Skip to content

fix: Android TLS fingerprint verification times out on slow handshakes#98366

Merged
joshavant merged 1 commit into
mainfrom
fix/android-tls-fingerprint-timeout
Jul 1, 2026
Merged

fix: Android TLS fingerprint verification times out on slow handshakes#98366
joshavant merged 1 commit into
mainfrom
fix/android-tls-fingerprint-timeout

Conversation

@joshavant

Copy link
Copy Markdown
Contributor

Closes #98365

What Problem This Solves

Fixes an issue where Android users connecting to remote/Tailnet gateways could see TLS fingerprint verification fail as a generic unreachable gateway error when the TCP endpoint was reachable but the TLS handshake was slow or stalled.

Why This Change Was Made

The Android TLS fingerprint probe now treats TCP connect and TLS handshake as separate phases with separate bounded timeouts. It preserves the existing remote gateway TLS requirement and fingerprint trust flow, but reports a distinct TLS verification timeout when the socket connects and the handshake stalls.

AI-assisted: yes.

User Impact

Android users get a trust prompt for slow-but-valid TLS handshakes that complete inside the handshake budget, and get actionable TLS timed out guidance when a secure endpoint is reached but fingerprint verification does not complete. Remote/Tailnet gateways still require TLS and do not silently downgrade to cleartext.

Evidence

  • Focused tests passed:
    • ./gradlew :app:testPlayDebugUnitTest --tests 'ai.openclaw.app.gateway.GatewayTlsTest' --tests 'ai.openclaw.app.GatewayBootstrapAuthTest' --console=plain
  • Autoreview passed before commit:
    • .agents/skills/autoreview/scripts/autoreview --mode local
    • Result: autoreview clean: no accepted/actionable findings reported
  • Build passed after commit:
    • ./gradlew :app:assemblePlayDebug --console=plain
  • Live Android E2E proof on Android 15 / API 35 emulator:
    • Delayed Tailnet TLS endpoint wrapped TLS after about 6001ms; Android reached Trust this gateway? with the certificate fingerprint.
    • Stalled Tailnet TLS endpoint accepted Android connections, received 233 ClientHello bytes per socket, and Android closed after about 10.4s with UI status TLS timed out.
  • Additional check attempted:
    • ./gradlew :app:ktlintCheck --console=plain currently fails on unrelated current-main files: GatewayExecApprovals.kt, ClawSurfaces.kt, and OnboardingFlow.kt. The touched files were not reported by ktlint.

Agent transcript: omitted for now; a sanitized local session was found and can be added later if requested.

@openclaw-barnacle openclaw-barnacle Bot added app: android App: android size: S maintainer Maintainer-authored PR labels Jul 1, 2026
@clawsweeper

clawsweeper Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs maintainer review before merge. Reviewed June 30, 2026, 11:33 PM ET / 03:33 UTC.

Summary
The branch splits Android gateway TLS fingerprint probing into separate TCP-connect and TLS-handshake timeouts, adds a TLS timeout failure state/status copy, and covers the probe and guidance paths with Android unit tests.

PR surface: Other +184. Total +184 across 6 files.

Reproducibility: yes. Current main has a source-backed reproduction path: a TCP endpoint that accepts the connection and stalls the TLS handshake hits the single 3s probe timeout and is classified as endpoint unreachable; the linked issue also records Android API 35 live repro evidence.

Review metrics: 1 noteworthy metric.

  • TLS probe timeout budget: connect 3s unchanged; handshake 10s added. The timeout split is the main user-visible runtime tradeoff because stalled secure endpoints wait longer before Android reports TLS timed out.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #98365
Summary: This PR is the candidate fix for the linked Android TLS fingerprint timeout issue; no broader duplicate cluster was established.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • none.

Next step before merge

  • No ClawSweeper repair lane: this is an active implementation PR with no discrete code defect found, so the remaining action is maintainer review and merge handling.

Security
Cleared: The diff changes Android TLS probe classification and status text only, keeps remote TLS and fingerprint pinning required, and adds no dependency, workflow, secret, or downgrade path.

Review details

Best possible solution:

Land this narrow Android TLS probe fix after maintainer review accepts the 10s handshake budget and the Android CI result remains green.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main has a source-backed reproduction path: a TCP endpoint that accepts the connection and stalls the TLS handshake hits the single 3s probe timeout and is classified as endpoint unreachable; the linked issue also records Android API 35 live repro evidence.

Is this the best way to solve the issue?

Yes. Splitting TCP connect and TLS handshake budgets in the Android fingerprint probe is the narrow owner-boundary fix; UI-only copy changes would not let slow valid handshakes reach the trust prompt, and the diff does not weaken the TLS requirement.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 180a970ac045.

Label changes

Label changes:

  • add P2: This is a normal-priority Android gateway connection bugfix with limited blast radius but real impact on remote/Tailnet pairing.
  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body contains after-fix live Android API 35 emulator observations showing both the delayed-TLS trust prompt and stalled-TLS timeout result, with supporting Android CI success.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body contains after-fix live Android API 35 emulator observations showing both the delayed-TLS trust prompt and stalled-TLS timeout result, with supporting Android CI success.

Label justifications:

  • P2: This is a normal-priority Android gateway connection bugfix with limited blast radius but real impact on remote/Tailnet pairing.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body contains after-fix live Android API 35 emulator observations showing both the delayed-TLS trust prompt and stalled-TLS timeout result, with supporting Android CI success.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body contains after-fix live Android API 35 emulator observations showing both the delayed-TLS trust prompt and stalled-TLS timeout result, with supporting Android CI success.
Evidence reviewed

PR surface:

Other +184. Total +184 across 6 files.

View PR surface stats
Area Files Added Removed Net
Source 0 0 0 0
Tests 0 0 0 0
Docs 0 0 0 0
Config 0 0 0 0
Generated 0 0 0 0
Other 6 188 4 +184
Total 6 188 4 +184

What I checked:

Likely related people:

  • obviyus: Authored and committed the secure mobile endpoint probe-failure shape in commit acd5734 and later worked on Android gateway TLS/private-LAN handling in the same boundary. (role: feature-history owner; confidence: high; commits: acd5734aa9c4, 633c40aa6548, 771ddcf1846f; files: apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt, apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt, apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt)
  • vincentkoc: Authored the Android TLS probe hardening that removed the trust-all probe and captured fingerprints via the probe trust manager in commit 2c58c5d. (role: security hardening contributor; confidence: high; commits: 2c58c5d4ec55, 88c3bb539189; files: apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt, apps/android/app/src/test/java/ai/openclaw/app/GatewayBootstrapAuthTest.kt)
  • sliekens: Authored the changed TLS thumbprint prompt flow that shares the same NodeRuntime/GatewayTls fingerprint-probe invariant. (role: adjacent behavior contributor; confidence: medium; commits: 848e0486b77e; files: apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt, apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewayTls.kt, apps/android/app/src/test/java/ai/openclaw/app/GatewayBootstrapAuthTest.kt)
  • joshavant: Beyond this PR, recent merged Android runtime work touched NodeRuntime gateway reconnect and related Android UX behavior, so this author is also an adjacent current-area contributor. (role: recent Android runtime contributor; confidence: medium; commits: 53e50ec12747, 72b387ad488c, 8ab36e4308df; files: apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added proof: sufficient ClawSweeper judged the real behavior proof convincing. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P2 Normal backlog priority with limited blast radius. labels Jul 1, 2026
@joshavant joshavant merged commit 21d1e1f into main Jul 1, 2026
91 of 101 checks passed
@joshavant joshavant deleted the fix/android-tls-fingerprint-timeout branch July 1, 2026 03:35
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request Jul 1, 2026
QiuYuang pushed a commit to QiuYuang/openclaw that referenced this pull request Jul 1, 2026
shrad3r added a commit to shrad3r/openclaw that referenced this pull request Jul 1, 2026
* fix(ios): advance onboarding step after QR scan (#98302)

handleScannedLink does not set self.step = .connect after scanning a QR
code from the welcome step. The scanner sheet dismisses and the UI
returns to the welcome screen instead of showing connection progress.

The sibling handleScannedSetupCode path correctly advances the step;
this aligns the QR scan path.

Fixes #98297

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(anthropic-oauth): bound OAuth token endpoint response reads (#96644)

postJson reads the Anthropic OAuth token endpoint response body with
an unbounded await response.text(). A compromised or hijacked OAuth
endpoint can stream an arbitrarily large body and force the runtime
to buffer the entire payload before parsing — an OOM/DoS vector.

Replace with readResponseWithLimit at 16 MiB cap + TextDecoder decode
to match the sibling bounded-read pattern (provider-http-errors.ts:308).

Co-authored-by: Claude <noreply@anthropic.com>

* fix: warn when configured channel plugins cannot load (#96397)

* fix(gateway): warn for blocked configured channel plugins

* fix(gateway): preserve configured channel warning source

* test: migrate src/commands tests to shared temp dir helpers (#96359)

* test: migrate src/commands tests to shared temp dir helpers

* fix(test): remove unused path import in migrate apply test

* fix(cron): clear agentTurn thinking override by blanking the field (#96293)

* fix(cron): clear agentTurn thinking override when patched with null

Cron agentTurn patches could clear model/fallbacks/toolsAllow overrides by
sending an explicit null, but thinking had no clear path: the patch schema and
normalizer dropped thinking:null before it reached the merge logic, and the
payload merge only handled string values. Blanking the Thinking/Effort field in
the Cron Control UI therefore silently preserved the old value.

Add thinking:null support across the patch schema, exported type, normalizer,
and payload merge (mirroring model). The Control UI now sends an explicit clear
for model/thinking when an edited job blanks a previously stored override, and
the CLI gains --clear-thinking for parity with --clear-model.

* docs(cron): document --clear-thinking beside sibling clear flags

* test: migrate leaky raw mkdtemp calls to createSuiteTempRootTracker() (#96058)

Gap finding: tempdir-8h9i0j1k, tempdir-9i0j1k2l

Replace bare fs.mkdtemp/mkdtempSync calls in 4 test files with the
shared createSuiteTempRootTracker() helper, adding proper cleanup
where none existed.

Background: the project has standardized on shared temp dir helpers
since 88b87d893d (withTempDir) -> 13df67ebc8 (createSuiteTempRootTracker)
-> 06431fd99b / #87298 (CI guard + docs guidance). This PR continues
that migration for the highest-risk files.

Files changed:
- src/skills/lifecycle/install-fallback.test.ts: variable overwrite risk
- src/auto-reply/reply/session-hooks-context.test.ts: helper leaks temp dirs
- src/auto-reply/reply/abort.test.ts: createAbortConfig leaks root dir
- src/auto-reply/inbound.test.ts: test cases without cleanup

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(sessions): avoid cross-cwd recent resumes (#97785)

* fix(pdf): reject empty parsed page ranges (#97698)

* fix(discord): bound requestDiscord happy-path response reads to prevent OOM (#97693)

* fix(discord): bound happy-path API response reads to prevent OOM

Replace the unbounded res.text() call in requestDiscord's success path with
readResponseTextLimited capped at 4 MiB. Discord channel message lists and
attachment payloads can accumulate to large sizes; without a cap the process
can exhaust available memory. The error path already used readResponseTextLimited
with DISCORD_API_ERROR_BODY_LIMIT_BYTES — this applies the same guard to the
happy path using a separate DISCORD_API_RESPONSE_BODY_LIMIT_BYTES constant
sized appropriately for valid API payloads.

* test(discord): upgrade to real HTTP server proof for bound requestDiscord

* fix(discord): remove unnecessary type assertion in bound test

* fix(irc): guard surrogate-range codepoints in \u literal-escape decoder (#97683)

Two-step decode in decodeLiteralEscapes:
- Step 1: regex anchored to high-surrogate range (U+D800–U+DBFF) so a
  preceding BMP escape (e.g. \u0041) cannot consume the high-surrogate
  half of a valid pair like \uD83D\uDE00 (😀), leaving \uDE00 lone.
- Step 2: decode remaining BMP codepoints; preserve lone surrogates as
  six-character literals instead of corrupting them to U+FFFD in the
  outbound IRC UTF-8 stream.

* fix(utils): keep reply directive ids unicode-safe (#96938)

* fix(utils): keep reply directive ids unicode-safe

* test(utils): catch trailing lone surrogate in hasUnpairedSurrogate helper

Per PR #96938 review: the test helper missed a high surrogate at end of
string because charCodeAt(out-of-bounds) returns NaN, and NaN comparisons
are always false. Guard bounds explicitly so the truncation test actually
proves what it claims, plus two cases pinning helper behavior.

* chore(utils): rerun QA smoke to confirm memory-index timeout flake on #96938

---------

Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>

* fix(memory): detect unindexed session transcripts in status mode (fixes #97814) (#97857)

* fix(memory): detect unindexed session transcripts in status mode (fixes #97814)

The status-purpose MemoryIndexManager init skips ensureSessionStartupCatchup(),
so openclaw memory status reports dirty=false while unindexed session files
exist on disk. This is a false-clean state: the operator sees no backlog,
but memory search silently misses unindexed transcripts.

Fix: run markSessionStartupCatchupDirtyFiles() in status mode. It checks
for on-disk session files without corresponding memory_index_sources rows
and sets sessionsDirty=true if found, without triggering a full sync.

The full catchup+sync runs on the next non-transient manager cycle (CLI
sync or normal runtime init).

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(memory): await status dirty detection before status() reads the flag (fixes #97814)

The status-purpose MemoryIndexManager init skips ensureSessionStartupCatchup(),
so openclaw memory status reports dirty=false while unindexed session files
exist on disk. This is a false-clean state: the operator sees no backlog,
but memory search silently misses unindexed transcripts.

Fix: move status-mode markSessionStartupCatchupDirtyFiles() from the
constructor (fire-and-forget via void) into the create() factory method
where it is awaited. This guarantees sessionsDirty is set before any
caller reads manager.status(). The detection does NOT trigger a sync,
so status remains lightweight.

Review: verified manually — unit tests 21/21 pass, compilation 0 errors.

* test(memory): add regression test for status-purpose dirty detection (fixes #97814)

Adds a regression test that exercises the actual purpose:'status' manager
flow: create a session file without index row, create status manager, verify
status().dirty is true. This addresses the ClawSweeper P1 finding requesting
a test that exercises the real status path, not only the protected helper.

Also fixes the timing issue: move dirty detection from constructor (void)
to create() factory (await), guaranteeing sessionsDirty is set before any
caller reads manager.status().

---------

Co-authored-by: Claude <noreply@anthropic.com>

* fix(android): clarify gateway auth recovery states (#98094)

* fix(android): clarify gateway auth recovery states

* fix(android): preserve retryable pairing recovery copy

* fix(android): prefer auth recovery detail before stale address

* fix(android): show auth recovery while approval loads

* test(gateway): add unit tests for node wake state tracking and testing seam (#98205)

Add 17 unit tests for nodes-wake-state.ts covering:
- Exported wait/poll constants
- nodeWakeById Map operations (insert, overwrite, multi-entry, inFlight)
- nodeWakeNudgeById Map operations (independent tracking)
- clearNodeWakeState function (removal, no-op, scoped deletion)
- testing seam (getNodeWakeByIdSize, hasNodeWakeEntry, resetWakeState)

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: surface node approval guidance from devices CLI (#98115)

* fix: surface node approval guidance from devices CLI

* fix: preserve node approval connection guidance

* fix: handle admin retry unknown device approvals

* fix: require stable node approval matches

---------

Co-authored-by: welfo-beo <187608477+welfo-beo@users.noreply.github.com>
Co-authored-by: welfo-beo <welfo-beo@users.noreply.github.com>

* docs: clarify source checkout Node floor (#97898)

* docs: clarify source checkout Node floor

* chore: refresh CI for PR #97898

---------

Co-authored-by: lin-hongkuan <lin-hongkuan@users.noreply.github.com>

* test(telegram): add regression test for forum topic message_thread_id with streamed reasoning (#94526)

* test(telegram): add regression test for forum topic message_thread_id with streamed reasoning

After thorough code tracing of all delivery paths (draft stream, durable,
non-durable, preview hooks), the current main branch already correctly
passes message_thread_id through all paths for the streaming reasoning +
final answer scenario in forum topics. The bug reported in #89352 may have
been resolved by earlier merged changes (media-path preservation,
draft/progress streaming, etc.).

This commit adds a focused regression test covering the combined
scenario to prevent future regressions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(telegram): assert forum thread at draft-stream boundary for both lanes

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(device-pairing): don't churn requestId on subset re-requests (#98145)

* fix(device-pairing): don't churn requestId on subset re-requests

A reconnect that re-requested a subset of an already-pending device
pairing request still superseded it with a fresh requestId. This is the
root cause of the "unknown requestId" failures during device approval:

1. A TUI connect files a broad scope-upgrade request; the owner copies its
   id from `openclaw devices list`.
2. `openclaw devices approve <id>` reconnects as a CLI probe that only needs
   `operator.pairing` — a subset of the pending scopes.
3. That subset re-request superseded the pending request with a new id, so
   the originally-listed id no longer existed and approve failed.

Refresh the existing request in place when the incoming request only asks
for roles/scopes a single pending request (same device key + role) already
covers. Escalations that request *more* than the pending request still
supersede with a fresh id, so the requestId stays bound to at least the
scope snapshot the owner saw (the existing security-motivated behavior and
its test are preserved).

AI-assisted (Claude Code).

* fix(device-pairing): align subset pairing with scope coverage

* fix(system-prompt): move exec-approval + Authorized Senders below cache boundary (#98267)

* fix(system-prompt): move exec-approval + Authorized Senders below cache boundary

buildExecApprovalPromptGuidance (channel-varying: CLI /approve vs native
approval UI) and buildUserIdentitySection / "## Authorized Senders"
(owner/identity-varying, dropped when minimal) were emitted into the static,
cacheable prefix *above* SYSTEM_PROMPT_CACHE_BOUNDARY. They fork the cacheable
prefix at ~token 1,460, invalidating client-side prefix caching for the rest of
the ~17.8K-token system prompt — causing minutes-long cold prefills on local
models (llama.cpp / MLX / Ollama) after any channel-varying cron/heartbeat turn.

Follow-on to #40256, which moved Messaging/Voice/Reactions below the boundary
but missed these two. Relocates both into the existing below-boundary
channel-guidance block. Pure cache-stability change with no behavioural change
(the guidance is position-independent for correctness). Extends the boundary
test to assert both sections sit below SYSTEM_PROMPT_CACHE_BOUNDARY.

Measured on a local deployment: shared cross-channel prefix grew ~1,460 ->
~15,486 tokens; post-cron interactive turns went from minutes to ~10s.

Fixes #98261

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01H6Hz9UEpxQ4W3d8XecvupH

* fix(system-prompt): suppress relocated exec-approval line under tool_call_style override

Addresses review (clawsweeper): the exec-approval guidance lived inside the
`tool_call_style` fallback, so a provider override of that section previously
replaced it. Relocating it below the boundary emitted it unconditionally, which
changed behaviour for providers/plugins that override `tool_call_style`. Gate the
relocated line on the absence of a `tool_call_style` override, restoring the
original "override replaces the whole section" contract. Extends the
provider-override test to assert the default approval line is suppressed when
the section is overridden.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01H6Hz9UEpxQ4W3d8XecvupH

* fix(system-prompt): tighten cache boundary proof

* fix(system-prompt): tighten cache boundary proof

* fix(system-prompt): tighten cache boundary proof

---------

Co-authored-by: headbouyJB <23249268+headbouyJB@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>

* Preserve chat soft line breaks on iOS (#98304)

* fix(openrouter): send explicit auth headers (#98187)

* fix(openrouter): send explicit auth headers

* test(openrouter): type stream mock calls

* fix(web): render WebChat preamble progress

Render Control UI item and preamble progressText events as chat stream segments and preserve pre-final stream commentary before appending final assistant messages. Keyed preamble segments stay independent from accumulated stream snapshots, so distinct same-text commentary items render intact.

Co-authored-by: Chisel <chisel@psiclawops.dev>

* fix(web): label preamble proof blocks

Co-authored-by: Chisel <chisel@psiclawops.dev>

* feat(web): make WebChat commentary persistence configurable

Add a per-viewer 'Keep commentary' toggle (UiSettings.chatPersistCommentary,
default true) that controls whether keyed Codex preamble/commentary blocks
stay after the final answer or clear with it.

- Persist (default): keyed commentary materializes as durable blocks, current
  behavior, existing proof unchanged.
- Transient (toggle off): commentary stays live during streaming but is never
  materialized, so it disappears as the final message arrives. This is the
  transient-only behavior from #92236, now user-selectable instead of a
  maintainer-level either/or policy choice.

Single gating point in materializeVisibleStreamState (skip itemId-keyed parts
when persistCommentary is false); threaded from settings through the chat
event handler. Adds desktop + mobile header toggles and an en.ts label
(locale bundles regenerated via ui:i18n:sync, English fallback).

Tests: reconciliation persist/transient coverage, final-event handler honors
the setting, settings round-trip + header button assertions updated.

* fix(web): order keyed commentary by timestamp with tool cards

Keyed preamble commentary was appended after the whole tool loop, so it relied solely on the final visible-time sort for placement and lost the insertion-order tiebreaker against tool cards. Splice each keyed commentary segment into the items list before the first item with a strictly-later timestamp, so a preamble that arrived before a later tool renders above that tool while the run is live (not only after final materialization). Tools sharing the commentary timestamp that are already visible stay above it. Adds a buildChatItems regression covering a keyed preamble between two tools.

* fix(web): distill WebChat commentary persistence

* fix(web): reconcile transient commentary history

* chore(ui): refresh zh-TW control ui locale

* chore(ui): refresh de control ui locale

* chore(ui): refresh zh-CN control ui locale

* chore(deadcode): remove stale ACP testing aliases

* chore(deadcode): remove stale outbound testing aliases

* chore(deadcode): remove stale CLI testing aliases

* chore(ui): refresh pt-BR control ui locale

* chore(ui): refresh es control ui locale

* chore(ui): refresh ja-JP control ui locale

* chore(ui): refresh ko control ui locale

* chore(ui): refresh fr control ui locale

* chore(ui): refresh ar control ui locale

* chore(ui): refresh it control ui locale

* chore(ui): refresh tr control ui locale

* chore(ui): refresh id control ui locale

* chore(ui): refresh uk control ui locale

* chore(ui): refresh pl control ui locale

* chore(ui): refresh th control ui locale

* chore(ui): refresh vi control ui locale

* chore(ui): refresh nl control ui locale

* chore(ui): refresh fa control ui locale

* fix(tui): correct disconnect copy for device scope upgrades (#98144)

* fix(tui): correct disconnect copy for device scope upgrades

On disconnect, the TUI told users "Pairing required. Run `openclaw devices
list`, approve your request ID, then reconnect." This is misleading: the
gateway is asking for a device *scope upgrade* (the device is already
paired), and "pairing" points users at `openclaw pairing`, which only
handles chat DM pairing — a different subsystem.

- Reword the hint to name the scope upgrade and the actual recovery command
  (`openclaw devices approve --latest`), including the `--token`/`--password`
  escape hatch for when the device can't approve its own upgrade.
- Also match the gateway's "scope upgrade" disconnect reason, not just
  "pairing required".

AI-assisted (Claude Code).

* fix(tui): clarify device approval preview hint

* fix(anthropic): surface Discord pre-tool commentary

Route Anthropic pre-tool narration through the commentary progress lane, preserve shared channel progress defaults, and keep Discord/Telegram reasoning gates explicit.

Thanks @Marvinthebored!

* Add Swedish mobile app localization (#98043)

* feat: add Swedish mobile app localization

* fix: remove dead Swedish watch extension localization

* docs: document iOS metadata locale directories

---------

Co-authored-by: Daniel Nylander <daniel@danielnylander.se>

* fix(sms): guard Twilio JSON.parse against malformed API response bodies (#97999)

Wrap JSON.parse in parseTwilioListPayload and retrieveTwilioMessagingService with try/catch to prevent a malformed Twilio API response from throwing an unhandled SyntaxError.

- parseTwilioListPayload: return [] on parse failure (fail-safe for phone number listing)
- retrieveTwilioMessagingService: throw descriptive Error on parse failure

Note: parseTwilioApiError and parseTwilioSuccessPayload already had try/catch guards (lines 85-97, 104-121).

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>

* fix(matrix): guard JSON.parse against malformed homeserver response bodies (#97973)

Wrap JSON.parse(text) in MatrixAuthedHttpClient.requestJson with try/catch to prevent a malformed Matrix homeserver response from throwing an unhandled SyntaxError.

On parse failure, throw an Error with statusCode attached (matching the buildHttpError convention) so callers can handle it like any other Matrix API error.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>

* fix(core): propagate caller env PATHEXT through isExecutableFile on Windows (#98093)

* fix(core): propagate caller env PATHEXT through isExecutableFile on Windows

isExecutableFile hardcoded undefined when calling resolveWindowsExecutableExtSet,
ignoring any caller-provided custom env.PATHEXT. This meant resolveExecutablePath
and resolveExecutableFromPathEnv would fall back to process.env.PATHEXT even when
the caller supplied a different env with an extended PATHEXT (e.g. .PS1).

- Add optional options.env parameter to isExecutableFile
- resolveWindowsExecutableExtSet now reads from options?.env
- All 3 callers pass their available env through

Affects Windows deployments using sandbox/container environments where
PATHEXT differs from process.env (Docker Windows containers, CI runners, tests).
Fully backward compatible: undefined env falls back to process.env.PATHEXT.

* fix(core): also propagate caller env PATHEXT in node-host invoke resolver

- Fix sibling system.which resolver in src/node-host/invoke.ts:378
  to use caller env PATHEXT instead of process.env only
- Add comprehensive Windows-mocked tests for caller env PATHEXT
  propagation through isExecutableFile, resolveExecutableFromPathEnv,
  and resolveExecutablePath
- Tests cover: custom env accepted, fallback to process.env,
  path-separator and PATH-based resolution paths

* fix(core): also propagate caller env PATHEXT through node-host invoke resolver

- Add env?.PathExt and process.env.PathExt casing to both
  resolveWindowsExecutableExtSet and resolveWindowsExecutableExtensions
  for compatibility with callers using PascalCase env keys
- Isolate positive PATHEXT tests from process.env.PATHEXT by
  explicitly setting it to .TXT before each test, ensuring they
  prove caller env propagation rather than host env leak

* fix(core): add env?.PathExt casing to node-host system.which resolver

---------

Co-authored-by: wendy-chsy <wan.wenyan@xydigit.com>

* test(utils): add unit tests for chunkItems (#98219)

Add 8 test cases covering fixed-size array splitting, empty input,
size <= 0, size=1, size > length, exact division, readonly input
preservation, and fractional size behavior.

* test(config): add unit tests for resolveExecCommandHighlighting (#98087)

* test(infra): add unit tests for SQLite number normalization (#98009)

* test(infra): add unit tests for SQLite number normalization

* fix: remove undefined param test, not in function signature

* fix(gateway): iOS Talk treats SecretRef-backed API keys as missing (#98210)

* fix(gateway): resolve Talk SecretRefs for scoped native clients

* fix(gateway): constrain Talk secret materialization

* fix(gateway): redact Talk source provider secrets

* fix(gateway): satisfy Talk config lint

* docs(gateway): clarify Talk secret config payload

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>

* feat(gateway): scoped attach grants for external MCP loopback clients

Per-session, TTL-bounded, revocable bearer grants (mcp-grant-store) let an external/interactive
harness reach the gateway's scoped MCP loopback tools without the cli-backend's process-global
token. A grant is a lower-trust boundary: it binds the session server-side AND fail-closes on every
caller-supplied context header (x-session-key plus message-channel/account/current-channel/thread/
source-reply/event-kind), so a grant holder can neither scope-shop the session nor spoof
delivery/action context into scoped tools or the message tool. New attach.grant/attach.revoke
operator methods mint/revoke grants and return the loopback MCP config. Owner/non-owner cli-backend
path unchanged.

* refactor(gateway): trim attach grant implementation

* fix(agents): keep merged delivery routes account-bound (#98240)

* fix(agents): keep merged delivery routes account-bound

mergeDeliveryContext gated route-field crossing on channel only, so a
completion origin that knew its account but not a concrete target
inherited a different account's to/threadId on the same channel. A
subagent, cron, or media completion for bot-a could be addressed to
bot-b's chat but sent through bot-a (cross-account misroute) or dropped.

This restores the account-bound guard added in 1ed8592467 and removed as
collateral by 025db6cf9e (PR #89949); same-account and missing-account
merges still backfill so the media route-pin path is preserved. Restores
the deleted regression test.

* fix(agents): centralize account-bound completion routes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>

* Redact bare Fireworks API keys (#98226)

* Redact bare Fireworks API keys

* fix(logging): harden Fireworks key redaction

* fix(logging): harden Fireworks key redaction

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>

* docs: publish release notes for v2026.6.11 (#98319)

* fix: show in-progress status for channel runs (#98257)

Summary:
- Merged fix: show in-progress status for channel runs after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 08eec41769bd918a21e247404ad691d5707a79e1.
- Required merge gates passed before the squash merge.

Prepared head SHA: 08eec41769bd918a21e247404ad691d5707a79e1
Review: https://github.com/openclaw/openclaw/pull/98257#issuecomment-4849525931

Co-authored-by: scotthuang <scotthuang@tencent.com>
Approved-by: takhoffman

* fix(gateway): keep provider-owned CLI sessions across the daily default reset (#97931)

The gateway agent.run freshness decision called evaluateSessionFreshness
directly at both of its decision sites with no provider-owned guard, so a
provider-owned CLI session (claude-cli, codex, gemini-cli) under the default
reset config was rotated after the daily boundary when a turn ran through the
gateway path (webchat, openclaw agent, ACP, control UI, cron, heartbeat). The
rotation cleared the CLI session binding and split the transcript, violating
the documented exemption that the inbound auto-reply path and the canonical
session helper already honor.

Route both gateway freshness decisions through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
inbound path uses, and export hasProviderOwnedSession so the predicate has one
shared definition instead of a third copy. Explicit session.reset and /reset
still cut these sessions.

* docs: refresh docs map for v2026.6.11 (#98325)

* fix(auto-reply): stop level directives from eating the next message word (#97929)

matchLevelDirective consumed the token after a level directive
(/think, /verbose, /trace, /fast, /reasoning, /elevated) as the level
argument unconditionally, and extractLevelDirective stripped it from the
body whether or not it was a valid level. So a message like
"/verbose explain quantum computing" reached the agent as
"quantum computing", silently dropping the user's first word, and the
whitespace scan crossed newlines so "/verbose\nSummarize this" lost
"Summarize".

Treat the trailing token as the directive argument only when it
normalizes to a valid level or is the sole remaining token (preserving
the unrecognized-level hint and the default/inherit clear sentinels).
When two or more words follow, the directive acts argument-less and the
message text is preserved intact, matching the exec and queue parsers
that stop at an unrecognized token.

* fix(agents): estimate harness role sizes in context guard char estimator (#97928)

The in-loop context-overflow guard (installToolResultContextGuard) sizes
transcript messages via estimateMessageChars, which only handled user,
assistant, and toolResult roles. Harness roles (bashExecution,
compactionSummary, branchSummary, custom) fell through to a flat 256-char
return, causing the guard to undercount summary- and bash-dominated
context by orders of magnitude.

This is the sibling defect of the just-merged #97861 which fixed the same
class in estimateMessageTokenPressure (the pre-prompt precheck). This
commit applies the identical pattern to the live in-loop guard estimator.

Fixes #97927

* doctor: add memory search lint findings (#97137)

* doctor: add memory search lint findings

* fix(doctor): quiet memory lint for auth-profile sources

* fix(doctor): require provider-specific auth source for memory lint

* fix(doctor): preserve qmd memory lint warnings

* fix(doctor): validate auth source credentials

* Doctor: expose workspace status findings (#97358)

* doctor: expose workspace status findings

* fix(doctor): pass workspace drift into lint

* fix(doctor): pass allow-exec into workspace lint drift

* test(qa-lab): harden whatsapp qa scenarios (#95622)

* fix(whatsapp): preserve group participant identity in QA driver

* fix(whatsapp): infer same-chat action targets

* test(qa-lab): record whatsapp scenario posture

* test(qa-lab): harden whatsapp live scenario coverage

* docs(qa): describe whatsapp qa lane coverage

* fix: prevent skill-creator from bypassing workshop proposals (#98346)

Summary:
- The branch adds bundled skill-creator guidance to route durable OpenClaw skill work through Skill Workshop proposals and removes the direct `init_skill.py` scaffold helper plus its test.
- PR surface: Docs +6, Other -429. Total -423 across 3 files.
- Reproducibility: yes. source-level: current main has `init_skill.py` writing a live `SKILL.md` directly, whi ... `. I did not run the direct helper as a repro because this review was read-only and that path writes files.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 8eca1654472e50283ba7deed5f3220cc8213be94.
- Required merge gates passed before the squash merge.

Prepared head SHA: 8eca1654472e50283ba7deed5f3220cc8213be94
Review: https://github.com/openclaw/openclaw/pull/98346#issuecomment-4849855806

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage

* fix(heartbeat): scope commitment fan-out prompts (#98169)

* fix(heartbeat): scope commitment fan-out prompts

* fix(heartbeat): isolate commitment fan-out runs

* fix(heartbeat): isolate commitment fan-out runs

---------

Co-authored-by: Benjamin Badejo <ben@benbadejo.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>

* doctor: expose device pairing findings (#97366)

* Fix Android TLS fingerprint timeout handling (#98366)

* fix(ios): open app on chat by default (#98353)

Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>

* fix(security): warn on agent skill MCP boundary drift (#98352)

Summary:
- Merged fix(security): warn on agent skill MCP boundary drift after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head ab3c29ef4c731dfdbff75f2f5c7ec65c63ec195d.
- Required merge gates passed before the squash merge.

Prepared head SHA: ab3c29ef4c731dfdbff75f2f5c7ec65c63ec195d
Review: https://github.com/openclaw/openclaw/pull/98352#issuecomment-4850104358

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage

* fix: retry image describe fallback models (#98347)

Summary:
- Merged fix: retry image describe fallback models after ClawSweeper review.

Automerge notes:
- Addressed earlier ClawSweeper review findings before merge.

Validation:
- ClawSweeper review passed for head 55b26bd37374de551fd13595751350f261d6a832.
- Required merge gates passed before the squash merge.

Prepared head SHA: 55b26bd37374de551fd13595751350f261d6a832
Review: https://github.com/openclaw/openclaw/pull/98347#issuecomment-4850122718

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage

* fix(ios): avoid transient duplicate final replies (#98117)

* Fix iOS final reply dedupe

* fix(ios): scope final message reconciliation

* docs(ios): explain final message reconciliation key

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>

* fix(gateway): emit stale exec approval followup diagnostics (#98293)

* fix(gateway): emit stale exec approval followup diagnostics

* fix(gateway): cover approval suppression diagnostics in ci

* fix(logging): preserve approval ids in stability bundles

* docs(exec): document suppression diagnostics

---------

Co-authored-by: BSnizND <199837910+BsnizND@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@golden-gate.local>

* fix(ios): use Gateway speech providers in Talk (#98376)

* fix(ios): route gateway speech through talk.speak

* fix(ios): preserve realtime fallback state

* fix(ios): satisfy audio delegate concurrency

* fix(ios): ignore stale audio callbacks

* fix(ios): ignore stale audio callbacks

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>

* Suppress expired exec approval followup warnings (#66685)

* fix(agents): suppress expired approval followup warnings

* fix(agents): suppress expired approval followup warnings

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>

* fix: show actionable mobile protocol mismatch recovery (#98385)

* Fix mobile protocol mismatch recovery

* Test iOS protocol mismatch connect failures

* Fix iOS protocol mismatch problem actions

* fix(cli): explain how to recover from device approve deadlock (#98146)

* fix(cli): explain how to recover from device approve deadlock

`openclaw devices approve` could fail two ways with no path forward:

- When the calling device can't approve its own scope upgrade (it lacks
  operator.approvals) and no loopback local fallback is available (e.g. a
  remote --url gateway), the raw "scope upgrade pending approval" error
  propagated with no guidance.
- When the request id wasn't found in pending state (already approved,
  expired, or superseded), it printed only "unknown requestId".

Surface actionable guidance instead:

- On an authorization failure, explain that the device can't approve its
  own upgrade and point to `--token`/`--password` (gateway owner creds) or
  approving from a device that already holds operator.approvals.
- On a missing request, point to `openclaw devices list` and
  `openclaw devices approve --latest`.

AI-assisted (Claude Code).

* fix(cli): clarify device approval recovery

* fix(cli): avoid unusable approval credential advice

* improve(ios): clarify Control and Talk visual hierarchy (#98423)

* feat(ios): refine control and talk visual hierarchy

* feat(ios): refine control and talk visual hierarchy

* feat(ios): refine control and talk visual hierarchy

* fix(doctor): recover legacy cron archive across devices (#98217)

* fix(doctor): recover legacy cron archive across devices

* fix(doctor): harden legacy cron archive retries

* fix(doctor): canonicalize shipped cron retry shape

* fix(doctor): persist legacy cron migration receipts

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>

* feat(openai): add GPT-5.6 series support (#98333)

* feat(openai): add GPT-5.6 series support

* docs: refresh map for GPT-5.6

* fix(openai): preserve GPT-5.6 thinking metadata

* fix(codex): sync managed app server version

* fix(codex): sync managed app server version

* fix(openai): account for GPT-5.6 cache writes

---------

Co-authored-by: Peter Steinberger <steipete@golden-gate.local>

* fix(cron): preserve action-required command output

* fix(cron): strip nested job diagnostics from webhook payloads

* test(gateway): remove cron redaction casts

* fix(ios): classify TLS fingerprint timeouts (#98429)

* fix(ios): classify gateway TLS fingerprint timeouts

* Add discovered TLS trust regression test

* fix: Android setup codes accept local mDNS gateway hosts (#98439)

* Fix Android mDNS setup-code cleartext policy

* Align Android gateway diagnostics cleartext guidance

* fix(ios): improve light and dark appearance contrast (#98443)

* fix(llm): preserve structured tool result replay

Preserve structured tool-result replay text across provider transports while keeping provider-facing redaction and Anthropic media ordering intact.

Thanks @snowzlmbot!

* fix(status): surface unregistered memory embedding providers (#97968)

* refactor(sessions): centralize scoped store path resolution

* refactor(agents): reuse process stdin writer

* refactor(security): centralize safe-bin config normalization

* refactor(sessions): centralize export transcript parsing

* fix(agents): preserve runtime settings overrides (#92237)

* Fix active-memory stale ops summaries (#95888)

Co-authored-by: costaff <costaff-lapclaw-001@efiducian.com>

* fix(gateway): surface systemd start-limit exhaustion (#98291)

* fix(gateway): surface systemd start-limit exhaustion

* fix(gateway): avoid start-limit false positive for exit 78

* fix(gateway): hint missing external plugin for web login (#90517)

* fix(gateway): hint missing official plugin for web login

* fix(gateway): keep missing web login hints actionable

* test(infra): add unit tests for SQLite user_version pragma helper (#98369)

* test(infra): add unit tests for SQLite user_version pragma helper

* ci: trigger re-review

* fix(android): hide status bar in release screenshots

* Fix extension exec process-tree termination (#98340)

* fix(ui): collapse duplicate assistant groups during segmented streaming (#92063)

Fold a contiguous run of in-flight stream/reading-indicator items into one
assistant group (one avatar/footer, segments stacked as bubbles) so a segmented
streaming reply no longer flashes a separate avatar+footer per segment.
Render-layer only: the shared ChatItem types and build-chat-items.ts are
untouched, and a message/group/divider breaks the run so interleaved tool calls
keep their own groups.

Refs #63956

AI-assisted (Claude Code).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix(infra): guard delivery queue inflate against corrupted entry_json (#98354)

* fix(infra): guard delivery queue inflate against corrupted entry_json

* fix(infra): use toSorted in delivery queue test

* fix(agents): warn on cron announce skip (#90566)

* fix(agents): warn on cron announce skip

* fix(agents): gate cron announce skip warnings

* fix(ports): validate lsof PID parsing before assignment (#98371)

* fix(ports): validate lsof PID parsing before assignment

Add Number.isFinite guard on lsof 'p' line PID parsing in
parseLsofOutput, consistent with the netstat branch in the same
function which already validates with Number.isNaN.

While the downstream if (current.pid) truthiness check catches
NaN (falsy), adding validation at the parse site is defense-in-
depth and eliminates an inconsistency within the same function.

* test(ports): add edge case tests for parseLsofOutput

Add test coverage for malformed lsof 'p' lines (empty PID, non-numeric
suffix), zero PID, and empty input to verify the Number.isFinite guard
correctly filters invalid entries.

* fix(cron): keep provider-owned CLI sessions across the daily default reset (#98356)

The provider-owned CLI session exemption added for the gateway agent.run path
in #97931 was not applied to the non-gateway session resolvers. Scheduled
isolated-agent cron jobs run through runCronIsolatedAgentTurn ->
resolveCronSession, and the local openclaw command runs through resolveSession;
both called evaluateSessionFreshness directly with no provider-owned guard.

Under the default reset config a persistent-target cron job on a CLI runtime
(claude-cli, codex, gemini-cli) therefore rotated its session after the daily
boundary, minting a new sessionId and dropping the cliSessionBindings, so the
agent silently lost its underlying CLI conversation every morning and the
transcript was split. Because resolveCronSession also backs the heartbeat
runner, that surface was affected too.

Route both resolvers through the same
resetPolicy.configured !== true && hasProviderOwnedSession(entry) skip the
gateway and inbound paths already use. Explicit session.reset and configured
resets still rotate these sessions, and the command path still rotates when the
terminal main transcript is newer than the registry.

* test(shared): add unit tests for account enabled guard (#98395)

* fix(agents): recover thinking errors from provider body (#98411)

* docs(skills): parameterize landable bug sweeps (#98494)

* fix: report codex chatgpt status auth (#91240)

* test(agents): add unit tests for thinking block detection (#98370)

* test: prefer shared temp dir helpers in config, gateway, cron, crestodian, and state tests (#96711)

* fix: add temp dir cleanup to 14 P0 test files (Group A)

* fix: restore os import and fix fs.rmSync call in temp dir cleanup

* fix: use shared temp dir helpers in config, gateway, cron, crestodian, and state tests

* fix(test): rename underscore-prefixed temp dir vars and remove unused imports

* fix(test): remove unused path import in crestodian audit test

* fix(test): reorder expected plans to match buildVitestRunPlans output after rebase

* Fix Android QR scan pairing flow (#98483)

* fix docs-list-mdx-pages (#95230)

* fix(minimax): bound OAuth JSON response via shared provider reader (#96322)

Use readProviderJsonResponse (shared 16 MiB default cap) instead of
unbounded response.json() for MiniMax OAuth authorization code endpoint.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>

* fix(config): warn when permission hardening fails during recovery (#95348)

Surface chmod failures during config backup restore, last-known-good
promotion/recovery, and prefix recovery instead of swallowing them silently.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(copilot): guard against undefined runtime.state during cli-metadata registration (#95229)

Co-authored-by: sunlit-deng <sunlit.deng@example.com>

* fix(memory): skip raw snippets during promotion (#94636)

* [AI] fix(feishu): guard partial channelRuntime in monitor startup (#94013)

* [AI] fix(feishu): guard partial channelRuntime in monitor startup

When the gateway passes a partial channelRuntime (ChannelRuntimeSurface
with only runtimeContexts but no inbound/debounce), the ?? operator in
monitor.account.ts selects it over the full local runtime, causing
monitor startup to crash on channelRuntime.debounce access.

Mirror the same ?.inbound guard pattern from bot.ts:739 (PR #93466)
to monitor.account.ts:487. When the runtime lacks inbound, fall back
to getFeishuRuntime().channel which always has the full surface.

No test: the guard mirrors an already-merged pattern (#93466) and only
affects the partial-runtime edge case that requires a gateway context.

Related to #92595

* [AI] test(feishu): add channelRuntime guard tests for monitorSingleAccount

Three test cases for the channelRuntime guard at
monitor.account.ts:489:
1. Partial channelRuntime (no inbound) → falls back to local runtime
2. Full channelRuntime with inbound → uses provided runtime
3. No channelRuntime (undefined) → falls back to local runtime

Related to #92595

* fix: hide expired pairing QR cards in Control UI (#98049)

* Hide expired pairing QR codes

* Schedule pairing QR expiry refresh

* test(memory): cover live manager after CLI reindex (#96094)

* fix: advertise route-aware LAN Control UI links (#98482)

* Route LAN pairing URLs by default route

* Advertise route-aware LAN Control UI links

* Fix route-aware LAN test mocks

* Narrow advertised LAN SDK export

* Recover archived (.reset) session transcripts in memory hook + session-logs skill (#71537)

* fix(session-memory): recover archived reset transcripts

* docs(session-logs): include archived transcripts in skill examples

Plain .jsonl globs miss .jsonl.reset.*Z and .jsonl.deleted.*Z files,
which still contain real transcript content. Add explicit guidance and
a list_session_transcripts helper so searches can opt in to full
history when needed.

Pairs with the session-memory recover-from-archive fix in the same
branch.

* docs(session-logs): scope nullglob and use while-read in helper

Address Greptile review feedback on PR #71537:

* nullglob is now saved and restored inside list_session_transcripts so
  the helper does not change the caller shell environment when sourced.
* Replace 'for f in $(list_session_transcripts)' tip with a 'while
  IFS= read -r' loop so paths with spaces or other IFS characters are
  handled correctly. Include a worked example using the same date+size
  listing the surrounding section already documents.

Doc only, no runtime behavior change.

* docs(config-agents): correct built-in alias table for opus and gpt (#96375)

The built-in alias shorthands table listed stale model ids that no longer
match src/config/defaults.ts (DEFAULT_MODEL_ALIASES):

  opus: anthropic/claude-opus-4-6 -> anthropic/claude-opus-4-8
  gpt:  openai/gpt-5.5            -> openai/gpt-5.4

These now match defaults.ts and the help/faq-models alias table, and resolve
an internal contradiction on this same page (its runtime-policy example already
uses anthropic/claude-opus-4-8).

* docs(gateway): fix Telegram streaming default in config-channels.md (#98453)

The config example in docs/gateway/config-channels.md incorrectly
listed streaming default as "off". The actual runtime default is
"partial", as confirmed by the Telegram plugin's default resolver.

docs/channels/telegram.md already correctly documents the default
as "partial".

Co-authored-by: Claude <noreply@anthropic.com>

* test: repair hosted CI baseline assertions (#98533)

* feat(imessage): native poll support — create, read, vote (#98421)

* feat(imessage): add native poll action

Wire the imsg CLI 'poll send' bridge command into the iMessage channel
message-tool action surface, mirroring the existing Discord poll action.
Adds the 'poll' action (gate: polls), a sendPoll runtime, selector-gated
capability advertisement (pollPayloadMessage), config type + zod schema,
regenerated channel metadata, docs, and tests.

* feat(imessage): read inbound polls, vote, and suppress vote echo

Builds on the native poll send action:

- Inbound polls now render to the agent as a readable line (question +
  numbered options + tallies) instead of the raw 0xFFFD balloon placeholder,
  so a received poll no longer reads as an empty message.
- New `poll-vote` action casts a vote via `imsg poll vote`, resolving a
  1-based option index / text / UUID to the poll's option identifier.
- message_tool_only echo guard: the model tends to narrate its choice in a
  text reply right after voting ("Blue."), which is redundant since the vote
  shows on the poll. A new `poll_vote_echo` suppression reason (alongside
  inbound_metadata_echo / internal_runtime_context_echo) drops a send/reply
  that exactly restates the just-cast vote, using the option label imsg
  returns. Extra content passes through untouched.

* fix(imessage): gate poll-vote on imsg poll.vote rpc capability

Released imsg carries the pollPayloadMessage selector (poll create) but
predates the poll.vote CLI/RPC. Gating both poll and poll-vote on that
selector alone would advertise a vote action the released CLI rejects.
Gate poll-vote additionally on the advertised poll.vote rpc method so this
plugin can ship ahead of the imsg release.

* fix(imessage): enforce poll.vote capability at execution, not just discovery

Codex review flagged the discovery gate as bypassable: a caller that already
knows action=poll-vote skips describeMessageTool and reaches handleAction
directly. Add the same imessageRpcSupportsMethod(status, 'poll.vote') check in
the poll-vote execution path (after assertPrivateApiEnabled), so a direct
dispatch on released imsg fails closed with a clear message instead of an
opaque CLI rejection. Adds a negative handleAction test.

* fix(imessage): harden native poll support

* fix(message): validate targets before channel discovery

* fix(message): validate targets before channel discovery

---------

Co-authored-by: Omar Shahine <lobster@users.noreply.github.com>
Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>

* docs(matrix): document missing streaming.progress mode, progress sub-fields, and mentionPatterns config (#98318)

* docs(matrix): document missing streaming.progress mode, progress sub-fields, and mentionPatterns config

* docs: clarify Matrix progress labels

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>

* docs(onboard): document 11 missing non-interactive CLI flags (#97753)

* docs(onboard): document 11 missing non-interactive CLI flags

* docs: correct token profile default wording

* docs: update generated docs map

---------

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>

* fix(mattermost): bound null-body error response reads (#97851)

Co-authored-by: Pick-cat <266665499+Pick-cat@users.noreply.github.com>

* fix(memory-wiki): preserve notes after transient page reads (#98360)

* test: fix stale core test type failures (#98551)

* fix(browser): bound error body read in fetchHttpJson to prevent OOM (#98455)

* fix(browser): bound error body read in fetchHttpJson to prevent OOM

* fix(browser): enforce strict error response limit

---------

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>

* fix(code-mode): surface QuickJS error name and message to the model (#95906)

* fix(code-mode): surface QuickJS error name and message to the model

* fix(code-mode): preserve host error diagnostics

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* fix(agents): don't crash autoreview copilot engine on Windows temp-dir cleanup (#97901)

On Windows the spawned copilot process and its MCP subprocesses keep the
TemporaryDirectory as their cwd briefly after exit, holding a directory handle.
That makes TemporaryDirectory's rmtree raise PermissionError (WinError 32) on
__exit__, aborting the run with a traceback even though the review completed
successfully. Pass ignore_cleanup_errors=True so cleanup is best-effort and a
post-review cleanup race never fails the run.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(slack): truncate served arg-menu option labels on a surrogate boundary (#97923)

* fix(update): validate bundle plugin payloads by manifest contract (#98010)

* fix(update): validate bundle plugin payloads by manifest contract

Closes #97985

* fix(update): preserve native payload checks for dual-format plugins

* fix(update): satisfy payload validation lint

* fix(update): cover persisted marketplace bundles

* fix(codex): derive terminal-idle watchdog from explicit run timeout (#85296)

* fix(codex): derive terminal-idle watchdog from effective run timeout

Fixes the early-abort half of #85242. The Codex app-server terminal-idle
watchdog used a hardcoded 30-minute default that was not derived from the
effective run timeout, so a scheduled turn configured with a longer
timeoutSeconds could be aborted early at 30 minutes even with budget left.

resolveCodexTurnTerminalIdleTimeoutMs (now in attempt-timeouts.ts after the
upstream split) accepts the effective run timeout and, with no explicit
override, follows the run budget instead of the 30-minute default:
- explicit override always wins (advanced config / tests)
- otherwise terminal-idle = max(30min floor, run budget), so a longer run is
  no longer cut short and existing protection is never shortened
- falls back to the 30min default when no run budget is known

Reuses the existing resolvePositiveIntegerTimeoutMs helper, matching the
neighbouring post-tool resolver. Adds focused unit tests for the derivation.

The diagnostic-wording half of #85242 (naming the terminal-idle watchdog in
the surfaced guidance) is left as a separate follow-up.

* fix(codex): derive terminal-idle watchdog from effective run timeout

* fix(codex): preserve default terminal idle watchdog

---------

Co-authored-by: openclaw-clownfish[bot] <280122609+openclaw-clownfish[bot]@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* feat(i18n): inventory native app UI strings

* feat(i18n): define native locale matrix

* fix(i18n): keep native refresh inventory clean

* fix(i18n): guard native inventory in CI

* fix(i18n): skip non-runtime native source literals

* fix(i18n): preserve native placeholders and whitespace

* ci(i18n): run native checks for tooling changes

* fix(i18n): preserve Kotlin native placeholders

* fix(i18n): parse native interpolation expressions

* feat(i18n): inventory native resources and wrappers

* fix(i18n): align native scan scope and build exclusions

* fix(i18n): inventory conditional native labels

* fix(i18n): cover all native source roots

* fix(i18n): filter non-translatable native literals

* fix(i18n): restrict native UI extraction

* fix(i18n): route native inventory checks narrowly

* feat(i18n): add Swedish native locale

* fix(ci): route native locale refresh checks

* fix(i18n): cover structured native UI strings

* fix(i18n): scope native UI helper extraction

* fix(i18n): cover native conditional UI strings

* fix(i18n): parse native UI string expressions

* fix(i18n): include custom SwiftUI helper labels

* fix(i18n): stabilize native inventory generation

* chore(i18n): refresh native inventory line mappings

* fix(ui): localize expired pairing QR notice

* fix(ui): localize expired pairing QR notice

* fix: allow config.patch with defaulted provider baseUrl (#98396)

Summary:
- Merged fix: allow config.patch with defaulted provider baseUrl after ClawSweeper review.

Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 68fbf67640f7abe2d6e78ee935dddaa0caae0a27.
- Required merge gates passed before the squash merge.

Prepared head SHA: 68fbf67640f7abe2d6e78ee935dddaa0caae0a27
Review: https://github.com/openclaw/openclaw/pull/98396#issuecomment-4853365525

Co-authored-by: momothemage <niuzhengnan@163.com>
Approved-by: momothemage

* chore(ui): refresh zh-TW control ui locale

* chore(ui): refresh de control ui locale

* chore(ui): refresh pt-BR control ui locale

* chore(ui): refresh zh-CN control ui locale

* chore(ui): refresh es control ui locale

* chore(ui): refresh ja-JP control ui locale

* chore(ui): refresh ko control ui locale

* chore(ui): refresh fr control ui locale

* chore(ui): refresh ar control ui locale

* chore(ui): refresh tr control ui locale

* chore(ui): refresh uk control ui locale

* chore(ui): refresh it control ui locale

* chore(ui): refresh id control ui locale

* chore(ui): refresh pl control ui locale

* chore(ui): refresh th control ui locale

* chore(ui): refresh vi control ui locale

* chore(ui): refresh nl control ui locale

* chore(ui): refresh fa control ui locale

* fix(usage-bar): use Object.hasOwn instead of in operator to avoid prototype chain pollution (#98503)

The in operator traverses the prototype chain, causing keys like toString,
constructor, valueOf, and __proto__ to incorrectly match Object.prototype
inherited properties in alias table lookups and map segment case lookups.
Replace with Object.hasOwn (ES2022) which only checks own properties.

Fixes #98466

Co-authored-by: Claude <noreply@anthropic.com>

* feat(android): localize gateway onboarding

* feat(android): localize every native locale

* fix(android): complete localized gateway trust flows

* test(android): enforce localized resource coverage

* fix(android): preserve Swedish app name

* fix(android): validate resource apostrophe syntax

* fix(media): normalize Windows inbound paths case-insensitively

* fix Windows inbound media path casing

* test: cover Windows inbound path casing

* test(plugin-sdk): cover media runtime inbound path casing

* fix(agents): skip implicit discovery in models replace mode

* fix(agents): skip implicit provider discovery when models.mode is 'replace' [AI-assisted]

resolveProvidersForModelsJsonWithDeps unconditionally awaited the implicit
provider resolver before honoring models.mode. With mode: 'replace' the user
opts out of discovery, so add a 3-line early-return guard that returns only the
explicit providers — eliminating the (slow) discovery pass for replace-mode.

Closes #66957.
AI-assisted contribution.

* chore: re-trigger CI (transient checkout/flaky core-check failures + cancelled gates; no code change)

* fix(sessions): preserve lineage metadata in JSON

* fix(message-tool): apply responsePrefix to outbound sends

* fix(message-tool): apply messages.responsePrefix to outbound sends

* fix(message-tool): interpolate responsePrefix templates on sends and skip unresolved model tokens

* fix(embedded-agent): classify Cloudflare challenge HTML as upstream failure

* fix: #94432 classify Cloudflare challenge 403 as upstream_html instead of auth_html

* chore: trigger CI re-run for Real behavior proof validation

* fix: align Cloudflare challenge detector with shared challenge markers

Extend CLOUDFLARE_CHALLENGE_RE to also match cdn-cgi/challenge-platform
and challenge-error-text — patterns already recognized by the shared
STANDALONE_HTML_ERROR_HINT_RE in assistant-error-format.ts.

Add regression tests for both new marker variants to ensure coverage.

* fix(embedded-agent): suppress raw Cloudflare HTML in console after upstream_html reclassification

- Add upstream_html to RAW_ERROR_CONSOLE_SUPPRESSED_FAILURE_KINDS so
  Cloudflare challenge 403 pages classified as upstream_html do not
  leak raw HTML into lifecycle/failover console rawError= diagnostics
- Add regression test verifying upstream_html suppression in
  failover observation console messages

Re: #94432

---------

Co-authored-by: lzyyzznl <lzyyzznl@users.noreply.github.com>
Co-authored-by: lizeyu-xydt <lizeyu@xydigit.com>

* fix(docker): reduce local build memory pressure

* feat(node): add gateway context path support

* fix(irc): classify host-less nick!user allowlist entries as mutable

An IRC sender mask is nick!user@host where only host is server verified;
nick and user (ident) are client supplied and spoofable. The allowlist
identity classifier treated any entry containing "!" or "@" as a verified
stable identity, so a host-less nick!user entry was classified stable and
matched by the host-less nick!user subject candidate. With
dangerouslyAllowNameMatching at its secure default (off), the mutable
identifier policy only strips entries owned by a dangerous field, so the
host-less entry was never stripped and a remote sender presenting the same
nick and ident was admitted regardless of host.

Require a verified @host component before an entry or subject is classified
stable. Host-less nick and host-less nick!user are now both routed to a
dangerous (mutable) field so they are gated by the same name-matching policy.
The doctor mutable-allowlist detector now also flags host-less nick!user
entries so operators who typed that undocumented shape get a warning. The
documented full nick!user@host mask stays stable and unaffected.

* fix(matrix): bound raw transport response reads

* fix(matrix): bound raw transport response reads to prevent OOM

* test(matrix): add real node:http server proof for bound transport

Two new integration-style tests drive performMatrixRequest against a real
node:http server (no stubRuntimeFetch mock) using real undici + SSRF
dispatcher and ssrfPolicy.allowPrivateNetwork:

- over-cap: server declares Content-Length > MATRIX_SDK_RESPONSE_MAX_BYTES
  with maxBytes omitted → rejects MatrixMediaSizeLimitError (68 ms wall)
- under-cap: server returns small payload with maxBytes omitted → Buffer
  returned correctly (12 ms wall)

Addresses ClawSweeper feedback: previous proof showed only Vitest mock
output; these tests exercise the real Matrix runtime fetch path end-to-end.

* test(matrix): satisfy lint for transport proof

* fix(matrix): preserve encrypted media download limits

* test(matrix): add streaming OOM guard proof via real node:http server without Content-Length

Drive readResponseWithLimit directly by omitting Content-Length so that
enforceDeclaredResponseSize is a no-op and the streaming byte cap is the
sole enforcement path. A 20 MiB chunked server response with a 16 MiB
cap confirms the stream is canceled before full buffering (chunksWritten
< TOTAL_CHUNKS). A second case verifies under-cap payloads pass through.

* test(matrix): fix lint errors in real HTTP server proof (curly)

* test(matrix): add under-cap proof to real HTTP server test

* fix(feishu): hoist abortable delay timer binding

The finish() closure referenced timer which was declared with const after
finish was defined. If finish(false) ran via the abort signal check at
line 99 or via the abort event listener before the const timer assignment,
accessing timer in the temporal dead zone would throw a ReferenceError.

Hoist timer as a let binding above finish so it is safely undefined when
finish fires early, and the  guard in finish handles it.

* fix: clear Tailscale probe timeout

The checkBinary helper used Promise.race with a setTimeout-based timeout
but never cleared the timer when runExec completed first. Wrap the race
in a try/finally that clears the timer handle to avoid a dangling timer.

* fix(sms): strip internal tool traces from replies

* fix(browser): decode CDP URL credentials

* fix(reply): honor suppressToolErrors for progress

5.22 already drops the tool-error WARNING text via payloads.ts, but the
error tool-result payload was still delivered as channel progress unless
sourceReplyDeliveryMode was message_tool_only. Operators who opt into
messages.suppressToolErrors expect no tool-error noise in chat at all.
Add a config-gated early-return in the onToolResult dispatch path so the
visible progress delivery is dropped too, matching the warning-text policy.
No-op unless messages.suppressToolErrors is true. Folds the mac-mini deploy
hotfix into the tracked branch.

(cherry picked from commit a973410e6d3ddbbaa4c3fb308ad4247274a9633a)

Co-authored-by: amittell <mittell@me.com>

* fix(reload): cancel deferred channel reload on restart

Fixes #79487

* fix: restore main lint after timer repairs

Preserve the Tailscale timeout cleanup from #98134 and the Feishu TDZ fix from #98137 while satisfying the repository lint rules.

Credit: @zhangLei99586 authored both underlying fixes.

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>
Co-authored-by: zhangLei99586 <zhang.lei162@xydigit.com>

* fix(slack): guard relay frame parsing

* fix(slack): guard relay WebSocket frame JSON.parse against malformed input

Slack Socket Mode relay receives WebSocket frames from external
infrastructure. parseRelayFrame() used bare JSON.parse() which would
throw raw SyntaxError on malformed frames, potentially crashing the
relay connection.

Wrap JSON.parse in try/catch and throw SlackRelayMalformedFrameError
with the original SyntaxError as cause, so callers can distinguish
transport errors from parse errors.

D4 dimension — all competitors have zero coverage.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>

* fix(slack): repair relay frame guard tests

---------

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* fix(memory-core): skip qmd zero-hit search sync

* fix(transcripts): close stream on parse failure

* fix(cli): show exit code when plugin npm install returns empty output (#98497)

* fix(cli): show exit code when npm install returns empty output

installPackageDir previously produced 'npm install failed:' with an empty
suffix when npm exited non-zero without writing to stdout or stderr. Users
running 'openclaw plugins install @openclaw/acpx' saw only that empty line
followed by the misleading hook-pack fallback error, leaving nothing
actionable in the output.

Add a small helper that keeps npm's own output when it exists but falls
back to reporting the exit code, signal, and termination reason when both
streams are empty. Regression tests cover the empty-output exit case and
the signal-terminated case; the existing stderr surfacing test still
passes unchanged.

Refs #98484

* fix(cli): narrow npm install failure diagnostics

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* feat(apple): add Russian and Hindi app catalogs

* feat(apple): localize native app surfaces

* style(apple): format localized share extension

* feat(apple): complete core locale coverage

* test(apple): enforce phased catalog coverage

* fix(macos): package localized app resources

* fix(macos): compile packaged localizations

* fix(apple): preserve localized static labels

* fix: restore tooling CI after transcript test addition (#98610)

* test: update transcript helper routing expectation

* test: update transcript helper routing expectation

---------

Co-authored-by: Peter Steinberger <58493+steipete@users.noreply.github.com>

* fix(subagent): preserve steered task text on restart redispatch

Squashed from PR #77539 after maintainer CI repair.

* feat(i18n): refresh native locale artifacts

* feat(i18n): refresh every native locale

* fix(ci): commit first native locale artifacts

* docs(i18n): clarify native artifact ownership

* fix(i18n): validate native translation structure

* fix(ci): restrict native locale refresh dispatch

* fix(i18n): validate Kotlin and Swift placeholders

* fix(i18n): cover all native source roots

* fix(i18n): guard native refresh inputs

* test(i18n): prove native refresh creation and no-op

* test(ci): guard native locale refresh retries

* fix(i18n): allow locale placeholder reordering

* fix(i18n): validate native refresh inputs

* fix(i18n): name Swedish in translation prompts

* fix(i18n): preserve native printf placeholders

* fix(ci): refresh native locales for glossary changes

* test(i18n): use shared temp directory helper…
chenyangjun-xy pushed a commit to chenyangjun-xy/openclaw that referenced this pull request Jul 1, 2026
chenyangjun-xy pushed a commit to chenyangjun-xy/openclaw that referenced this pull request Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

app: android App: android maintainer Maintainer-authored PR P2 Normal backlog priority with limited blast radius. proof: sufficient ClawSweeper judged the real behavior proof convincing. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. size: S status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Android TLS fingerprint verification times out on slow Tailnet handshakes

1 participant