Add OpenRouter Fusion guidance and prompt context#93005
Conversation
|
Codex review: needs maintainer review before merge. Reviewed June 14, 2026, 12:35 PM ET / 16:35 UTC. Summary PR surface: Source +159, Tests +221, Docs +74. Total +454 across 4 files. Reproducibility: not applicable. this is a provider docs and prompt-context enhancement rather than a bug report. The contributor supplied after-fix real behavior proof, and current-main inspection confirms the requested Fusion guidance is absent today. Review metrics: 1 noteworthy metric.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land the focused provider-owned hook and docs after maintainer review and exact-head checks, keeping Fusion configuration on the existing OpenRouter Do we have a high-confidence way to reproduce the issue? Not applicable; this is a provider docs and prompt-context enhancement rather than a bug report. The contributor supplied after-fix real behavior proof, and current-main inspection confirms the requested Fusion guidance is absent today. Is this the best way to solve the issue? Yes; using the OpenRouter provider hook plus the existing AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 10b0dea77af0. Label changesLabel changes:
Label justifications:
Evidence reviewedPR surface: Source +159, Tests +221, Docs +74. Total +454 across 4 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
55bed15 to
012189b
Compare
012189b to
5148173
Compare
Signed-off-by: sallyom <somalley@redhat.com>
5148173 to
1c5d166
Compare
|
Follow-up pushed for the latest findings.
Remaining merge note still applies: wait for the required CI checks on the new head before merging. The branch head is now |
|
Merge-ready: Autoreview is clean both locally and from ClawSweeper. This does not add a new OpenClaw config surface; it documents existing OpenRouter Local proof run:
|
Signed-off-by: sallyom <somalley@redhat.com>
) * fix(chunking): preserve surrogate pairs * test(telegram): cover rich list and table limits * fix(telegram): migrate retired native draft config * fix(telegram): keep rich text media-free * feat(telegram): nudge agents toward rich text * fix(telegram): clean rich message CI gates * test(telegram): align message flow fixture with rich drafts * fix(telegram): allow rich tables in group prompts * fix(telegram): show rich text prompt for final replies * fix(telegram): pass rich text prompts to cli backends * fix(ui): restore sidebar session picker interactivity above desktop workbench (#92705) * fix(ui): restore sidebar session picker interactivity above desktop workbench The collapsed sidebar session picker was covered by the chat content area when the workspace rail was visible at wider viewports. Two issues caused this: 1. .sidebar-session-select--collapsed .chat-session-picker used var(--z-dropdown) which was never defined, creating an invalid z-index declaration (falls back to auto). 2. .shell-nav and .content--chat are grid siblings with equal z-index (auto), and .content--chat (later DOM) paints above .shell-nav, covering the session picker that extends from the nav column into the content column. Fix: add position:relative + z-index:10 to .shell-nav so it stacks above .content--chat; change overflow from hidden to visible so the session picker extends beyond the nav rail; replace undefined var(--z-dropdown) with z-index:100. * fix(ui): keep sidebar picker z-index tokenized --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(google): strip provider prefix from Vertex model path Summary: - Strip the redundant `google/` provider prefix before embedding Google Vertex model ids under `/publishers/google/models/`. - Keep bare Vertex model ids unchanged. - Add regression coverage for the provider-qualified Vertex path. Verification: - `node_modules/.bin/oxfmt --check --threads=1 extensions/google/transport-stream.ts extensions/google/transport-stream.test.ts` - `node scripts/run-oxlint.mjs extensions/google/transport-stream.ts extensions/google/transport-stream.test.ts` - `node scripts/run-vitest.mjs extensions/google/transport-stream.test.ts --maxWorkers=1 -t 'strips redundant google provider prefixes from Google Vertex model paths'` - Autoreview clean - AWS Crabbox `run_649b209478d2` focused Node 24 regression proof - AWS Crabbox `run_e193db2707ad` remote `check:changed` - Exact-head CI green for `23aca6f46f596e220df37d939317b433f7044ec6` - Contributor live Google Vertex proof recorded in the PR body * feat: support /btw in CLI-backed sessions (#92669) * feat: support CLI btw side questions * test: fix CLI prepare test fixture types * fix: lazy load local btw runner * fix(gateway): mark active main sessions before restart shutdown aborts (#91357) * Mark active main sessions during restart shutdown * Type restart marker mock in close tests * fix(gateway): preserve active run ownership across restart * fix(gateway): preserve active runs across restart * fix(gateway): close restart recovery edge cases * fix(cron): preserve lifecycle ownership across restart * fix(gateway): release rejected run contexts * fix(gateway): preserve restart lifecycle ownership * fix(cron): retain overlapping run ownership * fix(agents): preserve restart terminal precedence --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(parallel): send User-Agent on free MCP requests Adds the OpenClaw Parallel User-Agent to free Parallel Search MCP requests so the zero-config web_search path is identifiable at the HTTP layer, matching the paid REST transport.\n\nProof: local focused format/lint/Vitest; live anonymous Parallel MCP handshake; autoreview clean; Crabbox AWS run_bf41ce86e862 focused regression; Crabbox AWS run_ee9b8954b081 check:changed; exact-head GitHub CI green on b7e45e3bfc83cec6ca8df3d9d2708e2c45f093a9. * fix(ui): preserve dashboard session parent lineage Preserves the selected Control UI session as the parent when creating dashboard child sessions even if the session list is stale or filtered, while avoiding the synthetic unknown session as a parent.\n\nFixes #90623.\n\nProof: local focused format/lint/Vitest/browser test; autoreview clean; Crabbox AWS run_a2bfdcd2315a UI proof; Crabbox AWS run_ce60fdc546ff check:changed; exact-head GitHub CI green on 03d1c6f646caeed2813e673446109751a50c610f. * fix(ios): force stale foreground gateway reconnects (#92552) * fix(telegram): expose thread create CLI remap Exposes Telegram's thread-create CLI remap through the exported Telegram channel action adapter, preserving the existing plugin-owned mapping to topic-create before gateway dispatch.\n\nFixes #81581.\n\nProof: local focused format/lint/Vitest and dry-run; autoreview clean; Crabbox AWS run_07b98c939fce focused tests; Crabbox AWS run_1b7b35ce1de1 check:changed; exact-head GitHub CI green on 16f6afbdd7d8e1f1df81b71eaf10436e9771181c. * feat: make workspace files panel collapsible Signed-off-by: sallyom <somalley@redhat.com> * fix: start workspace files collapsed * fix(state): avoid sqlite wal on nfs state volumes Detects NFS-backed SQLite database paths in the shared WAL helper and uses rollback journaling for those paths while preserving WAL/checkpoint maintenance on local filesystems. The NFS path now verifies SQLite's effective journal mode before disabling WAL maintenance, and core/memory/proxy-capture callers pass database path context into the centralized helper. Fixes #90491. Proof: local focused Vitest/format/lint; autoreview clean after fixing the journal-mode verification finding; Crabbox AWS focused test run `run_2ea7014350da`; Crabbox AWS changed gate `run_c828bbfe7d23`; exact-head GitHub CI green on `59674305ecd863d4815eec6098ccd3daab79ca4f`. * fix(tui): show resolved model ref in confirmation Uses the canonical model ref returned by `sessions.patch` for the TUI `/model` confirmation so alias inputs report the model that was actually applied. The fallback still shows the raw input when a backend does not return `resolved`, and the display path uses `modelKey` so nested model ids keep the provider prefix without double-prefixing self-prefixed ids. Proof: local focused TUI Vitest/format/lint; autoreview clean; Crabbox AWS focused TUI test run `run_7d7cc5b040e8`; exact-head GitHub CI green on `6db4acfb08f9d477ee1bdab429bd7189b78ffc92`. * fix(diagnostics): keep recovery scheduling out of the stuck-session warning backoff (#92752) Summary: - The branch changes diagnostic stuck/long-running warning backoff so recovery-eligible classifications are still returned during throttled warning ticks and updates the diagnostic tests. - PR surface: Source +17, Tests +48. Total +65 across 2 files. - Reproducibility: yes. Current main source shows logSessionAttention can return undefined during stuck or lon ... g backoff before the heartbeat reaches requestStuckSessionRecovery; I did not run a live QQ gateway replay. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(diagnostics): keep recovery scheduling out of the stuck-session w… Validation: - ClawSweeper review passed for head f61ec3a33f2c48b03306df38264b3ce9bd062f08. - Required merge gates passed before the squash merge. Prepared head SHA: f61ec3a33f2c48b03306df38264b3ce9bd062f08 Review: https://github.com/openclaw/openclaw/pull/92752#issuecomment-4699298908 Co-authored-by: Gnanam <gnanasekaran.sekareee@gmail.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: takhoffman Co-authored-by: takhoffman <781889+takhoffman@users.noreply.github.com> * fix(markdown-core): treat infinity chunk limit as unbounded Fix render-aware markdown chunking so `Number.POSITIVE_INFINITY` is treated as an explicit unbounded chunk limit instead of falling back to `1`. This preserves full Signal media captions and disabled Signal text chunking while keeping invalid non-finite limits on the existing fallback path. Fixes #92734. Thanks @yhterrance for the report and fix. * docs(config): correct agent defaults concurrency comments Correct the exported agent defaults type comments for `maxConcurrent` and `subagents.maxConcurrent` so they match the runtime defaults of 4 and 8. No runtime behavior changes. Thanks @ArielSmoliar for the fix. * docs: clarify before_install hook scope (#92766) Signed-off-by: sallyom <somalley@redhat.com> * docs(nodes): add node config example Add a Nodes overview `openclaw.json` example for node pairing, command allow/deny policy, node exec routing, and per-agent node pinning. Also clarifies exact `denyCommands` matching and links readers to the config reference for pairing and command-policy field details. Fixes #92662. Thanks @liuhao1024 for the fix and @ZengWen-DT for the parallel docs wording on exact node command policy. * Honor WhatsApp configured ACP bindings (#92513) Merged via squash. Prepared head SHA: 665080f48278a6af9d5595708bd9cfd30e36a29c Co-authored-by: TurboTheTurtle <35905412+TurboTheTurtle@users.noreply.github.com> Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com> Reviewed-by: @mcaxtr * fix(memory): split header-too-large embedding batches Route OpenAI/OpenAI-compatible request_headers_too_large embedding failures into the existing memory-core batch splitter instead of aborting bulk memory indexing. Tighten the classifier to require header-too-large wording rather than a bare 431 status token, so unrelated provider errors do not fan out into recursive requests. Fixes #92465. Thanks @mushuiyu886 for the fix and @BrettHamlin for the report and proof. * feat(providers): add GLM-5.2 support (#92796) * feat(providers): add GLM-5.2 support * ci(live): add GLM-5.2 provider shard * fix(sessions): enforce channel send policy for account-scoped DMs Derive the channel from canonical account-scoped DM session keys when resolving session.sendPolicy, so channel-scoped allow/deny rules apply to per-account-channel-peer sessions. Keep derivation limited to canonical channel peer key shapes and add malformed-key regressions so incomplete or non-channel keys do not accidentally match channel rules. Compatibility note: existing channel-scoped send-policy rules can now block account-scoped DM sends that were previously allowed by this bug. Thanks @yetval for the fix. * docs(changelog): refresh 2026.6.8 notes * fix(ui): localize workspace file rail labels * fix(docker): remove stale nested openclaw package Remove the stale nested openclaw package, its .bin shim, and the pnpm virtual-store copy from the runtime Docker image before final runtime assets are copied. Run the package dist import-closure check after the cleanup so the check validates the final runtime-assets tree that the image ships. Compatibility note: private Docker paths under /app/node_modules/openclaw and /app/node_modules/.bin/openclaw are removed; downstream images should use the documented /usr/local/bin/openclaw launcher or /app/openclaw.mjs. Fixes #92551. Thanks @lzyyzznl for the fix and @fxstein for the report. * fix(release): repair beta validation fixtures * chore(deps): bump macOS Swift dependencies Updates the macOS Swift package resolution for patch releases of Peekaboo, Sparkle, and swift-log. Verification: - `swift package describe --type json` - `swift build --target OpenClawIPC` - `swift build --target OpenClawDiscovery` - upstream tag/revision checks for Peekaboo 3.4.1, Sparkle 2.9.3, and swift-log 1.13.2 - autoreview clean - exact PR head CI green for macOS, dependency, and security checks * fix(qa): read rich Telegram replies in live checks (cherry picked from commit 9c8b8803535b38ec204ead00c29c35e4ea1a8ee7) * fix(agents): preserve compatible CLI session runtime pins Preserves provider-compatible CLI runtime session pins across reply execution, follow-up execution, dispatch visibility, preflight compaction, and memory flush. This keeps sessions pinned to compatible CLI runtimes such as `claude-cli` from leaking into embedded OpenClaw maintenance paths while still rejecting cross-provider runtime pins. Original PR by @yu-xin-c; includes maintainer follow-up for the sibling memory paths. Verification: - `node scripts/run-vitest.mjs src/auto-reply/reply/agent-runner-execution.test.ts src/auto-reply/reply/agent-runner-memory.test.ts src/agents/model-runtime-aliases.test.ts --maxWorkers=1` - autoreview clean - Crabbox AWS `cbx_44400b494e97` / `coral-prawn`, run `run_69dd43475e39`: `check:changed` passed - exact PR head CI green: `303b2f794f6c01fcf21b62b27c536b5f6eceb421` * test(macos): isolate exec approvals env * test(macos): avoid real approvals migration in tests * fix(matrix): validate CLI numeric option ranges Validates Matrix CLI numeric option ranges before invoking setup or verification side effects. `--initial-sync-limit` must now be non-negative, and `--timeout-ms` must now be positive. Original PR by @rohitjavvadi. Verification: - `node scripts/run-vitest.mjs extensions/matrix/src/cli.test.ts --maxWorkers=1` - autoreview clean - Crabbox AWS `cbx_5c32f138ab3a` / `swift-lobster`, run `run_6e133b8b82e7`: `check:changed` passed - exact PR head CI green: `d75f118299029b0516311646276cd2d6582379c5` * fix(qa): accept rich Telegram canary presence (cherry picked from commit e86eb7567a79fd3fe90115d3840222a292eefa55) * test(matrix): avoid racy inbound dedupe TTL (cherry picked from commit 8ae3662b1c7ad32fb79039ff3465e0b1c835fe4e) * fix(canvas): validate CLI numeric options Validate Canvas CLI numeric arguments before node invocation. - Reject malformed `--invoke-timeout` values through the shared Canvas invoke path before resolving a node. - Keep snapshot `--quality` bounded to the existing Canvas tool schema range of 0..1. - Add focused CLI regressions for timeout validation, quality bounds, and accepted boundary values. Verification: - `node scripts/run-vitest.mjs extensions/canvas/src/cli.test.ts --maxWorkers=1` - `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main ...` - AWS Crabbox `cbx_b7838c58daba`, run `run_bbb58ca536f4`: `check:changed` - Exact PR head `a970ce594ea6e7284ace519352fc258b1b81cb80`: GitHub checks green * fix: reflow composer beside workspace rail Reflow the Control UI chat composer into the main chat column when the Workspace Files rail is expanded, so the composer stays beside the rail instead of extending underneath it. Prepared head SHA: 7108d88cdad8c5e1c23d3f0e8b8965d723cea99d Co-authored-by: Colin Johnson <211764741+Solvely-Colin@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd * fix(configure): mask gateway token prompts Mask gateway token/password prompts while preserving blank-token generation. Verified with focused configure wizard tests and clean CI. * fix(ports): avoid stale cleanup for non-gateway SSH listeners Limit SSH tunnel classification to actual queried-port forwards and keep SSH-like non-gateway listeners out of stale gateway cleanup. Verified with focused port/restart tests and clean CI. * fix(tavily): keep web search contract executable Keep the Tavily public artifact lightweight while lazily executing through the provider runtime. Verified with focused Tavily/provider artifact tests and clean CI. * fix(daemon): keep duplicate Windows gateway tasks visible Normalize Windows schtasks default gateway names without hiding similarly prefixed duplicate tasks. Verified with focused daemon tests, type proof, autoreview, and clean CI. * fix(cron): isolate transient auth cooldowns Keep cron-local transient auth failures from polluting shared cooldowns while preserving real auth/billing/rate-limit propagation. Verified with focused auth/cron tests, type proof, autoreview, and clean CI. * fix(heartbeat): route outbound mirror to isolated session key (#92807) * fix(heartbeat): route outbound mirror to isolated session key Co-authored-by: Merkava <263752781+agent-merkava@users.noreply.github.com> * fix(clownfish): address review for ghcrawl-143801-autonomous-smoke (1) Co-authored-by: Merkava <263752781+agent-merkava@users.noreply.github.com> * fix(clownfish): address review for ghcrawl-143801-autonomous-smoke (1) Co-authored-by: Merkava <263752781+agent-merkava@users.noreply.github.com> --------- Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com> Co-authored-by: Merkava <263752781+agent-merkava@users.noreply.github.com> * test(gateway): preserve live Codex api-key auth (cherry picked from commit 4aa50732f607d84e23c4e7d3ac8e77292c8c774e) * fix(memory): surface skipped short-term recall hits (#92745) Record diagnostic events when memory_search returns durable memory hits that are intentionally excluded from short-term promotion, so users can distinguish eligibility decisions from recall tracking failures. * fix(gateway): forward image-only input on /v1/responses (parity with chat completions) (#92488) * fix(gateway): accept image-only input on /v1/responses The OpenResponses endpoint rejected requests whose `input` contained only an `input_image` (no `input_text`) with `400 Missing user message in input.`, even though the image was parsed and collected into `images`. The guard only checked `prompt.message` and ignored `images`, unlike the equivalent /v1/chat/completions guard which uses `!prompt.message && images.length === 0`. Align the OpenResponses guard with Chat Completions so image-only turns are forwarded to the agent. Empty input (no text and no image) still returns 400. Adds regression tests: image-only base64 input -> 200 with image reaching the agent, and empty content -> 400. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(gateway): pass image-only /v1/responses turns to the agent The one-line guard alone was insufficient: even after letting image-only input past the `Missing user message` check, the downstream agent command (`prepareAgentCommandExecution`) throws `Message (--message) is required` for an empty message, so image-only `/v1/responses` returned 500. Mirror the /v1/chat/completions prompt builder: substitute the shared IMAGE_ONLY_USER_MESSAGE placeholder for the active image-only user turn so the turn is not dropped and the real image is still attached via `images`. Promote the placeholder constant to the shared gateway agent-prompt module so both endpoints stay in sync, and revert the responses guard back to the original `!prompt.message` check (responses images are not scoped to the active turn, so the placeholder is the correct, single source of truth). Co-authored-by: Cursor <cursoragent@cursor.com> * chore: retrigger CI (flaky startup-core test timeout, unrelated to change) Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: songwendong <songwendong@shuidi-inc.com> Co-authored-by: Cursor <cursoragent@cursor.com> * fix(status): avoid cumulative usage for context percent (#92604) * fix(status): avoid cumulative usage for context percent * fix(status): preserve legacy context totals * fix: reject unvalidated voice media streams Reject voice media stream start frames when no acceptance validator is configured, preventing fail-open STT/TTS session creation. Verified locally, with autoreview, in a remote Linux dev box, and by green CI. * test(gateway): wait for trajectory export guidance (cherry picked from commit 4675423788a0ef48b0c46ed31b199762e1576c81) * fix(telegram): acknowledge callbacks before sequentialize Fixes #42156. Answer Telegram callback queries before per-chat/topic sequentialize can queue the handler behind an active turn, and carry the in-flight answer promise on the grammY context so the normal handler reuses it instead of double-answering. Proof: - node scripts/run-vitest.mjs extensions/telegram/src/bot.create-telegram-bot.test.ts -- -t "answers callback queries before same-chat sequentialize delays handlers|sequentializes updates by chat and thread|routes callback_query payloads as messages" - node scripts/run-vitest.mjs extensions/telegram/src/bot.test.ts extensions/telegram/src/bot-handlers.runtime.test.ts - node_modules/.bin/oxfmt --check extensions/telegram/src/bot-core.ts extensions/telegram/src/bot-handlers.runtime.ts extensions/telegram/src/callback-query-answer-state.ts extensions/telegram/src/bot.create-telegram-bot.test.ts - git diff --check origin/main...HEAD - .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main - Azure Crabbox cbx_cba20c462ad5 / silver-barnacle: OPENCLAW_TESTBOX=1 node scripts/crabbox-wrapper.mjs run --provider azure --class Standard_D4ads_v6 --idle-timeout 90m --ttl 240m --timing-json -- env OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 corepack pnpm check:changed Proof gap: live Telegram Desktop/burner-account proof was not run because openclaw-telegram-user-crabbox-proof is not installed in this shell. * fix(nodes): surface pending reapproval diagnostics (#92547) * fix(nodes): surface pending reapproval diagnostics * fix(nodes): harden reapproval diagnostics * fix(nodes): scope pending diagnostics * fix(nodes): request pairing diagnostics in cli * fix(nodes): reuse stored auth for diagnostics * fix(nodes): preserve selected diagnostics credentials * fix(nodes): prefer approved diagnostics auth * fix(nodes): narrow diagnostics fallbacks * fix(nodes): recover from stale diagnostics auth * fix(gateway): preserve connect error narrowing * fix(nodes): isolate privileged diagnostics auth * fix(nodes): constrain privileged diagnostics auth * fix(nodes): close diagnostics review gaps * fix(nodes): guard reapproval cleanup races * fix(nodes): defer stale pairing cleanup * fix(nodes): preserve reapproval on hello failure * test(nodes): await post-handshake reapproval cleanup * test(nodes): avoid unbound websocket send capture * fix(nodes): allow local auth-none diagnostics * fix(nodes): preserve overlapping reapproval * fix(nodes): preserve pending node metadata * fix(nodes): keep connection age with status * fix(nodes): preserve reapproval during reconnect races * fix(nodes): serialize reapproval cleanup * fix(nodes): bound reapproval reconnect races * test(nodes): satisfy cleanup claim lint --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(memory): keep skipped recall diagnostics opt-in Follow-up to #92745 after maintainer autoreview found that the skipped recall event widened the shipped MemoryHostEvent union and changed limited legacy reads. Keep readMemoryHostEvents() source-compatible by filtering diagnostic records before applying limits, and expose skipped recall diagnostics through the opt-in MemoryHostEventRecord/readMemoryHostEventRecords path. Original skipped-recall behavior landed in #92745 by @mushuiyu886. * fix(doctor): avoid false-positive legacy cron store warning when store was already migrated (fixes #92683) (#92690) * fix(doctor): avoid false-positive legacy cron store warning when store was already migrated When rawJobs.length > 0 and other issues exist (notifyCount, dreamingStaleCount) but legacyStoreDetected is false (file already removed after migration), the doctor unconditionally printed 'Legacy cron job storage detected at ...' — misleading users into thinking the migration was incomplete. Fix: conditionally use 'Cron store issues detected' heading when no legacy store file exists, reserving 'Legacy cron job storage detected' for actual legacy store presence. Fixes #92683 * test(doctor): add test for false-positive legacy cron store warning (#92683) * fix(telegram): skip IPv4 fallback when user explicitly configures non-ipv4first dnsResultOrder (fixes #41671) (#92806) * fix(telegram): skip IPv4 fallback when user configures non-ipv4first dnsResultOrder When the user explicitly configures channels.telegram.network.dnsResultOrder to a non-ipv4first value (e.g. verbatim), the sticky IPv4 fallback dispatcher should not be armed. Forcing autoSelectFamily=false + dnsResultOrder=ipv4first overrides the user's explicit IPv6-friendly config, causing media downloads to fail on hosts where IPv4 is broken but IPv6 works. Fixes #41671 * fix(telegram): respect explicit DNS fallback policy --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * test(gateway): capture trajectory export command events (cherry picked from commit b656a510468279aacad51515123b960b56a3fa87) * fix(macos): defer isOverflowing mutation to break SwiftUI render loop (fixes #43480) (#92778) * fix(macos): defer isOverflowing mutation to break SwiftUI render loop measuredHeight() mutated model.isOverflowing synchronously during a SwiftUI view update cycle. The onChange(of: attributed) handler triggered updateWindowFrame → targetFrame → measuredHeight, which set isOverflowing, invalidating the view and re-triggering onChange — an infinite render loop causing 100% CPU pinwheel. Fix: defer the isOverflowing mutation via DispatchQueue.main.async with an equality guard to prevent redundant updates. The frame calculation itself remains synchronous so the window size is correct immediately. Fixes #43480 * fix(macos): preserve latest overflow measurement --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(gateway): use resolveNonNegativeNumber for totalTokens to display 0 instead of ? (fixes #43009) (#92795) * fix(gateway): use resolveNonNegativeNumber for totalTokens to display 0 instead of ? resolvePositiveNumber requires value > 0, filtering out the valid totalTokens = 0 case (new session, no usage yet). This caused the TUI to display 'tokens ?/200k' instead of 'tokens 0/200k (0%)'. Use resolveNonNegativeNumber (>= 0) for the final totalTokens value used in session display. The needsTranscriptTotalTokens check at line 2041 still correctly uses resolvePositiveNumber to decide whether to fetch transcript data. Fixes #43009 * fix(gateway): preserve fresh zero-token sessions --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(gateway): preserve active runs during plugin finalization (#92746) * fix(gateway): preserve active run during plugin finalization * fix(ui): skip session.message history reload while gateway reports active run * fix(ui): remove unused eslint-disable directive * fix(ui): preserve active runs through finalization --------- Co-authored-by: scotthuang <scotthuang@tencent.com> Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * UI: localize Logs tab labels (#92820) Repair #61080 by routing Logs tab user-facing labels through Control UI locale keys while keeping export filename suffixes stable. Validation: - pnpm ui:i18n:check - pnpm check:changed - ui/src/ui/views/logs.test.ts - Codex /review - GitHub PR checks Source PR credit: continues @rubensfox20's work from https://github.com/openclaw/openclaw/pull/61080. Co-authored-by: rubensfox20 <111531429+rubensfox20@users.noreply.github.com> * test(release): harden trajectory export live check (cherry picked from commit b2d4cb7f868a7bd3abae1b775a0c26f32ec9a288) * test(release): accept trajectory command session final (cherry picked from commit 9458ffa7e8598608e582fd233fccb586ecc7b10b) * fix(telegram): preserve command callbacks while prefixing generic callback data (#92825) Fixes #54909. Repair #54962 by preserving raw slash-command callbacks while routing generic callback data to agents as `callback_data: <value>`. Validation: - pnpm check:changed - pnpm -s vitest run extensions/telegram/src/bot.create-telegram-bot.test.ts - Codex /review - Real behavior proof - GitHub PR checks Source PR credit: continues @hnshah's work from #54962 and preserves @timt80's report credit from #54909. Co-authored-by: Hiten Shah <3155200+hnshah@users.noreply.github.com> * fix: refresh model context metadata safely Cap configured session context overrides by the selected model's known context window, refresh provider/model metadata consistently, and preserve the fixed Anthropic 1M context contract. Fixes #39857 Co-authored-by: Kros Dai <7087+xdanger@users.noreply.github.com> * fix(copilot): strip replayed thinking blocks Remove replayed thinking and redacted-thinking blocks from GitHub Copilot Claude history and final Anthropic payloads while preserving visible content, tool turns, and non-empty assistant structure. Fixes #81520 Supersedes #87060 and #81534 Co-authored-by: Gio Della-Libera <giodl73@gmail.com> * feat(browser): extend --labels overlay to full-page and element captures (#92834) Summary: - The replacement PR extends Browser plugin labeled screenshots to honor Playwright full-page/ref/element scope, returns annotation bounding boxes, and updates docs, tests, and skill guidance. - PR surface: Source +415, Tests +550, Docs +24. Total +989 across 12 files. - Reproducibility: yes. Current main source shows the labeled Playwright helper ignores fullPage/ref/element and omits annotations, and the source PR supplies live before/after commands for the Browser plugin path. Automerge notes: - PR branch already contained follow-up commit before automerge: docs(browser): correct raw-CDP labels caveat in automation skill - PR branch already contained follow-up commit before automerge: fix(browser): preserve labelsSkipped semantics for off-viewport refs - PR branch already contained follow-up commit before automerge: docs(browser): scope labels docs by driver - PR branch already contained follow-up commit before automerge: docs(browser): fix labels annotation indent and document scope fix - PR branch already contained follow-up commit before automerge: docs(browser): indent annotations box schema under --labels bullet - PR branch already contained follow-up commit before automerge: docs(browser): indent labels annotation schema Validation: - ClawSweeper review passed for head 70aca6c5065ae68bbf1037949e28045f479c0355. - Required merge gates passed before the squash merge. Prepared head SHA: 70aca6c5065ae68bbf1037949e28045f479c0355 Review: https://github.com/openclaw/openclaw/pull/92834#issuecomment-4700431344 Co-authored-by: FMLS <kfliuyang@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Mason Huang <masonxhuang@tencent.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: hxy91819 Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com> * fix(discord): raise thread title timeout and tokens Source PR: https://github.com/openclaw/openclaw/pull/64734 Co-authored-by: Hana Chang <741302+hanamizuki@users.noreply.github.com> * fix(whatsapp): require durable auth before login success (#92095) * fix(stale): exempt ClawSweeper actionable labels from stale lifecycle (#92801) Add clawsweeper:queueable-fix, clawsweeper:source-repro, and clawsweeper:fix-shape-clear to exempt-issue-labels in all 4 stale workflow steps and the backfill-closures script's issueExemptLabels set. Previously, issues classified by ClawSweeper as actionable fix candidates could still be marked stale and auto-closed, creating a conflict between the two automation systems (e.g. #78640, #81078, #81122 had both 'stale' and 'clawsweeper:queueable-fix'). Fixes #89564 * fix(status): render sub-1000 token counts as plain integers (#89736) * fix(status): render sub-1000 token counts as plain integers formatKTokens always divided by 1000 and appended "k", so token counts below 1000 rendered as misleading fractional k in `openclaw status` output (e.g. 999 rounded up across the boundary to "1.0k", 420 -> "0.4k", a 300-token cache write -> "write 0.3k"). Guard value < 1000 to render the plain rounded integer, matching the canonical formatTokenCount convention (src/utils/usage-format.ts). The >=1000 "k" behavior is unchanged. Adds focused regression tests for the 0/420/999/1000/12000 boundary and small-session/small-cache status lines. Fixes #89735 * fix(status): reuse canonical token formatter * refactor(status): extract lightweight token formatter --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(agents): catch malformed image blocks in sanitizeContentBlocksImages (#92792) * fix(agents): catch malformed image blocks in sanitizeContentBlocksImages * fix(agents): sanitize malformed-only image results --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * ci: gate stable releases on Windows companion assets (#92555) * ci: gate stable releases on Windows companion assets * fix(release): reject malformed Windows checksum manifests * fix(release): make Windows recovery fail closed * fix(release): tighten Windows asset identity checks * fix(release): validate prepared candidate tarballs --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(agents): add usage guidance to sessions_spawn tool description (fixes #91814) (#91824) * fix(agents): add usage guidance to sessions_spawn tool description (fixes #91814) * fix(agents): tighten sessions spawn guidance --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(feishu): await HTTP server shutdown during monitor cleanup Source PR: https://github.com/openclaw/openclaw/pull/48588 Co-authored-by: alex sagit <267811734+alex-xuweilong@users.noreply.github.com> * feat: add tool search directory mode Add an experimental directory mode that keeps large authorized tool schemas deferred while exposing bounded discovery, exact deferred hydration, and normal OpenClaw policy/hook execution. Client tools remain directly visible; ambiguous hidden names fail closed. * fix(qqbot): surface failed media sends (#92823) * fix(qqbot): surface media send failures * test(qqbot): cover text send failures --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(tailscale): preserve parse errors for malformed JSON Accept the fail-closed behavior for malformed `tailscale funnel status --json`: noisy valid JSON should parse, but malformed status output should not silently become “route absent”. Source PR: https://github.com/openclaw/openclaw/pull/63321 Co-authored-by: Francisco Maestre Torreblanca <2027043+franciscomaestre@users.noreply.github.com> * Add diagnostics OTEL capability contract tests (#92045) * fix(acp): accept MCP date protocolVersion in ACP server Repairs https://github.com/openclaw/openclaw/pull/56176. Fixes https://github.com/openclaw/openclaw/issues/56102. Co-authored-by: Saurabh Mishra <2924124+bugkill3r@users.noreply.github.com> * fix(hooks): reject slug-generator error payloads Repairs https://github.com/openclaw/openclaw/pull/64181. Co-authored-by: Cypher <28184436+Cypherm@users.noreply.github.com> * fix(ui): repair iOS Safari chat viewport handling Repairs https://github.com/openclaw/openclaw/pull/63644. Review proof: local structured autoreview on branch review/pr-92855 against origin/main exited clean with no accepted/actionable findings. Co-authored-by: Xi Qi <1311124+macdao@users.noreply.github.com> * fix(update): continue after package doctor warnings (#91586) * fix(update): continue after package doctor warnings * fix(update): type advisory step rendering * fix(update): preserve advisory doctor step state * fix(update): share advisory doctor state * fix(update): keep timed-out doctor failures blocking * fix(update): require explicit doctor advisory result * fix(update): reject malformed doctor advisory results * fix(update): bound doctor advisory diagnostics * fix(update): keep doctor advisory restart-neutral * fix(update): protect doctor advisory IPC * fix(update): scope doctor advisories to converging updater * fix(update): scope doctor advisories to deferred repairs * fix(update): secure doctor advisory IPC --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(feishu): target typing reaction on inbound message Target Feishu Typing reactions at the inbound message id while preserving reply and thread routing to the topic root. This keeps the fallback to replyToMessageId for flows without a separate inbound target, and adds regression coverage for topic/replyInThread behavior and synthetic Feishu turn sources. Based on and credits #67783 by @huiwen01. This replacement branch carries the same user-visible fix forward because #67783 is dirty against main and earlier automation could not update the fork branch with available permissions. This intentionally does not reuse or expand #73958; root_id routing remains separate. Validation: - pnpm check:changed - pnpm -s vitest run extensions/feishu/src/bot.test.ts extensions/feishu/src/reply-dispatcher.test.ts extensions/feishu/src/monitor.reaction.test.ts - autoreview clean: no accepted/actionable findings - GitHub checks: 127 pass, 0 fail, 0 pending Co-authored-by: huiwen01 <89329207+huiwen01@users.noreply.github.com> * fix(lobster): surface workflow path errors Surface missing bare Lobster workflow file paths instead of silently falling through to inline pipeline parsing. The runner now treats plain workflow file inputs as file paths, keeps inline commands with file-like arguments as pipelines, and preserves existing workflow file paths that contain spaces. Regression coverage covers missing bare workflow paths, inline false positives, and spaced workflow filenames. Fixes #68101. Based on and credits #68106 by @vvitovec. This replacement branch carries the focused fix forward because #68106 is dirty against current main and could not be repaired on the fork branch with available bot permissions. Validation: - node scripts/run-vitest.mjs extensions/lobster/src/lobster-runner.test.ts - autoreview clean: no accepted/actionable findings after the spaced-path fix - GitHub checks: 127 pass, 0 fail, 0 pending Co-authored-by: Viktor Vítovec <230458341+vvitovec@users.noreply.github.com> * fix(cli): clarify --tz help text for offset-less --at values Clarifies cron edit --at help after maintainer rebase and preserves the Gateway-host timezone wording for cron --tz help. Validation: - git diff --check - node scripts/run-vitest.mjs src/cli/cron-cli.test.ts - local Codex autoreview clean, no actionable findings Co-authored-by: rrrrrredy <rrrrrredy@users.noreply.github.com> * fix(agents): preserve valid reasoning replay metadata (#90682) Preserve validated provider reasoning ciphertext, signatures, and replay identifiers through transcript redaction without exempting malformed, nested, or credential-shaped values. Fixes #90093. Co-authored-by: Elfka Toruviel <aeb31988340aa87b@toruviel.online> * fix(anthropic): omit stale thinking from disabled requests (#92373) Preserve signed thinking for active Anthropic tool-result continuation while omitting native thinking from completed history when the new request disables or omits thinking. Applies the same replay rule to the legacy SDK provider and managed Anthropic transport. Fixes #92360. * docs(crabbox): warm Testbox in parallel * fix(anthropic): merge consecutive assistant replay turns (#87346) Merge adjacent Anthropic assistant turns before dangling tool-use validation so signed tool calls remain immediately paired with their tool results. Preserve contributor credit. Fixes #87329. * fix(anthropic): quarantine invalid direct tool schemas (#92896) Quarantine unreadable and structurally invalid direct/custom Anthropic tool schemas in both canonical request builders while preserving healthy siblings, forced-choice semantics, OAuth name mapping, and official OpenAI behavior. Supersedes #89418, #89221, #90228, #89622, #89229, and #90278. Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(active-memory): preserve verbose recall summaries (#90739) * fix(active-memory): preserve verbose recall summaries * fix(active-memory): require recall evidence for recovery * fix(active-memory): recognize capped recall results * fix(active-memory): preserve grounded recall state * refactor(active-memory): limit recovery to completed recalls * fix(active-memory): ground terminal recall recovery * fix(active-memory): limit unavailable recovery to completed replies * fix(active-memory): harden recall evidence recovery * fix(active-memory): preserve timeout recovery contract * fix(active-memory): preserve capped failure evidence * fix(active-memory): reject content-only recall failures * fix(active-memory): ground completed recall summaries * fix(active-memory): separate hook and recall timeouts * fix(active-memory): classify custom tool failures * fix(active-memory): preserve harness tool evidence * fix(active-memory): reject explicit empty results * fix(active-memory): wait for fallback recall evidence * fix(codex): report dynamic tool results * fix(active-memory): separate preflight recall deadline * fix(active-memory): normalize recall tool names * fix(agents): classify unavailable approvals * docs(active-memory): clarify hook timeout phases * test(active-memory): stabilize timeout abort proof * fix(agents): preserve successful cancellation outcomes --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(gateway): deliver command block replies in webchat (cherry picked from commit 33390ee88f5c8325efc60d1793c532a9489a5a72) * docs(changelog): refresh 2026.6.8 notes (cherry picked from commit 0b5cb00980c68a39b8fb1d77f6c04e9733bcbb09) * fix(gateway): preserve slash command media replies * Simplify QA scorecard mapping shape (#92558) * test(qa): simplify scorecard mapping shape * test(qa): use typed scorecard evidence refs * test(qa): map scorecard categories by coverage id * feat: align qa coverage with taxonomy features * refactor: keep qa coverage ids canonical * refactor: minimize qa coverage id churn * test: align qa coverage id assertions * test: update qa evidence coverage expectations * refactor qa taxonomy coverage ids * style qa taxonomy coverage ids * test qa coverage lint fix * test qa coverage type fix * fix(memory-wiki): stop flagging raw source pages as malformed (#92876) * fix(memory-wiki): stop flagging raw source pages as malformed * fix(clownfish): address review for gitcrawl-11828-autonomous-smoke (1) * fix(memory-wiki): skip freshness lint for raw source pages * fix(memory-wiki): keep raw source ids linted --------- Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com> Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(providers): quarantine unreadable Anthropic payload tools (#92908) Quarantine unreadable and invalid Anthropic-family tool schemas before OpenAI-compatible serialization, keep tool choices aligned with surviving tools, and preserve provider metadata. Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(memory): preserve reindex rollback recovery (#92881) * fix(memory): preserve reindex rollback recovery Co-authored-by: Shiwen Han <46259514+TSHOGX@users.noreply.github.com> * fix(clownfish): address review for gitcrawl-5644-autonomous-smoke (1) Co-authored-by: Shiwen Han <46259514+TSHOGX@users.noreply.github.com> * test: update memory reindex test routing expectation * chore(memory): remove release changelog entry * fix(memory): complete reindex retry recovery --------- Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com> Co-authored-by: Shiwen Han <46259514+TSHOGX@users.noreply.github.com> Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * test(agents): skip anthropic billing drift in live tool checks * test(qa): align tool coverage CLI expectation * test(gateway): keep trajectory export live proof correlated * fix(openai): quarantine unreadable tool schemas (#92921) Snapshot unreadable OpenAI tool descriptors and schemas before payload construction, preserve healthy siblings, and reconcile hard tool choices with the surviving function inventory. Adds live-tested Responses and Chat Completions coverage, including allowed_tools, while keeping Anthropic regressions green. Related: #89413, #89013, #89016, #89378, #89543, #90200, #90283, #90286, #90397 Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * Fold Telegram RTT sampling into live QA evidence (#92550) * refactor(qa): fold telegram rtt into live evidence * test: default package telegram rtt samples * refactor(qa-lab): fold telegram rtt into live evidence * fix(qa-lab): keep package telegram rtt optional for focused runs * fix(qa-lab): avoid stale rtt evidence on failed samples * fix(qa-lab): pass telegram live env into credential leasing * fix(qa-lab): update telegram canary remediation artifacts * docs(qa): remove stale telegram observed artifact guidance * fix(qa-lab): clarify telegram empty-reply remediation * fix(qa-lab): honor telegram rtt timeout * ci(qa): drop stale telegram capture env * refactor: align telegram evidence coverage fields * fix: ignore stale telegram observed artifacts * fix: preserve telegram rtt coverage mapping * fix: omit unused telegram rtt catch binding * docs: document telegram rtt check selector * test(gateway): allow trajectory export instruction latency * fix(media): route OAuth image defaults through Codex (#92824) Route implicit OpenAI image understanding through the Codex app-server for eligible OpenAI OAuth profiles. Preserve scoped and persisted credential ownership plus the rotating-token refresh lifecycle for isolated clients. Fixes #87168 Thanks @bek91. * fix(cli): avoid false downgrade prompt for latest tag Keep unresolved latest package targets moving while preserving downgrade confirmation for unresolved non-latest dist-tags. Validation: - node scripts/run-vitest.mjs src/cli/update-cli.test.ts - node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.test.src.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/test-src-pr92911.tsbuildinfo - git diff --check origin/main...HEAD && git diff --check Direct-landed from #92911 because the source branch has maintainer edits disabled and ClawSweeper requested changelog removal plus behavior proof. Co-authored-by: Andy Wu <31586206+Andy312432@users.noreply.github.com> Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(openai): guard post-hook tool payloads (#92928) Guard OpenAI post-hook tool inspection and code-mode filtering against unreadable accessors and asynchronous payload replacements. Preserve valid official `exec` and `wait` function tools across Responses and Chat Completions paths. Supersedes #89703. Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(sessions): restore reset archive fallback reads Fall back to valid reset transcript archives when active async session transcripts are missing, while keeping active transcript priority and choosing the newest valid archive across roots. Validation: - node scripts/run-vitest.mjs src/gateway/session-utils.fs.test.ts src/gateway/sessions-history-http.test.ts src/gateway/sessions-history-http.revocation.test.ts src/gateway/session-history-state.test.ts src/gateway/server.chat.gateway-server-chat-b.test.ts src/gateway/managed-image-attachments.test.ts src/agents/tools/embedded-gateway-stub.test.ts src/tui/embedded-backend.test.ts - node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.test.src.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/test-src-pr92879.tsbuildinfo - git diff --check origin/main...HEAD && git diff --check - autoreview --mode branch --base origin/main: clean Direct-landed from #92879 because the source branch has maintainer edits disabled and the landed diff needed maintainer repair before merge. Co-authored-by: Masato Hoshino <246810661+masatohoshino@users.noreply.github.com> Co-authored-by: Hu Yitao <39733381+CadanHu@users.noreply.github.com> Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(feishu): re-resolve route when dynamic agent binding already exists in runtime config (fixes #42837) (#92814) * fix(feishu): re-resolve route when dynamic agent binding already exists in runtime config When dynamicAgentCreation is enabled and a binding was previously written to the config file (e.g. from a prior message), the in-memory cfg may be stale and not contain the binding. Previously, maybeCreateDynamicAgent returned { created: false, updatedCfg: cfg } with the stale cfg, and bot.ts only re-resolved the route when created === true. This caused subsequent messages to still route to agent:main. Fix: check runtime.config.current() for the binding when it is missing from the in-memory cfg. When found, return the runtime's current config so the caller can re-resolve the route with up-to-date bindings. Fixes #42837 * fix(feishu): serialize dynamic agent config updates * fix(feishu): route with refreshed runtime config * fix(feishu): use current dynamic-agent policy * fix(feishu): reauthorize refreshed dynamic routes * fix(feishu): authorize dynamic agent mutations * fix(feishu): complete account-scoped dynamic routing * fix(feishu): revalidate current direct routes * fix(feishu): isolate named-account dynamic agents * fix(feishu): bound named dynamic agent ids * docs(feishu): explain legacy dynamic agent cap * test(feishu): fix dynamic routing check types --------- Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com> * fix(release): harden beta validation gates (cherry picked from commit 91eeda0d708c2d8dac7c09c259b7cf390193f83f) * test(release): unblock beta validation checks * fix: restart gateway after isolated cron setup timeout Restart the gateway after isolated cron setup timeouts and harden stale cron-task finalization around restart/reload boundaries. Verification: focused cron/tasks/CLI regression suites, gateway filesystem/session regression suite, test typecheck, core lint shards, git diff --check, autoreview, Blacksmith Testbox changed gate tbx_01kv2srgbex71w9ce5rwv2wtr4, and clean GitHub PR checks on 13d06b5d6f9be057510942314b133316aff0d7cc. * fix(openai): omit gpt-5.5 tool reasoning effort (#90574) Fix GPT-5.5 Chat Completions tool requests by omitting the incompatible reasoning effort only on verified OpenAI and Azure routes. Preserve no-tool requests and nonblank custom OpenAI-compatible providers; add official regional endpoint metadata plus OpenAI and Anthropic live regression proof. Co-authored-by: Thomas Krohnfuß <thomas.krohnfuss@stud.th-luebeck.de> * test(gateway): isolate trajectory export live seed turn * test(installer): stabilize npm prefix probe test * fix(openai): recover invalid reasoning signatures (#92941) * test(gateway): authorize trajectory export live command * fix(agents): clamp subagent spawn thinking overrides Fixes #92412. Subagent spawns that request an unsupported explicit thinking level now clamp through the existing provider/model thinking fallback instead of hard-failing after the orchestrator has already received an accepted ack. The exception is limited to trusted subagent spawn runs by requiring both the subagent lane and a subagent-shaped session key, so interactive and non-subagent explicit `--thinking` validation still fails loudly. Verification: - `node scripts/run-vitest.mjs src/agents/agent-command.live-model-switch.test.ts --maxWorkers=1` - `.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main` - Testbox-through-Crabbox `tbx_01kv2wt0nqavsmnvzzzy2antrc`: `OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 corepack pnpm check:changed` - GitHub PR checks clean on `c71186863337d9dfb9a18e5349ebef634a7d5ccd` * test(openai): extend live STT fixture timeout * fix(subagents): preserve config-selected child model overrides * fix(subagents): handle configured bare model provenance * fix(gateway): degrade config watcher to polling Fixes #92851. When native filesystem watching exhausts its retry budget, the gateway config reloader now falls back to polling instead of disabling hot reload for the rest of the process. The watcher state tracks the effective Chokidar polling mode, including CHOKIDAR_USEPOLLING overrides, so forced polling avoids a redundant native phase and forced native mode reports an accurate native-mode disable. Verification: - node scripts/run-vitest.mjs src/gateway/config-reload.test.ts --maxWorkers=1 - .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main - Testbox-through-Crabbox tbx_01kv2xvbqkv4dmvvvsswzm75hz: OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 corepack pnpm check:changed - GitHub PR checks clean on c9762c5159a2ef75aa23d2af2a5435d0d8bf6b63 * fix(gateway): build row metadata for single session lists Refs #92057. Build the request-scoped row metadata context for every non-empty sessions.list result, including limit=1, so single-row lists use the shared subagent metadata read index instead of direct per-row registry snapshot lookups. This keeps the existing single-row store child-session candidate optimization intact while removing the single-row metadata-cache gap. Verification: - node scripts/run-vitest.mjs src/gateway/session-utils.single-row-cache.test.ts --maxWorkers=1 - .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main - Crabbox run_f89b56ffea83 / cbx_f1b1f5013225: OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 corepack pnpm check:changed - GitHub PR checks clean on 1ba6619f2ee6491c40b49dd425597bb1b50638ca * fix(memory-wiki): tolerate artifacts without agent ids Fixes #92207. Normalize public memory artifacts at the memory host boundary so providers that omit agentIds produce an empty list instead of throwing during artifact cloning, sorting, or memory-wiki bridge import. The bridge now renders those artifacts with unknown agents while downstream consumers still receive stable array-shaped metadata. Verification: - node scripts/run-vitest.mjs src/plugins/memory-state.test.ts extensions/memory-wiki/src/bridge.test.ts --maxWorkers=1 - .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main - Crabbox run_2a30de5d0a00 / cbx_3684cb0b7ea5: OPENCLAW_CHECK_CHANGED_REMOTE_CHILD=1 OPENCLAW_CHANGED_LANES_RAW_SYNC=1 corepack pnpm check:changed - GitHub PR checks clean on 19678ed60f79778f407700dc35f675cde0357054 * test(gateway): unblock trajectory export live release gate * fix(lmstudio): honor thinking off for binary reasoning models (#92002) Scope disabled-thinking payload repair to LM Studio's lightweight provider stream hook. Preserve official OpenAI and Anthropic tool-calling paths. Co-authored-by: David <32288+nxmxbbd@users.noreply.github.com> * fix(auto-reply): deliver channel message-tool final replies Clarify that interim assistant text remains visible under message_tool_only delivery while the final answer must use the message tool, and forward progress for channel message-tool turns once the message tool has delivered the final reply. Co-authored-by: Forge <forge@psiclawops.dev> Co-authored-by: Chisel <chisel@psiclawops.dev> * fix(auto-reply): align message-tool progress gating * test(auto-reply): assert allowed suppressed progress gating * test(auto-reply): trim duplicate progress assertion * fix(auto-reply): share message-tool delivery hints * fix(plugin-sdk): expose delivery hints without utility imports * fix(auto-reply): strip delivery hints from leading metadata * fix(release): preserve child release check refs * fix(agents): recover genericized Anthropic thinking errors (#92916) Recover invalid Anthropic thinking replays when provider details survive genericization in SDK, failover, cause-chain, or terminal stream error fields. The recovery matcher now uses cycle-safe named error carriers, avoids scanning assistant content and tool arguments, and retains one retry per provider call. Focused regressions cover each carrier, cyclic causes, terminal errors, and false-positive payload text. Addresses the recovery path in #92201. The separate root cause that creates or persists invalid signatures remains open for investigation. Co-authored-by: wlzeng0668001202 <ceng.wenlong@xydigit.com> * refactor: add session accessor seam with gateway consumer (#90463) Merged via squash. Prepared head SHA: 58aa59eaf8059c31a2a70f859eeb96ee35e5beb2 Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman * fix(webchat): route trajectory slash export before agent dispatch * fix(ci): skip session accessor guard for older targets * fix(agents): drop incomplete reasoning replay turns (#88656) Drop assistant replay turns that ended at the token limit with only incomplete hidden reasoning while preserving visible text, tool calls, empty turns, and unknown content shapes. Apply the same classification to embedded replay and public transport transforms, with focused regression, live OpenAI/Anthropic provider proof, docs, autoreview, Testbox, and green CI. Co-authored-by: clawstation <abel@stationzero.ai> * fix(gateway): async trajectory export approvals * feat(webui): add session workspace rail (#92856) * feat(webui): add session workspace rail * fix(webui): address session workspace review * fix(webui): secure session workspace previews * fix(webui): handle nested session workspace paths * fix(webui): update session file protocol models * fix(webui): clear session rail lint * docs(browser-control): document OPENCLAW_EAGER_BROWSER_CONTROL_SERVER requirement (#92845) The standalone loopback HTTP API only starts when OPENCLAW_EAGER_BROWSER_CONTROL_SERVER=1 is set in the gateway service environment. Without it, browser control works via CLI and agent tools but nothing listens on the loopback control port. Fixes #92841 * fix: use passive periodic sqlite wal checkpoints Use PASSIVE for periodic SQLite WAL checkpoints while keeping explicit checkpoint() and close() on TRUNCATE by default. Preserve the old interval export as a compatibility alias, add the neutral interval export, and update the task storage docs contract. Fixes #81715. * fix(google): route Gemini CLI OAuth through the env proxy (#46184) (#92815) * fix(mattermost): merge progress preview lines by identity (#91331) * fix(mattermost): merge progress preview lines by identity * fix(mattermost): preserve progress across assistant boundaries * fix(mattermost): compose reasoning with progress previews * fix(channels): reset reasoning progress at block boundaries * fix(channels): align tool progress line identities * fix(channels): keep tool call identity mapping injective --------- Co-authored-by: leon <leon@gmail.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(tui): keep spinner active when toggling tools (#92909) * fix(tui): keep spinner active when toggling tools * fix(tui): preserve finishing status when toggling tools --------- Co-authored-by: zengwen <zeng_wen@foxmail.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(elevenlabs): use current TTS model ids (#92904) * fix(elevenlabs): use current TTS model ids * fix(elevenlabs): preserve served legacy model choices --------- Co-authored-by: Ariel Bravy <ariel@vortexradar.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(gateway): run export helpers through cli entry * fix #86872: Subagent run reports success but fails to write output file (#92642) * fix(codex): wait for native subagent completion Codex native subagent lifecycle status is only a progress signal; the task row should not report success until the transcript or native completion result is available. * fix(codex): preserve later native subagent failures * test(codex): freeze authoritative subagent results * fix(codex): preserve remote V1 completion fallback --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * fix(gateway): track effective watcher polling mode * test(gateway): allow optional trajectory metadata bundle * test(gateway): expect trajectory session branch bundle * refactor: route command session reads through seam (#89122) Merged via squash. Prepared head SHA: 73218cc7cd336c7389785960364aed4049a1affd Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman * fix(reply): deliver final reply when queued follow-up claims session; scope dedupe to routed thread (#90943) * fix(reply): deliver final reply when queued follow-up claims session; scope dedupe to routed thread Two core bugs caused composed replies to be silently dropped (no delivery, no error) when a second message arrived in the same thread mid-run: 1. dispatch-from-config: ensureDispatchReplyOperation only kept the dispatch-owned operation authoritative while it had no result. Once runReplyAgent completed the operation to drain queued follow-ups, a second same-thread inbound could claim the session and the first final reply would try to re-acquire the lane instead of finishing delivery, deadlocking behind the queued work. Keep the dispatch-owned operation authoritative through final delivery. 2. reply-payloads-dedupe: messaging-tool reply dedupe compared only the channel target, not the routed thread, so a send in one thread could suppress a later reply in a different thread. Thread the routed thread id through buildReplyPayloads + follow-up delivery and only fall back to channel-only matching for providers without a thread-aware suppression matcher when neither side carries thread evidence. Adds regression tests; existing Telegram topic-suppression behavior is preserved by gating the thread guard to providers lacking a plugin matcher. * fix(reply): preserve threaded message delivery evidence * fix(reply): dedupe final payloads by delivery route * fix(slack): preserve native send thread evidence * fix(reply): preserve explicit reply thread evidence * fix(reply): align explicit reply route dedupe * fix(reply): preserve delivery lane through final dispatch * fix(mattermost): preserve threaded tool send routes * chore(plugin-sdk): refresh API baseline * fix(reply): align final delivery route dedupe * fix(reply): gate followups on final delivery * fix(reply): keep send receipts private * fix(reply): infer implicit message provider * fix(reply): align routed threading policy * fix(reply): preserve queued delivery context * fix(reply): hydrate queued system event routes * fix(reply): hydrate queued execution routes * fix(reply): scope final delivery barriers * fix(slack): preserve DM target aliases * fix(reply): mirror resolved source thread routes * fix(mattermost): retain delayed delivery barrier * fix(codex): separate message routing from tool policy * fix(reply): consume normalized Slack DM targets once * fix(slack): remove stale target alias * style(reply): satisfy changed lint gates * fix(mattermost): preserve explicit reply targets * test: align Slack reply branch checks * fix(reply): persist overflow summaries to admitted session --------- Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(skills): keep managed prompt paths readable (#92894) * fix(skills): keep managed prompt paths readable * fix(skills): preserve only managed skill prompt paths * chore: refresh proof gate * fix(skills): refresh managed prompt snapshots * fix(skills): preserve plugin prompt paths in state roots * test(skills): use generic state-root path names Signed-off-by: sallyom <somalley@redhat.com> --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: sallyom <somalley@redhat.com> * test(gateway): retry chat temp cleanup * fix: refresh slash command routing config (#39617) Use the active runtime snapshot for Discord and Slack native command routing and Discord autocomplete after config hot writes. Fixes #39605 Co-authored-by: Peter Steinberger <steipete@gmail.com> * fix(agents): retry thinking-only errored turns (#92191) Retry replay-safe reasoning-only provider errors before assistant failover while preserving classified fallback and terminal-output ownership. Adds deterministic Anthropic gateway fault-injection coverage and focused regression tests.\n\nCo-authored-by: ai-hpc <mail.speedy.hpc@hotmail.com> * fix(memory): clean stale reindex temp files (#92891) * fix(memory): clean stale reindex temp files * fix(memory): harden stale reindex cleanup * fix(memory): serialize safe reindex cleanup * fix(memory): satisfy reindex lock lint --------- Co-authored-by: zengwen <zeng_wen@foxmail.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> * feat(openrouter): surface Fusion panel config (#93005) Signed-off-by: sallyom <somalley@redhat.com> * fix(state): harden sqlite path caching Resolve explicit relative SQLite DB paths before caching handles and centralize durable SQLite connection pragmas so busy_timeout is applied before WAL/NFS negotiation. * fix(gateway): repair usage cost aggregation across agents (#93022) * fix(gateway): aggregate usage co…
Signed-off-by: sallyom <somalley@redhat.com>
Signed-off-by: sallyom <somalley@redhat.com>

Summary
extraBodyconfiguration, OAuth/API-key compatibility, local test command, and the slower-by-design latency tradeoff.Fixes #92984
Real behavior proof (required for external PRs)
openrouter/openrouter/fusion, forward Fusion panel/judge config through OpenRouterextraBody, and see the docs describe the slower-by-design latency tradeoff and safe configuration caveats.openrouter-fusion-docs, patched OpenClaw CLI, live OpenRouter provider request using the localOPENROUTER_API_KEY; local source Gateway/WebChat was also run for manual browser testing.pnpm openclaw infer model run --local --model openrouter/openrouter/fusion --prompt "Reply with exactly: FUSION_OK" --jsonFUSION_OK. Screenshot: Add OpenRouter Fusion guidance and prompt context #93005 (comment).openrouter/openrouter/fusionmodel ref and returned the requested exact response text.OPENROUTER_API_KEY; the code path is provider-auth equivalent because both auth methods resolve credentials for provideropenrouter. I did not test every possible Fusion analysis/judge model combination.Verification
node scripts/run-vitest.mjs extensions/openrouter/index.test.ts src/agents/embedded-agent-runner-extraparams-openrouter.test.tspnpm docs:check-mdxgit diff --checkpnpm build.agents/skills/autoreview/scripts/autoreview --mode localclean: no accepted/actionable findings reportedpnpm openclaw infer model run --local --model openrouter/openrouter/fusion --prompt "Reply with exactly: FUSION_OK" --jsonNotes
maintainer_can_modify: trueso maintainers can edit the fork branch.