admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,978 Commits 1 Branch 0 Tags
f692288301eb9be82dea75e6afbf4633ea04eec1
Commit Graph

14978 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Hulme
f692288301 feat(cron): add --session-key option to cron add/edit CLI commands 
Expose the existing CronJob.sessionKey field through the CLI so users
can target cron jobs at specific named sessions without needing an
external shell script + system crontab workaround.

The backend already fully supports sessionKey on cron jobs - this
change wires it to the CLI surface with --session-key on cron add,
and --session-key / --clear-session-key on cron edit.

Closes #27158

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 12:28:49 +00:00
Ayaan Zaidi
452a8c9db9 fix: use canonical cron session detection for spawn note 2026-02-26 17:54:27 +05:30
Taras Lukavyi
69590de276 fix: suppress SUBAGENT_SPAWN_ACCEPTED_NOTE for cron isolated sessions 
The 'do not poll/sleep' note added to sessions_spawn tool results causes
cron isolated agents to immediately end their turn, since the note tells
them not to wait for subagent results. In cron isolated sessions, the
agent turn IS the entire run, so ending early means subagent results
are never collected.

Fix: detect cron sessions via includes(':cron:') in agentSessionKey
and suppress the note, allowing the agent to poll/wait naturally.

Note: PR #27330 used startsWith('cron:') which never matches because
the session key format is 'agent:main:cron:...' (starts with 'agent:').

Fixes #27308
Fixes #25069
 2026-02-26 17:54:27 +05:30
Peter Steinberger
46eba86b45 fix: harden workspace boundary path resolution 2026-02-26 13:19:59 +01:00
Peter Steinberger
ecb2053fdd chore(pr): guard against dropped changelog refs 2026-02-26 13:19:25 +01:00
Peter Steinberger
125dc322f5 refactor(feishu): unify account-aware tool routing and message body 2026-02-26 13:19:25 +01:00
Peter Steinberger
5df9aacf68 fix(podman): default run-openclaw-podman bind to loopback (land #27491, thanks @robbyczgw-cla) 
Co-authored-by: robbyczgw-cla <robbyczgw@gmail.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
a288f3066f fix(gateway): warn on non-loopback bind at startup (land #25397, thanks @let5sne) 
Co-authored-by: let5sne <let5sne@users.noreply.github.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
327f0526d1 fix(gateway): use loopback for CLI status probe when bind=lan (land #26997, thanks @chikko80) 
Co-authored-by: Manuel Seitz <seitzmanuel0@gmail.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
da53015ef5 fix(onboard): seed Control UI origins for non-loopback binds (land #26157, thanks @stakeswky) 
Co-authored-by: 不做了睡大觉 <stakeswky@users.noreply.github.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
a97cec0018 refactor: harden remaining plugin manifest reads 2026-02-26 13:12:44 +01:00
Peter Steinberger
892a9c24b0 refactor(security): centralize channel allowlist auth policy 2026-02-26 13:06:33 +01:00
Peter Steinberger
eac86c2081 refactor: unify boundary hardening for file reads 2026-02-26 13:04:37 +01:00
Peter Steinberger
cf4853e2b8 fix: avoid duplicate feishu permission-error dispatch replies (#27381) (thanks @byungsker) 2026-02-26 12:03:41 +00:00
lbo728
736ec9690f fix(feishu): merge permission error notice into main dispatch instead of separate agent turn 
When the sender-name lookup fails with a Feishu permission error (code
99991672), the bot was dispatching two separate agent turns:

  1. A dedicated permission-error notification turn
  2. The regular inbound user message turn

This caused two bot replies for a single user message, degrading UX and
wasting tokens.

Fix: instead of a separate dispatch, append the permission error notice
directly to the main messageBody. The agent receives both the user's
message and the system notice in a single turn, and responds once.

Fixes #27372
 2026-02-26 12:03:41 +00:00
Peter Steinberger
d671d7a0a2 fix: preserve feishu message_id in agent-visible body (#27253) (thanks @xss925175263) 2026-02-26 12:02:00 +00:00
xianshishan
6d52b47076 feishu: send message_id in BodyForAgent (fix #27218) 2026-02-26 12:02:00 +00:00
咸士山 0668001391
db6c513d1e feishu: include message_id in agent message body (fix #27218) 2026-02-26 12:02:00 +00:00
Peter Steinberger
6632fd1ea9 refactor(security): extract protected-route path policy helpers 2026-02-26 13:01:22 +01:00
Peter Steinberger
39b5ffdaa6 fix: route feishu doc tools by agent account context (#27338) (thanks @AaronL725) 2026-02-26 12:00:45 +00:00
root
58c100f66f fix(feishu): remove hook registration, fix docx getClient call 2026-02-26 12:00:45 +00:00
root
10d9549764 fix(feishu): fix hook types and docx client call 2026-02-26 12:00:45 +00:00
root
151ee6014a fix(feishu): route doc tools by agent account 
Previously feishu_doc always used accounts[0], so multi-account setups created docs under the first bot regardless of the calling agent.

This change resolves accountId via a before_tool_call hook (defaulting from agentAccountId) and selects the Feishu client per call.

Fixes #27321
 2026-02-26 12:00:45 +00:00
Peter Steinberger
8bdda7a651 fix(security): keep DM pairing allowlists out of group auth 2026-02-26 12:58:18 +01:00
echoVic
d08dafb08f fix(feishu): bitable tools use listEnabledFeishuAccounts for multi-account mode (#27244) 
The bitable tool registration was reading credentials directly from
top-level feishuCfg.appId/appSecret, missing the accounts.* path used
in multi-account mode. Align with drive.ts and wiki.ts by using
listEnabledFeishuAccounts() which handles both legacy and multi-account
configurations.
 2026-02-26 11:56:18 +00:00
Peter Steinberger
0ed675b1df fix(security): harden canonical auth matching for plugin channel routes 2026-02-26 12:55:33 +01:00
Peter Steinberger
0231cac957 feat(typing): add TTL safety-net for stuck indicators (land #27428, thanks @Crpdim) 
Co-authored-by: Crpdim <crpdim@users.noreply.github.com>
 2026-02-26 11:48:50 +00:00
Peter Steinberger
3d30ba18a2 fix(slack): gate member and message subtype system events 2026-02-26 12:48:20 +01:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger
b096ad267e fix(telegram): add sendChatAction 401 backoff guard (land #27415, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-26 11:45:57 +00:00
Peter Steinberger
b74be2577f refactor(web): unify proxy-guarded fetch path for web tools 2026-02-26 12:44:18 +01:00
Peter Steinberger
8bf1c9a23a fix(typing): stop keepalive restarts after run completion (land #27413, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-26 11:42:38 +00:00
Peter Steinberger
fec3fdf7ef test(msteams): align silent-prefix expectation with exact NO_REPLY semantics 2026-02-26 11:42:38 +00:00
Peter Steinberger
242188b7b1 refactor: unify boundary-safe reads for bootstrap and includes 2026-02-26 12:42:14 +01:00
Peter Steinberger
199ef9f8ea fix(typing): add main-run dispatch idle safety net (land #27250, thanks @Sid-Qin) 
Co-authored-by: Sid Qin <s3734389@gmail.com>
 2026-02-26 11:36:08 +00:00
Peter Steinberger
46003e85bf fix: unify web tool proxy path (#27430) (thanks @kevinWangSheng) 2026-02-26 11:32:43 +00:00
Kevin Shenghui
d8e2030d47 fix(web-search): honor HTTP_PROXY environment variable for Brave Search API 
The web_search tool was not respecting HTTP_PROXY/HTTPS_PROXY environment
variables, causing 'fetch failed' errors when running behind a proxy.

This fix adds ProxyAgent support for the Brave Search API, similar to how
other tools in OpenClaw handle proxy configuration.

Fixes #27405
 2026-02-26 11:32:43 +00:00
Peter Steinberger
9925ac6a2d fix(config): harden include file loading path checks 2026-02-26 12:23:31 +01:00
Peter Steinberger
caace61ba1 chore: bump versions to 2026.2.26 2026-02-26 12:11:02 +01:00
Ayaan Zaidi
e7b600e318 chore(acpx): bump package version to 2026.2.25 2026-02-26 16:29:12 +05:30
Ayaan Zaidi
4f869b2b76 docs(changelog): thank @emanuelst for telegram preview fix (#27449) 2026-02-26 16:24:31 +05:30
Ayaan Zaidi
d9ed2c425a fix(telegram): prime final preview before stop flush 2026-02-26 16:24:31 +05:30
Gustavo Madeira Santana
e273b9851e Tests: tighten discord work account type in doctor config flow 2026-02-26 05:38:53 -05:00
Gustavo Madeira Santana
1ffc319831 Doctor: keep allowFrom account-scoped in multi-account configs 2026-02-26 05:34:58 -05:00
Ayaan Zaidi
97fa44dc82 fix: changelog for NO_REPLY streaming fix (#19576) (thanks @aldoeliacim) 2026-02-26 16:04:48 +05:30
Ayaan Zaidi
133f14c0af docs(auto-reply): align silent token comment with regex 2026-02-26 16:04:48 +05:30
Ayaan Zaidi
e64d72299e fix(auto-reply): tighten silent token semantics and prefix streaming 2026-02-26 16:04:48 +05:30
HAL
2f2110a32c fix: tighten isSilentReplyText to match whole-text only 
The suffix regex matched NO_REPLY at the end of any response,
suppressing substantive replies when models (e.g. Gemini 3 Pro)
appended NO_REPLY to real content.

Replace prefix+suffix regexes with a single whole-string match.
Only responses that are entirely the silent token (with optional
whitespace) are now suppressed.

Add unit tests for the fix.

Fixes #19537
 2026-02-26 16:04:48 +05:30
Onur Solmaz
a7d56e3554 feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
Gustavo Madeira Santana
a9d9a968ed chore(changelog): move post release entries to unreleased section 2026-02-26 04:59:54 -05:00