chore: VALIDATION Integration branch that SHOULD BE a UNION of fix/* and feature/* branches#7
Closed
zeroaltitude wants to merge 127 commits intomainfrom
Closed
chore: VALIDATION Integration branch that SHOULD BE a UNION of fix/* and feature/* branches#7zeroaltitude wants to merge 127 commits intomainfrom
zeroaltitude wants to merge 127 commits intomainfrom
Conversation
Enrich every browser action response with the resolved page URL so downstream consumers (security plugins, audit loggers) know which page was targeted without a separate tabs query. - Add shared withRouteTabContext URL enrichment wrapper (agent.shared.ts) - Resolve live URL via Playwright, fall back to tab list URL - Include url field in browser-tool console message results - Push URL changes from Chrome extension background script Co-authored-by: Eddie Abrams <eddie@bighatbio.com>
When a channel config has top-level tokens (botToken/appToken/token) AND named accounts in the accounts section, listAccountIds() omitted the default account. This meant only named accounts started, leaving the base-config bot disconnected. Now detects base-level tokens and includes 'default' alongside named accounts so both providers start. Includes 3 test cases: base tokens present, default already in accounts (no duplicate), and no base tokens (unchanged behavior). Co-authored-by: Eddie Abrams <eddie@bighatbio.com>
df163ee to
4413699
Compare
Address two review findings on the browser URL enrichment: 1. withRouteTabContext now only fills in url when the handler didn't already set one (record.url === undefined). This prevents clobbering post-navigation URLs returned by /navigate and similar handlers. 2. Chrome extension tabs.onUpdated listener now falls back to chrome.tabs.get() for the current title when changeInfo.title is undefined (URL-only changes), preventing relay cache title wipes.
…d injection Remove redundant url: tab.url and targetId: tab.targetId from individual action/debug route responses. The withRouteTabContext wrapper already resolves the live Playwright URL and injects both fields into any response where they're missing. Hardcoding tab.url in handlers prevented the wrapper from correcting stale relay metadata — the exact scenario it was designed to fix. Addresses Codex review on openclaw#30323.
163e124 to
8a80a93
Compare
zeroaltitude
pushed a commit
that referenced
this pull request
Mar 2, 2026
… and docs (openclaw#16761) Add inline file attachment support for sessions_spawn (subagent runtime only): - Schema: attachments[] (name, content, encoding, mimeType) and attachAs.mountPath hint - Materialization: files written to .openclaw/attachments/<uuid>/ with manifest.json - Validation: strict base64 decode, filename checks, size limits, duplicate detection - Transcript redaction: sanitizeToolCallInputs redacts attachment content from persisted transcripts - Lifecycle cleanup: safeRemoveAttachmentsDir with symlink-safe path containment check - Config: tools.sessions_spawn.attachments (enabled, maxFiles, maxFileBytes, maxTotalBytes, retainOnSessionKeep) - Registry: attachmentsDir/attachmentsRootDir/retainAttachmentsOnKeep on SubagentRunRecord - ACP rejection: attachments rejected for runtime=acp with clear error message - Docs: updated tools/index.md, concepts/session-tool.md, configuration-reference.md - Tests: 85 new/updated tests across 5 test files Fixes: - Guard fs.rm in materialization catch block with try/catch (review concern #1) - Remove unreachable fallback in safeRemoveAttachmentsDir (review concern #7) - Move attachment cleanup out of retry path to avoid timing issues with announce loop Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM> Co-authored-by: napetrov <napetrov@users.noreply.github.com>
082b08b to
8afa9b8
Compare
8afa9b8 to
dc00c90
Compare
…undant preflight lookup; guard relay send - Move URL enrichment to after handler run() so navigating actions (/act, /navigate) report post-action URL, not pre-run snapshot - Remove pre-run Playwright page lookup that doubled CDP latency - Wrap sendToRelay in tabs.onUpdated with try/catch for WebSocket flaps Addresses review feedback from codex-connector on PR openclaw#30323.
…erit base tokens - Don't inject 'default' when all named accounts lack per-account auth overrides (they'd use the same base credentials, causing duplicate provider connections and event processing) - Use normalizeAccountId for case-insensitive default detection - Applies to Slack (botToken/appToken) and Discord (token) alike Addresses review feedback from codex-connector on PR openclaw#30310.
dc00c90 to
b3ddf8d
Compare
…okens Mixed configs (some accounts with own tokens, some inheriting base) would still duplicate credentials between default and inheriting accounts. Now requires every named account to carry per-account auth before injecting default. Addresses codex-connector P1 on PR openclaw#30310.
…ontext The intercepted res.json was not restored on exceptions from run(), causing handleRouteError -> jsonError to hit the buffer interceptor instead of actually sending the error response. This could leave HTTP requests hanging on any Playwright failure in tab-targeting routes. Addresses codex-connector P1 on PR openclaw#30323.
b3ddf8d to
02e582d
Compare
The in-memory thread participation cache was lost on gateway restart, causing the bot to stop responding to non-@mention messages in threads it had previously participated in. Now persists to $STATE_DIR/slack-thread-participation.json with: - Lazy load on first access (no startup cost) - Debounced writes (at most every 5s, unref'd timer) - TTL filtering on load (expired entries discarded) - Graceful handling of missing/corrupt files Adds 4 persistence tests alongside existing 8 unit tests.
02e582d to
91309d9
Compare
Addresses greptile review on PR openclaw#33845.
91309d9 to
04370de
Compare
…kage Addresses greptile review — the old afterEach left loaded=true, so the first test could read from the real state dir on machines with live data.
04370de to
ef66c19
Compare
…gent context Enrich PluginHookAgentContext with security-relevant sender identity fields that enable plugins to make trust decisions based on who triggered an agent run: - sourceProvider: original message source before channel routing - senderId: platform-specific sender ID (Discord, Slack, etc.) - senderName: sender's display name - senderIsOwner: whether sender is a configured owner - groupId: group/channel ID for group chats (null for DMs) - spawnedBy: parent session key for sub-agent sessions Also adds sessionKey to PluginHookMessageContext for message hooks. Consolidates inline hook context objects in attempt.ts to use a single hookCtx variable, ensuring all hook call sites receive the full identity context consistently. These fields are consumed by security plugins like openclaw-provenance for taint classification and trust-level assignment. Follows the pattern established in openclaw#28623 (trigger/channelId) and openclaw#26394 (sessionKey for session hooks). [claude, human developer oversight]
…ility hooks Three new void/parallel plugin hooks for agent loop observability: - context_assembled: fires when the full context (system prompt + messages) is assembled before the first LLM call. Gives plugins a census of what the model will see. - loop_iteration_start: fires at the start of each agent loop iteration. Enables recursion depth tracking. - loop_iteration_end: fires at the end of each iteration with tool call count and whether the loop will continue. All three are fire-and-forget (void return, parallel execution), making them zero-impact on the critical path. No existing hooks cover these observation points — context_assembled and loop iteration tracking have zero overlap with current hook surface. Wired into the embedded runner via event subscription for iteration hooks and inline call for context_assembled. 9 unit tests covering event shape, parallel execution, and no-op when no handlers are registered. [claude, human developer oversight]
…nicalize redirect paths - blockSessionSave now uses truthy check instead of === true, so plugins setting 1, 'yes', or any truthy value are handled correctly. - Stale comment about 'fall back to default memory directory' updated to match actual fail-closed behavior. - Absolute redirect paths now relativized against realpath(workspaceDir) to avoid symlink aliasing producing false outside-workspace rejections.
…dMessages Tool-call-only assistant messages have content (array with tool_use blocks) but no text. assistantTextCount is derived from streamed text entries, so the tail scan must match that filter. Using extractAssistantText().length > 0 instead of 'content' in msg.
- blockSessionSave reverted to === true for explicit policy intent (prevents 'false' string from accidentally blocking). - writePath changed from let to const (never reassigned since fail-closed removes the fallback reassignment path).
before_llm_call block now uses BeforeLlmCallBlockError sentinel class instead of generic Error. The agent loop catches this specifically and completes the run gracefully (no error surfaced) — consistent with before_response_emit block behavior. Previously, blocking threw a generic error that surfaced as a run failure.
…fore relativizing Both sides now go through realpath() so symlink aliasing (e.g. /var/data/ws symlinked to /real/data/ws) produces a correct relative path instead of a false ../-prefixed rejection.
- Replace hardcoded /tmp/evil path with test-local sibling dir - Add empty-string sessionSaveContent test (blank marker file) - Remove redundant writePath alias (inline writeRelativePath)
Consistent with block (one-way latch) and content/messages (first-writer-wins): the higher-priority plugin that originally blocked also owns the reason. Prevents a lower-priority plugin from silently overwriting the block reason.
… targets realpath fails on nonexistent files. Now canonicalizes the parent directory and re-appends the filename, so new quarantine files under a symlink-aliased workspace are correctly recognized as in-workspace.
…s only Tool-call-only assistant messages (content arrays with only tool_use blocks, no text) are now skipped in rewriteAllAssistantContent, matching getRunScopedMessages and assistantTexts counting. Prevents allContent index misalignment when tool-call-only turns are interspersed with text-bearing turns.
…y symlink comment Slug is only used for default filename — unused when isRedirected. Avoids unnecessary LLM API call on every redirected /new command. Also updated symlink canonicalization comment to note the known limitation when redirect parent doesn't exist.
…ges block - allContent splice now bounded to original assistantTexts.length — plugins cannot expand the response beyond what was produced. - Block with empty runMessages (compaction edge case) now fails closed by clearing ALL assistant content in the session, preventing blocked text from leaking into future turns or persistence.
…ation block Fixes TDZ ReferenceError: isRedirected was used inside the slug generation guard (line 282) but declared 20 lines later (line 305). Masked in tests because allowLlmSlug is false in test env.
…indows CI writeFileWithinRoot creates parent dirs for relative paths but the test uses an absolute path. Windows CI doesn't have the quarantine/ directory pre-created, causing ENOENT.
clearAllAssistantContent now sets array content to [] instead of only clearing text parts. Prevents sensitive data in tool_use input arguments from persisting in session history when a response is blocked by before_response_emit.
… symlink Replaces parent-dir-only realpath with recursive ancestor walk that finds the nearest existing directory and resolves symlinks from there. Fixes false outside-workspace rejections on macOS where /tmp symlinks to /private/tmp and redirect parent dirs don't exist yet. Also documents intentional workspace-root write scope for redirects.
- Removed dangling JSDoc comment from pre-refactor getRecentSessionContent - Empty-string test now asserts content is '' (not just absence of data) - New test: sessionSaveContent + sessionSaveRedirectPath combo coverage (23 tests total)
…tric error handling Non-redirect writes now use memory/ as containment root instead of workspace/, preventing a misbehaving slug generator from writing outside memory/. Added dedicated try/catch with SafeOpenError handling for non-redirect path, matching redirect error handling.
…ors, guard gate clear
1. Test comment: 'h2 overrides' → clarifies h1 never blocked (not a latch scenario)
2. Cross-lock: added NOTE for plugin authors about silent drop behavior
3. Gate clear: guarded by hasHooks('after_llm_call') to avoid no-op on before_llm_call-only
Resolved conflicts in attempt.ts, hooks.ts, and types.ts by combining loop_iteration/context_assembled hooks from feat/hook-context-assembled-loop-iteration with before_llm_call/ after_llm_call/before_response_emit hooks from this branch. Added identity context fields from feat/hook-agent-identity-context.
a9307ed to
0163500
Compare
zeroaltitude
pushed a commit
that referenced
this pull request
Apr 2, 2026
* feat: add QQ Bot channel extension * fix(qqbot): add setupWizard to runtime plugin for onboard re-entry * fix: fix review * fix: fix review * chore: sync lockfile and config-docs baseline for qqbot extension * refactor: 移除图床服务器相关代码 * fix * docs: 新增 QQ Bot 插件文档并修正链接路径 * refactor: remove credential backup functionality and update setup logic - Deleted the credential backup module to streamline the codebase. - Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs. - Simplified slash commands by removing unused hot upgrade compatibility checks and related functions. - Adjusted types to use SecretInput for client secrets in QQBot configuration. - Modified bundled plugin metadata to allow additional properties in the config schema. * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup - Deleted the qqbot-media and qqbot-remind skills documentation files. - Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations. - Implemented tests for local media path remapping, verifying correct resolution of media file paths. - Removed obsolete channel and remind tools, streamlining the codebase. * feat: 更新 QQBot 配置模式,添加音频格式和账户定义 * feat: 添加 QQBot 频道管理和定时提醒技能,更新媒体路径解析功能 * fix * feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引 * feat: update reminder and qq channel skills * feat: 更新remind工具投递目标地址格式 * feat: Refactor QQBot payload handling and improve code documentation - Simplified and clarified the structure of payload interfaces for Cron reminders and media messages. - Enhanced the parsing function to provide clearer error messages and improved validation. - Updated platform utility functions for better cross-platform compatibility and clearer documentation. - Improved text parsing utilities for better readability and consistency in emoji representation. - Optimized upload cache management with clearer comments and reduced redundancy. - Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation. * OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift > openclaw@2026.3.26 check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw > node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check [bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts ELIFECYCLE Command failed with exit code 1. ELIFECYCLE Command failed with exit code 1. * feat: 添加 QQBot 渠道配置及相关账户设置 * fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review DM routing (7 fixes): - #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId) - #2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId} - #3: sendTextChunks adds DM branch - #4: sendMarkdownReply adds DM branch for text and Base64 images - #5: parseAndSendMediaTags maps DM to targetType:dm + guildId - #6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field - #7: handleImage/Audio/Video/FilePayload add DM branches Other high-priority fixes: - #8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment - #9: broadcastMessage uses groupOpenid instead of member_openid for group users - #10: Unify KnownUser storage - proactive.ts delegates to known-users.ts - #11: Remove invalid recordKnownUser calls for guild/DM users - #12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook - #13: sendPhoto channel unsupported returns error field - #14: sendTextAfterMedia adds channel and dm branches Type fixes: - DeliverEventContext adds guildId field - MediaTargetContext.targetType adds dm variant - sendPlainTextReply imgMediaTarget adds DM branch * fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review Blocker-1: Remove unused dmPolicy config knob - dmPolicy was declared in schema/types/plugin.json but never consumed at runtime - Removed from config-schema.ts, types.ts, and openclaw.plugin.json - allowFrom remains active (already wired into framework command-auth) Blocker-2: Gate sensitive slash commands with allowFrom authorization - SlashCommand interface adds requireAuth?: boolean - SlashCommandContext adds commandAuthorized: boolean - /bot-logs set to requireAuth: true (reads local log files) - matchSlashCommand rejects unauthorized senders for requireAuth commands - trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config Medium-priority fixes: - #15: Strip non-HTTP/non-local markdown image tags to prevent path leakage - #16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa - #17: getAdminMarkerFile sanitizes accountId to prevent path traversal - #18: URGENT_COMMANDS uses exact match instead of startsWith prefix match - #19: isCronExpression validates each token starts with a cron-valid character - openclaw#20: --token format validation rejects malformed input without colon separator - openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable * test(qqbot): add focused tests for slash command authorization path - Unauthorized sender rejected for /bot-logs (requireAuth: true) - Authorized sender allowed for /bot-logs - Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders - Unknown slash commands return null (passthrough) - Non-slash messages return null - Usage query (/bot-logs ?) also gated by auth check * fix(qqbot): align global TTS fallback with framework config resolution - Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core resolveTtsConfig logic: check auto !== 'off', fall back to legacy enabled boolean, default to off when neither is set. - Add pre-check in reply-dispatcher before calling globalTextToSpeech to avoid unnecessary TTS calls and noisy error logs when TTS is not configured. - Remove inline as any casts; use OpenClawConfig type throughout. - Refactor handleAudioPayload into flat early-return structure with unified send path (plugin TTS → global fallback → send). * fix(qqbot): break ESM circular dependency causing multi-account startup crash The bundled gateway chunk had a circular static import on the channel chunk (gateway -> outbound-deliver -> channel, while channel dynamically imports gateway). When two accounts start concurrently via Promise.all, the first dynamic import triggers module graph evaluation; the circular reference causes api exports (including runDiagnostics) to resolve as undefined before the module finishes evaluating. Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new text-utils.ts leaf module. outbound-deliver.ts now imports from text-utils.ts, breaking the cycle. channel.ts re-exports for backward compatibility. * fix(qqbot): serialize gateway module import to prevent multi-account startup race When multiple accounts start concurrently via Promise.all, each calls await import('./gateway.js') independently. Due to ESM circular dependencies in the bundled output, the first import can resolve transitive exports as undefined before module evaluation completes. Fix: cache the dynamic import promise in a module-level variable so all concurrent startAccount calls share the same import, ensuring the gateway module is fully evaluated before any account uses it. * refactor(qqbot): remove startup greeting logic Remove getStartupGreetingPlan and related startup greeting delivery: - Delete startup-greeting.ts (greeting plan, marker persistence) - Delete admin-resolver.ts (admin resolution, greeting dispatch) - Remove startup greeting calls from gateway READY/RESUMED handlers - Remove isFirstReadyGlobal flag and adminCtx * fix(qqbot): skip octal escape decoding for Windows local paths Windows paths like C:\Users\1\file.txt contain backslash-digit sequences that were incorrectly matched as octal escape sequences and decoded, corrupting the file path. Detect Windows local paths (drive letter or UNC prefix) and skip the octal decoding step for them. * fix bot issue * feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile * docs: 添加 QQBot 配置和消息处理的设计说明 * rebase * fix(qqbot): align slash-command auth with shared command-auth model Route requireAuth:true slash commands (e.g. /bot-logs) through the framework's api.registerCommand() so resolveCommandAuthorization() applies commands.allowFrom.qqbot precedence and qqbot: prefix normalization before any handler runs. - slash-commands.ts: registerCommand() now auto-routes by requireAuth into two maps (commands / frameworkCommands); getFrameworkCommands() exports the auth-required set for framework registration; bot-help lists both maps - index.ts: registerFull() iterates getFrameworkCommands() and calls api.registerCommand() for each; handler derives msgType from ctx.from, sends file attachments via sendDocument, supports multi-account via ctx.accountId - gateway.ts (inbound): replace raw allowFrom string comparison with qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and uppercase before matching event.senderId - gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized is true (requireAuth:true commands never reach matchSlashCommand) - command-auth.test.ts: add regression tests for qqbot: prefix normalization in the inbound commandAuthorized computation - slash-commands.test.ts: update /bot-logs tests to expect null (command routed to framework, not in local registry) * rebase and solve conflict * fix(qqbot): preserve mixed env setup credentials --------- Co-authored-by: yuehuali <yuehuali@tencent.com> Co-authored-by: walli <walli@tencent.com> Co-authored-by: WideLee <limkuan24@gmail.com> Co-authored-by: Frank Yang <frank.ekn@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As per title only