admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
16,982 Commits 1 Branch 0 Tags
71ec42127d8f77c641bcf9cdf296352f4ce63709
Commit Graph

10766 Commits

Author SHA1 Message Date
Vincent Koc
71ec42127d feat(hooks): emit compaction lifecycle hooks (#16788) 2026-03-05 19:08:26 -08:00
Vignesh Natarajan
2f86ae71d5 fix(subagents): recover announce cleanup after kill/complete race 2026-03-05 19:03:56 -08:00
Vignesh Natarajan
604f22c42a fix(heartbeat): pin HEARTBEAT.md reads to workspace path 2026-03-05 18:52:39 -08:00
dunamismax
1efa7a88c4 fix(slack): thread channel ID through inbound context for reactions (#34831) 
Slack reaction/thread context routing fixes via canonical synthesis of #34831.

Co-authored-by: Tak <tak@users.noreply.github.com>
 2026-03-05 20:47:31 -06:00
Vignesh Natarajan
909f26a26b fix(kimi-coding): normalize anthropic tool payload format 2026-03-05 18:43:15 -08:00
littleben
b39ca7eccb fix(slack): remove double mrkdwn conversion in native streaming path 
Remove redundant text normalization from Slack native streaming markdown_text flow so Markdown formatting is preserved.

Synthesis context: overlaps reviewed from #34931, #34759, #34716, #34682, #34814.

Co-authored-by: littleben <1573829+littleben@users.noreply.github.com>
Co-authored-by: dunamismax <dunamismax@tutamail.com>
Co-authored-by: Octane <wdznb1@gmail.com>
Co-authored-by: Mitsuyuki Osabe <24588751+carrotRakko@users.noreply.github.com>
Co-authored-by: Kai <me@kaiyi.cool>
Co-authored-by: OpenClaw Agent <agent@openclaw.ai>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 20:34:43 -06:00
Vignesh Natarajan
1ab9393212 fix(secrets): harden api key normalization for ByteString headers 2026-03-05 18:31:45 -08:00
Sid
7a22b3fa0b feat(agents): flush reply pipeline before compaction wait (#35489) 
Merged via squash.

Prepared head SHA: 7dbbcc510b74b0e8d35eb750d24575e34b5d769a
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 18:22:19 -08:00
Vignesh Natarajan
6084c26d00 fix(tui): render final event error when assistant output is empty (#14687) 2026-03-05 18:16:43 -08:00
zerone0x
94fdee2eac fix(memory-flush): ban timestamped variant files in default flush prompt (#34951) 
Merged via squash.

Prepared head SHA: efadda4988b460e6da07be72994d4951d64239d0
Co-authored-by: zerone0x <39543393+zerone0x@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 18:15:13 -08:00
Vignesh Natarajan
8088218f46 fix(openai-codex): request required oauth api scopes (#24720) 2026-03-05 18:10:03 -08:00
Josh Avant
fb289b7a79 Memory: handle SecretRef keys in doctor embeddings (#36835) 
Merged via squash.

Prepared head SHA: c1a3d0caae60115d886e8bfc9983c9533c773f04
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-05 20:05:59 -06:00
Vignesh Natarajan
cec5535096 fix(tui): prevent stale model indicator after /model 2026-03-05 17:39:19 -08:00
Vignesh Natarajan
d326861eb4 fix(gateway): preserve streamed prefixes across tool boundaries 2026-03-05 17:28:22 -08:00
Harold Hunt
d58dafae88 feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683) 
* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-06 02:17:50 +01:00
Vignesh Natarajan
92b4892127 fix(auth): harden openai-codex oauth login path 2026-03-05 17:16:34 -08:00
Vignesh Natarajan
d86a12eb62 fix(gateway): honor insecure ws override for remote hostnames 2026-03-05 17:04:26 -08:00
Vignesh Natarajan
c260e207b2 fix(routing): avoid full binding rescans in resolveAgentRoute (#36915) 2026-03-05 16:49:29 -08:00
Vignesh Natarajan
06a229f98f fix(browser): close tracked tabs on session cleanup (#36666) 2026-03-05 16:40:52 -08:00
Gustavo Madeira Santana
6dfd39c32f Harden Telegram poll gating and schema consistency (#36547) 
Merged via squash.

Prepared head SHA: f77824419e3d166f727474a9953a063a2b4547f2
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 19:24:43 -05:00
Vignesh Natarajan
f771ba8de9 fix(memory): avoid destructive qmd collection rebinds 2026-03-05 16:04:22 -08:00
Gustavo Madeira Santana
688b72e158 plugins: enforce prompt hook policy with runtime validation (#36567) 
Merged via squash.

Prepared head SHA: 6b9d883b6ae33628235fb02ce39c0d0f46a065bb
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 18:15:54 -05:00
Bob
063e493d3d fix: decouple Discord inbound worker timeout from listener timeout (#36602) (thanks @dutifulbob) (#36602) 
Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
 2026-03-06 00:09:14 +01:00
littleben
b9a20dc97f fix(slack): preserve dedupe while recovering dropped app_mention (#34937) 
This PR fixes Slack mention loss without reintroducing duplicate dispatches.

- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.

Co-authored-by: littleben <1573829+littleben@users.noreply.github.com>
Co-authored-by: OpenClaw Agent <agent@openclaw.ai>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 17:00:05 -06:00
2233admin
7830366f3c fix(slack): propagate mediaLocalRoots through Slack send path 
Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.

- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix

Co-authored-by: 2233admin <1497479966@qq.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:52:49 -06:00
Bill
a0b731e2ce fix(config): prevent RangeError in merged schema cache key generation 
Fix merged schema cache key generation for high-cardinality plugin/channel metadata by hashing incrementally instead of serializing one large aggregate string.

Includes changelog entry for the user-visible regression fix.

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Bill <gsamzn@gmail.com>
 2026-03-05 16:45:07 -06:00
Sid
60d33637d9 fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <45486779+Naylenv@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:32:42 -06:00
Jacob Riff
aad372e15f feat: append UTC time alongside local time in shared Current time lines (#32423) 
Merged via squash.

Prepared head SHA: 9e8ec13933b5317e7cff3f0bc048de515826c31a
Co-authored-by: jriff <50276+jriff@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-06 01:26:34 +03:00
Altay
49acb07f9f fix(agents): classify insufficient_quota 400s as billing (#36783) 2026-03-06 01:17:48 +03:00
Altay
6859619e98 test(agents): add provider-backed failover regressions (#36735) 
* test(agents): add provider-backed failover fixtures

* test(agents): cover more provider error docs

* test(agents): tighten provider doc fixtures
 2026-03-06 00:42:59 +03:00
Rodrigo Uroz
036c329716 Compaction/Safeguard: add summary quality audit retries (#25556) 
Merged via squash.

Prepared head SHA: be473efd1635616ebbae6e649d542ed50b4a827f
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 13:39:25 -08:00
jiangnan
029c473727 fix(failover): narrow service-unavailable to require overload indicator (#32828) (#36646) 
Merged via squash.

Prepared head SHA: 46fb4306127972d7635f371fd9029fbb9baff236
Co-authored-by: jnMetaCode <12096460+jnMetaCode@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-06 00:01:57 +03:00
Altay
f014e255df refactor(agents): share failover HTTP status classification (#36615) 
* fix(agents): classify transient failover statuses consistently

* fix(agents): preserve legacy failover status mapping
 2026-03-05 23:50:36 +03:00
不做了睡大觉
8ac7ce73b3 fix: avoid false global rate-limit classification from generic cooldown text (#32972) 
Merged via squash.

Prepared head SHA: 813c16f5afce415da130a917d9ce9f968912b477
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-05 22:58:21 +03:00
Sid
591264ef52 fix(agents): set preserveSignatures to isAnthropic in resolveTranscriptPolicy (#32813) 
Merged via squash.

Prepared head SHA: f522d21ca59a42abac554435a0aa646f6a34698d
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:55:06 -08:00
Byungsker
709dc671e4 fix(session): archive old transcript on daily/scheduled reset to prevent orphaned files (#35493) 
Merged via squash.

Prepared head SHA: 0d95549d752adecfc0b08d5cd55a8b8c75e264fe
Co-authored-by: byungsker <72309817+byungsker@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:52:23 -08:00
Sid
6c0376145f fix(agents): skip compaction API call when session has no real messages (#36451) 
Merged via squash.

Prepared head SHA: 52dd6317895c7bd10855d2bd7dbbfc2f5279b68e
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:40:25 -08:00
Kai
60a6d11116 fix(embedded): classify model_context_window_exceeded as context overflow, trigger compaction (#35934) 
Merged via squash.

Prepared head SHA: 20fa77289c80b2807a6779a3df70440242bc18ca
Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:30:24 -08:00
Josh Avant
72cf9253fc Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094) 2026-03-05 12:53:56 -06:00
maweibin
09c68f8f0e add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177) 
Merged via squash.

Prepared head SHA: d9a2869ad69db9449336a2e2846bd9de0e647ac6
Co-authored-by: maweibin <18023423+maweibin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 13:06:59 -05:00
Sid
8d48235d3a fix(browser): remove deprecated --disable-blink-features=AutomationControlled flag 
- Removes OpenClaw's default `--disable-blink-features=AutomationControlled` Chrome launch switch to avoid unsupported-flag warnings in newer Chrome (#35721).
- Preserves compatibility for older Chrome via `browser.extraArgs` override behavior (source analysis: #35770, #35728, #35727, #35885).
- Synthesis attribution: thanks @Sid-Qin, @kevinWangSheng, @ningding97, @Naylenv, @clawbie.

Source PR refs: #35734, #35770, #35728, #35727, #35885

Co-authored-by: Sid-Qin <Sid-Qin@users.noreply.github.com>
Co-authored-by: kevinWangSheng <kevinWangSheng@users.noreply.github.com>
Co-authored-by: ningding97 <ningding97@users.noreply.github.com>
Co-authored-by: Naylenv <Naylenv@users.noreply.github.com>
Co-authored-by: clawbie <clawbie@users.noreply.github.com>
Co-authored-by: Takhoffman <Takhoffman@users.noreply.github.com>
 2026-03-05 09:22:47 -06:00
Tony Dehnke
136ca87f7b feat(mattermost): add interactive buttons support (#19957) 
Merged via squash.

Prepared head SHA: 8a25e608729d0b9fd07bb0ee4219d199d9796dbe
Co-authored-by: tonydehnke <36720180+tonydehnke@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-05 20:14:57 +05:30
Tak Hoffman
9741e91a64 test(cron): add cross-channel announce fallback regression coverage (openclaw#36197) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 07:37:37 -06:00
Tak Hoffman
544abc927f fix(cron): restore direct fallback after announce failure in best-effort mode (openclaw#36177) 
Verified:
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 07:25:24 -06:00
Vincent Koc
4dc0c66399 fix(subagents): strip leaked [[reply_to]] tags from completion announces (#34503) 
* fix(subagents): strip reply tags from completion delivery text

* test(subagents): cover reply-tag stripping in cron completion sends

* changelog: note iMessage reply-tag stripping in completion announces

* Update CHANGELOG.md

* Apply suggestion from @greptile-apps[bot]

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-05 07:50:55 -05:00
Joseph Turian
e5b6a4e19d Mattermost: honor onmessage mention override and add gating diagnostics tests (#27160) 
Merged via squash.

Prepared head SHA: 6cefb1d5bf3d6dfcec36c1cee3f9ea887f10c890
Co-authored-by: turian <65918+turian@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-05 17:59:54 +05:30
Bob
6a705a37f2 ACP: add persistent Discord channel and Telegram topic bindings (#34873) 
* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-05 09:38:12 +01:00
Kai
2c8ee593b9 TTS: add baseUrl support to OpenAI TTS config (#34321) 
Merged via squash.

Prepared head SHA: e9a10cf81d2021cf81091dfa81e13ffdbb6a540a
Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-05 07:25:04 +00:00
Sid
3a6b412f00 fix(gateway): pass actual version to Control UI client instead of dev (#35230) 
* fix(gateway): pass actual version to Control UI client instead of "dev"

The GatewayClient, CLI WS client, and browser Control UI all sent
"dev" as their clientVersion during handshake, making it impossible
to distinguish builds in gateway logs and health snapshots.

- GatewayClient and CLI WS client now use the resolved VERSION constant
- Control UI reads serverVersion from the bootstrap endpoint and
  forwards it when connecting
- Bootstrap contract extended with serverVersion field

Closes #35209

* Gateway: fix control-ui version version-reporting consistency

* Control UI: guard deferred bootstrap connect after disconnect

* fix(ui): accept same-origin http and relative gateway URLs for client version

---------

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 00:01:34 -06:00
alexyyyander
c4dab17ca9 fix(gateway): prevent internal route leakage in chat.send 
Synthesis of routing fixes from #35321, #34635, and #35356 for internal-client reply safety.

- Require explicit `deliver: true` before inheriting any external delivery route.
- Keep webchat/TUI/UI-origin traffic on internal routing by default.
- Allow configured-main session inheritance only for non-Webchat/UI clients, and honor `session.mainKey`.
- Add regression tests for UI no-inherit, configured-main CLI inherit, and deliver-flag behavior.

Co-authored-by: alexyyyander <alexyyyander@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Linux2010 <35169750+Linux2010@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-04 23:57:35 -06:00