LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-06 23:55:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
39,328 Commits 1,489 Branches 172 Tags
33e527d1fcc25cf2f4460aae45996f7dec24ffc3
Commit Graph

6455 Commits

Author SHA1 Message Date
Peter Steinberger
364ec53785 test(release): prefer GPT-5.5 smoke models 2026-05-01 21:45:03 +01:00
Peter Steinberger
ed8f50f240 refactor: simplify plugin dependency handling 
Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.

Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.
 2026-05-01 21:32:22 +01:00
Peter Steinberger
70cd7927fb test(release): use stable OpenAI model for Parallels smoke 2026-05-01 20:34:27 +01:00
Josh Lehman
c098846148 fix: add compaction model fallback (#74470) 
* fix: add compaction model fallback

* docs: add compaction changelog pr reference

* docs: add compaction changelog author

* docs: satisfy compaction changelog attribution

* fix: preserve compaction fallback metadata

* fix: satisfy compaction fallback lint

* docs: move compaction fallback changelog entry
 2026-05-01 12:15:16 -07:00
pashpashpash
439d8edf68 Add structured heartbeat responses and Codex tool replies 
* Add structured heartbeat response tool

* agents: default codex replies to tools

* agents: use flat heartbeat tool enums
 2026-05-01 11:30:41 -07:00
Vincent Koc
f858b5de22 fix(security): keep plain audit off plugin runtimes 
Keep routine security audit on config/filesystem checks by default, reserving plugin runtime collectors for deep audit paths.\n\nThanks @vincentkoc
 2026-05-01 08:22:06 -07:00
Vincent Koc
bbc3384fda docs(doctor): clarify service repair prompts 
Clarify when doctor reports service repair state versus when gateway install performs launcher writes.\n\nThanks @vincentkoc
 2026-05-01 08:21:43 -07:00
Agustin Rivera
9c0975c1c2 Mattermost: refresh slash callback command validation (#72923) 
* fix(mattermost): refresh slash callback tokens

* fix(mattermost): reconcile slash callback method

* fix(mattermost): bound slash command lookups

* fix(mattermost): cache slash validation lookups

* fix(mattermost): refresh slash routing

* fix(mattermost): require slash callback secret

* fix(mattermost): rate limit slash validation

* fix(mattermost): throttle slash validation

* fix(mattermost): bound slash token cache

* fix(mattermost): sanitize slash callback logs

* fix(mattermost): avoid stale slash token cache

* fix(mattermost): scope slash token gate to command

* fix(mattermost): rate-limit slash validation

* fix(mattermost): redact slash validation errors

* fix(mattermost): satisfy slash sanitizer lint

* Move Mattermost slash refresh changelog entry to Unreleased Fixes

* Apply oxfmt accordion blank-line on Mattermost slash docs

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-05-01 09:10:17 -06:00
Andrew
42584964ac fix(context-engine): honor assembled prompt authority in precheck (#74255) 
Merged via squash.

Prepared head SHA: 650b02380b
Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-05-01 07:43:41 -07:00
Peter Steinberger
36e687edf0 fix(plugins): use built code for tool discovery 2026-05-01 14:38:29 +01:00
Peter Steinberger
f221bc85a0 feat(google-meet): add transcribe caption health 2026-05-01 14:29:23 +01:00
Vincent Koc
cef2542cec feat(slack): publish App Home tab views 2026-05-01 06:20:18 -07:00
Shakker
6c86972fbe docs: note zai manifest catalog migration 2026-05-01 14:10:21 +01:00
Shakker
3a24a25f4b docs: note venice manifest catalog migration 2026-05-01 13:55:17 +01:00
Shakker
2c152ffa7f docs: note groq manifest catalog migration 2026-05-01 13:45:40 +01:00
Vincent Koc
bf8bdcb064 fix(gateway): defer session store read maintenance 2026-05-01 05:15:19 -07:00
Peter Steinberger
c6a12a6fd2 fix: show google meet twilio call diagnostics 2026-05-01 12:52:29 +01:00
Peter Steinberger
1d47974f89 fix: default Discord voice to explicit opt-in 2026-05-01 12:49:24 +01:00
Peter Steinberger
42aaf0c98a Prefer Codex native workspace tools (#75308) 
Summary:
- The PR adds Codex dynamic-tool profile config defaulting to `native-first`, filters duplicate workspace/process/planning tools from Codex app-server thread payloads, keeps managed `web_search`, updates docs/manifest/config baselines/changelog, and adds regression tests.

ClawSweeper fixups:
- Included follow-up commit: test(codex): pin native-first tool catalog
- Included follow-up commit: chore(config): refresh generated schema baseline
- Included follow-up commit: chore: add codex native-first changelog
- Included follow-up commit: chore: move native-first changelog entry
- Included follow-up commit: chore: refresh config baseline after rebase

Validation:
- ClawSweeper review passed for head 30e5cecfb7.
- Required merge gates passed before the squash merge.

Prepared head SHA: 30e5cecfb7
Review: https://github.com/openclaw/openclaw/pull/75308#issuecomment-4356919781

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: pashpashpash <nik@vault77.ai>
 2026-05-01 11:36:17 +00:00
Peter Steinberger
ec69c07b27 fix: send twilio notify twiml directly 2026-05-01 12:35:40 +01:00
Alex Knight
0a74037f6f docs(sandboxing): clarify sandbox setup scripts require source checkout (#75594) 
Add inline docker build commands for npm-installed users who don't have the
source checkout scripts. Update all docs referencing sandbox-setup.sh,
sandbox-common-setup.sh and sandbox-browser-setup.sh to note they are
source-checkout-only and link to the new inline instructions.

Fixes #75485.
 2026-05-01 20:58:26 +10:00
Peter Steinberger
737fd808dd fix: make Discord voice reconnect timing resilient 2026-05-01 11:57:45 +01:00
Peter Steinberger
3585d3e226 fix: apply Discord voice channel prompts 2026-05-01 11:19:18 +01:00
Peter Steinberger
f9bb6e3515 fix: restore Discord voice replies 2026-05-01 11:04:24 +01:00
Peter Steinberger
7ddf28c0d4 feat: support git plugin installs 2026-05-01 10:59:10 +01:00
mainstay22
94543092be feat(workspace): add skipOptionalBootstrapFiles config option (#62110) 
Adds `agents.defaults.skipOptionalBootstrapFiles` for optional workspace bootstrap files, validates the supported filenames, and propagates the option through workspace bootstrap callers.

Also preserves legacy setup detection when `USER.md` or `IDENTITY.md` are intentionally skipped, documents the config field, and includes focused regression coverage.

Landing follow-up included small CI unblockers for current-base drift: removing an unused Brave runtime dependency, fixing Telegram RTT lint, and preserving compatible gateway-bindable plugin registry cache reuse when runtime ensures disable bundled dependency installation.
 2026-05-01 04:08:22 -05:00
Peter Steinberger
88da533714 fix: bypass update restart cooldown 2026-05-01 09:55:03 +01:00
Peter Steinberger
ef186a06d9 fix: add fast voice-call realtime context 2026-05-01 09:47:09 +01:00
Peter Steinberger
61985cb1d2 chore: simplify crabbox integration 2026-05-01 09:27:00 +01:00
Peter Steinberger
29ed5266bf fix: keep runtime deps repair out of hot paths 2026-05-01 09:26:45 +01:00
Peter Steinberger
e131eaecb5 fix: force package update restart handoff 2026-05-01 09:25:33 +01:00
Vincent Koc
dffc295a74 test(e2e): add upgrade survivor scenario probes 2026-05-01 01:18:11 -07:00
Vincent Koc
2500b5d4ec test(e2e): expand published upgrade survivor baselines 2026-05-01 01:18:11 -07:00
NVIDIAN
ef0eb12615 feat(gateway): add SDK-facing tools.invoke RPC 
Adds the SDK-facing tools.invoke Gateway RPC for #74705.

Reuses the /tools/invoke policy path for tool policy, deny-list, owner filtering, before-tool-call hooks, session/agent scoping, and plugin approval handling. Returns typed SDK approval/refusal/success results while preserving HTTP compatibility and uses idempotencyKey as the stable tool-call id.

Includes protocol schema exports, method scope/list registration, SDK helper/types, docs, generated Swift models, tests, and changelog credit.
 2026-05-01 03:16:53 -05:00
ShihChi Huang
0c3d1892cd fix: support Google Meet realtime barge-in (#73834) 
Replay #73834 onto current main and preserve provider-side interruption when Google Meet detects a local human barge-in.

Thanks @shhtheonlyperson.
 2026-05-01 09:00:50 +01:00
Peter Steinberger
250376f885 fix: simplify bundled runtime dependency repair (#75183) 
Summary:
- Merged fix: simplify bundled runtime dependency repair after ClawSweeper review.

ClawSweeper fixups:
- Included follow-up commit: fix: verify cached bundled runtime roots
- Included follow-up commit: refactor: simplify plugin runtime startup paths
- Included follow-up commit: refactor: trim plugin startup policy helpers
- Included follow-up commit: refactor: trust package manager runtime deps materialization
- Included follow-up commit: fix: narrow channel runtime deps skip policy
- Included follow-up commit: refactor: defer startup plugin runtime deps
- Ran the ClawSweeper repair loop before final review.

Validation:
- ClawSweeper review passed for head 04dc566534.
- Required merge gates passed before the squash merge.

Prepared head SHA: 04dc566534
Review: https://github.com/openclaw/openclaw/pull/75183#issuecomment-4358383786

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: clawsweeper-repair <clawsweeper-repair@users.noreply.github.com>
 2026-05-01 07:49:02 +00:00
Nimrod Gutman
f42645037f refactor(macos): move sessions into context submenu (#75489) 
Merged via squash.

Prepared head SHA: bbf5450572
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-05-01 10:22:29 +03:00
Peter Steinberger
c677861032 chore: log meet twilio voice flow 2026-05-01 07:38:41 +01:00
VACInc
be14820b5d fix: resolve voice-call SecretRef inputs (#73632) 
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-01 07:21:02 +01:00
Peter Steinberger
ec1b96cdfa fix: honor meet preconnect twiml 2026-05-01 07:17:10 +01:00
Peter Steinberger
ae07d57f9d fix: sequence meet dtmf before realtime bridge 2026-05-01 07:05:01 +01:00
Peter Steinberger
ffcc0d1fe1 fix: delay meet twilio intro speech 2026-05-01 06:55:22 +01:00
Peter Steinberger
50d8ef2229 docs: expand meet voice-call troubleshooting 2026-05-01 06:45:53 +01:00
stain lu
84920fad4e security(logging): redact payment credential fields (#75230) 
Summary:
- The PR adds payment-credential redaction patterns and a key-aware structured field redaction helper, wires it into tool payload sanitization, and updates focused tests, logging docs, and the changelog.

ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 5f5f1fadbb.
- Required merge gates passed before the squash merge.

Prepared head SHA: 5f5f1fadbb
Review: https://github.com/openclaw/openclaw/pull/75230#issuecomment-4355538755

Co-authored-by: stainlu <stainlu@newtype-ai.org>
 2026-05-01 05:45:28 +00:00
Peter Steinberger
b2aac178d6 fix: tighten meet voice-call setup checks 2026-05-01 06:40:22 +01:00
Peter Steinberger
464e573602 fix(voice-call): delegate cli calls to gateway 2026-05-01 06:35:36 +01:00
Ben
e8f9c3e6de fix(voice-call): stabilize Twilio STT startup (#75257) 
Fix Twilio voice-call startup so accepted media streams register immediately, realtime transcription readiness gates only the initial greeting, and early inbound media is preserved while STT connects.

Fixes #75197.
Thanks @PfanP and @donkeykong91.
 2026-05-01 06:25:36 +01:00
Jesse Merhi
4ea0556f64 feat: add proxy validation command 
Adds `openclaw proxy validate` for operator-managed proxy preflight checks, including allowed/denied destination validation, CLI output, tests, docs, and changelog coverage.

Maintainer follow-ups before landing:
- validate custom allowed URLs before probing;
- use a temporary loopback canary for default denied checks and fail custom denied transport errors as unverifiable;
- redact proxy URL userinfo, query strings, and fragments from text/JSON validation output.

Validation:
- `pnpm test src/infra/net/proxy/proxy-validation.test.ts src/cli/proxy-cli.runtime.test.ts src/cli/proxy-cli.test.ts -- --reporter=verbose`
- `pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/cli/proxy-cli.ts src/cli/proxy-cli.runtime.ts src/cli/proxy-cli.test.ts src/cli/proxy-cli.runtime.test.ts src/infra/net/proxy/proxy-validation.ts src/infra/net/proxy/proxy-validation.test.ts docs/cli/proxy.md docs/security/network-proxy.md`
- `pnpm exec oxlint src/cli/proxy-cli.runtime.ts src/cli/proxy-cli.runtime.test.ts`
- `git diff --check`
- Testbox `pnpm install && OPENCLAW_TESTBOX=1 pnpm check:changed` on `tbx_01kqgz68ff20n3dtrgq0j1mykt`
- GitHub CI success on `321b3aaf2b8be27dec6ce2ac5e4007ed064218b5`
 2026-05-01 00:19:55 -05:00
Peter Steinberger
1c300cec5d fix(auto-reply): keep group visible replies deliverable (#75382) 
Summary:
- The PR updates auto-reply message-tool availability and fallback policy, qa-channel group target support, qa-lab scenario coverage, generated config metadata, docs, and the changelog for group visible replies.

ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head adbec93b8a.
- Required merge gates passed before the squash merge.

Prepared head SHA: adbec93b8a
Review: https://github.com/openclaw/openclaw/pull/75382#issuecomment-4357590733

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-01 05:07:03 +00:00
Cole
76930da7eb feat(bluebubbles): add reply-context API fallback for cache misses (#71820) 
Merged via squash.

Prepared head SHA: 04f6a8740a
Co-authored-by: coletebou <12384893+coletebou@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
 2026-04-30 22:01:26 -07:00