chore: VALIDATION Integration monolith branch original#8
Closed
zeroaltitude wants to merge 50 commits intomainfrom
Closed
chore: VALIDATION Integration monolith branch original#8zeroaltitude wants to merge 50 commits intomainfrom
zeroaltitude wants to merge 50 commits intomainfrom
Conversation
- Update default model from claude-opus-4-5 to claude-opus-4-6 - Add claude-opus-4-6 to ANTHROPIC_PREFIXES for model filtering - Add opus-4.6 alias, keep opus-4.5 as fallback alias - Add model costs, context windows, max tokens for 4.6 - Update all references in image tools, media understanding, etc. - Maintain backward compatibility with 4.5 references
recomputeNextRuns() is called by ensureLoaded(forceReload) which runs inside onTimer() before runDueJobs(). When the timer fires at (or just after) the exact trigger time, recomputeNextRuns would call computeNextRunAtMs(job, now) which advances nextRunAtMs to the *next* occurrence. By the time runDueJobs() checks 'now >= nextRunAtMs', the slot has already been advanced — the job is silently skipped. Fix: in recomputeNextRuns, if a job's nextRunAtMs is in the past (due), it has no runningAtMs (not currently executing), and lastRunAtMs is before the current slot (hasn't been executed for this occurrence), preserve the existing nextRunAtMs so runDueJobs can fire it. This is a TOCTOU race that affects all recurring schedule types (cron expressions, every-interval) when the timer callback runs at or just after the scheduled time. Adds 5 unit tests for recomputeNextRuns covering: - Due job with no prior execution (preserved) - Timer fires slightly late (preserved) - Job already executed for slot (advances) - Job not yet due (unchanged) - Currently-running job (advances)
fix(cron): preserve nextRunAtMs for due-but-unexecuted recurring jobs
Add 6 new plugin hooks that give plugins full visibility into the agent loop internals, enabling security/provenance, compliance, cost management, and A/B testing plugins without modifying core data models. New hooks: - before_llm_call: see/modify full context before each LLM API call - after_llm_call: intercept/filter tool calls after LLM response - context_assembled: observe assembled context with source metadata - loop_iteration_start/end: track agent loop recursion - before_response_emit: final gate before response delivery Based on RFC-PROVENANCE-HOOKS.md from openclaw-vestige.
Emit the 6 new plugin hooks from the agent loop: - before_llm_call: wraps streamFn to intercept every LLM API call, allowing plugins to inspect/modify context, filter tools, or block - after_llm_call: emitted at message_end with tool call extraction - context_assembled: emitted on first LLM call of each turn - loop_iteration_start/end: emitted via turn_start/turn_end events - before_response_emit: emitted after prompt completes, before return Uses streamFn wrapping pattern (same as cache trace + payload logger) and AgentEvent subscription for lifecycle tracking.
Comprehensive tests for all 6 new agent loop observability hooks: - hooks.extended.test.ts: unit tests for hook runners (dispatch, merge, block, error handling, priority ordering) - hook-stream-wrapper.test.ts: integration tests for streamFn wrapper (context_assembled fires once, before_llm_call fires every call, context modification, tool filtering, blocking, error resilience)
TypeScript strictness: CustomMessage<unknown> lacks index signature, so direct casts to Record<string, unknown> fail. Cast through unknown first as the canonical workaround.
Add senderId, senderName, senderIsOwner, groupId, and spawnedBy to PluginHookAgentContext. These fields are already available in the run params but were not forwarded to plugin hooks. This enables plugins to classify initial trust based on who sent the message and what channel it came from: - senderIsOwner=true in DM → trust: owner - senderIsOwner=false → trust: external or shared - groupId set → group chat context (may contain external messages) - spawnedBy set → sub-agent session - messageProvider=undefined → system event (cron, heartbeat)
…all sites The hookAgentCtx construction in attempt.ts already read these fields from params, but three runner call sites weren't forwarding them: - agent-runner-execution.ts (main reply) - agent-runner-memory.ts (memory flush) - followup-runner.ts (followup runs) This caused senderIsOwner to always be undefined in plugin hooks, making initial trust classification fall through to 'untrusted'.
…through all call sites The FollowupRun.run type was missing senderIsOwner and spawnedBy, causing TypeScript errors when forwarding these fields to runEmbeddedPiAgent. Added them to queue/types.ts.
…und messages Previously, the before_response_emit hook result was only checked for block/blockReason. The content field was ignored, making content modification impossible for plugins. Now when a plugin returns modified content, it is applied to both the messagesSnapshot and the active session messages so the delivery pipeline picks up the change. This enables use cases like the provenance plugin's developerMode taint headers.
Feature/extended security hooks
…lper - Make latencyMs, pendingToolResults, newMessagesAdded optional (were hardcoded 0) - Extract before_response_emit into hook-response-emit.ts (eliminates unsafe casts) - Add 11 tests for extracted helper - All 46 hook tests pass
refactor(hooks): clean up phantom fields and extract response-emit he…
Resolve 4 conflicts: - hooks.ts: Import both our extended hooks and upstream's new hooks - discord.ts: Keep resolveTarget, add upstream's silent param - jobs.ts: Accept upstream's walkSchedulableJobs refactor (our TOCTOU guard is redundant since maintenance func only sets missing nextRunAtMs) - attempt.ts: Keep hookAgentCtx with extended sender fields, add sessionId, integrate compaction timeout snapshot, keep hookEventUnsub + safer unsubscribe
Resolve 7 conflicts: - followup-runner.ts, queue/types.ts: keep spawnedBy field (ours) - agent-runner-execution.ts: adopt main's buildEmbeddedRunContexts/ buildEmbeddedRunBaseParams refactor, preserve spawnedBy - agent-runner-memory.ts: adopt main's helper refactor - attempt.ts: keep our hookAgentCtx (richer than main's hookAgentId), adopt main's resolvePromptBuildHookResult, keep both our before_response_emit hook AND main's prompt-error entry - discord outbound: keep our resolveTarget with session fallback, adopt main's webhook identity + threadId support - server-startup.ts: take main's imports (gmail-watcher-lifecycle, session-dirs, write-lock)
When a channel config has top-level tokens (botToken/appToken/token) AND named accounts in the accounts section, the default account was excluded from listAccountIds. This meant the default account's provider never started — only named accounts did. This caused Slack to silently stop responding when a second Slack app was added as a named account (e.g., accounts.tank), because the primary bot's socket connection was never established. Fix: check if the base channel config has its own tokens, and if so, include DEFAULT_ACCOUNT_ID alongside named accounts.
These fields were defined in RunEmbeddedPiAgentParams and populated by callers (agent-runner-execution, followup-runner) but never forwarded from run.ts to runEmbeddedAttempt(). This meant plugin hooks (including provenance) always received senderId=undefined and senderName=undefined, making trustedSenderIds classification dead code. Also adds the fields to CompactEmbeddedPiSessionParams so compaction preserves sender identity for plugin hooks.
Adds sessionKey to PluginHookMessageContext so plugins can correlate outbound messages with their originating session. This enables the provenance plugin to inject taint headers on messages sent via the message tool (not just native response emit).
…articipant fix(slack): implicit thread mention when bot participated but did not…
… start thread Previously, the implicit thread mention logic only triggered when parent_user_id matched the bot's user ID (i.e., the bot authored the parent message). This meant that when a user @mentioned the bot in a channel and the bot replied in a thread, subsequent thread replies without @mention were silently dropped. Now uses a two-tier check: 1. Check if a thread session exists (cheap file read) — covers subsequent turns after the first thread exchange. 2. If no session, check Slack API conversations.replies for bot participation — covers the first follow-up where the bot replied but no thread session was created (bot's own reply is dropped as a self-message). Both checks are gated on requireMention being true to avoid unnecessary API calls in channels that don't require mentions. Adds three tests: - Thread reply processed when bot has existing thread session - Thread reply processed when bot replied but no thread session exists (API fallback) - Thread reply skipped when bot never participated and requireMention=true
…ation Heartbeats set Provider='heartbeat' but OriginatingChannel='discord' (the delivery channel). resolveOriginMessageProvider prefers OriginatingChannel, so messageProvider becomes 'discord' — hiding the true origin from security plugins. Add sourceProvider field that preserves the original Provider value (e.g. 'heartbeat', 'cron-event', 'exec-event') through the full chain: get-reply-run → run params → attempt hookCtx → followup runner. Security plugins can now check sourceProvider to distinguish internal system messages from real user messages on the same channel.
All browser server routes that operate on a specific tab now consistently include `url: tab.url` in their JSON response. Previously only snapshot, screenshot, pdf, click, resize, and evaluate included the page URL — other act kinds (type, press, hover, drag, select, fill, wait, etc.) and console omitted it. Consistent URL metadata in tool responses enables security plugins and future OpenClaw features to track which page a browser action targeted, improving auditability and enabling per-domain policy decisions without requiring a separate tab-info query.
The withRouteTabContext wrapper now automatically injects the resolved tab's targetId and current page URL into every successful JSON response (ok: true). Existing explicit values are preserved — the wrapper only fills in missing fields. This ensures all browser actions that target a specific tab consistently surface page metadata without requiring each route handler to manually include it. Security plugins and audit tooling can rely on result.details.url to know which page was acted upon, enabling per-domain policy decisions and improved observability. The pattern generalizes: any tool framework that resolves an indirect reference (like a tab ID) to a concrete resource (like a URL) can adopt the same wrapper approach to surface resolved metadata.
…RL changes from Chrome extension Part A (core wrapper): withRouteTabContext now queries the actual page URL via Playwright's page.url() instead of relying solely on the relay's cached tab.url. This corrects stale URL metadata when users navigate in the browser without triggering a relay cache refresh. Part B (Chrome extension): Add chrome.tabs.onUpdated listener that pushes Target.targetInfoChanged to the relay when a connected tab's URL changes. This handles same-site navigations and pushState changes where the debugger stays attached and the detach/re-attach cycle never fires.
- Remove 21 console.log('[inbound-timing]') dev profiling statements
- Fix hook test: update priority-based assertions to registration-order (FIFO)
- Remove stale priority fields from test registrations
- Downgrade hot-path log.info to log.debug in hook-response-emit
- Replace IIFE with plain let/if in hook-stream-wrapper tool filtering
- Remove redundant FIFO comment in triggerInternalHook
- Fix lint: remove unused imports (beforeEach, isCronSessionKey), use unknown cast
zeroaltitude
pushed a commit
that referenced
this pull request
Apr 2, 2026
* feat: add QQ Bot channel extension * fix(qqbot): add setupWizard to runtime plugin for onboard re-entry * fix: fix review * fix: fix review * chore: sync lockfile and config-docs baseline for qqbot extension * refactor: 移除图床服务器相关代码 * fix * docs: 新增 QQ Bot 插件文档并修正链接路径 * refactor: remove credential backup functionality and update setup logic - Deleted the credential backup module to streamline the codebase. - Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs. - Simplified slash commands by removing unused hot upgrade compatibility checks and related functions. - Adjusted types to use SecretInput for client secrets in QQBot configuration. - Modified bundled plugin metadata to allow additional properties in the config schema. * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup - Deleted the qqbot-media and qqbot-remind skills documentation files. - Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations. - Implemented tests for local media path remapping, verifying correct resolution of media file paths. - Removed obsolete channel and remind tools, streamlining the codebase. * feat: 更新 QQBot 配置模式,添加音频格式和账户定义 * feat: 添加 QQBot 频道管理和定时提醒技能,更新媒体路径解析功能 * fix * feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引 * feat: update reminder and qq channel skills * feat: 更新remind工具投递目标地址格式 * feat: Refactor QQBot payload handling and improve code documentation - Simplified and clarified the structure of payload interfaces for Cron reminders and media messages. - Enhanced the parsing function to provide clearer error messages and improved validation. - Updated platform utility functions for better cross-platform compatibility and clearer documentation. - Improved text parsing utilities for better readability and consistency in emoji representation. - Optimized upload cache management with clearer comments and reduced redundancy. - Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation. * OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift > openclaw@2026.3.26 check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw > node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check [bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts ELIFECYCLE Command failed with exit code 1. ELIFECYCLE Command failed with exit code 1. * feat: 添加 QQBot 渠道配置及相关账户设置 * fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review DM routing (7 fixes): - #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId) - #2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId} - #3: sendTextChunks adds DM branch - #4: sendMarkdownReply adds DM branch for text and Base64 images - #5: parseAndSendMediaTags maps DM to targetType:dm + guildId - #6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field - #7: handleImage/Audio/Video/FilePayload add DM branches Other high-priority fixes: - #8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment - #9: broadcastMessage uses groupOpenid instead of member_openid for group users - #10: Unify KnownUser storage - proactive.ts delegates to known-users.ts - #11: Remove invalid recordKnownUser calls for guild/DM users - #12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook - #13: sendPhoto channel unsupported returns error field - #14: sendTextAfterMedia adds channel and dm branches Type fixes: - DeliverEventContext adds guildId field - MediaTargetContext.targetType adds dm variant - sendPlainTextReply imgMediaTarget adds DM branch * fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review Blocker-1: Remove unused dmPolicy config knob - dmPolicy was declared in schema/types/plugin.json but never consumed at runtime - Removed from config-schema.ts, types.ts, and openclaw.plugin.json - allowFrom remains active (already wired into framework command-auth) Blocker-2: Gate sensitive slash commands with allowFrom authorization - SlashCommand interface adds requireAuth?: boolean - SlashCommandContext adds commandAuthorized: boolean - /bot-logs set to requireAuth: true (reads local log files) - matchSlashCommand rejects unauthorized senders for requireAuth commands - trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config Medium-priority fixes: - #15: Strip non-HTTP/non-local markdown image tags to prevent path leakage - #16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa - #17: getAdminMarkerFile sanitizes accountId to prevent path traversal - #18: URGENT_COMMANDS uses exact match instead of startsWith prefix match - #19: isCronExpression validates each token starts with a cron-valid character - openclaw#20: --token format validation rejects malformed input without colon separator - openclaw#21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable * test(qqbot): add focused tests for slash command authorization path - Unauthorized sender rejected for /bot-logs (requireAuth: true) - Authorized sender allowed for /bot-logs - Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders - Unknown slash commands return null (passthrough) - Non-slash messages return null - Usage query (/bot-logs ?) also gated by auth check * fix(qqbot): align global TTS fallback with framework config resolution - Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core resolveTtsConfig logic: check auto !== 'off', fall back to legacy enabled boolean, default to off when neither is set. - Add pre-check in reply-dispatcher before calling globalTextToSpeech to avoid unnecessary TTS calls and noisy error logs when TTS is not configured. - Remove inline as any casts; use OpenClawConfig type throughout. - Refactor handleAudioPayload into flat early-return structure with unified send path (plugin TTS → global fallback → send). * fix(qqbot): break ESM circular dependency causing multi-account startup crash The bundled gateway chunk had a circular static import on the channel chunk (gateway -> outbound-deliver -> channel, while channel dynamically imports gateway). When two accounts start concurrently via Promise.all, the first dynamic import triggers module graph evaluation; the circular reference causes api exports (including runDiagnostics) to resolve as undefined before the module finishes evaluating. Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new text-utils.ts leaf module. outbound-deliver.ts now imports from text-utils.ts, breaking the cycle. channel.ts re-exports for backward compatibility. * fix(qqbot): serialize gateway module import to prevent multi-account startup race When multiple accounts start concurrently via Promise.all, each calls await import('./gateway.js') independently. Due to ESM circular dependencies in the bundled output, the first import can resolve transitive exports as undefined before module evaluation completes. Fix: cache the dynamic import promise in a module-level variable so all concurrent startAccount calls share the same import, ensuring the gateway module is fully evaluated before any account uses it. * refactor(qqbot): remove startup greeting logic Remove getStartupGreetingPlan and related startup greeting delivery: - Delete startup-greeting.ts (greeting plan, marker persistence) - Delete admin-resolver.ts (admin resolution, greeting dispatch) - Remove startup greeting calls from gateway READY/RESUMED handlers - Remove isFirstReadyGlobal flag and adminCtx * fix(qqbot): skip octal escape decoding for Windows local paths Windows paths like C:\Users\1\file.txt contain backslash-digit sequences that were incorrectly matched as octal escape sequences and decoded, corrupting the file path. Detect Windows local paths (drive letter or UNC prefix) and skip the octal decoding step for them. * fix bot issue * feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile * docs: 添加 QQBot 配置和消息处理的设计说明 * rebase * fix(qqbot): align slash-command auth with shared command-auth model Route requireAuth:true slash commands (e.g. /bot-logs) through the framework's api.registerCommand() so resolveCommandAuthorization() applies commands.allowFrom.qqbot precedence and qqbot: prefix normalization before any handler runs. - slash-commands.ts: registerCommand() now auto-routes by requireAuth into two maps (commands / frameworkCommands); getFrameworkCommands() exports the auth-required set for framework registration; bot-help lists both maps - index.ts: registerFull() iterates getFrameworkCommands() and calls api.registerCommand() for each; handler derives msgType from ctx.from, sends file attachments via sendDocument, supports multi-account via ctx.accountId - gateway.ts (inbound): replace raw allowFrom string comparison with qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and uppercase before matching event.senderId - gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized is true (requireAuth:true commands never reach matchSlashCommand) - command-auth.test.ts: add regression tests for qqbot: prefix normalization in the inbound commandAuthorized computation - slash-commands.test.ts: update /bot-logs tests to expect null (command routed to framework, not in local registry) * rebase and solve conflict * fix(qqbot): preserve mixed env setup credentials --------- Co-authored-by: yuehuali <yuehuali@tencent.com> Co-authored-by: walli <walli@tencent.com> Co-authored-by: WideLee <limkuan24@gmail.com> Co-authored-by: Frank Yang <frank.ekn@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Original monolith integration, can retire