fix: route generated media completions through requester agent by steipete · Pull Request #88141 · openclaw/openclaw

steipete · 2026-05-29T21:43:06Z

Summary

Route generated image/video/music task completions back through the requester agent instead of forcing message-tool-only delivery.
Keep direct generated-media sends as fallback/recovery only, with target-aware media evidence and partial/suppressed delivery accounting to avoid duplicate or lost media.
Update media tool prompts and docs so the requester visible-reply contract decides final text vs message tool.

Alternative to #87991's direct-first approach.

Verification

pnpm test src/agents/subagent-announce-delivery.test.ts src/agents/subagent-announce-dispatch.test.ts src/agents/embedded-agent-runner/run/message-tool-terminal.test.ts src/agents/tools/media-generate-background-shared.test.ts src/agents/tools/music-generate-background.test.ts src/agents/tools/image-generate-background.test.ts src/agents/tools/video-generate-background.test.ts — 7 files, 131 tests passed.
pnpm test src/agents/embedded-agent-runner/run/payloads.test.ts src/auto-reply/reply/agent-runner.final-media-runreplyagent.test.ts -- -t "preserves media directives when stored assistant text was reduced to visible text only|normalizes final MEDIA directives through runReplyAgent" — 2 shards passed.
pnpm format:docs:check AGENTS.md docs/automation/tasks.md docs/tools/image-generation.md docs/tools/media-overview.md docs/tools/music-generation.md docs/tools/video-generation.md — clean.
git diff --check — clean.
.agents/skills/autoreview/scripts/autoreview --mode local --base origin/main — clean, no accepted/actionable findings.
pnpm check:changed via Testbox tbx_01kstpdbdenxjrdy1ns9wq0h6v / Actions run https://github.com/openclaw/openclaw/actions/runs/26660239787 — failed in untouched src/agents/bash-tools.exec-host-node.test.ts TS2322 cases; core typecheck had passed before that unrelated test-types failure.

Real behavior proof

Behavior addressed: generated-media task completions should talk back to the requester agent; requester visible-reply config then decides automatic final delivery vs message tool.

Real environment tested: local focused Vitest coverage for requester-agent completion delivery, generated-media fallback accounting, message-tool terminal behavior, media background lifecycle, and final MEDIA payload normalization; broad Testbox changed gate attempted.

Exact steps or command run after this patch: the commands listed in Verification above.

Evidence after fix: targeted tests pass; docs formatting and diff whitespace are clean; autoreview returned no accepted/actionable findings.

Observed result after fix: generated media stays requester-agent mediated, direct sends are only recovery for missing media, wrong-target/thread evidence no longer suppresses fallback, partial/suppressed automatic delivery only credits actually delivered media, and ambiguous partial direct fallback failures do not trigger duplicate fallback steering.

What was not tested: no live Discord/Slack/Telegram upload failure was forced; the edge cases are covered by unit regressions around the delivery evidence and fallback decisions.

clawsweeper · 2026-05-29T21:44:37Z

Codex review: needs real behavior proof before merge. Reviewed May 29, 2026, 5:50 PM ET / 21:50 UTC.

Summary
The branch routes generated image, music, and video completions through the requester session's visible-reply mode, adds target-aware fallback accounting, and updates tests, docs, and tool prompts.

PR surface: Source +186, Tests +741, Docs +5. Total +932 across 19 files.

Reproducibility: no. high-confidence live reproduction was run in this review. Current main source shows the forced message-tool path, and the related PR reports a live Discord duplicate-send repro, but this branch still lacks its own live after-fix replay.

Review metrics: 1 noteworthy metric.

Generated-media delivery contract: 3 tools changed from forced message-tool delivery to requester visible-reply mode. Image, music, and video completions all change user-visible delivery ownership, so cross-channel behavior needs maintainer attention before merge.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

[P1] Add redacted live Discord, Slack, or Telegram proof showing the generated media completion is delivered exactly once after this patch.
[P1] Resolve or explicitly accept the broad changed-gate failure noted in the PR body before merge.

Proof guidance:

[P1] Needs real behavior proof before merge: The PR body supplies focused tests and Testbox output only; an external PR changing live message delivery still needs redacted real transport proof before merge and can be re-reviewed after the PR body is updated. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Mantis proof suggestion
A native Telegram proof can show the changed generated-media completion path and topic targeting in the real chat surface. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

telegram desktop proof: verify generated media completion in a Telegram topic returns exactly once through requester visible-reply handling with no duplicate fallback.

Risk before merge

[P2] The PR changes generated-media completion ownership across automatic replies, message-tool replies, and direct fallback, so a mistake can still duplicate, drop, or post media to the wrong target in live channels.
[P1] The PR body provides focused tests and Testbox coverage, but no after-fix live Discord, Slack, or Telegram generated-media run for this branch.
[P1] The open direct-first alternative at [codex] fix image completion duplicate sends #87991 means maintainers still need to choose the desired delivery contract before landing either approach.

Maintainer options:

Require live generated-media proof (recommended)
Ask for redacted live Discord, Slack, or Telegram evidence showing a generated-media completion returns exactly once through the intended requester-agent path and fallback does not duplicate media.
Accept unit-only coverage knowingly
Maintainers can accept the message-delivery risk if the focused tests are considered enough for this internal completion path.
Choose the direct-first alternative
If maintainers prefer deterministic direct delivery as the product contract, pause or close this PR after preserving any useful fallback accounting in the chosen branch.

Next step before merge

[P1] Human review is needed because the remaining blockers are delivery-contract choice and live proof, not a narrow mechanical repair.

Security
Cleared: No concrete security or supply-chain issue was found; the diff changes delivery routing, tests, docs, and prompts without workflows, dependencies, secrets, or install scripts.

Review details

Best possible solution:

Merge the requester-agent-mediated approach only after maintainers choose it over the direct-first alternative and live channel proof shows generated media is delivered exactly once with correct fallback behavior.

Do we have a high-confidence way to reproduce the issue?

No high-confidence live reproduction was run in this review. Current main source shows the forced message-tool path, and the related PR reports a live Discord duplicate-send repro, but this branch still lacks its own live after-fix replay.

Is this the best way to solve the issue?

Unclear: the implementation is cohesive and well covered by focused tests, but the requester-agent approach versus the open direct-first alternative is a maintainer product/architecture choice.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 1dbde826f276.

Label changes

Label changes:

add P2: This is a normal-priority user-visible message-delivery bug fix with a bounded generated-media surface.
add merge-risk: 🚨 message-delivery: Merging changes how generated media is delivered, deduplicated, and directly recovered across channel targets.
add rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body supplies focused tests and Testbox output only; an external PR changing live message delivery still needs redacted real transport proof before merge and can be re-reviewed after the PR body is updated. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
add mantis: telegram-visible-proof: Mantis should capture Telegram visible proof. The PR affects visible generated-media completion delivery and includes Telegram topic handling, so a short Telegram Desktop proof would materially help.

Label justifications:

P2: This is a normal-priority user-visible message-delivery bug fix with a bounded generated-media surface.
merge-risk: 🚨 message-delivery: Merging changes how generated media is delivered, deduplicated, and directly recovered across channel targets.
rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body supplies focused tests and Testbox output only; an external PR changing live message delivery still needs redacted real transport proof before merge and can be re-reviewed after the PR body is updated. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
mantis: telegram-visible-proof: Mantis should capture Telegram visible proof. The PR affects visible generated-media completion delivery and includes Telegram topic handling, so a short Telegram Desktop proof would materially help.

Evidence reviewed

PR surface:

Source +186, Tests +741, Docs +5. Total +932 across 19 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	7	243	57	+186
Tests	6	779	38	+741
Docs	6	26	21	+5
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	19	1048	116	+932

What I checked:

Repository policy read: The full root AGENTS.md and scoped src/agents, src/agents/tools, embedded-runner, and docs AGENTS.md files were read; message delivery, fallback behavior, docs, and Telegram proof guidance affected this review. (AGENTS.md:1, 1dbde826f276)
Current main behavior: Current main forces generated-media completions with expected media into message-tool-only delivery by OR-ing agent-mediated media into requiresMessageToolDelivery. (src/agents/subagent-announce-delivery.ts:1069, 1dbde826f276)
PR runtime change: The PR removes the generated-media force from requiresMessageToolDelivery, so visible-reply config decides automatic final delivery versus message-tool-only delivery. (src/agents/subagent-announce-delivery.ts:1232, 216f06457be8)
Fallback accounting: The PR resolves missing generated media from automatic delivery status and message-tool targets before direct fallback, including suppressed and partial delivery outcomes. (src/agents/subagent-announce-delivery.ts:949, 216f06457be8)
Prompt and docs alignment: The completion prompt and docs now describe the requester visible-reply contract with direct fallback only for missing media. (src/agents/tools/media-generate-background-shared.ts:253, 216f06457be8)
Regression coverage: New tests cover wrong-target message-tool evidence, partial message-tool and automatic media delivery, ambiguous partial failures, and active requester wake fallback behavior. (src/agents/subagent-announce-delivery.test.ts:2255, 216f06457be8)

Likely related people:

Dallin Romney: Available git history and blame attribute the current main snapshot of the central generated-media delivery files to commit e848671. (role: recent area contributor; confidence: medium; commits: e848671e9d52; files: src/agents/subagent-announce-delivery.ts, src/agents/subagent-announce-delivery.test.ts, src/agents/subagent-announce-dispatch.ts)
compoodment: The related open direct-first PR documents the same generated-media duplicate-send problem and includes live Discord proof, making them a useful adjacent context holder for design comparison. (role: adjacent related PR author; confidence: low; commits: 19dfdad770ef; files: src/agents/subagent-announce-delivery.ts, src/agents/subagent-announce-dispatch.ts)

What the crustacean ranks mean

🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

ClawSweeper keeps one durable marker-backed review comment per issue or PR.
Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
Maintainers can also comment @clawsweeper review to request a fresh review only.
Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

openclaw-mantis · 2026-05-29T22:24:22Z

Mantis Telegram Desktop Proof

Summary: Mantis captured native Telegram Desktop before/after GIF evidence with Convex-leased Telegram credentials.

Scenario: telegram-desktop-proof
Trigger: pull_request_target
Run: https://github.com/openclaw/openclaw/actions/runs/26664037604
Artifact: https://github.com/openclaw/openclaw/actions/runs/26664037604/artifacts/7302279182
Baseline: pass at 1dbde826f276f962397bb9eb8c5171d3b8a8480a, expected baseline visual proof captured
Candidate: pass at 216f06457be8aa7620953dc21cd543cf80551ed1, expected candidate visual proof captured
Overall: true

Main screenshot	This PR screenshot

Main	This PR

Motion-trimmed clips:

Raw QA files: https://artifacts.openclaw.ai/mantis/telegram-desktop/pr-88141/run-26664037604-1/index.json

@giodl73-repo

* fix(exec): bind node auto-review commands Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(exec): honor node runtime policy for auto-review Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(exec): harden auto-review prompt boundaries Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(exec): align release validation surfaces Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(exec): align release validation checks Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * test(e2e): repair release docker smoke fixtures Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(exec): resolve auto approvals as runtime Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * ci: relax native OpenAI live proof timing Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(exec): include mode in doctor policy warnings Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * test(release): repair live matrix expectations Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> * fix(tts): centralize directive number parsing * fix(provider): bound Vydra and Comfy media downloads * fix(discord): validate error code integers * fix(discord): reject unsafe rate limit headers * ci(release): make plugin publish retries idempotent * perf(agent): lazy load embedded agent cli path * fix(whatsapp): validate inbound timestamps * refactor: share agent harness loader helpers * fix(agents): cap unsafe retry-after delays * perf(agent): defer session resolver for scoped gateway turns * fix(msteams): ignore unsafe retry-after delays * refactor: share store writer queue * fix(slack): reject unsafe inbound timestamps * fix(discord): reject unsafe retry-after delays * fix(qa-matrix): cap fault proxy bodies * fix(discord): bound delivery retry delays * refactor: share cron state parsing * Delete changelog directory * fix(zalouser): reject unsafe inbound timestamps * fix(cli): avoid underscored gateway test export * fix(scripts): cap clawtributor avatar probes * fix(telegram): centralize safe thread id parsing * fix(googlechat): drop invalid inbound timestamps * fix(doctor): label auth health by agent (openclaw#85924) Merged via squash. Prepared head SHA: 8c179fc Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com> Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com> Reviewed-by: @giodl73-repo * fix(qqbot): validate token expiry lifetimes * fix(openai): validate codex oauth token lifetimes * refactor: share node pairing surface helpers * fix(anthropic): validate oauth token lifetimes * fix(scripts): cap memory FD repro RPC bodies * fix(github-copilot): validate device code lifetimes * fix(msteams): validate oauth token lifetimes * refactor: share cli help argv scan * fix(github-copilot): validate oauth expiry values * fix(scripts): cap realtime smoke responses * fix(chutes): validate oauth token lifetimes * fix(auto-reply): reuse cli sessions for room events * fix(auto-reply): keep room event cli sessions transient * fix(agent-core): reject invalid session timestamps * fix(scripts): cap Claude usage response reads * refactor: centralize skills subsystem * refactor: move skill lifecycle code into skills subsystem * fix: bound skill index cache invalidation * fix: preserve skill snapshot freshness * fix: preserve preloaded skill snapshot entries * refactor: move session skill loader into skills subsystem * fix: preserve empty skill filter short circuit * fix: align empty default skill filter behavior * fix: align skills branch with upstream tar verbose test * fix: drop stale system prompt override imports * refactor: centralize skills runtime paths * refactor: remove stale agents skills barrel * refactor: use direct skills imports * refactor: organize skills subsystem layout * fix: lint centralized skills subsystem * refactor: split skills index follow-up * refactor: centralize skills subsystem * fix: unblock skills centralization checks * fix: route moved skills tests through unit-fast * refactor: centralize skills runtime tests * refactor: share web secret target selection * refactor: centralize safe expiry parsing * fix(exec): normalize unsafe timeout values * fix: persist Copilot SDK session bindings Persist GitHub Copilot SDK session ids in the plugin-state SQLite store so separate OpenClaw process turns can resume the same Copilot-side session when the compatibility fingerprint still matches. The fingerprint covers provider/model/cwd, resolved agent id, resolved Copilot home, and auth identity. Plugin-state lookup/register/delete failures are non-fatal, stale rows are invalidated, and reset delete failures use an in-process tombstone so reset does not accidentally reuse a durable binding. Also routes the QQBot token POST through the plugin SDK SSRF guard with capture disabled for the secret-bearing request, preserving the current token lifetime validation from main. Verification: focused Copilot and QQBot Vitest suites, raw channel fetch guard, autoreview clean, Blacksmith Testbox pnpm check:changed tbx_01kst9fwjmsfzwaxqatszcbf40, live local Copilot two-turn smoke with the same SDK session id persisted in SQLite. Refs openclaw#88064 * fix(exec): cap node run timeouts * perf(agent): skip plugin validation for gateway dispatch * fix(scripts): cap firecrawl compare HTML reads * fix(xai): normalize unsafe oauth lifetimes * refactor: share e2e text file helpers * fix(google): normalize unsafe oauth expiry * fix(openai): normalize codex device lifetimes * refactor: reuse e2e text tail helper * test(xai): type device-code note mock * fix(minimax): reject unsafe oauth expiry * fix(ci): cap dependency guard error bodies * fix(google-meet): normalize oauth expiry * fix(command): stabilize claude-cli transcript resume (openclaw#81048) Fix claude-cli transcript resume so session-id rotation and transcript flush timing do not drop valid resume state. - Capture the latest claude-cli session_id from JSONL output. - Resolve Claude project transcript paths through the shared canonical project-dir resolver. - Probe transcript content from the actual CLI process cwd. - Thanks @benjamin1492! * refactor: share codex e2e install helpers * fix(feishu): bound streaming token expiry * fix(openshell): cap command timeout config * refactor: centralize timer-safe timeout bounds * refactor: share e2e websocket open helper * fix(minimax): guard oauth token fetches (openclaw#88088) * fix(feishu): normalize app registration poll timers * fix(google): reject unsafe vertex adc lifetimes * fix(scripts): cap npm packument reads * fix(auth): reject unsafe wham reset windows * refactor: share qa report arg parsing * fix(retry): cap unsafe retry delays * fix(sandbox): bound novnc observer token ttl * feat(workboard): add agent coordination tools Summary: - Add Workboard agent coordination tools for list/read/claim/heartbeat/release/comment/proof/unblock flows. - Store artifacts, claims, diagnostics, and notifications in the Workboard SQLite-backed plugin state; surface the new metadata through Gateway, Control UI, docs, and plugin manifest contracts. - Add scoped claim authorization, token redaction, stale diagnostic cleanup, atomic proof artifact writes, and generated i18n metadata. Verification: - pnpm test ui/src/i18n/test/translate.test.ts extensions/browser/src/cli/browser-cli-actions-input/register.element.test.ts extensions/workboard/src/store.test.ts extensions/workboard/src/gateway.test.ts extensions/workboard/src/tools.test.ts ui/src/ui/controllers/workboard.test.ts ui/src/ui/views/workboard.test.ts - pnpm ui:i18n:check - env -u OPENCLAW_TESTBOX pnpm check:changed - autoreview --mode local: clean - PR CI passed; Windows checkout failure rerun passed on attempt 2 * perf(gateway): reuse session maintenance config during turns * fix(node-host): cap timeout wrapper delays * fix(talk): cap fast context timeout delay * fix(e2e): harden kitchen sink probe body caps * refactor: share bounded response reader * fix(providers): cap model request timeout delays * fix(oauth): cap request abort timeout delays * test: speed up slow assertions * test: stabilize slow assertion timings * test: shard channel import guardrails * perf(sessions): patch single-entry store writes * refactor: share script bounded response helper * fix(codex): cap responses request timeout delays * fix(scripts): cap gh-read json bodies * fix(lmstudio): cap model fetch timeout delays * feat(ios): default to hosted push relay (openclaw#88096) Merged via squash. Prepared head SHA: 75f939a Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Reviewed-by: @ngutman * fix(minimax): cap tts timeout delays * build(plugins): externalize copilot runtime * refactor: share codex app server start context * test(file-transfer): remove stale tar fixture awaits * fix(runtime): centralize safe timer timeout resolution * refactor: share ui chat send wrapper * docs(plugins): clarify external plugin installs * fix: close native hook relay replacement race * fix(qa-lab): cap credential broker request timeouts * refactor: share e2e incremental line reader * test(ci): fix main test expectations (openclaw#88122) * fix(copilot): cap oauth request timeouts * fix(oauth): cap tls preflight timeout * build(plugins): externalize tokenjuice * docs(plugins): add external package readmes * perf: reuse gateway session and plugin metadata paths * fix(exec): bind node auto-review to prepared plans * fix(auth): cap GitHub Copilot OAuth timeouts * docs(skills): expand Discrawl archive workflow * fix(discord): cap request timeout signals * fix(agents): preserve rotated compaction session identity Fix `sessions.json` persistence after compaction transcript rotation. When the agent runtime rotates from the pre-compaction session transcript to the post-compaction transcript, post-run consumers now receive the effective OpenClaw session id and session file. Backend CLI session ids remain backend metadata and no longer overwrite the top-level OpenClaw session identity. Refs openclaw#88040. Thanks @1052326311. Verification: - `node scripts/run-vitest.mjs src/agents/agent-command.compaction-rotation.test.ts src/agents/agent-command.live-model-switch.test.ts src/agents/command/session-store.test.ts` - Autoreview clean - GitHub CI green on PR head `c3d3c77ddf675bbba0b9ba6681b030a2f69a898c` * fix: keep compaction timeout snapshots continuable * feat(ios): add talk tab realtime playback (openclaw#88105) Merged via squash. Prepared head SHA: f41112a Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Reviewed-by: @ngutman * fix(signal): cap container timeout timers * fix(agents): forward ACP spawn attachments Forward initial image/file attachments when spawning ACP subagents through the existing sessions_spawn attachment opt-in. Remove the PR-only acpEnabled config split so ACP uses the same attachment gate as other runtimes. Also fix the PR branch CI fallout: type the browser element CLI request mock and use Vitest env stubs in the Azure speech test to satisfy the changed-path security scan. Verification: - GitHub CI passed on f6ca26b. - Autoreview clean. - Crabbox AWS live OpenAI proof passed: cbx_a576d49493fe / run_081dcc6c6a1b. Thanks @zhangguiping-xydt. * refactor: share e2e bounded response reader * docs(browser): add Notte cloud browser to direct WebSocket CDP providers Notte exposes a CDP-compatible WebSocket gateway at wss://us-prod.notte.cc/sessions/connect?token=<NOTTE_API_KEY> that auto-creates a session on connect — the same shape OpenClaw's existing "Direct WebSocket CDP providers" section was generically framed for (per openclaw#31085). Real behaviour proof (against wss://us-prod.notte.cc/sessions/connect): $ openclaw browser --browser-profile notte open https://example.com opened: https://example.com/ tab: t4 id: 7FE04AC44931A6E1C799DE4ABF0DC807 A screenshot captured against the same session is a 1254x1111 PNG of the rendered example.com page. Playwright connectOverCDP flow against the same URL (today): connectOverCDP 695ms context.newCDPSession(page) 169ms session.send('Target.getTargetInfo') → targetId 87ms page.goto('https://example.com') 631ms total 1.8s AI-assisted (Claude Opus 4.7). codex review --base origin/main returned clean. See PR description for the full pre-flight checklist. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> * fix(zalo): cap api request timeouts * fix: stabilize codex supervisor session listing * fix(qa-matrix): cap substrate request timeouts * fix(xiaomi): cap tts request timeouts * refactor: share e2e mock http helpers * docs(skills): require grouped release changelogs * fix(zai): cap endpoint probe timeouts * fix(mattermost): cap dm retry timeouts * perf: reuse provider handles and strict tool schemas * feat: add core session goals (openclaw#87469) * feat: add core session goals * feat: polish session goals in tui * fix: resolve goal tool session stores * fix: keep get goal read-only * fix: migrate legacy goal session slots * fix: persist goal token accounting * fix: validate goal session rows * refactor: remove unshipped goal legacy handling * fix: handle goal commands in local tui * fix: satisfy goal tool display checks * fix: reset goal budget on overdue resume * feat: surface session goals across control surfaces * test: update gateway protocol test import * test: align goal fixture types with protocol * fix: scope selected global transcript usage fallback * fix: scope selected global web subscriptions * fix: preserve selected global agent during chat dispatch * fix: scope chat inject to selected global agents * test: fix timeout mock return types * fix(crestodian): cap probe timeouts * fix: keep live OpenClaw session locks during cleanup (openclaw#88129) Keep session lock cleanup from removing live OpenClaw-owned locks solely because they are old. Cleanup now reports age-only stale locks without deleting them, while still removing dead, orphaned, recycled, malformed-old, and non-OpenClaw-owned locks. Update doctor docs and regression coverage for the cleanup/repair contract. Refs openclaw#87779 * fix(agents): cap model scan timeouts * refactor: share script budget number parsing * fix(provider): cap operation timeouts * fix(usage): cap provider usage fetch timeouts * fix: bound default heartbeat run timeout (openclaw#88133) Fixes openclaw#87438. Bound unset heartbeat run timeouts so background heartbeat turns no longer inherit the built-in 48-hour interactive agent default. Timeout precedence is explicit heartbeat timeout, explicit global agent timeout, then heartbeat cadence capped at 600 seconds. Verification: - git diff --check - Testbox tbx_01kstna69zvznn4fq7zrqr04a1: corepack pnpm test src/infra/heartbeat-runner.model-override.test.ts -- --reporter=verbose passed 13 tests - Direct node --import tsx runtime probe verified 300s, 600s, 60s, and 45s timeout precedence cases - Autoreview clean Known CI state: - PR CI run 26661465248 has failures matching latest main CI run 26661386468 at a7820b2; failures are outside this six-file heartbeat/docs diff. * fix(signal): cap client request timeouts * fix(feishu): cap async helper timeouts * refactor: share script bounded response reader * fix: move compaction planning off the event loop Move compaction planning work to a bounded worker-thread path so large transcript planning no longer monopolizes the agent event loop. Extract pure planning helpers, sanitize worker inputs before structured clone, package the worker entrypoint, and keep synchronous fallback only for worker-unavailable cases. Fixes openclaw#86358. * fix(browser): cap control fetch timeouts * fix(ci): repair main checks * fix(browser): cap node runtime timeouts * fix(codex-supervisor): centralize session limit parsing * fix(discord): cap monitor helper timeouts * perf: reuse gateway runtime metadata * fix(acp): cap turn timeout timers * refactor: share media temp save wrapper * fix(tts): cap speech provider timeouts * fix(media): cap generation provider timeouts * fix ci mainline checks (openclaw#88137) * fix(infra): cap request body timeouts * ci: stabilize main checks * feat: add skills index * perf: avoid unnecessary skills index maps * refactor: share skill command exposure policy * perf: centralize skill status lookup * refactor: reuse shared skills prompt formatter * perf: reuse resolved skills allowlist * perf: speed up skills filtering * perf: prepare bundled skill allowlist once * perf: use set for bundled skill allowlist * test: preserve real skills status exports * test: share skills entry fixtures * test: remove duplicate skill fixture wrappers * test: complete skills status mock surface * fix(gateway-client): cap stop wait timeout * perf: prefer package-local bundled plugin artifacts * fix(openai): cap codex oauth preflight timeout * fix(supervisor): narrow stored session limit parsing * refactor: share diagnostics timeline span helpers * fix(ci): repair main checks * fix(ci): break skills loading cycle * test: fix main CI regressions * fix(apns): cap relay timeout * fix(infra): cap jsonl socket timeouts * fix(infra): cap shell env timeouts * test: stabilize remaining CI flakes * fix(apns): cap direct timeout paths * Add plugin manifest contract for SecretRef provider integrations (openclaw#82326) * secret-provider-integrations Signed-off-by: sallyom <somalley@redhat.com> * feat(secrets): configure plugin provider presets * secrets: use plugin-managed provider refs Signed-off-by: sallyom <somalley@redhat.com> * fix secretref auth profile service env * test secret provider integration e2e * fix secretref plugin config service env * fix secret provider preset schema alignment * stabilize secret provider service proof * validate secret provider plugin integrations * harden secret provider resolver paths * scope secret provider config validation * stabilize openai secret provider proof * fix secret provider metadata proof * stabilize config baseline proof * fix secret provider e2e lint --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> * fix(proxy): cap connect tunnel timeouts * fix: route media completions through requester agent (openclaw#88141) * fix(scripts): cap issue labeler response bodies * refactor: share media understanding post params * fix(infra): cap transport readiness timeouts * ci: reduce main workflow critical path * test(gateway): stabilize live helper shard * refactor: share native approval route gates Share native approval route gate helpers across mainstream channel approval runtimes and keep PR openclaw#87770 green on current main. * fix(channels): centralize stall watchdog timer bounds * perf: resolve native esm plugin sdk imports * test: stabilize infra state shard * fix(nostr): cap profile import relay timers * test(infra): stabilize main CI tests * test(infra): preserve script wrapper fixture * fix(web): cap guarded fetch timeout seconds * fix(zalouser): cap probe timeout timer * refactor: add shared sqlite state database Adds the shared SQLite state database base, moves plugin keyed state into it with doctor migration coverage, and keeps generated Kysely guardrails aligned. Proof: focused SQLite/plugin-state tests, db:kysely:check, lint:kysely, architecture/dependency guards, autoreview, and PR CI all clean. * fix(codex): recover app-server completion stalls Fix Codex app-server completion-stall recovery so replay-safe stdio completion-idle failures retry once, while progress/terminal turn-watch timeouts only surface timeout payloads. Also preserve post-tool completion guards for scoped native response deltas and stabilize the oversized CONNECT timeout regression test picked up from latest main. Co-authored-by: Kelaw - Keshav's Agent <keshavbotagent@gmail.com> * fix(ci): repair main normalization checks * fix(zalouser): cap qr login timeouts * fix(dev): cap Discord smoke response bodies * fix(agents): centralize terminal run outcome precedence (openclaw#88136) * fix(agents): centralize terminal run outcome precedence * docs(agents): explain terminal outcome precedence * docs(agents): note terminal outcome helper * fix(agents): preserve pending hard timeout over late completion * test(agents): align global session scoping expectation * Revert "test(agents): align global session scoping expectation" This reverts commit 9b4a0c3. * test(infra): stabilize CONNECT timeout cap test * fix(agents): prioritize hard timeout terminal evidence * fix(gateway): preserve pending hard timeout snapshots * ci: skip bundled dts in artifact build * fix(memory): cap qmd process timeouts * fix(ci): repair main lint gates * test(infra): avoid max fake-timer jumps (openclaw#88155) * fix(whatsapp): cap credential flush timeout * ci: satisfy build profile lint * refactor: share live transport scenario helpers * fix(telegram): cap polling lease wait timer * fix(release): avoid gh api for candidate reads * fix(release): harden candidate run status polling * fix(feishu): reopen retryable bot menu replay * fix(release): avoid gh api in beta smoke * fix(release): build beta smoke REST curl command * test(realtime): stabilize websocket timeout test * test: stabilize realtime websocket timeout * fix(telegram): centralize positive timer bounds * fix(providers): cap local service timers * refactor: share provider oauth runtime helpers * fix(openrouter): cap music stream timeout * fix(release): harden release ci summary lookup * fix(fal): cap video queue deadline * test(ci): stabilize tool search gateway timeout helper * fix(reply): hide ACP tool traces from Telegram Telegram's surface renders tool-call traces poorly compared to Discord's. Add a per-channel visibility isolation list (currently just `telegram`) so the dispatch-acp delivery coordinator drops tool/status payloads to those channels and rewrites error payloads to a sanitized message that points to local logs instead of leaking the trace. - New ACP_VISIBILITY_ISOLATED_CHANNELS set + helper prepareAcpPayloadForChannelVisibility - Coordinator picks the effective target channel (originating or direct) and skips delivery when the payload is a tool / status / error trace - 89 lines of test coverage in dispatch-acp.test.ts for the new path --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> Co-authored-by: Shadow <shadow@openclaw.ai> Co-authored-by: Gio Della-Libera <giodl73@gmail.com> Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com> Co-authored-by: Ayaan Zaidi <hi@obviy.us> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: Peter Steinberger <peter@steipete.me> Co-authored-by: benjamin1492 <35176637+benjamin1492@users.noreply.github.com> Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com> Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com> Co-authored-by: Dallin Romney <dallinromney@gmail.com> Co-authored-by: xin zhuang <65798732+1052326311@users.noreply.github.com> Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com> Co-authored-by: Lucas Giordano <giordano3102lucas@gmail.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Sally O'Malley <somalley@redhat.com> Co-authored-by: Kevin Lin <kevin@dendron.so> Co-authored-by: keshavbotagent <keshavbotagent@gmail.com>

openclaw-barnacle Bot added docs Improvements or additions to documentation agents Agent runtime and tooling size: XL maintainer Maintainer-authored PR labels May 29, 2026

clawsweeper Bot temporarily deployed to qa-live-shared May 29, 2026 21:52 Inactive

steipete force-pushed the fix/generated-media-completion-handoff branch from 216f064 to 94b578e Compare May 29, 2026 22:03

clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels May 29, 2026

steipete force-pushed the fix/generated-media-completion-handoff branch from 94b578e to 407065a Compare May 29, 2026 22:14

fix: route media completions through requester agent

2c8dd11

steipete force-pushed the fix/generated-media-completion-handoff branch from 407065a to 2c8dd11 Compare May 29, 2026 22:19

steipete merged commit 7f28c8b into main May 29, 2026
103 checks passed

steipete deleted the fix/generated-media-completion-handoff branch May 29, 2026 22:24

github-actions Bot mentioned this pull request May 29, 2026

📡 Upstream Digest — 2026-05-29 23:06 UTC curtismercier/openclaw-mods#974

Open

github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 30, 2026

fix: route media completions through requester agent (openclaw#88141)

05275a5

compoodment mentioned this pull request May 30, 2026

[Bug]: generated image completions still double-send Discord attachments after media handoff fix #88307

Open

steipete mentioned this pull request May 30, 2026

[codex] fix image completion duplicate sends #87991

Closed

compoodment mentioned this pull request May 31, 2026

fix(agents): make media generation reply instruction deterministic based on sourceReplyDeliveryMode #88542

Closed

SYU8384 pushed a commit to SYU8384/openclaw that referenced this pull request Jun 3, 2026

fix: route media completions through requester agent (openclaw#88141)

687ee01

sablehead pushed a commit to sablehead/openclaw that referenced this pull request Jun 10, 2026

fix: route media completions through requester agent (openclaw#88141)

9977a04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: route generated media completions through requester agent#88141

fix: route generated media completions through requester agent#88141
steipete merged 1 commit into
mainfrom
fix/generated-media-completion-handoff

steipete commented May 29, 2026

Uh oh!

clawsweeper Bot commented May 29, 2026 •

edited

Loading

Uh oh!

openclaw-mantis Bot commented May 29, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

steipete commented May 29, 2026

Summary

Verification

Real behavior proof

Uh oh!

clawsweeper Bot commented May 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openclaw-mantis Bot commented May 29, 2026

Mantis Telegram Desktop Proof

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

clawsweeper Bot commented May 29, 2026 •

edited

Loading