl73-repo](https://github.com/giodl73-repo). - CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, ignore workspace dotenv provider credentials, wait for respawn child shutdown, bound heartbeat defaults plus Codex, GitHub Copilot, OpenAI, Anthropic, Google, Feishu, LM Studio, MiniMax, Xiaomi TTS, and local-provider OAuth/token/model requests, harden Codex auth probes, label auth health by agent, preserve explicit agentRuntime pins during Codex model migration, warm provider auth off the main thread, honor Codex response timeouts, stop migrating current Claude Haiku 4.5 profiles to Sonnet, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical `api_key` auth profiles, and make doctor restart follow-ups actionable. ([#87398](openclaw/openclaw#87398), [#86281](openclaw/openclaw#86281), [#87361](openclaw/openclaw#87361), [#88133](openclaw/openclaw#88133), [#83655](openclaw/openclaw#83655), [#87559](openclaw/openclaw#87559), [#87719](openclaw/openclaw#87719), [#88088](openclaw/openclaw#88088), [#85924](openclaw/openclaw#85924), [#84362](openclaw/openclaw#84362)) Thanks [@Patrick-Erichsen](https://github.com/Patrick-Erichsen), [@samzong](https://github.com/samzong), [@giodl73-repo](https://github.com/giodl73-repo), [@alkor2000](https://github.com/alkor2000), [@mmaps](https://github.com/mmaps), [@nxmxbbd](https://github.com/nxmxbbd), and [@vincentkoc](https://github.com/vincentkoc). - Gateway/security/session state: expire browser tokens after auth rotation, scope assistant idempotency dedupe, drain probe client closes, avoid stale restart continuation reuse, preserve retry-after fallbacks and stale rate-limit cooldown probes, bound webchat image and artifact transcript scans, include seconds in inbound metadata timestamps, clear completed session active runs, clear stale chat stream buffers, and evict current plugin-state namespaces at row caps. ([#87810](openclaw/openclaw#87810), [#87833](openclaw/openclaw#87833), [#75089](openclaw/openclaw#75089)) Thanks [@joshavant](https://github.com/joshavant) and [@litang9](https://github.com/litang9). - Config/parsing/network: reject partial numeric parsing, parse provider/Discord retry headers and dates strictly, honor IPv6 and bare IPv6 `no_proxy` entries, preserve empty plugin allowlists, canonicalize secret target array indexes, and reject malformed media content lengths, inspected TCP ports, marketplace content lengths, cron epochs, sandbox stat fields, unsafe duration values, empty config path segments, noncanonical schema array refs, unsafe Telegram callback pages, and invalid Teams attachment-fetch DNS targets. ([#87883](openclaw/openclaw#87883)) Thanks [@zhangguiping-xydt](https://github.com/zhangguiping-xydt). - Browser/input hardening: reject invalid tab indexes, excessive viewport resizes, explicit zero CDP ports, malformed geolocation options, unsafe screenshot or permission-grant timeouts, loose response-body limits, invalid cookie expiries, and non-finite Browser tool delays/timeouts. - Cron/automation: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot, and preflight model fallbacks before skipping scheduled work. ([#82887](openclaw/openclaw#82887)) Thanks [@chen-zhang-cs-code](https://github.com/chen-zhang-cs-code). - Auto-reply/directives: respect provider and relayed channel metadata during directive persistence so channel-originated decisions keep their intended context. ([#87683](openclaw/openclaw#87683)) - WhatsApp: resolve the auth directory from the active profile so profile-scoped WhatsApp installs do not drift to the wrong credential root. ([#82492](openclaw/openclaw#82492)) Thanks [@lidge-jun](https://github.com/lidge-jun). - Gateway/session state: clear completed session active runs, avoid cold-loading providers for MCP inventory, cache single-session child indexes, cap handshake timers, and bound preauth, auth-guard, media, transcript, readiness, and port options. - Channels/replies: preserve channel-owned progress callbacks when verbose output is off, keep group-room progress suppression intact, prefer external session delivery context, escape Discord component id delimiters, force final TUI chat repaints, show Slack reasoning previews, and normalize Discord/Matrix/Mattermost channel numeric options. ([#87476](openclaw/openclaw#87476), [#87423](openclaw/openclaw#87423)) - Agents/tool args: harden smart-quoted argument repair for edit arrays and exact escaped arguments so model-produced tool calls recover without corrupting valid input. ([#86611](openclaw/openclaw#86611)) Thanks [@ferminquant](https://github.com/ferminquant). - Providers/agents: preserve seeded Anthropic signatures, preserve signed thinking payloads, concatenate signature-delta chunks, preserve DeepSeek `reasoning_content` replay across tier suffixes, apply OpenRouter strict9 ids to Mistral routes, promote Ollama plain-text tool calls, load NVIDIA featured model catalogs, stream MiniMax music generation responses, and recover empty preflight compaction. ([#87593](openclaw/openclaw#87593), [#87493](openclaw/openclaw#87493), [#80775](openclaw/openclaw#80775), [#84764](openclaw/openclaw#84764)) Thanks [@Pluviobyte](https://github.com/Pluviobyte) and [@eleqtrizit](https://github.com/eleqtrizit). - Media/images: skip CLI image cache refs when resolving generated images, allow trusted generated HTML attachments, and bound generated video downloads so stale refs and slow providers fail cleanly. ([#87523](openclaw/openclaw#87523), [#87982](openclaw/openclaw#87982)) - File transfer: handle late tar stdin pipe errors after archive validation or unpacking has already settled. - Performance: trust install-record caches between reloads, prefer native JSON parsing, reuse unchanged tool-search catalogs, reuse gateway session and plugin metadata paths, skip unchanged store serialization, patch single-entry session writes, add precomputed session patch writers, reduce store clone allocations, cache manifest model catalog rows and auto-enabled plugin config, avoid full session snapshots for entry reads, defer configured Slack full startup, prefer bundled plugin dist entries, and slim current metadata identity caches. ([#87760](openclaw/openclaw#87760)) - Docker/release/QA: package runtime workspace templates, stream cross-OS served artifacts, preserve sparse Crabbox run artifacts, isolate npm plugin installs per package, reject incompatible package plugin API installs, drop the leftover root Sharp dependency from package manifests after the Rastermill migration, bound OpenClaw instance logs, plugin gauntlet relay logs, MCP channel buffers, kitchen-sink scans, agent-turn assertions, QA-Lab credential broker calls, QA Matrix substrate requests, and release scenario logs, and keep release/google live guards current. ([#87647](openclaw/openclaw#87647), [#87477](openclaw/openclaw#87477)) Thanks [@rohitjavvadi](https://github.com/rohitjavvadi) and [@vincentkoc](https://github.com/vincentkoc). - Release/CI: bound manual git fetches, ClawHub verifier responses, ClawHub owner metadata, dependency-guard error bodies, Parallels limits, startup/test/memory budget parsing, and diffs viewer build warnings so release lanes fail with useful proof instead of hanging. ([#87839](openclaw/openclaw#87839)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.erwanleboucher.dev/eleboucher/homelab/pulls/759

openclaw-barnacle Bot added docs Improvements or additions to documentation agents Agent runtime and tooling size: S maintainer Maintainer-authored PR labels May 28, 2026

steipete force-pushed the codex/pdf-password-support branch from ed73578 to b1f2db3 Compare May 28, 2026 18:22

feat: support encrypted PDF extraction

f74bc3f

chatgpt-codex-connector Bot reviewed May 28, 2026

View reviewed changes

steipete force-pushed the codex/pdf-password-support branch from 4cd9bec to f74bc3f Compare May 28, 2026 19:11

steipete merged commit 73168d3 into main May 28, 2026
106 of 110 checks passed

steipete deleted the codex/pdf-password-support branch May 28, 2026 19:19

github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 29, 2026

feat: support encrypted PDF extraction (openclaw#87751)

690f52d

steipete added a commit that referenced this pull request May 29, 2026

feat: support encrypted PDF extraction (#87751)

457c47c

SYU8384 pushed a commit to SYU8384/openclaw that referenced this pull request Jun 3, 2026

feat: support encrypted PDF extraction (openclaw#87751)

b72cf06

sablehead pushed a commit to sablehead/openclaw that referenced this pull request Jun 10, 2026

feat: support encrypted PDF extraction (openclaw#87751)

f4392fc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: support encrypted PDF extraction#87751

feat: support encrypted PDF extraction#87751
steipete merged 1 commit into
mainfrom
codex/pdf-password-support

steipete commented May 28, 2026 •

edited

Loading

Uh oh!

clawsweeper Bot commented May 28, 2026 •

edited

Loading

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

chatgpt-codex-connector Bot May 28, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

steipete commented May 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

clawsweeper Bot commented May 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector Bot May 28, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

steipete commented May 28, 2026 •

edited

Loading

clawsweeper Bot commented May 28, 2026 •

edited

Loading