admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9,496 Commits 1 Branch 0 Tags
0a7201fa8475a6156cd9bc28ee3fbcfb831d88c0
Commit Graph

5149 Commits

Author SHA1 Message Date
Peter Steinberger
9230a2ae14 fix(browser): require auth on control HTTP and auto-bootstrap token 2026-02-13 02:02:28 +01:00
Peter Steinberger
85409e401b fix: preserve inter-session input provenance (thanks @anbecker) 2026-02-13 02:02:01 +01:00
Arkadiusz Mastalerz
7081dee1af fix(media): strip audio attachments after successful transcription (openclaw#9076) thanks @nobrainer-tech 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test (fails in known unrelated telegram suite)
- pnpm vitest run src/auto-reply/media-note.test.ts src/auto-reply/reply.media-note.test.ts

Co-authored-by: nobrainer-tech <445466+nobrainer-tech@users.noreply.github.com>
 2026-02-12 19:01:53 -06:00
Shadow
926bf84772 fix: update replyToMode notes (#11062) (thanks @cordx56) 2026-02-12 18:50:36 -06:00
CHISEN Kaoru
e25ae55879 fix(discord): replyToMode first behaviour 2026-02-12 18:50:36 -06:00
CHISEN Kaoru
4b3c9c9c5a fix(discord): respect replyToMode in thread channel 2026-02-12 18:50:36 -06:00
Patrick Barletta
d34138dfee fix: dispatch before_tool_call and after_tool_call hooks from both tool execution paths (openclaw#15012) thanks @Patrick-Barletta 
Verified:
- pnpm check

Co-authored-by: Patrick-Barletta <67929313+Patrick-Barletta@users.noreply.github.com>
 2026-02-12 18:48:11 -06:00
Ember 🔥
da2d09f57a fix(memory-flush): instruct agents to append rather than overwrite memory files (openclaw#6878) thanks @EmberCF 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test (fails on unrelated existing telegram test file)

Co-authored-by: EmberCF <258471336+EmberCF@users.noreply.github.com>
 2026-02-12 18:47:43 -06:00
Peter Steinberger
99f28031e5 fix: harden OpenResponses URL input fetching 2026-02-13 01:38:49 +01:00
Peter Steinberger
4199f9889f fix: harden session transcript path resolution 2026-02-13 01:28:17 +01:00
Peter Steinberger
3eb6a31b6f fix: confine sandbox skill sync destinations 2026-02-13 01:24:51 +01:00
Peter Steinberger
113ebfd6a2 fix(security): harden hook and device token auth 2026-02-13 01:23:53 +01:00
Vignesh Natarajan
54513f4240 fix: align cron prompt content with filtered reminder events 2026-02-12 16:14:27 -08:00
Vignesh Natarajan
22593a2723 fix: refine cron heartbeat event detection 2026-02-12 16:14:27 -08:00
pvtclawn
c12f693c59 feat: embed actual event text in cron prompt 
Combines two complementary fixes for ghost reminder bug:

1. Filter HEARTBEAT_OK/exec messages (previous commit)
2. Embed actual event content in prompt (this commit)

Instead of static 'shown above' message, dynamically build prompt
with actual reminder text. Ensures model sees event content directly.

Credit: Approach inspired by @nyx-rymera's analysis in #13317

Fixes #13317
 2026-02-12 16:14:27 -08:00
pvtclawn
1c773fcb60 test: fix test isolation and assertion issues 
- Add resetSystemEventsForTest() in beforeEach/afterEach
- Fix hardcoded status assertions (use toBeDefined + conditional checks)
- Prevents cross-test pollution of global system event queue

Addresses Greptile feedback on PR #15059
 2026-02-12 16:14:27 -08:00
pvtclawn
5beecad8ba test: add test for ghost reminder bug (#13317) 2026-02-12 16:14:27 -08:00
pvtclawn
4f687a7440 fix: prevent ghost reminder notifications (#13317) 
The heartbeat runner was incorrectly triggering CRON_EVENT_PROMPT
whenever ANY system events existed during a cron heartbeat, even if
those events were unrelated (e.g., HEARTBEAT_OK acks, exec completions).

This caused phantom 'scheduled reminder' notifications with no actual
reminder content.

Fix: Only treat as cron event if pending events contain actual
cron-related messages, excluding standard heartbeat acks and
exec completion messages.

Fixes #13317
 2026-02-12 16:14:27 -08:00
Kyle Tse
2655041f69 fix: wire 9 unwired plugin hooks to core code (openclaw#14882) thanks @shtse8 
Verified:
- GitHub CI checks green (non-skipped)

Co-authored-by: shtse8 <8020099+shtse8@users.noreply.github.com>
 2026-02-12 18:14:14 -06:00
Vladimir Peshekhonov
957b883082 fix(agents): stabilize overflow compaction retries and session context accounting (openclaw#14102) thanks @vpesh 
Verified:
- CI checks for commit 86a7ecb45ebf0be61dce9261398000524fd9fab6
- Rebase conflict resolution for compatibility with latest main

Co-authored-by: vpesh <9496634+vpesh@users.noreply.github.com>
 2026-02-12 17:53:13 -06:00
Peter Steinberger
da55d70fb0 fix(security): harden untrusted web tool transcripts 2026-02-13 00:46:56 +01:00
Vignesh Natarajan
4543c401b4 Signal: harden E.164 validation 2026-02-12 15:28:31 -08:00
Vignesh Natarajan
056bda5cb7 Signal: validate account input 2026-02-12 15:23:11 -08:00
Kyle Tse
a10f228a5b fix: update totalTokens after compaction using last-call usage (#15018) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9214291bf7e9e62ba8661aa46b4739113794056a
Co-authored-by: shtse8 <8020099+shtse8@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 18:02:30 -05:00
Shadow
fb8e6156ec fix: handle discord dm reaction allowlist 2026-02-12 16:47:39 -06:00
Marcus Castro
f8c7ae9b5e fix: use canonical 'direct' instead of 'dm' for DM peer kind (fixes TS2322) 2026-02-12 16:47:39 -06:00
Marcus Castro
ea3fb9570c fix: use proper LoadedConfig type in test mock 2026-02-12 16:47:39 -06:00
Marcus Castro
888f7dbbd8 fix: process Discord DM reactions instead of silently dropping them 2026-02-12 16:47:39 -06:00
Shadow
d9f3d569a2 fix: add Discord channel-edit thread params (#5542) (thanks @stumct) 2026-02-12 16:47:02 -06:00
Shadow
61d57be4c2 Discord: preserve media caption whitespace 2026-02-12 16:40:08 -06:00
Vignesh Natarajan
d3e43de42b Signal: satisfy lint 2026-02-12 14:37:55 -08:00
Vignesh Natarajan
cfec19df53 Signal: normalize mention placeholders 2026-02-12 14:37:55 -08:00
Alex Gleason
051c574047 fix(signal): replace  with @uuid/@phone from mentions 
Related #1926

Signal mentions were appearing as  (object replacement character)
instead of readable identifiers. This caused Clawdbot to misinterpret
messages and respond inappropriately.

Now parses dataMessage.mentions array and replaces the placeholder
character with @{uuid} or @{phone} from the mention metadata.
 2026-02-12 14:37:55 -08:00
Web Vijayi
4d0443391c fix: use iterator.done check for LRU eviction 
Fixes edge case where empty string key would stop eviction early
 2026-02-12 16:31:36 -06:00
Web Vijayi
5882cf2f5d fix(discord): add TTL and LRU eviction to thread starter cache 
Fixes #5260

The DISCORD_THREAD_STARTER_CACHE Map was growing unbounded during
long-running gateway sessions, causing memory exhaustion.

This fix adds:
- 5-minute TTL expiry (thread starters rarely change)
- Max 500 entries with LRU eviction
- Same caching pattern used by Slack's thread resolver

The implementation mirrors src/slack/monitor/thread-resolution.ts
which already handles this correctly.
 2026-02-12 16:31:36 -06:00
Shadow
149db5b2c2 Discord: handle thread edit params 2026-02-12 16:31:06 -06:00
Kyle Tse
abdceedaf6 fix: respect session model override in agent runtime (#14783) (#14983) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec47d1a7bf4e97a5db77281567318c1565d319b5
Co-authored-by: shtse8 <8020099+shtse8@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 17:12:15 -05:00
Gustavo Madeira Santana
a158c46828 Tests: make download temp-path assertion cross-platform 2026-02-12 16:58:59 -05:00
Skyler Miao
cb0350230c feat(minimax): update models from M2.1 to M2.5 (#14865) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1d58bc5760af657e205f7a113cec30aaf461abc6
Co-authored-by: adao-max <153898832+adao-max@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 16:48:46 -05:00
Gustavo Madeira Santana
b02c88d3e7 Browser/Logging: share default openclaw tmp dir resolver 2026-02-12 16:44:04 -05:00
Gustavo Madeira Santana
afbce73570 fix: use os.tmpdir fallback paths for temp files (#14985) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 347c689407037a05be0717209660076c6a07d0ec
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 16:08:41 -05:00
Joseph Krug
5147656d65 fix: prevent heartbeat scheduler death when runOnce throws (#14901) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 022efbfef959f4c4225d7ab1a49540c8f39accd3
Co-authored-by: joeykrug <5925937+joeykrug@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 15:38:46 -05:00
0xRain
d8d8109711 fix(agents): guard against undefined path in context file entries (#14903) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 25856b863d62eda20720db53fea43cbf213b5cc5
Co-authored-by: 0xRaini <190923101+0xRaini@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 15:27:56 -05:00
Gustavo Madeira Santana
571a237d5a chore: move local imports to the top 2026-02-12 15:14:29 -05:00
Gustavo Madeira Santana
8d5094e1f4 fix: resolve symlinked argv1 for Control UI asset detection (#14919) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 07b85041dc70b5839247dc661f123ff37b745c1c
Co-authored-by: gumadeiras <116837+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-12 14:45:31 -05:00
fagemx
bdd0c12329 fix(providers): include provider name in billing error messages (#14697) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 774e0b660514d59fea48bda0e300e94b398f58e8
Co-authored-by: fagemx <117356295+fagemx@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-02-12 18:23:27 +00:00
Peter Steinberger
5e7842a41d feat(zai): auto-detect endpoint + default glm-5 (#14786) 
* feat(zai): auto-detect endpoint + default glm-5

* test: fix Z.AI default endpoint expectation (#14786)

* test: bump embedded runner beforeAll timeout

* chore: update changelog for Z.AI GLM-5 autodetect (#14786)

* chore: resolve changelog merge conflict with main (#14786)

* chore: append changelog note for #14786 without merge conflict

* chore: sync changelog with main to resolve merge conflict
 2026-02-12 19:16:04 +01:00
Peter Steinberger
2b5df1dfea fix: local-time timestamps include offset (#14771) (thanks @0xRaini) 2026-02-12 19:09:20 +01:00
Elonito
468414cac4 fix: use local timezone in console log timestamps 
formatConsoleTimestamp previously used Date.toISOString() which always
returns UTC time (suffixed with Z). This confused users whose local
timezone differs from UTC.

Now uses local time methods (getHours, getMinutes, etc.) and appends the
local UTC offset (e.g. +08:00) instead of Z. The pretty style returns
local HH:MM:SS. The hasTimestampPrefix regex is updated to accept both
Z and +/-HH:MM offset suffixes.

Closes #14699
 2026-02-12 19:08:52 +01:00
Peter Steinberger
069670388e perf(test): speed up test runs and harden temp cleanup 2026-02-12 17:59:52 +00:00