fix(compaction): count bashExecution and summary turns in pre-prompt overflow precheck#97861
Conversation
…overflow precheck estimateMessageTokenPressure special-cased toolResult, tool, and assistant roles and otherwise read record.content. bashExecution stores its payload in command/output and branchSummary/compactionSummary store theirs in summary, so record.content was undefined and those turns scored as bare boundary overhead. The provider request expands them via convertToLlm into full user text, so bash-heavy sessions skipped the preflight overflow gate and submitted oversized prompts. Estimate each affected role from the exact text convertToLlm renders: bashExecutionToText for bash turns (zero for excludeFromContext records, which convertToLlm drops), and the summary prefix/suffix plus summary text for the two summary roles.
|
Codex review: needs maintainer review before merge. Reviewed June 29, 2026, 12:18 PM ET / 16:18 UTC. Summary PR surface: Source +31, Tests +85. Total +116 across 2 files. Reproducibility: yes. Source inspection shows current main estimates these roles from Review metrics: none identified. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Next step before merge
Security Review detailsBest possible solution: Land the focused estimator and regression-test fix after normal maintainer and CI gates, keeping provider-rendered text as the token-accounting contract. Do we have a high-confidence way to reproduce the issue? Yes. Source inspection shows current main estimates these roles from Is this the best way to solve the issue? Yes. The best local fix is to estimate the same provider-rendered text that AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 6de357ad4772. Label changesLabel justifications:
Evidence reviewedPR surface: Source +31, Tests +85. Total +116 across 2 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
…overflow precheck (openclaw#97861) estimateMessageTokenPressure special-cased toolResult, tool, and assistant roles and otherwise read record.content. bashExecution stores its payload in command/output and branchSummary/compactionSummary store theirs in summary, so record.content was undefined and those turns scored as bare boundary overhead. The provider request expands them via convertToLlm into full user text, so bash-heavy sessions skipped the preflight overflow gate and submitted oversized prompts. Estimate each affected role from the exact text convertToLlm renders: bashExecutionToText for bash turns (zero for excludeFromContext records, which convertToLlm drops), and the summary prefix/suffix plus summary text for the two summary roles. (cherry picked from commit 24626e5)
…overflow precheck (openclaw#97861) estimateMessageTokenPressure special-cased toolResult, tool, and assistant roles and otherwise read record.content. bashExecution stores its payload in command/output and branchSummary/compactionSummary store theirs in summary, so record.content was undefined and those turns scored as bare boundary overhead. The provider request expands them via convertToLlm into full user text, so bash-heavy sessions skipped the preflight overflow gate and submitted oversized prompts. Estimate each affected role from the exact text convertToLlm renders: bashExecutionToText for bash turns (zero for excludeFromContext records, which convertToLlm drops), and the summary prefix/suffix plus summary text for the two summary roles.
…tor (#97928) The in-loop context-overflow guard (installToolResultContextGuard) sizes transcript messages via estimateMessageChars, which only handled user, assistant, and toolResult roles. Harness roles (bashExecution, compactionSummary, branchSummary, custom) fell through to a flat 256-char return, causing the guard to undercount summary- and bash-dominated context by orders of magnitude. This is the sibling defect of the just-merged #97861 which fixed the same class in estimateMessageTokenPressure (the pre-prompt precheck). This commit applies the identical pattern to the live in-loop guard estimator. Fixes #97927
…tor (openclaw#97928) The in-loop context-overflow guard (installToolResultContextGuard) sizes transcript messages via estimateMessageChars, which only handled user, assistant, and toolResult roles. Harness roles (bashExecution, compactionSummary, branchSummary, custom) fell through to a flat 256-char return, causing the guard to undercount summary- and bash-dominated context by orders of magnitude. This is the sibling defect of the just-merged openclaw#97861 which fixed the same class in estimateMessageTokenPressure (the pre-prompt precheck). This commit applies the identical pattern to the live in-loop guard estimator. Fixes openclaw#97927
…overflow precheck (openclaw#97861) estimateMessageTokenPressure special-cased toolResult, tool, and assistant roles and otherwise read record.content. bashExecution stores its payload in command/output and branchSummary/compactionSummary store theirs in summary, so record.content was undefined and those turns scored as bare boundary overhead. The provider request expands them via convertToLlm into full user text, so bash-heavy sessions skipped the preflight overflow gate and submitted oversized prompts. Estimate each affected role from the exact text convertToLlm renders: bashExecutionToText for bash turns (zero for excludeFromContext records, which convertToLlm drops), and the summary prefix/suffix plus summary text for the two summary roles.
…tor (openclaw#97928) The in-loop context-overflow guard (installToolResultContextGuard) sizes transcript messages via estimateMessageChars, which only handled user, assistant, and toolResult roles. Harness roles (bashExecution, compactionSummary, branchSummary, custom) fell through to a flat 256-char return, causing the guard to undercount summary- and bash-dominated context by orders of magnitude. This is the sibling defect of the just-merged openclaw#97861 which fixed the same class in estimateMessageTokenPressure (the pre-prompt precheck). This commit applies the identical pattern to the live in-loop guard estimator. Fixes openclaw#97927
* fix(ios): advance onboarding step after QR scan (#98302)
handleScannedLink does not set self.step = .connect after scanning a QR
code from the welcome step. The scanner sheet dismisses and the UI
returns to the welcome screen instead of showing connection progress.
The sibling handleScannedSetupCode path correctly advances the step;
this aligns the QR scan path.
Fixes #98297
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(anthropic-oauth): bound OAuth token endpoint response reads (#96644)
postJson reads the Anthropic OAuth token endpoint response body with
an unbounded await response.text(). A compromised or hijacked OAuth
endpoint can stream an arbitrarily large body and force the runtime
to buffer the entire payload before parsing — an OOM/DoS vector.
Replace with readResponseWithLimit at 16 MiB cap + TextDecoder decode
to match the sibling bounded-read pattern (provider-http-errors.ts:308).
Co-authored-by: Claude <noreply@anthropic.com>
* fix: warn when configured channel plugins cannot load (#96397)
* fix(gateway): warn for blocked configured channel plugins
* fix(gateway): preserve configured channel warning source
* test: migrate src/commands tests to shared temp dir helpers (#96359)
* test: migrate src/commands tests to shared temp dir helpers
* fix(test): remove unused path import in migrate apply test
* fix(cron): clear agentTurn thinking override by blanking the field (#96293)
* fix(cron): clear agentTurn thinking override when patched with null
Cron agentTurn patches could clear model/fallbacks/toolsAllow overrides by
sending an explicit null, but thinking had no clear path: the patch schema and
normalizer dropped thinking:null before it reached the merge logic, and the
payload merge only handled string values. Blanking the Thinking/Effort field in
the Cron Control UI therefore silently preserved the old value.
Add thinking:null support across the patch schema, exported type, normalizer,
and payload merge (mirroring model). The Control UI now sends an explicit clear
for model/thinking when an edited job blanks a previously stored override, and
the CLI gains --clear-thinking for parity with --clear-model.
* docs(cron): document --clear-thinking beside sibling clear flags
* test: migrate leaky raw mkdtemp calls to createSuiteTempRootTracker() (#96058)
Gap finding: tempdir-8h9i0j1k, tempdir-9i0j1k2l
Replace bare fs.mkdtemp/mkdtempSync calls in 4 test files with the
shared createSuiteTempRootTracker() helper, adding proper cleanup
where none existed.
Background: the project has standardized on shared temp dir helpers
since 88b87d893d (withTempDir) -> 13df67ebc8 (createSuiteTempRootTracker)
-> 06431fd99b / #87298 (CI guard + docs guidance). This PR continues
that migration for the highest-risk files.
Files changed:
- src/skills/lifecycle/install-fallback.test.ts: variable overwrite risk
- src/auto-reply/reply/session-hooks-context.test.ts: helper leaks temp dirs
- src/auto-reply/reply/abort.test.ts: createAbortConfig leaks root dir
- src/auto-reply/inbound.test.ts: test cases without cleanup
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(sessions): avoid cross-cwd recent resumes (#97785)
* fix(pdf): reject empty parsed page ranges (#97698)
* fix(discord): bound requestDiscord happy-path response reads to prevent OOM (#97693)
* fix(discord): bound happy-path API response reads to prevent OOM
Replace the unbounded res.text() call in requestDiscord's success path with
readResponseTextLimited capped at 4 MiB. Discord channel message lists and
attachment payloads can accumulate to large sizes; without a cap the process
can exhaust available memory. The error path already used readResponseTextLimited
with DISCORD_API_ERROR_BODY_LIMIT_BYTES — this applies the same guard to the
happy path using a separate DISCORD_API_RESPONSE_BODY_LIMIT_BYTES constant
sized appropriately for valid API payloads.
* test(discord): upgrade to real HTTP server proof for bound requestDiscord
* fix(discord): remove unnecessary type assertion in bound test
* fix(irc): guard surrogate-range codepoints in \u literal-escape decoder (#97683)
Two-step decode in decodeLiteralEscapes:
- Step 1: regex anchored to high-surrogate range (U+D800–U+DBFF) so a
preceding BMP escape (e.g. \u0041) cannot consume the high-surrogate
half of a valid pair like \uD83D\uDE00 (😀), leaving \uDE00 lone.
- Step 2: decode remaining BMP codepoints; preserve lone surrogates as
six-character literals instead of corrupting them to U+FFFD in the
outbound IRC UTF-8 stream.
* fix(utils): keep reply directive ids unicode-safe (#96938)
* fix(utils): keep reply directive ids unicode-safe
* test(utils): catch trailing lone surrogate in hasUnpairedSurrogate helper
Per PR #96938 review: the test helper missed a high surrogate at end of
string because charCodeAt(out-of-bounds) returns NaN, and NaN comparisons
are always false. Guard bounds explicitly so the truncation test actually
proves what it claims, plus two cases pinning helper behavior.
* chore(utils): rerun QA smoke to confirm memory-index timeout flake on #96938
---------
Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
* fix(memory): detect unindexed session transcripts in status mode (fixes #97814) (#97857)
* fix(memory): detect unindexed session transcripts in status mode (fixes #97814)
The status-purpose MemoryIndexManager init skips ensureSessionStartupCatchup(),
so openclaw memory status reports dirty=false while unindexed session files
exist on disk. This is a false-clean state: the operator sees no backlog,
but memory search silently misses unindexed transcripts.
Fix: run markSessionStartupCatchupDirtyFiles() in status mode. It checks
for on-disk session files without corresponding memory_index_sources rows
and sets sessionsDirty=true if found, without triggering a full sync.
The full catchup+sync runs on the next non-transient manager cycle (CLI
sync or normal runtime init).
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(memory): await status dirty detection before status() reads the flag (fixes #97814)
The status-purpose MemoryIndexManager init skips ensureSessionStartupCatchup(),
so openclaw memory status reports dirty=false while unindexed session files
exist on disk. This is a false-clean state: the operator sees no backlog,
but memory search silently misses unindexed transcripts.
Fix: move status-mode markSessionStartupCatchupDirtyFiles() from the
constructor (fire-and-forget via void) into the create() factory method
where it is awaited. This guarantees sessionsDirty is set before any
caller reads manager.status(). The detection does NOT trigger a sync,
so status remains lightweight.
Review: verified manually — unit tests 21/21 pass, compilation 0 errors.
* test(memory): add regression test for status-purpose dirty detection (fixes #97814)
Adds a regression test that exercises the actual purpose:'status' manager
flow: create a session file without index row, create status manager, verify
status().dirty is true. This addresses the ClawSweeper P1 finding requesting
a test that exercises the real status path, not only the protected helper.
Also fixes the timing issue: move dirty detection from constructor (void)
to create() factory (await), guaranteeing sessionsDirty is set before any
caller reads manager.status().
---------
Co-authored-by: Claude <noreply@anthropic.com>
* fix(android): clarify gateway auth recovery states (#98094)
* fix(android): clarify gateway auth recovery states
* fix(android): preserve retryable pairing recovery copy
* fix(android): prefer auth recovery detail before stale address
* fix(android): show auth recovery while approval loads
* test(gateway): add unit tests for node wake state tracking and testing seam (#98205)
Add 17 unit tests for nodes-wake-state.ts covering:
- Exported wait/poll constants
- nodeWakeById Map operations (insert, overwrite, multi-entry, inFlight)
- nodeWakeNudgeById Map operations (independent tracking)
- clearNodeWakeState function (removal, no-op, scoped deletion)
- testing seam (getNodeWakeByIdSize, hasNodeWakeEntry, resetWakeState)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* fix: surface node approval guidance from devices CLI (#98115)
* fix: surface node approval guidance from devices CLI
* fix: preserve node approval connection guidance
* fix: handle admin retry unknown device approvals
* fix: require stable node approval matches
---------
Co-authored-by: welfo-beo <187608477+welfo-beo@users.noreply.github.com>
Co-authored-by: welfo-beo <welfo-beo@users.noreply.github.com>
* docs: clarify source checkout Node floor (#97898)
* docs: clarify source checkout Node floor
* chore: refresh CI for PR #97898
---------
Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>
* test(telegram): add regression test for forum topic message_thread_id with streamed reasoning (#94526)
* test(telegram): add regression test for forum topic message_thread_id with streamed reasoning
After thorough code tracing of all delivery paths (draft stream, durable,
non-durable, preview hooks), the current main branch already correctly
passes message_thread_id through all paths for the streaming reasoning +
final answer scenario in forum topics. The bug reported in #89352 may have
been resolved by earlier merged changes (media-path preservation,
draft/progress streaming, etc.).
This commit adds a focused regression test covering the combined
scenario to prevent future regressions.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(telegram): assert forum thread at draft-stream boundary for both lanes
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(device-pairing): don't churn requestId on subset re-requests (#98145)
* fix(device-pairing): don't churn requestId on subset re-requests
A reconnect that re-requested a subset of an already-pending device
pairing request still superseded it with a fresh requestId. This is the
root cause of the "unknown requestId" failures during device approval:
1. A TUI connect files a broad scope-upgrade request; the owner copies its
id from `openclaw devices list`.
2. `openclaw devices approve <id>` reconnects as a CLI probe that only needs
`operator.pairing` — a subset of the pending scopes.
3. That subset re-request superseded the pending request with a new id, so
the originally-listed id no longer existed and approve failed.
Refresh the existing request in place when the incoming request only asks
for roles/scopes a single pending request (same device key + role) already
covers. Escalations that request *more* than the pending request still
supersede with a fresh id, so the requestId stays bound to at least the
scope snapshot the owner saw (the existing security-motivated behavior and
its test are preserved).
AI-assisted (Claude Code).
* fix(device-pairing): align subset pairing with scope coverage
* fix(system-prompt): move exec-approval + Authorized Senders below cache boundary (#98267)
* fix(system-prompt): move exec-approval + Authorized Senders below cache boundary
buildExecApprovalPromptGuidance (channel-varying: CLI /approve vs native
approval UI) and buildUserIdentitySection / "## Authorized Senders"
(owner/identity-varying, dropped when minimal) were emitted into the static,
cacheable prefix *above* SYSTEM_PROMPT_CACHE_BOUNDARY. They fork the cacheable
prefix at ~token 1,460, invalidating client-side prefix caching for the rest of
the ~17.8K-token system prompt — causing minutes-long cold prefills on local
models (llama.cpp / MLX / Ollama) after any channel-varying cron/heartbeat turn.
Follow-on to #40256, which moved Messaging/Voice/Reactions below the boundary
but missed these two. Relocates both into the existing below-boundary
channel-guidance block. Pure cache-stability change with no behavioural change
(the guidance is position-independent for correctness). Extends the boundary
test to assert both sections sit below SYSTEM_PROMPT_CACHE_BOUNDARY.
Measured on a local deployment: shared cross-channel prefix grew ~1,460 ->
~15,486 tokens; post-cron interactive turns went from minutes to ~10s.
Fixes #98261
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01H6Hz9UEpxQ4W3d8XecvupH
* fix(system-prompt): suppress relocated exec-approval line under tool_call_style override
Addresses review (clawsweeper): the exec-approval guidance lived inside the
`tool_call_style` fallback, so a provider override of that section previously
replaced it. Relocating it below the boundary emitted it unconditionally, which
changed behaviour for providers/plugins that override `tool_call_style`. Gate the
relocated line on the absence of a `tool_call_style` override, restoring the
original "override replaces the whole section" contract. Extends the
provider-override test to assert the default approval line is suppressed when
the section is overridden.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01H6Hz9UEpxQ4W3d8XecvupH
* fix(system-prompt): tighten cache boundary proof
* fix(system-prompt): tighten cache boundary proof
* fix(system-prompt): tighten cache boundary proof
---------
Co-authored-by: headbouyJB <23249268+headbouyJB@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* Preserve chat soft line breaks on iOS (#98304)
* fix(openrouter): send explicit auth headers (#98187)
* fix(openrouter): send explicit auth headers
* test(openrouter): type stream mock calls
* fix(web): render WebChat preamble progress
Render Control UI item and preamble progressText events as chat stream segments and preserve pre-final stream commentary before appending final assistant messages. Keyed preamble segments stay independent from accumulated stream snapshots, so distinct same-text commentary items render intact.
Co-authored-by: Chisel <chisel@psiclawops.dev>
* fix(web): label preamble proof blocks
Co-authored-by: Chisel <chisel@psiclawops.dev>
* feat(web): make WebChat commentary persistence configurable
Add a per-viewer 'Keep commentary' toggle (UiSettings.chatPersistCommentary,
default true) that controls whether keyed Codex preamble/commentary blocks
stay after the final answer or clear with it.
- Persist (default): keyed commentary materializes as durable blocks, current
behavior, existing proof unchanged.
- Transient (toggle off): commentary stays live during streaming but is never
materialized, so it disappears as the final message arrives. This is the
transient-only behavior from #92236, now user-selectable instead of a
maintainer-level either/or policy choice.
Single gating point in materializeVisibleStreamState (skip itemId-keyed parts
when persistCommentary is false); threaded from settings through the chat
event handler. Adds desktop + mobile header toggles and an en.ts label
(locale bundles regenerated via ui:i18n:sync, English fallback).
Tests: reconciliation persist/transient coverage, final-event handler honors
the setting, settings round-trip + header button assertions updated.
* fix(web): order keyed commentary by timestamp with tool cards
Keyed preamble commentary was appended after the whole tool loop, so it relied solely on the final visible-time sort for placement and lost the insertion-order tiebreaker against tool cards. Splice each keyed commentary segment into the items list before the first item with a strictly-later timestamp, so a preamble that arrived before a later tool renders above that tool while the run is live (not only after final materialization). Tools sharing the commentary timestamp that are already visible stay above it. Adds a buildChatItems regression covering a keyed preamble between two tools.
* fix(web): distill WebChat commentary persistence
* fix(web): reconcile transient commentary history
* chore(ui): refresh zh-TW control ui locale
* chore(ui): refresh de control ui locale
* chore(ui): refresh zh-CN control ui locale
* chore(deadcode): remove stale ACP testing aliases
* chore(deadcode): remove stale outbound testing aliases
* chore(deadcode): remove stale CLI testing aliases
* chore(ui): refresh pt-BR control ui locale
* chore(ui): refresh es control ui locale
* chore(ui): refresh ja-JP control ui locale
* chore(ui): refresh ko control ui locale
* chore(ui): refresh fr control ui locale
* chore(ui): refresh ar control ui locale
* chore(ui): refresh it control ui locale
* chore(ui): refresh tr control ui locale
* chore(ui): refresh id control ui locale
* chore(ui): refresh uk control ui locale
* chore(ui): refresh pl control ui locale
* chore(ui): refresh th control ui locale
* chore(ui): refresh vi control ui locale
* chore(ui): refresh nl control ui locale
* chore(ui): refresh fa control ui locale
* fix(tui): correct disconnect copy for device scope upgrades (#98144)
* fix(tui): correct disconnect copy for device scope upgrades
On disconnect, the TUI told users "Pairing required. Run `openclaw devices
list`, approve your request ID, then reconnect." This is misleading: the
gateway is asking for a device *scope upgrade* (the device is already
paired), and "pairing" points users at `openclaw pairing`, which only
handles chat DM pairing — a different subsystem.
- Reword the hint to name the scope upgrade and the actual recovery command
(`openclaw devices approve --latest`), including the `--token`/`--password`
escape hatch for when the device can't approve its own upgrade.
- Also match the gateway's "scope upgrade" disconnect reason, not just
"pairing required".
AI-assisted (Claude Code).
* fix(tui): clarify device approval preview hint
* fix(anthropic): surface Discord pre-tool commentary
Route Anthropic pre-tool narration through the commentary progress lane, preserve shared channel progress defaults, and keep Discord/Telegram reasoning gates explicit.
Thanks @Marvinthebored!
* Add Swedish mobile app localization (#98043)
* feat: add Swedish mobile app localization
* fix: remove dead Swedish watch extension localization
* docs: document iOS metadata locale directories
---------
Co-authored-by: Daniel Nylander <daniel@danielnylander.se>
* fix(sms): guard Twilio JSON.parse against malformed API response bodies (#97999)
Wrap JSON.parse in parseTwilioListPayload and retrieveTwilioMessagingService with try/catch to prevent a malformed Twilio API response from throwing an unhandled SyntaxError.
- parseTwilioListPayload: return [] on parse failure (fail-safe for phone number listing)
- retrieveTwilioMessagingService: throw descriptive Error on parse failure
Note: parseTwilioApiError and parseTwilioSuccessPayload already had try/catch guards (lines 85-97, 104-121).
Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
* fix(matrix): guard JSON.parse against malformed homeserver response bodies (#97973)
Wrap JSON.parse(text) in MatrixAuthedHttpClient.requestJson with try/catch to prevent a malformed Matrix homeserver response from throwing an unhandled SyntaxError.
On parse failure, throw an Error with statusCode attached (matching the buildHttpError convention) so callers can handle it like any other Matrix API error.
Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
* fix(core): propagate caller env PATHEXT through isExecutableFile on Windows (#98093)
* fix(core): propagate caller env PATHEXT through isExecutableFile on Windows
isExecutableFile hardcoded undefined when calling resolveWindowsExecutableExtSet,
ignoring any caller-provided custom env.PATHEXT. This meant resolveExecutablePath
and resolveExecutableFromPathEnv would fall back to process.env.PATHEXT even when
the caller supplied a different env with an extended PATHEXT (e.g. .PS1).
- Add optional options.env parameter to isExecutableFile
- resolveWindowsExecutableExtSet now reads from options?.env
- All 3 callers pass their available env through
Affects Windows deployments using sandbox/container environments where
PATHEXT differs from process.env (Docker Windows containers, CI runners, tests).
Fully backward compatible: undefined env falls back to process.env.PATHEXT.
* fix(core): also propagate caller env PATHEXT in node-host invoke resolver
- Fix sibling system.which resolver in src/node-host/invoke.ts:378
to use caller env PATHEXT instead of process.env only
- Add comprehensive Windows-mocked tests for caller env PATHEXT
propagation through isExecutableFile, resolveExecutableFromPathEnv,
and resolveExecutablePath
- Tests cover: custom env accepted, fallback to process.env,
path-separator and PATH-based resolution paths
* fix(core): also propagate caller env PATHEXT through node-host invoke resolver
- Add env?.PathExt and process.env.PathExt casing to both
resolveWindowsExecutableExtSet and resolveWindowsExecutableExtensions
for compatibility with callers using PascalCase env keys
- Isolate positive PATHEXT tests from process.env.PATHEXT by
explicitly setting it to .TXT before each test, ensuring they
prove caller env propagation rather than host env leak
* fix(core): add env?.PathExt casing to node-host system.which resolver
---------
Co-authored-by: wendy-chsy <wan.wenyan@xydigit.com>
* test(utils): add unit tests for chunkItems (#98219)
Add 8 test cases covering fixed-size array splitting, empty input,
size <= 0, size=1, size > length, exact division, readonly input
preservation, and fractional size behavior.
* test(config): add unit tests for resolveExecCommandHighlighting (#98087)
* test(infra): add unit tests for SQLite number normalization (#98009)
* test(infra): add unit tests for SQLite number normalization
* fix: remove undefined param test, not in function signature
* fix(gateway): iOS Talk treats SecretRef-backed API keys as missing (#98210)
* fix(gateway): resolve Talk SecretRefs for scoped native clients
* fix(gateway): constrain Talk secret materialization
* fix(gateway): redact Talk source provider secrets
* fix(gateway): satisfy Talk config lint
* docs(gateway): clarify Talk secret config payload
---------
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
* feat(gateway): scoped attach grants for external MCP loopback clients
Per-session, TTL-bounded, revocable bearer grants (mcp-grant-store) let an external/interactive
harness reach the gateway's scoped MCP loopback tools without the cli-backend's process-global
token. A grant is a lower-trust boundary: it binds the session server-side AND fail-closes on every
caller-supplied context header (x-session-key plus message-channel/account/current-channel/thread/
source-reply/event-kind), so a grant holder can neither scope-shop the session nor spoof
delivery/action context into scoped tools or the message tool. New attach.grant/attach.revoke
operator methods mint/revoke grants and return the loopback MCP config. Owner/non-owner cli-backend
path unchanged.
* refactor(gateway): trim attach grant implementation
* fix(agents): keep merged delivery routes account-bound (#98240)
* fix(agents): keep merged delivery routes account-bound
mergeDeliveryContext gated route-field crossing on channel only, so a
completion origin that knew its account but not a concrete target
inherited a different account's to/threadId on the same channel. A
subagent, cron, or media completion for bot-a could be addressed to
bot-b's chat but sent through bot-a (cross-account misroute) or dropped.
This restores the account-bound guard added in 1ed8592467 and removed as
collateral by 025db6cf9e (PR #89949); same-account and missing-account
merges still backfill so the media route-pin path is preserved. Restores
the deleted regression test.
* fix(agents): centralize account-bound completion routes
---------
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
* Redact bare Fireworks API keys (#98226)
* Redact bare Fireworks API keys
* fix(logging): harden Fireworks key redaction
* fix(logging): harden Fireworks key redaction
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* docs: publish release notes for v2026.6.11 (#98319)
* fix: show in-progress status for channel runs (#98257)
Summary:
- Merged fix: show in-progress status for channel runs after ClawSweeper review.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 08eec41769bd918a21e247404ad691d5707a79e1.
- Required merge gates passed before the squash merge.
Prepared head SHA: 08eec41769bd918a21e247404ad691d5707a79e1
Review: https://github.com/openclaw/openclaw/pull/98257#issuecomment-4849525931
Co-authored-by: scotthuang <scotthuang@tencent.com>
Approved-by: takhoffman
* fix(gateway): keep provider-owned CLI sessions across the daily default reset (#97931)
The gateway agent.run freshness decision called evaluateSessionFreshness
directly at both of its decision sites with no provider-owned guard, so a
provider-owned CLI session (claude-cli, codex, gemini-cli) under the default
reset config was rotated after the daily boundary when a turn ran through the
gateway path (webchat, openclaw agent, ACP, control UI, cron, heartbeat). The
rotation cleared the CLI session binding and split the transcript, violating
the documented exemption that the inbound auto-reply path and the canonical
session helper already honor.
Route both gateway freshness decisions through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
inbound path uses, and export hasProviderOwnedSession so the predicate has one
shared definition instead of a third copy. Explicit session.reset and /reset
still cut these sessions.
* docs: refresh docs map for v2026.6.11 (#98325)
* fix(auto-reply): stop level directives from eating the next message word (#97929)
matchLevelDirective consumed the token after a level directive
(/think, /verbose, /trace, /fast, /reasoning, /elevated) as the level
argument unconditionally, and extractLevelDirective stripped it from the
body whether or not it was a valid level. So a message like
"/verbose explain quantum computing" reached the agent as
"quantum computing", silently dropping the user's first word, and the
whitespace scan crossed newlines so "/verbose\nSummarize this" lost
"Summarize".
Treat the trailing token as the directive argument only when it
normalizes to a valid level or is the sole remaining token (preserving
the unrecognized-level hint and the default/inherit clear sentinels).
When two or more words follow, the directive acts argument-less and the
message text is preserved intact, matching the exec and queue parsers
that stop at an unrecognized token.
* fix(agents): estimate harness role sizes in context guard char estimator (#97928)
The in-loop context-overflow guard (installToolResultContextGuard) sizes
transcript messages via estimateMessageChars, which only handled user,
assistant, and toolResult roles. Harness roles (bashExecution,
compactionSummary, branchSummary, custom) fell through to a flat 256-char
return, causing the guard to undercount summary- and bash-dominated
context by orders of magnitude.
This is the sibling defect of the just-merged #97861 which fixed the same
class in estimateMessageTokenPressure (the pre-prompt precheck). This
commit applies the identical pattern to the live in-loop guard estimator.
Fixes #97927
* doctor: add memory search lint findings (#97137)
* doctor: add memory search lint findings
* fix(doctor): quiet memory lint for auth-profile sources
* fix(doctor): require provider-specific auth source for memory lint
* fix(doctor): preserve qmd memory lint warnings
* fix(doctor): validate auth source credentials
* Doctor: expose workspace status findings (#97358)
* doctor: expose workspace status findings
* fix(doctor): pass workspace drift into lint
* fix(doctor): pass allow-exec into workspace lint drift
* test(qa-lab): harden whatsapp qa scenarios (#95622)
* fix(whatsapp): preserve group participant identity in QA driver
* fix(whatsapp): infer same-chat action targets
* test(qa-lab): record whatsapp scenario posture
* test(qa-lab): harden whatsapp live scenario coverage
* docs(qa): describe whatsapp qa lane coverage
* fix: prevent skill-creator from bypassing workshop proposals (#98346)
Summary:
- The branch adds bundled skill-creator guidance to route durable OpenClaw skill work through Skill Workshop proposals and removes the direct `init_skill.py` scaffold helper plus its test.
- PR surface: Docs +6, Other -429. Total -423 across 3 files.
- Reproducibility: yes. source-level: current main has `init_skill.py` writing a live `SKILL.md` directly, whi ... `. I did not run the direct helper as a repro because this review was read-only and that path writes files.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 8eca1654472e50283ba7deed5f3220cc8213be94.
- Required merge gates passed before the squash merge.
Prepared head SHA: 8eca1654472e50283ba7deed5f3220cc8213be94
Review: https://github.com/openclaw/openclaw/pull/98346#issuecomment-4849855806
Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
* fix(heartbeat): scope commitment fan-out prompts (#98169)
* fix(heartbeat): scope commitment fan-out prompts
* fix(heartbeat): isolate commitment fan-out runs
* fix(heartbeat): isolate commitment fan-out runs
---------
Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* doctor: expose device pairing findings (#97366)
* Fix Android TLS fingerprint timeout handling (#98366)
* fix(ios): open app on chat by default (#98353)
Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
* fix(security): warn on agent skill MCP boundary drift (#98352)
Summary:
- Merged fix(security): warn on agent skill MCP boundary drift after ClawSweeper review.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head ab3c29ef4c731dfdbff75f2f5c7ec65c63ec195d.
- Required merge gates passed before the squash merge.
Prepared head SHA: ab3c29ef4c731dfdbff75f2f5c7ec65c63ec195d
Review: https://github.com/openclaw/openclaw/pull/98352#issuecomment-4850104358
Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
* fix: retry image describe fallback models (#98347)
Summary:
- Merged fix: retry image describe fallback models after ClawSweeper review.
Automerge notes:
- Addressed earlier ClawSweeper review findings before merge.
Validation:
- ClawSweeper review passed for head 55b26bd37374de551fd13595751350f261d6a832.
- Required merge gates passed before the squash merge.
Prepared head SHA: 55b26bd37374de551fd13595751350f261d6a832
Review: https://github.com/openclaw/openclaw/pull/98347#issuecomment-4850122718
Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
* fix(ios): avoid transient duplicate final replies (#98117)
* Fix iOS final reply dedupe
* fix(ios): scope final message reconciliation
* docs(ios): explain final message reconciliation key
---------
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
* fix(gateway): emit stale exec approval followup diagnostics (#98293)
* fix(gateway): emit stale exec approval followup diagnostics
* fix(gateway): cover approval suppression diagnostics in ci
* fix(logging): preserve approval ids in stability bundles
* docs(exec): document suppression diagnostics
---------
Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
* fix(ios): use Gateway speech providers in Talk (#98376)
* fix(ios): route gateway speech through talk.speak
* fix(ios): preserve realtime fallback state
* fix(ios): satisfy audio delegate concurrency
* fix(ios): ignore stale audio callbacks
* fix(ios): ignore stale audio callbacks
---------
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
* Suppress expired exec approval followup warnings (#66685)
* fix(agents): suppress expired approval followup warnings
* fix(agents): suppress expired approval followup warnings
---------
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
* fix: show actionable mobile protocol mismatch recovery (#98385)
* Fix mobile protocol mismatch recovery
* Test iOS protocol mismatch connect failures
* Fix iOS protocol mismatch problem actions
* fix(cli): explain how to recover from device approve deadlock (#98146)
* fix(cli): explain how to recover from device approve deadlock
`openclaw devices approve` could fail two ways with no path forward:
- When the calling device can't approve its own scope upgrade (it lacks
operator.approvals) and no loopback local fallback is available (e.g. a
remote --url gateway), the raw "scope upgrade pending approval" error
propagated with no guidance.
- When the request id wasn't found in pending state (already approved,
expired, or superseded), it printed only "unknown requestId".
Surface actionable guidance instead:
- On an authorization failure, explain that the device can't approve its
own upgrade and point to `--token`/`--password` (gateway owner creds) or
approving from a device that already holds operator.approvals.
- On a missing request, point to `openclaw devices list` and
`openclaw devices approve --latest`.
AI-assisted (Claude Code).
* fix(cli): clarify device approval recovery
* fix(cli): avoid unusable approval credential advice
* improve(ios): clarify Control and Talk visual hierarchy (#98423)
* feat(ios): refine control and talk visual hierarchy
* feat(ios): refine control and talk visual hierarchy
* feat(ios): refine control and talk visual hierarchy
* fix(doctor): recover legacy cron archive across devices (#98217)
* fix(doctor): recover legacy cron archive across devices
* fix(doctor): harden legacy cron archive retries
* fix(doctor): canonicalize shipped cron retry shape
* fix(doctor): persist legacy cron migration receipts
---------
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
* feat(openai): add GPT-5.6 series support (#98333)
* feat(openai): add GPT-5.6 series support
* docs: refresh map for GPT-5.6
* fix(openai): preserve GPT-5.6 thinking metadata
* fix(codex): sync managed app server version
* fix(codex): sync managed app server version
* fix(openai): account for GPT-5.6 cache writes
---------
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>
* fix(cron): preserve action-required command output
* fix(cron): strip nested job diagnostics from webhook payloads
* test(gateway): remove cron redaction casts
* fix(ios): classify TLS fingerprint timeouts (#98429)
* fix(ios): classify gateway TLS fingerprint timeouts
* Add discovered TLS trust regression test
* fix: Android setup codes accept local mDNS gateway hosts (#98439)
* Fix Android mDNS setup-code cleartext policy
* Align Android gateway diagnostics cleartext guidance
* fix(ios): improve light and dark appearance contrast (#98443)
* fix(llm): preserve structured tool result replay
Preserve structured tool-result replay text across provider transports while keeping provider-facing redaction and Anthropic media ordering intact.
Thanks @snowzlmbot!
* fix(status): surface unregistered memory embedding providers (#97968)
* refactor(sessions): centralize scoped store path resolution
* refactor(agents): reuse process stdin writer
* refactor(security): centralize safe-bin config normalization
* refactor(sessions): centralize export transcript parsing
* fix(agents): preserve runtime settings overrides (#92237)
* Fix active-memory stale ops summaries (#95888)
Co-authored-by: costaff <costaff-lapclaw-001@efiducian.com>
* fix(gateway): surface systemd start-limit exhaustion (#98291)
* fix(gateway): surface systemd start-limit exhaustion
* fix(gateway): avoid start-limit false positive for exit 78
* fix(gateway): hint missing external plugin for web login (#90517)
* fix(gateway): hint missing official plugin for web login
* fix(gateway): keep missing web login hints actionable
* test(infra): add unit tests for SQLite user_version pragma helper (#98369)
* test(infra): add unit tests for SQLite user_version pragma helper
* ci: trigger re-review
* fix(android): hide status bar in release screenshots
* Fix extension exec process-tree termination (#98340)
* fix(ui): collapse duplicate assistant groups during segmented streaming (#92063)
Fold a contiguous run of in-flight stream/reading-indicator items into one
assistant group (one avatar/footer, segments stacked as bubbles) so a segmented
streaming reply no longer flashes a separate avatar+footer per segment.
Render-layer only: the shared ChatItem types and build-chat-items.ts are
untouched, and a message/group/divider breaks the run so interleaved tool calls
keep their own groups.
Refs #63956
AI-assisted (Claude Code).
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* fix(infra): guard delivery queue inflate against corrupted entry_json (#98354)
* fix(infra): guard delivery queue inflate against corrupted entry_json
* fix(infra): use toSorted in delivery queue test
* fix(agents): warn on cron announce skip (#90566)
* fix(agents): warn on cron announce skip
* fix(agents): gate cron announce skip warnings
* fix(ports): validate lsof PID parsing before assignment (#98371)
* fix(ports): validate lsof PID parsing before assignment
Add Number.isFinite guard on lsof 'p' line PID parsing in
parseLsofOutput, consistent with the netstat branch in the same
function which already validates with Number.isNaN.
While the downstream if (current.pid) truthiness check catches
NaN (falsy), adding validation at the parse site is defense-in-
depth and eliminates an inconsistency within the same function.
* test(ports): add edge case tests for parseLsofOutput
Add test coverage for malformed lsof 'p' lines (empty PID, non-numeric
suffix), zero PID, and empty input to verify the Number.isFinite guard
correctly filters invalid entries.
* fix(cron): keep provider-owned CLI sessions across the daily default reset (#98356)
The provider-owned CLI session exemption added for the gateway agent.run path
in #97931 was not applied to the non-gateway session resolvers. Scheduled
isolated-agent cron jobs run through runCronIsolatedAgentTurn ->
resolveCronSession, and the local openclaw command runs through resolveSession;
both called evaluateSessionFreshness directly with no provider-owned guard.
Under the default reset config a persistent-target cron job on a CLI runtime
(claude-cli, codex, gemini-cli) therefore rotated its session after the daily
boundary, minting a new sessionId and dropping the cliSessionBindings, so the
agent silently lost its underlying CLI conversation every morning and the
transcript was split. Because resolveCronSession also backs the heartbeat
runner, that surface was affected too.
Route both resolvers through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
gateway and inbound paths already use. Explicit session.reset and configured
resets still rotate these sessions, and the command path still rotates when the
terminal main transcript is newer than the registry.
* test(shared): add unit tests for account enabled guard (#98395)
* fix(agents): recover thinking errors from provider body (#98411)
* docs(skills): parameterize landable bug sweeps (#98494)
* fix: report codex chatgpt status auth (#91240)
* test(agents): add unit tests for thinking block detection (#98370)
* test: prefer shared temp dir helpers in config, gateway, cron, crestodian, and state tests (#96711)
* fix: add temp dir cleanup to 14 P0 test files (Group A)
* fix: restore os import and fix fs.rmSync call in temp dir cleanup
* fix: use shared temp dir helpers in config, gateway, cron, crestodian, and state tests
* fix(test): rename underscore-prefixed temp dir vars and remove unused imports
* fix(test): remove unused path import in crestodian audit test
* fix(test): reorder expected plans to match buildVitestRunPlans output after rebase
* Fix Android QR scan pairing flow (#98483)
* fix docs-list-mdx-pages (#95230)
* fix(minimax): bound OAuth JSON response via shared provider reader (#96322)
Use readProviderJsonResponse (shared 16 MiB default cap) instead of
unbounded response.json() for MiniMax OAuth authorization code endpoint.
Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
* fix(config): warn when permission hardening fails during recovery (#95348)
Surface chmod failures during config backup restore, last-known-good
promotion/recovery, and prefix recovery instead of swallowing them silently.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix(copilot): guard against undefined runtime.state during cli-metadata registration (#95229)
Co-authored-by: sunlit-deng <sunlit.deng@example.com>
* fix(memory): skip raw snippets during promotion (#94636)
* [AI] fix(feishu): guard partial channelRuntime in monitor startup (#94013)
* [AI] fix(feishu): guard partial channelRuntime in monitor startup
When the gateway passes a partial channelRuntime (ChannelRuntimeSurface
with only runtimeContexts but no inbound/debounce), the ?? operator in
monitor.account.ts selects it over the full local runtime, causing
monitor startup to crash on channelRuntime.debounce access.
Mirror the same ?.inbound guard pattern from bot.ts:739 (PR #93466)
to monitor.account.ts:487. When the runtime lacks inbound, fall back
to getFeishuRuntime().channel which always has the full surface.
No test: the guard mirrors an already-merged pattern (#93466) and only
affects the partial-runtime edge case that requires a gateway context.
Related to #92595
* [AI] test(feishu): add channelRuntime guard tests for monitorSingleAccount
Three test cases for the channelRuntime guard at
monitor.account.ts:489:
1. Partial channelRuntime (no inbound) → falls back to local runtime
2. Full channelRuntime with inbound → uses provided runtime
3. No channelRuntime (undefined) → falls back to local runtime
Related to #92595
* fix: hide expired pairing QR cards in Control UI (#98049)
* Hide expired pairing QR codes
* Schedule pairing QR expiry refresh
* test(memory): cover live manager after CLI reindex (#96094)
* fix: advertise route-aware LAN Control UI links (#98482)
* Route LAN pairing URLs by default route
* Advertise route-aware LAN Control UI links
* Fix route-aware LAN test mocks
* Narrow advertised LAN SDK export
* Recover archived (.reset) session transcripts in memory hook + session-logs skill (#71537)
* fix(session-memory): recover archived reset transcripts
* docs(session-logs): include archived transcripts in skill examples
Plain .jsonl globs miss .jsonl.reset.*Z and .jsonl.deleted.*Z files,
which still contain real transcript content. Add explicit guidance and
a list_session_transcripts helper so searches can opt in to full
history when needed.
Pairs with the session-memory recover-from-archive fix in the same
branch.
* docs(session-logs): scope nullglob and use while-read in helper
Address Greptile review feedback on PR #71537:
* nullglob is now saved and restored inside list_session_transcripts so
the helper does not change the caller shell environment when sourced.
* Replace 'for f in $(list_session_transcripts)' tip with a 'while
IFS= read -r' loop so paths with spaces or other IFS characters are
handled correctly. Include a worked example using the same date+size
listing the surrounding section already documents.
Doc only, no runtime behavior change.
* docs(config-agents): correct built-in alias table for opus and gpt (#96375)
The built-in alias shorthands table listed stale model ids that no longer
match src/config/defaults.ts (DEFAULT_MODEL_ALIASES):
opus: anthropic/claude-opus-4-6 -> anthropic/claude-opus-4-8
gpt: openai/gpt-5.5 -> openai/gpt-5.4
These now match defaults.ts and the help/faq-models alias table, and resolve
an internal contradiction on this same page (its runtime-policy example already
uses anthropic/claude-opus-4-8).
* docs(gateway): fix Telegram streaming default in config-channels.md (#98453)
The config example in docs/gateway/config-channels.md incorrectly
listed streaming default as "off". The actual runtime default is
"partial", as confirmed by the Telegram plugin's default resolver.
docs/channels/telegram.md already correctly documents the default
as "partial".
Co-authored-by: Claude <noreply@anthropic.com>
* test: repair hosted CI baseline assertions (#98533)
* feat(imessage): native poll support — create, read, vote (#98421)
* feat(imessage): add native poll action
Wire the imsg CLI 'poll send' bridge command into the iMessage channel
message-tool action surface, mirroring the existing Discord poll action.
Adds the 'poll' action (gate: polls), a sendPoll runtime, selector-gated
capability advertisement (pollPayloadMessage), config type + zod schema,
regenerated channel metadata, docs, and tests.
* feat(imessage): read inbound polls, vote, and suppress vote echo
Builds on the native poll send action:
- Inbound polls now render to the agent as a readable line (question +
numbered options + tallies) instead of the raw 0xFFFD balloon placeholder,
so a received poll no longer reads as an empty message.
- New `poll-vote` action casts a vote via `imsg poll vote`, resolving a
1-based option index / text / UUID to the poll's option identifier.
- message_tool_only echo guard: the model tends to narrate its choice in a
text reply right after voting ("Blue."), which is redundant since the vote
shows on the poll. A new `poll_vote_echo` suppression reason (alongside
inbound_metadata_echo / internal_runtime_context_echo) drops a send/reply
that exactly restates the just-cast vote, using the option label imsg
returns. Extra content passes through untouched.
* fix(imessage): gate poll-vote on imsg poll.vote rpc capability
Released imsg carries the pollPayloadMessage selector (poll create) but
predates the poll.vote CLI/RPC. Gating both poll and poll-vote on that
selector alone would advertise a vote action the released CLI rejects.
Gate poll-vote additionally on the advertised poll.vote rpc method so this
plugin can ship ahead of the imsg release.
* fix(imessage): enforce poll.vote capability at execution, not just discovery
Codex review flagged the discovery gate as bypassable: a caller that already
knows action=poll-vote skips describeMessageTool and reaches handleAction
directly. Add the same imessageRpcSupportsMethod(status, 'poll.vote') check in
the poll-vote execution path (after assertPrivateApiEnabled), so a direct
dispatch on released imsg fails closed with a clear message instead of an
opaque CLI rejection. Adds a negative handleAction test.
* fix(imessage): harden native poll support
* fix(message): validate targets before channel discovery
* fix(message): validate targets before channel discovery
---------
Co-authored-by: Omar Shahine <lobster@users.noreply.github.com>
Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
* docs(matrix): document missing streaming.progress mode, progress sub-fields, and mentionPatterns config (#98318)
* docs(matrix): document missing streaming.progress mode, progress sub-fields, and mentionPatterns config
* docs: clarify Matrix progress labels
---------
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
* docs(onboard): document 11 missing non-interactive CLI flags (#97753)
* docs(onboard): document 11 missing non-interactive CLI flags
* docs: correct token profile default wording
* docs: update generated docs map
---------
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
* fix(mattermost): bound null-body error response reads (#97851)
Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>
* fix(memory-wiki): preserve notes after transient page reads (#98360)
* test: fix stale core test type failures (#98551)
* fix(browser): bound error body read in fetchHttpJson to prevent OOM (#98455)
* fix(browser): bound error body read in fetchHttpJson to prevent OOM
* fix(browser): enforce strict error response limit
---------
Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
* fix(code-mode): surface QuickJS error name and message to the model (#95906)
* fix(code-mode): surface QuickJS error name and message to the model
* fix(code-mode): preserve host error diagnostics
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(agents): don't crash autoreview copilot engine on Windows temp-dir cleanup (#97901)
On Windows the spawned copilot process and its MCP subprocesses keep the
TemporaryDirectory as their cwd briefly after exit, holding a directory handle.
That makes TemporaryDirectory's rmtree raise PermissionError (WinError 32) on
__exit__, aborting the run with a traceback even though the review completed
successfully. Pass ignore_cleanup_errors=True so cleanup is best-effort and a
post-review cleanup race never fails the run.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix(slack): truncate served arg-menu option labels on a surrogate boundary (#97923)
* fix(update): validate bundle plugin payloads by manifest contract (#98010)
* fix(update): validate bundle plugin payloads by manifest contract
Closes #97985
* fix(update): preserve native payload checks for dual-format plugins
* fix(update): satisfy payload validation lint
* fix(update): cover persisted marketplace bundles
* fix(codex): derive terminal-idle watchdog from explicit run timeout (#85296)
* fix(codex): derive terminal-idle watchdog from effective run timeout
Fixes the early-abort half of #85242. The Codex app-server terminal-idle
watchdog used a hardcoded 30-minute default that was not derived from the
effective run timeout, so a scheduled turn configured with a longer
timeoutSeconds could be aborted early at 30 minutes even with budget left.
resolveCodexTurnTerminalIdleTimeoutMs (now in attempt-timeouts.ts after the
upstream split) accepts the effective run timeout and, with no explicit
override, follows the run budget instead of the 30-minute default:
- explicit override always wins (advanced config / tests)
- otherwise terminal-idle = max(30min floor, run budget), so a longer run is
no longer cut short and existing protection is never shortened
- falls back to the 30min default when no run budget is known
Reuses the existing resolvePositiveIntegerTimeoutMs helper, matching the
neighbouring post-tool resolver. Adds focused unit tests for the derivation.
The diagnostic-wording half of #85242 (naming the terminal-idle watchdog in
the surfaced guidance) is left as a separate follow-up.
* fix(codex): derive terminal-idle watchdog from effective run timeout
* fix(codex): preserve default terminal idle watchdog
---------
Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* feat(i18n): inventory native app UI strings
* feat(i18n): define native locale matrix
* fix(i18n): keep native refresh inventory clean
* fix(i18n): guard native inventory in CI
* fix(i18n): skip non-runtime native source literals
* fix(i18n): preserve native placeholders and whitespace
* ci(i18n): run native checks for tooling changes
* fix(i18n): preserve Kotlin native placeholders
* fix(i18n): parse native interpolation expressions
* feat(i18n): inventory native resources and wrappers
* fix(i18n): align native scan scope and build exclusions
* fix(i18n): inventory conditional native labels
* fix(i18n): cover all native source roots
* fix(i18n): filter non-translatable native literals
* fix(i18n): restrict native UI extraction
* fix(i18n): route native inventory checks narrowly
* feat(i18n): add Swedish native locale
* fix(ci): route native locale refresh checks
* fix(i18n): cover structured native UI strings
* fix(i18n): scope native UI helper extraction
* fix(i18n): cover native conditional UI strings
* fix(i18n): parse native UI string expressions
* fix(i18n): include custom SwiftUI helper labels
* fix(i18n): stabilize native inventory generation
* chore(i18n): refresh native inventory line mappings
* fix(ui): localize expired pairing QR notice
* fix(ui): localize expired pairing QR notice
* fix: allow config.patch with defaulted provider baseUrl (#98396)
Summary:
- Merged fix: allow config.patch with defaulted provider baseUrl after ClawSweeper review.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 68fbf67640f7abe2d6e78ee935dddaa0caae0a27.
- Required merge gates passed before the squash merge.
Prepared head SHA: 68fbf67640f7abe2d6e78ee935dddaa0caae0a27
Review: https://github.com/openclaw/openclaw/pull/98396#issuecomment-4853365525
Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage
* chore(ui): refresh zh-TW control ui locale
* chore(ui): refresh de control ui locale
* chore(ui): refresh pt-BR control ui locale
* chore(ui): refresh zh-CN control ui locale
* chore(ui): refresh es control ui locale
* chore(ui): refresh ja-JP control ui locale
* chore(ui): refresh ko control ui locale
* chore(ui): refresh fr control ui locale
* chore(ui): refresh ar control ui locale
* chore(ui): refresh tr control ui locale
* chore(ui): refresh uk control ui locale
* chore(ui): refresh it control ui locale
* chore(ui): refresh id control ui locale
* chore(ui): refresh pl control ui locale
* chore(ui): refresh th control ui locale
* chore(ui): refresh vi control ui locale
* chore(ui): refresh nl control ui locale
* chore(ui): refresh fa control ui locale
* fix(usage-bar): use Object.hasOwn instead of in operator to avoid prototype chain pollution (#98503)
The in operator traverses the prototype chain, causing keys like toString,
constructor, valueOf, and __proto__ to incorrectly match Object.prototype
inherited properties in alias table lookups and map segment case lookups.
Replace with Object.hasOwn (ES2022) which only checks own properties.
Fixes #98466
Co-authored-by: Claude <noreply@anthropic.com>
* feat(android): localize gateway onboarding
* feat(android): localize every native locale
* fix(android): complete localized gateway trust flows
* test(android): enforce localized resource coverage
* fix(android): preserve Swedish app name
* fix(android): validate resource apostrophe syntax
* fix(media): normalize Windows inbound paths case-insensitively
* fix Windows inbound media path casing
* test: cover Windows inbound path casing
* test(plugin-sdk): cover media runtime inbound path casing
* fix(agents): skip implicit discovery in models replace mode
* fix(agents): skip implicit provider discovery when models.mode is 'replace' [AI-assisted]
resolveProvidersForModelsJsonWithDeps unconditionally awaited the implicit
provider resolver before honoring models.mode. With mode: 'replace' the user
opts out of discovery, so add a 3-line early-return guard that returns only the
explicit providers — eliminating the (slow) discovery pass for replace-mode.
Closes #66957.
AI-assisted contribution.
* chore: re-trigger CI (transient checkout/flaky core-check failures + cancelled gates; no code change)
* fix(sessions): preserve lineage metadata in JSON
* fix(message-tool): apply responsePrefix to outbound sends
* fix(message-tool): apply messages.responsePrefix to outbound sends
* fix(message-tool): interpolate responsePrefix templates on sends and skip unresolved model tokens
* fix(embedded-agent): classify Cloudflare challenge HTML as upstream failure
* fix: #94432 classify Cloudflare challenge 403 as upstream_html instead of auth_html
* chore: trigger CI re-run for Real behavior proof validation
* fix: align Cloudflare challenge detector with shared challenge markers
Extend CLOUDFLARE_CHALLENGE_RE to also match cdn-cgi/challenge-platform
and challenge-error-text — patterns already recognized by the shared
STANDALONE_HTML_ERROR_HINT_RE in assistant-error-format.ts.
Add regression tests for both new marker variants to ensure coverage.
* fix(embedded-agent): suppress raw Cloudflare HTML in console after upstream_html reclassification
- Add upstream_html to RAW_ERROR_CONSOLE_SUPPRESSED_FAILURE_KINDS so
Cloudflare challenge 403 pages classified as upstream_html do not
leak raw HTML into lifecycle/failover console rawError= diagnostics
- Add regression test verifying upstream_html suppression in
failover observation console messages
Re: #94432
---------
Co-authored-by: lzyyzznl <lzyyzznl@users.noreply.github.com>
Co-authored-by: lizeyu-xydt <lizeyu@xydigit.com>
* fix(docker): reduce local build memory pressure
* feat(node): add gateway context path support
* fix(irc): classify host-less nick!user allowlist entries as mutable
An IRC sender mask is nick!user@host where only host is server verified;
nick and user (ident) are client supplied and spoofable. The allowlist
identity classifier treated any entry containing "!" or "@" as a verified
stable identity, so a host-less nick!user entry was classified stable and
matched by the host-less nick!user subject candidate. With
dangerouslyAllowNameMatching at its secure default (off), the mutable
identifier policy only strips entries owned by a dangerous field, so the
host-less entry was never stripped and a remote sender presenting the same
nick and ident was admitted regardless of host.
Require a verified @host component before an entry or subject is classified
stable. Host-less nick and host-less nick!user are now both routed to a
dangerous (mutable) field so they are gated by the same name-matching policy.
The doctor mutable-allowlist detector now also flags host-less nick!user
entries so operators who typed that undocumented shape get a warning. The
documented full nick!user@host mask stays stable and unaffected.
* fix(matrix): bound raw transport response reads
* fix(matrix): bound raw transport response reads to prevent OOM
* test(matrix): add real node:http server proof for bound transport
Two new integration-style tests drive performMatrixRequest against a real
node:http server (no stubRuntimeFetch mock) using real undici + SSRF
dispatcher and ssrfPolicy.allowPrivateNetwork:
- over-cap: server declares Content-Length > MATRIX_SDK_RESPONSE_MAX_BYTES
with maxBytes omitted → rejects MatrixMediaSizeLimitError (68 ms wall)
- under-cap: server returns small payload with maxBytes omitted → Buffer
returned correctly (12 ms wall)
Addresses ClawSweeper feedback: previous proof showed only Vitest mock
output; these tests exercise the real Matrix runtime fetch path end-to-end.
* test(matrix): satisfy lint for transport proof
* fix(matrix): preserve encrypted media download limits
* test(matrix): add streaming OOM guard proof via real node:http server without Content-Length
Drive readResponseWithLimit directly by omitting Content-Length so that
enforceDeclaredResponseSize is a no-op and the streaming byte cap is the
sole enforcement path. A 20 MiB chunked server response with a 16 MiB
cap confirms the stream is canceled before full buffering (chunksWritten
< TOTAL_CHUNKS). A second case verifies under-cap payloads pass through.
* test(matrix): fix lint errors in real HTTP server proof (curly)
* test(matrix): add under-cap proof to real HTTP server test
* fix(feishu): hoist abortable delay timer binding
The finish() closure referenced timer which was declared with const after
finish was defined. If finish(false) ran via the abort signal check at
line 99 or via the abort event listener before the const timer assignment,
accessing timer in the temporal dead zone would throw a ReferenceError.
Hoist timer as a let binding above finish so it is safely undefined when
finish fires early, and the guard in finish handles it.
* fix: clear Tailscale probe timeout
The checkBinary helper used Promise.race with a setTimeout-based timeout
but never cleared the timer when runExec completed first. Wrap the race
in a try/finally that clears the timer handle to avoid a dangling timer.
* fix(sms): strip internal tool traces from replies
* fix(browser): decode CDP URL credentials
* fix(reply): honor suppressToolErrors for progress
5.22 already drops the tool-error WARNING text via payloads.ts, but the
error tool-result payload was still delivered as channel progress unless
sourceReplyDeliveryMode was message_tool_only. Operators who opt into
messages.suppressToolErrors expect no tool-error noise in chat at all.
Add a config-gated early-return in the onToolResult dispatch path so the
visible progress delivery is dropped too, matching the warning-text policy.
No-op unless messages.suppressToolErrors is true. Folds the mac-mini deploy
hotfix into the tracked branch.
(cherry picked from commit a973410e6d3ddbbaa4c3fb308ad4247274a9633a)
Co-authored-by: amittell <mittell@me.com>
* fix(reload): cancel deferred channel reload on restart
Fixes #79487
* fix: restore main lint after timer repairs
Preserve the Tailscale timeout cleanup from #98134 and the Feishu TDZ fix from #98137 while satisfying the repository lint rules.
Credit: @zhangLei99586 authored both underlying fixes.
Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
Co-authored-by: zhangLei99586 <zhang.lei162@xydigit.com>
* fix(slack): guard relay frame parsing
* fix(slack): guard relay WebSocket frame JSON.parse against malformed input
Slack Socket Mode relay receives WebSocket frames from external
infrastructure. parseRelayFrame() used bare JSON.parse() which would
throw raw SyntaxError on malformed frames, potentially crashing the
relay connection.
Wrap JSON.parse in try/catch and throw SlackRelayMalformedFrameError
with the original SyntaxError as cause, so callers can distinguish
transport errors from parse errors.
D4 dimension — all competitors have zero coverage.
Signed-off-by: lsr911 <liao.shirong@xydigit.com>
* fix(slack): repair relay frame guard tests
---------
Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* fix(memory-core): skip qmd zero-hit search sync
* fix(transcripts): close stream on parse failure
* fix(cli): show exit code when plugin npm install returns empty output (#98497)
* fix(cli): show exit code when npm install returns empty output
installPackageDir previously produced 'npm install failed:' with an empty
suffix when npm exited non-zero without writing to stdout or stderr. Users
running 'openclaw plugins install @openclaw/acpx' saw only that empty line
followed by the misleading hook-pack fallback error, leaving nothing
actionable in the output.
Add a small helper that keeps npm's own output when it exists but falls
back to reporting the exit code, signal, and termination reason when both
streams are empty. Regression tests cover the empty-output exit case and
the signal-terminated case; the existing stderr surfacing test still
passes unchanged.
Refs #98484
* fix(cli): narrow npm install failure diagnostics
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
* feat(apple): add Russian and Hindi app catalogs
* feat(apple): localize native app surfaces
* style(apple): format localized share extension
* feat(apple): complete core locale coverage
* test(apple): enforce phased catalog coverage
* fix(macos): package localized app resources
* fix(macos): compile packaged localizations
* fix(apple): preserve localized static labels
* fix: restore tooling CI after transcript test addition (#98610)
* test: update transcript helper routing expectation
* test: update transcript helper routing expectation
---------
Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
* fix(subagent): preserve steered task text on restart redispatch
Squashed from PR #77539 after maintainer CI repair.
* feat(i18n): refresh native locale artifacts
* feat(i18n): refresh every native locale
* fix(ci): commit first native locale artifacts
* docs(i18n): clarify native artifact ownership
* fix(i18n): validate native translation structure
* fix(ci): restrict native locale refresh dispatch
* fix(i18n): validate Kotlin and Swift placeholders
* fix(i18n): cover all native source roots
* fix(i18n): guard native refresh inputs
* test(i18n): prove native refresh creation and no-op
* test(ci): guard native locale refresh retries
* fix(i18n): allow locale placeholder reordering
* fix(i18n): validate native refresh inputs
* fix(i18n): name Swedish in translation prompts
* fix(i18n): preserve native printf placeholders
* fix(ci): refresh native locales for glossary changes
* test(i18n): use shared temp directory helper…
…overflow precheck (openclaw#97861) estimateMessageTokenPressure special-cased toolResult, tool, and assistant roles and otherwise read record.content. bashExecution stores its payload in command/output and branchSummary/compactionSummary store theirs in summary, so record.content was undefined and those turns scored as bare boundary overhead. The provider request expands them via convertToLlm into full user text, so bash-heavy sessions skipped the preflight overflow gate and submitted oversized prompts. Estimate each affected role from the exact text convertToLlm renders: bashExecutionToText for bash turns (zero for excludeFromContext records, which convertToLlm drops), and the summary prefix/suffix plus summary text for the two summary roles.
…tor (openclaw#97928) The in-loop context-overflow guard (installToolResultContextGuard) sizes transcript messages via estimateMessageChars, which only handled user, assistant, and toolResult roles. Harness roles (bashExecution, compactionSummary, branchSummary, custom) fell through to a flat 256-char return, causing the guard to undercount summary- and bash-dominated context by orders of magnitude. This is the sibling defect of the just-merged openclaw#97861 which fixed the same class in estimateMessageTokenPressure (the pre-prompt precheck). This commit applies the identical pattern to the live in-loop guard estimator. Fixes openclaw#97927
The in-loop context-overflow guard sizes each transcript message with estimateMessageChars, which special-cased only user/assistant/toolResult and returned a flat 256 for everything else. bashExecution, compactionSummary, branchSummary, and custom records all expand into full-text user messages via convertToLlm, so the guard undercounted summary- and bash-dominated transcripts and never tripped its last-resort overflow protection for them. Mirror the twin fix from openclaw#97861 (estimateMessageTokenPressure): read the exact text convertToLlm renders — bashExecutionToText for bash records (zero when excludeFromContext drops them) and the summary prefix/suffix plus summary text for the two summary roles. Custom messages render their content field, so use that length directly. Closes openclaw#97927.
…overflow precheck (openclaw#97861) estimateMessageTokenPressure special-cased toolResult, tool, and assistant roles and otherwise read record.content. bashExecution stores its payload in command/output and branchSummary/compactionSummary store theirs in summary, so record.content was undefined and those turns scored as bare boundary overhead. The provider request expands them via convertToLlm into full user text, so bash-heavy sessions skipped the preflight overflow gate and submitted oversized prompts. Estimate each affected role from the exact text convertToLlm renders: bashExecutionToText for bash turns (zero for excludeFromContext records, which convertToLlm drops), and the summary prefix/suffix plus summary text for the two summary roles.
…tor (openclaw#97928) The in-loop context-overflow guard (installToolResultContextGuard) sizes transcript messages via estimateMessageChars, which only handled user, assistant, and toolResult roles. Harness roles (bashExecution, compactionSummary, branchSummary, custom) fell through to a flat 256-char return, causing the guard to undercount summary- and bash-dominated context by orders of magnitude. This is the sibling defect of the just-merged openclaw#97861 which fixed the same class in estimateMessageTokenPressure (the pre-prompt precheck). This commit applies the identical pattern to the live in-loop guard estimator. Fixes openclaw#97927
What Problem This Solves
The pre-prompt overflow precheck silently under-counts
bashExecutionturns, so a context that holds large!-bash output (a!catof a big file, build logs, test output) is scored as nearly empty.shouldPreemptivelyCompactBeforePromptreturnsroute: "fits",shouldCompact: false, and the oversized prompt is submitted to the provider, which then rejects it as a context overflow. Bash-heavy sessions skip the very gate meant to keep them under the model limit.The same under-count corrupts the persisted
SessionContextBudgetStatus(remainingPromptBudgetTokens) and the mid-turn tool-result guard, which both consume the same estimate, so the budget a user sees for these sessions is wildly wrong.Why This Change Was Made
Root cause is
estimateMessageTokenPressureinsrc/agents/embedded-agent-runner/run/preemptive-compaction.ts. It special-casestoolResult/tool/assistantand otherwise falls through totokens += estimateContentTokenPressure(record.content).A
BashExecutionMessagestores its payload incommand/outputand has nocontentfield (packages/agent-core/src/types.ts), sorecord.contentisundefinedand the estimator returns0. The whole turn scores as just the boundary overhead (about 29 tokens after the safety margin) no matter how large the output.The precheck runs on
normalizeMessagesForLlmBoundary(...), which does not callconvertToLlm, sobashExecutionreaches the gate raw. The actual provider request does expand it viaconvertToLlm->bashExecutionToTextintocommandplus the full output as real user text, so the provider sees the tokens the gate scored as ~29.branchSummaryandcompactionSummaryhit the same defect at lower magnitude: their payload is in asummaryfield, notcontent, so they too scored as bare overhead.before:
User Impact
Bash-heavy and summary-bearing sessions no longer skip preflight compaction and submit an oversized prompt. The precheck now scores these turns at their true provider-rendered size, so it routes to compaction or tool-result truncation before the request instead of relying on post-overflow recovery (a failed provider round-trip plus latency). The reported
remainingPromptBudgetTokensis now correct for these sessions.Evidence
Fix: estimate each affected role from the exact text
convertToLlmrenders for the provider.after:
excludeFromContextbash records return0becauseconvertToLlmdrops them from the provider request entirely.Why this is the right boundary
The estimate must reflect what the provider actually receives.
convertToLlmis the single function that renders these roles into provider text, so the estimator now reuses its exact renderers (bashExecutionToText, the summary prefix/suffix constants) rather than re-deriving sizes. All three affected roles are fixed in the same change; the remaining roles already route through the existingcontent/toolResult/assistantbranches and are unaffected.Verification
node scripts/run-vitest.mjs src/agents/embedded-agent-runner/run/preemptive-compaction.bashexec.test.ts- 4 passed with the patch; the bash and summary cases fail on pristine main (estimate 29, routefits).node scripts/run-vitest.mjs src/agents/embedded-agent-runner/run/preemptive-compaction.test.ts- 16 passed (adjacent suite, no regression).node scripts/run-oxlint.mjs <changed files>- clean.oxfmt --check <changed files>- clean.node scripts/run-tsgo.mjs -p tsconfig.core.jsonand-p test/tsconfig/tsconfig.core.test.json- both clean.Real behavior proof
Behavior addressed: a session holding a large bash turn is scored as nearly empty by the pre-prompt overflow precheck, so it routes "fits" and submits an oversized prompt instead of compacting first.
Real environment tested: drove the real exported
estimateLlmBoundaryTokenPressure,shouldPreemptivelyCompactBeforePrompt, andconvertToLlmon pristine main 1052652 and on the patched tree with an identical two-message session (one user message plus onebashExecutionturn whose output renders to 337,507 provider tokens), under a 128000 context budget with a 16384 reserve. Nothing was mocked; the real estimator, router, and provider-text renderer all ran.Exact steps or command run after this patch: built the session, called
convertToLlmto measure the provider-rendered token size, then calledestimateLlmBoundaryTokenPressureandshouldPreemptivelyCompactBeforePrompton the same session and printed their fields.Evidence after fix:
Observed result after fix: the same 337507-token bash turn that was scored at 59 and waved through as "fits" is now scored at its real rendered size, so the gate reports an overflow of 293452 and routes to compaction before the prompt is submitted.
What was not tested: no live provider request was issued (the provider-side overflow is the documented downstream consequence); the full build was not run because no module/packaging boundary changed.