LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,138 Commits 634 Branches 72 Tags
8db5d67768e44d264d946b231cc2b7a77f4239f3
Commit Graph

17138 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
8db5d67768 chore: update dependencies except carbon 2026-03-07 10:55:18 +00:00
Peter Steinberger
b85005194e test(memory): make mcporter EINVAL retry test deterministic 2026-03-07 10:49:03 +00:00
Peter Steinberger
1aa77e4603 refactor(extensions): reuse shared helper primitives 2026-03-07 10:41:05 +00:00
Peter Steinberger
3c71e2bd48 refactor(core): extract shared dedup helpers 2026-03-07 10:41:05 +00:00
Ayaan Zaidi
14c61bb33f fix(ci): re-enable detect-secrets on main 2026-03-07 16:09:12 +05:30
Peter Steinberger
f358c6f2fb docs: reorder 2026.3.7 changelog highlights 2026-03-07 10:10:42 +00:00
Peter Steinberger
997a9f5b9e chore: bump version to 2026.3.7 2026-03-07 10:09:02 +00:00
Ayaan Zaidi
84f5d7dc1d fix(android): align run command with app id 2026-03-07 14:58:51 +05:30
Ayaan Zaidi
2018d8aa99 docs: add changelog entry for Android package rename (#38712) 2026-03-07 14:51:03 +05:30
Ayaan Zaidi
5568b393a8 fix(android): rename app package to ai.openclaw.app 2026-03-07 14:51:03 +05:30
Tak Hoffman
8873e13f1e fix(gateway): stop stale-socket restarts before first event (#38643) 
* fix(gateway): guard stale-socket restarts by event liveness

* fix(gateway): centralize connect-time liveness tracking

* fix(web): apply connected status patch atomically

* fix(gateway): require active socket for stale checks

* fix(gateway): ignore inherited stale event timestamps
 2026-03-07 00:58:08 -06:00
ql-wade
a5c07fa115 fix(gateway): skip stale-socket restarts for Telegram polling (openclaw#38405) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: ql-wade <262266039+ql-wade@users.noreply.github.com>
 2026-03-07 00:20:34 -06:00
拐爷&&老拐瘦
2e31aead39 fix(gateway): invalidate bootstrap cache on session rollover (openclaw#38535) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: yfge <1186273+yfge@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 23:46:02 -06:00
Ayaan Zaidi
e802840b62 docs: update changelog for reply media delivery (#38572) 2026-03-07 10:52:16 +05:30
Ayaan Zaidi
c943747d6b fix: contain final reply media normalization failures 2026-03-07 10:52:16 +05:30
Ayaan Zaidi
059aedeb08 fix: contain block reply media failures 2026-03-07 10:52:16 +05:30
Ayaan Zaidi
77ef672468 fix: normalize reply media paths 2026-03-07 10:52:16 +05:30
Vincent Koc
15a5e39da2 Fix owner-only auth and overlapping skill env regressions (#38548) 2026-03-06 23:33:42 -05:00
Xinhua Gu
024af2b738 fix(feishu): disable block streaming to prevent silent reply drops (openclaw#38422) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 22:33:30 -06:00
ql-wade
e309a15d73 fix: suppress ACP NO_REPLY fragments in console output (#38436) 2026-03-07 09:34:45 +05:30
Vincent Koc
6017b738b1 Web: add HEIC media regression and doc fix (#38294) 
* Web: add HEIC media normalization regression

* Docs: list HEIC input_image MIME types

* Update src/web/media.test.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-06 22:49:38 -05:00
Xinhua Gu
1a022a31de fix(gateway): classify wrapped "fetch failed" messages as transient network errors (openclaw#38530) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 21:47:32 -06:00
Jakob
fa69f836c4 fix: increase maxTokens for tool probe to support reasoning models 
Closes #7521
 2026-03-06 22:27:28 -05:00
Tak Hoffman
a01978ba96 fix(googlechat): inherit shared defaults for multi-account webhook auth (#38492) 
* fix(googlechat): inherit shared defaults from accounts.default

* fix(googlechat): do not inherit default enabled state

* fix(googlechat): avoid inheriting default credentials

* fix(googlechat): keep dangerous auth flags account-local
 2026-03-06 21:11:55 -06:00
Vincent Koc
ba9eaf2ee2 fix(media): retain inbound media with recursive cleanup TTL (#38292) 
* Config: add media retention TTL setting

* Media: recurse persisted media cleanup

* Gateway: add persisted media cleanup timer

* Media: harden retention cleanup sweep

* Media: make recursive retention cleanup opt-in

* Media: retry writes after empty-dir cleanup race
 2026-03-06 22:06:09 -05:00
Vincent Koc
563a125c66 fix(gateway): stop shared-main chat.send from inheriting stale external routes (#38418) 
* fix(gateway): prevent webchat messages from cross-routing to external channels

chat.send always originates from the webchat/control-UI surface.  Previously,
channel-scoped session keys (e.g. agent:main:slack:direct:U…) caused
OriginatingChannel to inherit the session's stored external route, so the
reply dispatcher would route responses to Slack/Telegram instead of back to
the gateway connection.  Remove the route-inheritance logic from chat.send and
always set OriginatingChannel to INTERNAL_MESSAGE_CHANNEL ("webchat").

Closes #34647

Made-with: Cursor

* Gateway: preserve configured-main connect gating

* Gateway: cover connect-without-client routing

* Gateway: add chat.send session key length limit

* Gateway: cap chat.send session key schema

* Gateway: bound chat.send session key parsing

* Gateway: cover oversized chat.send session keys

* Update CHANGELOG.md

---------

Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
 2026-03-06 21:59:08 -05:00
Vincent Koc
bf623a580b Agents: add skill API rate-limit guardrail (#38452) 
* Agents: add rate-limit guardrail for skill API writes

* Changelog: note skill API rate-limit awareness
 2026-03-06 20:20:00 -05:00
Vincent Koc
75981b05c3 Dependencies: remove unused extension packages (#38317) 
* Dependencies: drop unused extension packages

* Dependencies: drop unused tlon http-api package

* Dependencies: keep bundled acpx package
 2026-03-06 19:55:41 -05:00
Vincent Koc
2d52c88dad fix(podman): stop assuming /tmp is disk-backed (#38296) 
* Podman: avoid hardcoding /tmp for image staging

* Docs: clarify container storage paths

* Podman: secure staged image import

* Podman: clarify streamed image handoff
 2026-03-06 19:55:26 -05:00
Vincent Koc
74959fc1fd Dependencies: remove unused core and UI packages (#38316) 
* Dependencies: drop unused root runtime packages

* Dependencies: trim unused UI package deps

* Dependencies: keep UI build deps and stable git lock resolution

* Lockfile: fix UI vitest browser snapshot key
 2026-03-06 19:53:22 -05:00
Vincent Koc
063b9aabe2 fix: xxxxx 2026-03-06 19:46:38 -05:00
Vincent Koc
42e3d8d693 Secrets: add inline allowlist review set (#38314) 
* Secrets: add inline allowlist review set

* Secrets: narrow detect-secrets file exclusions

* Secrets: exclude Docker fingerprint false positive

* Secrets: allowlist test and docs false positives

* Secrets: refresh baseline after allowlist updates

* Secrets: fix gateway chat fixture pragma

* Secrets: format pre-commit config

* Android: keep talk mode fixture JSON valid

* Feishu: rely on client timeout injection

* Secrets: allowlist provider auth test fixtures

* Secrets: allowlist onboard search fixtures

* Secrets: allowlist onboard mode fixture

* Secrets: allowlist gateway auth mode fixture

* Secrets: allowlist APNS wake test key

* Secrets: allowlist gateway reload fixtures

* Secrets: allowlist moonshot video fixture

* Secrets: allowlist auto audio fixture

* Secrets: allowlist tiny audio fixture

* Secrets: allowlist embeddings fixtures

* Secrets: allowlist resolve fixtures

* Secrets: allowlist target registry pattern fixtures

* Secrets: allowlist gateway chat env fixture

* Secrets: refresh baseline after fixture allowlists

* Secrets: reapply gateway chat env allowlist

* Secrets: reapply gateway chat env allowlist

* Secrets: stabilize gateway chat env allowlist

* Secrets: allowlist runtime snapshot save fixture

* Secrets: allowlist oauth profile fixtures

* Secrets: allowlist compaction identifier fixture

* Secrets: allowlist model auth fixture

* Secrets: allowlist model status fixtures

* Secrets: allowlist custom onboarding fixture

* Secrets: allowlist mattermost token summary fixtures

* Secrets: allowlist gateway auth suite fixtures

* Secrets: allowlist channel summary fixture

* Secrets: allowlist provider usage auth fixtures

* Secrets: allowlist media proxy fixture

* Secrets: allowlist secrets audit fixtures

* Secrets: refresh baseline after final fixture allowlists

* Feishu: prefer explicit client timeout

* Feishu: test direct timeout precedence
 2026-03-06 19:35:26 -05:00
Vincent Koc
3070fafec1 fix(venice): switch default model to kimi-k2-5 (#38423) 
* Docs: refresh Venice default model guidance

* Venice: switch default model to Kimi K2.5

* Changelog: credit Venice default refresh
 2026-03-06 19:31:07 -05:00
OfflynAI
adb9234d03 fix(imessage): prevent echo loop from leaking internal metadata and amplifying NO_REPLY into queue overflow (#33295) 
* fix(imessage): prevent echo loop from leaking internal metadata and amplifying NO_REPLY into queue overflow

- Add outbound sanitization at channel boundary (sanitize-outbound.ts):
  strips thinking/reasoning tags, relevant-memories tags, model-specific
  separators (+#+#), and assistant role markers before iMessage delivery

- Add inbound reflection guard (reflection-guard.ts): detects and drops
  messages containing assistant-internal markers that indicate a reflected
  outbound message, preventing recursive echo amplification

- Harden echo cache: increase text TTL from 5s to 30s to catch delayed
  reflections that previously expired before the echo could be detected

- Add loop rate limiter (loop-rate-limiter.ts): per-conversation rapid-fire
  detection that suppresses conversations exceeding threshold within a
  time window, acting as a safety net against amplification

Closes #33281

* fix(imessage): address review — stricter reflection regex, loop-aware rate limiter

- Reflection guard: require closing > bracket on thinking/final/memory
  tag patterns to prevent false-positives on user phrases like
  '<final answer>' or '<thought experiment>' (#33295 review)

- Rate limiter: only record echo/reflection/from-me drops instead of
  all dispatches, so the limiter acts as a loop-specific escalation
  mechanism rather than a general throttle on normal conversation
  velocity (#33295 review)

* Changelog: add iMessage echo-loop hardening entry

* iMessage: restore short echo-text TTL

* iMessage: ignore reflection markers in code

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-06 19:19:57 -05:00
Vincent Koc
5320ee7731 fix(venice): harden discovery limits and tool support (#38306) 
* Config: add supportsTools compat flag

* Agents: add model tool support helper

* Venice: sync discovery and fallback metadata

* Agents: skip tools for unsupported models

* Changelog: note Venice provider hardening

* Update CHANGELOG.md

* Venice: cap degraded discovery metadata

* Apply suggestion from @greptile-apps[bot]

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* Venice: tolerate partial discovery capabilities

* Venice: tolerate missing discovery specs

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-06 19:07:11 -05:00
SP
942c53e7f0 fix(agents): prevent totalTokens crash when assistant usage is missing (#34977) 
Merged via squash.

Prepared head SHA: 1c14094f3f
Co-authored-by: sp-hk2ldn <8068616+sp-hk2ldn@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-06 15:59:16 -08:00
Marcus Widing
48b3c4a043 fix(auth): treat unconfigured-owner sessions as owner for ownerOnly tools (#26331) 
Merged via squash.

Prepared head SHA: 1fbe1c7651
Co-authored-by: widingmarcus-cyber <245375637+widingmarcus-cyber@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-06 15:37:07 -08:00
Drew Wagner
ae96a81916 fix: strip skill-injected env vars from ACP harness spawn env (#36280) (#36316) 
* fix: strip skill-injected env vars from ACP harness spawn env

Skill apiKey entries (e.g., openai-image-gen with primaryEnv=OPENAI_API_KEY)
are set on process.env during agent runs and only reverted after the run
completes. ACP harnesses like Codex CLI inherit these vars, causing them
to silently use API billing instead of their own auth (e.g., OAuth).

The fix tracks which env vars are actively injected by skill overrides in
a module-level Set (activeSkillEnvKeys) and strips them in
resolveAcpClientSpawnEnv() before spawning ACP child processes.

Fixes #36280

* ACP: type spawn env for stripped keys

* Skills: cover active env key lifecycle

* Changelog: note ACP skill env isolation

* ACP: preserve shell marker after env stripping

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-06 18:18:13 -05:00
Efe Büken
03b9abab84 feat(compaction): make post-compaction context sections configurable (#34556) 
Merged via squash.

Prepared head SHA: 491bb28544
Co-authored-by: efe-arv <259833796+efe-arv@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-06 14:57:15 -08:00
Vincent Koc
455430a6f8 Dead code: remove unused helper modules (#38318) 
* Dead code: remove unused provider runtime policy helper

* Dead code: remove unused shared env writer

* Dead code: remove unused auth store path collector
 2026-03-06 17:53:02 -05:00
Vincent Koc
a190220967 Tests: serialize low-memory test runner lanes 2026-03-06 17:45:44 -05:00
Altay
6e962d8b9e fix(agents): handle overloaded failover separately (#38301) 
* fix(agents): skip auth-profile failure on overload

* fix(agents): note overload auth-profile fallback fix

* fix(agents): classify overloaded failures separately

* fix(agents): back off before overload failover

* fix(agents): tighten overload probe and backoff state

* fix(agents): persist overloaded cooldown across runs

* fix(agents): tighten overloaded status handling

* test(agents): add overload regression coverage

* fix(agents): restore runner imports after rebase

* test(agents): add overload fallback integration coverage

* fix(agents): harden overloaded failover abort handling

* test(agents): tighten overload classifier coverage

* test(agents): cover all-overloaded fallback exhaustion

* fix(cron): retry overloaded fallback summaries

* fix(cron): treat HTTP 529 as overloaded retry
 2026-03-07 01:42:11 +03:00
Vincent Koc
110ca23bab Feishu: update media timeout tests 2026-03-06 17:34:41 -05:00
Wei Zhou
e601bf2d8e fix(pi-embedded-runner): propagate sender identity to fix Feishu doc create auto-grant (#32915) 
Merged via squash.

Prepared head SHA: efb2293075
Co-authored-by: cszhouwei <1811726+cszhouwei@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-06 14:31:15 -08:00
Shadow
91494b2596 fix: repair auto-response workflow YAML 2026-03-06 16:24:50 -06:00
Shadow
c301c5d083 fix: add no-ci-pr auto-response label 2026-03-06 15:53:59 -06:00
Shadow
864a1ecae7 docs: add changelog entry for Feishu timeouts (#38356) 2026-03-06 15:53:10 -06:00
Anton Eicher
20db7afd5f fix(feishu): remove invalid timeout properties from SDK method calls (#38267) 
The `timeout` property is not part of the Lark SDK method signatures,
causing TS2353 errors. The client-level `httpTimeoutMs` already applies
the timeout to all requests.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-06 15:50:34 -06:00
AngryBird
7ce79c8972 docs: fix broken dashboard image on i18n pages (#38031) 
The dashboard screenshot uses a relative path `src="whatsapp-openclaw.jpg"`
which resolves correctly on the English root page but produces 404 on
zh-CN and ja-JP pages because Mintlify prepends the language subdirectory
to the CDN path.

Change to absolute path `/whatsapp-openclaw.jpg` in all three index files,
consistent with other images on the same page that already use absolute
paths (e.g. `/assets/openclaw-logo-text-dark.png`).
 2026-03-07 00:22:19 +03:00
Vincent Koc
ab5fcfcc01 feat(gateway): add channel-backed readiness probes (#38285) 
* Changelog: add channel-backed readiness probe entry

* Gateway: add channel-backed readiness probes

* Docs: describe readiness probe behavior

* Gateway: add readiness probe regression tests

* Changelog: dedupe gateway probe entries

* Docs: fix readiness startup grace description

* Changelog: remove stale readiness entry

* Gateway: cover readiness hardening

* Gateway: harden readiness probes
 2026-03-06 15:15:23 -05:00