admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,699 Commits 1 Branch 0 Tags
b35d00aaf8b68c77e9d4ef6ef4e6101acf830b7a
Commit Graph

9320 Commits

Author SHA1 Message Date
Tak Hoffman
22ffde90bb tests: align macmini suite expectations with current behavior (openclaw#22379) thanks @Takhoffman 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 21:45:04 -06:00
Vignesh Natarajan
a305dfe626 Memory/QMD: harden multi-collection search and embed scheduling 2026-02-20 19:41:51 -08:00
Vincent Koc
282a545130 chore: fix formatting on CI-drift files (#22391) 2026-02-20 22:40:30 -05:00
Glucksberg
1410d15c5e fix: compaction safeguard extension not loading in production builds (openclaw#22349) thanks @Glucksberg 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini (local run had unrelated baseline failures; Tak approved proceed)

Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 21:21:09 -06:00
Wei He
122bdfa4e1 feat(discord): add configurable ephemeral option for slash commands 2026-02-20 21:19:21 -06:00
Shadow
b294342d7f feat(discord): support forum tag edits via channel-edit (#12070) (thanks @xiaoyaner0201) 2026-02-20 21:17:04 -06:00
Shadow
b7644d61a2 fix: restore Discord model picker UX (#21458) (thanks @pejmanjohn) 2026-02-20 21:04:04 -06:00
hcoj
5dae5e6ef2 fix(tools): forward senderIsOwner to embedded runner so owner-only tools work (#22296) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0baca5ccc11c83727fe3db02b6ef6b11b421e698
Co-authored-by: hcoj <1169805+hcoj@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 08:33:58 +05:30
Vincent Koc
d94d21f9b0 test: isolate local media regression fixtures to allowed roots (#22369) 
* fix(tui): strip inbound metadata blocks from user text

* chore: clean up metadata-strip format and changelog credit

* chore: format tui metadata-strip tests

* test(web): isolate local media fixture paths to allow-listed roots
 2026-02-20 21:50:50 -05:00
Vincent Koc
9a6b26d427 fix(ui): strip inbound metadata blocks and guard reply-tag streaming (clean rewrite) (#22346) 
* fix(ui): strip inbound metadata blocks from user messages

* chore: clean up metadata-strip format and changelog credit

* Update src/shared/chat-envelope.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-02-20 21:41:32 -05:00
Taras Lukavyi
0e068194ad fix(tool-display): cd ~/dir && npm install shows as run cd — compound commands truncated to first stage (#21925) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4728bfe8e75dfcdf21f9ac22e7a26d081dc95d93
Co-authored-by: Lukavyi <1013690+Lukavyi@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 08:03:32 +05:30
Shadow
866b33e0d3 fix: lazy-load Discord allowlist guilds (#20208) (thanks @zhangjunmengyang) 2026-02-20 20:26:46 -06:00
Harold Hunt
844d84a7f5 Issue 17774 - Usage - Local - Show data from midnight to midnight of selected dates for browser time zone (AI assisted) (openclaw#19357) thanks @huntharo 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini (override approved by Tak for this run; local baseline failures outside PR scope)

Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 20:09:03 -06:00
jackheuberger
feccac6723 fix: sanitize thinking blocks for GitHub Copilot Claude models (openclaw#19459) thanks @jackheuberger 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: jackheuberger <12731288+jackheuberger@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-20 19:48:09 -06:00
Mars
a4e7e952e1 fix(ui): strip injected inbound metadata from user messages in history (#22142) 
* fix(ui): strip injected inbound metadata from user messages in history

Fixes #21106
Fixes #21109
Fixes #22116

OpenClaw prepends structured metadata blocks ("Conversation info",
"Sender:", reply-context) to user messages before sending them to the
LLM. These blocks are intentionally AI-context-only and must never reach
the chat history that users see.

Root cause:
`buildInboundUserContextPrefix` in `inbound-meta.ts` prepends the
blocks directly to the stored user message content string, so they are
persisted verbatim and later shown in webchat, TUI, and every other
rendering surface.

Fix:
• `src/auto-reply/reply/strip-inbound-meta.ts` — new utility with a
  6-sentinel fast-path strip (zero-alloc on miss) + 9-test suite.
• `src/tui/tui-session-actions.ts` — wraps `chatLog.addUser(...)` with
  `stripInboundMetadata()` so the TUI never stores the prefix.
• `ui/src/ui/chat/message-normalizer.ts` — strips user-role text content
  items during normalisation so webchat renders clean messages.

* fix(ui): strip inbound metadata for user messages in display path

* test: fix discord component send test spread typing

* fix: strip inbound metadata from mac chat history decode

* fix: align Swift metadata stripping parser with TS implementation

* fix: normalize line endings in inbound metadata stripper

* chore: document Swift/TS metadata-sentinel ownership

* chore: update changelog for inbound metadata strip fix

* changelog: credit Mellowambience for 22142

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-20 17:35:13 -08:00
Shadow
f555835b09 Channels: add thread-aware model overrides 2026-02-20 19:26:25 -06:00
Shadow
ee8dd40509 Discord/Telegram: emit edit system events (#22310) 2026-02-20 19:20:07 -06:00
Shadow
105a6307cc Tests: fix discord components loadConfig mock 2026-02-20 18:37:32 -06:00
Shadow
eedea6cf34 Discord: add trusted channel topics on new sessions 2026-02-20 18:22:13 -06:00
Tyler Yust
2dba150c16 Fix path-root flaky tests and restore status emoji defaults (#22274) 2026-02-20 15:45:33 -08:00
Tyler Yust
fe57bea088 Subagents: restore announce chain + fix nested retry/drop regressions (#22223) 
* Subagents: restore announce flow and fix nested delivery retries

* fix: prep subagent announce + docs alignment (#22223) (thanks @tyler6204)
 2026-02-20 15:39:09 -08:00
Shadow
086af56867 Discord: keep DM component sessions 2026-02-20 17:37:44 -06:00
Shadow
1eec2aee4f Discord: ingest inbound stickers 2026-02-20 16:47:47 -06:00
Shadow
64c29c3755 Discord: avoid reply spam on chunked sends 2026-02-20 16:37:28 -06:00
Shadow
ab27d7b05a Discord: fix voice command typing 2026-02-20 16:31:41 -06:00
Shadow
4ab946eebf Discord VC: voice channels, transcription, and TTS (#18774) 2026-02-20 16:06:07 -06:00
Shadow
3100b77f12 Agents: clarify authorized sender prompt (Closes #19794) 2026-02-20 15:55:36 -06:00
Shadow
30a0d3fce1 Status reactions: fix stall timers and gating (#22190) 
* feat: add shared status reaction controller

* feat: add statusReactions config schema

* feat: wire status reactions for Discord and Telegram

* fix: restore original 10s/30s stall defaults for Discord compatibility

* Status reactions: fix stall timers and gating

* Format status reaction imports

---------

Co-authored-by: Matt <mateus.carniatto@gmail.com>
 2026-02-20 15:27:42 -06:00
Tyler Yust
47f3979758 Gateway: force loopback self-connections for local binds 2026-02-20 13:08:26 -08:00
Shadow
c378439246 Security: harden tool media paths 2026-02-20 13:32:49 -06:00
Shadow
39816e61b0 Security: restrict canvas jsonlPath file reads 2026-02-20 13:21:55 -06:00
Mariano
5828708343 iOS/Gateway: harden pairing resolution and settings-driven capability refresh (#22120) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 55b8a93a999b7458c98f9d3b31abbd3665929b31
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:57:04 +00:00
Shadow
61f646c41f Daemon: harden systemd unit env rendering 2026-02-20 12:51:14 -06:00
Shadow
8c9f35cdb5 Agents: sanitize skill env overrides 2026-02-20 12:38:54 -06:00
Shadow
09e6970386 Discord: implement stream preview mode (#22111) 
* Discord: implement stream preview mode

* Changelog: note Discord stream preview mode

* Tests: type discord draft stream mocks

* Docs: document Discord stream preview
 2026-02-20 12:37:15 -06:00
Mariano
5dd304d1c6 fix(gateway): clear pairing state on device token mismatch (#22071) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad38d1a5297ff897b2f4b79c5e126ec215a28e48
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:21:13 +00:00
Mariano
094dbdaf2b fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback (#22082) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6ff3ca9b5db530c2ea4abbd027ee98a9c4a1be67
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:03:53 +00:00
Xinhua Gu
9c5249714d fix(gateway): trusted-proxy auth rejected when bind=loopback (#20097) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8de62f1a8f991f900fd1482f64976f234011f4d2
Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:51:35 +00:00
Nachx639
868fe48d58 fix(gateway): allow health method for all authenticated roles (#19699) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b9764432672d15d63061df2d2e58542e5c777479
Co-authored-by: Nachx639 <71144023+Nachx639@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:48:44 +00:00
Marcus Castro
c8ee33c162 fix(gateway): include export name in hook transform cache key (#13855) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a9eea919b88b33c3297620d62b38bac9cfa412bf
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:44:51 +00:00
Marcus Castro
618b36f07a fix(gateway): return 404 for missing static assets instead of SPA fallback (#12060) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 32d2ca7a13cbce69e4ea819fed6841f28bbd1b9d
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:41:57 +00:00
Coy Geek
914a7c5359 fix: Device Token Scope Escalation via Rotate Endpoint (#20703) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4f2c2ecef4f53777dafc94cbdf1aa07ef0a2b1c0
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:38:58 +00:00
Coy Geek
40a292619e fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP (#20684) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad9be4b4d65698785ad7ea9ad650f54d16c89c4a
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:34:34 +00:00
Mariano
8e4f6c0384 fix(browser): block upload symlink escapes (#21972) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4381ef9a4d9107798c9c7c00aac62ee81a878789
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:36:25 +00:00
Nimrod Gutman
741435aacd fix(web): remove unrelated login changes 2026-02-20 14:47:20 +02:00
Nimrod Gutman
ac0c1c26b1 fix: preserve ios bg refresh plist key and handle web login retry failures 2026-02-20 14:47:20 +02:00
Nimrod Gutman
8775d34fba fix(pairing): simplify pending merge and harden mixed-role onboarding 2026-02-20 14:47:20 +02:00
Nimrod Gutman
1da23be302 fix(pairing): preserve operator scopes for ios onboarding 2026-02-20 14:47:20 +02:00
mudrii
7ecfc1d93c fix(auth): bidirectional mode/type compat + sync OAuth to all agents (#12692) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 2dee8e1174e637e50d10bf7020f1de2990b804dc
Co-authored-by: mudrii <220262+mudrii@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-20 16:01:09 +05:30
Vignesh Natarajan
5542a43623 Memory: share ENOENT helpers 2026-02-19 23:33:28 -08:00