LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,957 Commits 634 Branches 72 Tags
97ea9df57f1e47494d3a4522e6b335ef58d0438f
Commit Graph

16957 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
joshavant
97ea9df57f README: add algal to contributors list (#2046) 2026-03-05 17:07:03 -06:00
littleben
b9a20dc97f fix(slack): preserve dedupe while recovering dropped app_mention (#34937) 
This PR fixes Slack mention loss without reintroducing duplicate dispatches.

- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.

Co-authored-by: littleben <1573829+littleben@users.noreply.github.com>
Co-authored-by: OpenClaw Agent <agent@openclaw.ai>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 17:00:05 -06:00
2233admin
7830366f3c fix(slack): propagate mediaLocalRoots through Slack send path 
Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.

- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix

Co-authored-by: 2233admin <1497479966@qq.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:52:49 -06:00
Bill
a0b731e2ce fix(config): prevent RangeError in merged schema cache key generation 
Fix merged schema cache key generation for high-cardinality plugin/channel metadata by hashing incrementally instead of serializing one large aggregate string.

Includes changelog entry for the user-visible regression fix.

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Bill <gsamzn@gmail.com>
 2026-03-05 16:45:07 -06:00
Sid
60d33637d9 fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <45486779+Naylenv@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:32:42 -06:00
Jacob Riff
aad372e15f feat: append UTC time alongside local time in shared Current time lines (#32423) 
Merged via squash.

Prepared head SHA: 9e8ec13933
Co-authored-by: jriff <50276+jriff@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-06 01:26:34 +03:00
Altay
49acb07f9f fix(agents): classify insufficient_quota 400s as billing (#36783) 2026-03-06 01:17:48 +03:00
Vincent Koc
0c08e3f55f UI: hoist lifecycle connect test mocks (#36788) 2026-03-05 17:15:31 -05:00
Vincent Koc
999b7e4edf fix(ui): bump dompurify to 3.3.2 (#36781) 
* UI: bump dompurify to 3.3.2

* Deps: refresh dompurify lockfile
 2026-03-05 17:08:42 -05:00
Vincent Koc
98aecab7bd Docs: cover heartbeat, cron, and plugin route updates 2026-03-05 17:05:21 -05:00
Vincent Koc
2b45eb0e52 Docs: document Control UI locale support 2026-03-05 16:57:59 -05:00
Vincent Koc
6b2c115167 Docs: clarify OpenAI-compatible TTS endpoints 2026-03-05 16:57:51 -05:00
Vincent Koc
1d3962a000 Docs: update gateway config reference for Slack and TTS 2026-03-05 16:57:40 -05:00
Vincent Koc
837b7b4b94 Docs: add Slack typing reaction fallback 2026-03-05 16:57:31 -05:00
Altay
6859619e98 test(agents): add provider-backed failover regressions (#36735) 
* test(agents): add provider-backed failover fixtures

* test(agents): cover more provider error docs

* test(agents): tighten provider doc fixtures
 2026-03-06 00:42:59 +03:00
Rodrigo Uroz
036c329716 Compaction/Safeguard: add summary quality audit retries (#25556) 
Merged via squash.

Prepared head SHA: be473efd16
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 13:39:25 -08:00
jiangnan
029c473727 fix(failover): narrow service-unavailable to require overload indicator (#32828) (#36646) 
Merged via squash.

Prepared head SHA: 46fb430612
Co-authored-by: jnMetaCode <12096460+jnMetaCode@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-06 00:01:57 +03:00
Altay
f014e255df refactor(agents): share failover HTTP status classification (#36615) 
* fix(agents): classify transient failover statuses consistently

* fix(agents): preserve legacy failover status mapping
 2026-03-05 23:50:36 +03:00
不做了睡大觉
8ac7ce73b3 fix: avoid false global rate-limit classification from generic cooldown text (#32972) 
Merged via squash.

Prepared head SHA: 813c16f5af
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-05 22:58:21 +03:00
Sid
591264ef52 fix(agents): set preserveSignatures to isAnthropic in resolveTranscriptPolicy (#32813) 
Merged via squash.

Prepared head SHA: f522d21ca5
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:55:06 -08:00
Byungsker
709dc671e4 fix(session): archive old transcript on daily/scheduled reset to prevent orphaned files (#35493) 
Merged via squash.

Prepared head SHA: 0d95549d75
Co-authored-by: byungsker <72309817+byungsker@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:52:23 -08:00
Bin Deng
edc386e9a5 fix(ui): catch marked.js parse errors to prevent Control UI crash (#36445) 
- Prevent Control UI session render crashes when `marked.parse()` encounters pathological recursive markdown by safely falling back to escaped `<pre>` output.
- Tighten markdown fallback regression coverage and keep changelog attribution in sync for this crash-hardening path.

Co-authored-by: Bin Deng <dengbin@romangic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 13:46:49 -06:00
Sid
6c0376145f fix(agents): skip compaction API call when session has no real messages (#36451) 
Merged via squash.

Prepared head SHA: 52dd631789
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:40:25 -08:00
Kai
60a6d11116 fix(embedded): classify model_context_window_exceeded as context overflow, trigger compaction (#35934) 
Merged via squash.

Prepared head SHA: 20fa77289c
Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 11:30:24 -08:00
Josh Avant
72cf9253fc Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094) 2026-03-05 12:53:56 -06:00
Tak Hoffman
bc66a8fa81 fix(feishu): avoid media regressions from global HTTP timeout (#36500) 
* fix(feishu): avoid media regressions from global http timeout

* fix(feishu): source HTTP timeout from config

* fix(feishu): apply media timeout override to image uploads

* fix(feishu): invalidate cached client when timeout changes

* fix(feishu): clamp timeout values and cover image download
 2026-03-05 12:13:40 -06:00
maweibin
09c68f8f0e add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177) 
Merged via squash.

Prepared head SHA: d9a2869ad6
Co-authored-by: maweibin <18023423+maweibin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 13:06:59 -05:00
Liu Xiaopai
174eeea76c Feishu: normalize group slash command probing 
- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: #36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>\nCo-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
 2026-03-05 11:56:59 -06:00
Sid
995ae73d5f synthesis: fix Feishu group mention slash parsing 
## Summary\n\nFeishu group slash command parsing is fixed for mentions and command probes across authorization paths.\n\nThis includes:\n- Normalizing bot mention text in group context for reliable slash detection in message parsing.\n- Adding command-probe normalization for group slash invocations.\n\nCo-authored-by: Sid Qin <sidqin0410@gmail.com>\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 11:34:08 -06:00
Sid
2972d6fa79 fix(feishu): accept groupPolicy "allowall" as alias for "open" (#36358) 
* fix(feishu): accept groupPolicy "allowall" as alias for "open"

When users configure groupPolicy: "allowall" in Feishu channel config,
the Zod schema rejects the value and the runtime policy check falls
through to the allowlist path.  With an empty allowFrom array, all group
messages are silently dropped despite the intended "allow all" semantics.

Accept "allowall" at the schema level (transform to "open") and add a
runtime guard in isFeishuGroupAllowed so the value is handled even if it
bypasses schema validation.

Closes #36312

Made-with: Cursor

* Feishu: tighten allowall alias handling and coverage

---------

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 11:32:01 -06:00
Tak Hoffman
89b303c553 Mattermost: switch plugin-sdk imports to scoped subpaths (openclaw#36480) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 11:28:16 -06:00
StingNing
627b37e34f Feishu: honor bot mentions by ID despite aliases (Fixes #36317) (#36333) 2026-03-05 11:00:27 -06:00
Liu Xiaopai
b9f3f8d737 fix(feishu): use probed botName for mention checks (#36391) 2026-03-05 10:55:04 -06:00
Ayane
ba223c7766 fix(feishu): add HTTP timeout to prevent per-chat queue deadlocks (#36430) 
When the Feishu API hangs or responds slowly, the sendChain never settles,
causing the per-chat queue to remain in a processing state forever and
blocking all subsequent messages in that thread. This adds a 30-second
default timeout to all Feishu HTTP requests by providing a timeout-aware
httpInstance to the Lark SDK client.

Closes #36412

Co-authored-by: Ayane <wangruofei@soulapp.cn>
 2026-03-05 10:46:10 -06:00
Sid
8d48235d3a fix(browser): remove deprecated --disable-blink-features=AutomationControlled flag 
- Removes OpenClaw's default `--disable-blink-features=AutomationControlled` Chrome launch switch to avoid unsupported-flag warnings in newer Chrome (#35721).
- Preserves compatibility for older Chrome via `browser.extraArgs` override behavior (source analysis: #35770, #35728, #35727, #35885).
- Synthesis attribution: thanks @Sid-Qin, @kevinWangSheng, @ningding97, @Naylenv, @clawbie.

Source PR refs: #35734, #35770, #35728, #35727, #35885

Co-authored-by: Sid-Qin <Sid-Qin@users.noreply.github.com>
Co-authored-by: kevinWangSheng <kevinWangSheng@users.noreply.github.com>
Co-authored-by: ningding97 <ningding97@users.noreply.github.com>
Co-authored-by: Naylenv <Naylenv@users.noreply.github.com>
Co-authored-by: clawbie <clawbie@users.noreply.github.com>
Co-authored-by: Takhoffman <Takhoffman@users.noreply.github.com>
 2026-03-05 09:22:47 -06:00
Tony Dehnke
136ca87f7b feat(mattermost): add interactive buttons support (#19957) 
Merged via squash.

Prepared head SHA: 8a25e60872
Co-authored-by: tonydehnke <36720180+tonydehnke@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-05 20:14:57 +05:30
Tak Hoffman
9741e91a64 test(cron): add cross-channel announce fallback regression coverage (openclaw#36197) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 07:37:37 -06:00
Tak Hoffman
544abc927f fix(cron): restore direct fallback after announce failure in best-effort mode (openclaw#36177) 
Verified:
- pnpm build
- pnpm check (fails on pre-existing origin/main lint debt in extensions/mattermost imports)
- pnpm test:macmini

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 07:25:24 -06:00
Vincent Koc
4dc0c66399 fix(subagents): strip leaked [[reply_to]] tags from completion announces (#34503) 
* fix(subagents): strip reply tags from completion delivery text

* test(subagents): cover reply-tag stripping in cron completion sends

* changelog: note iMessage reply-tag stripping in completion announces

* Update CHANGELOG.md

* Apply suggestion from @greptile-apps[bot]

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-05 07:50:55 -05:00
Joseph Turian
e5b6a4e19d Mattermost: honor onmessage mention override and add gating diagnostics tests (#27160) 
Merged via squash.

Prepared head SHA: 6cefb1d5bf
Co-authored-by: turian <65918+turian@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-05 17:59:54 +05:30
Sid
06ff25cce4 fix(feishu): check response.ok before calling response.json() in streaming card (#35628) 
Merged via squash.

Prepared head SHA: 62c3fec80d
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-05 01:58:21 -08:00
青雲
c522154771 docs(telegram): recommend allowlist for single-user DM policy (#34841) 
* docs(telegram): recommend allowlist for single-user bots

* docs(telegram): condense single-user allowlist note

---------

Co-authored-by: echoVic <echovic@163.com>
 2026-03-05 11:39:19 +03:00
Bob
6a705a37f2 ACP: add persistent Discord channel and Telegram topic bindings (#34873) 
* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-05 09:38:12 +01:00
Kai
2c8ee593b9 TTS: add baseUrl support to OpenAI TTS config (#34321) 
Merged via squash.

Prepared head SHA: e9a10cf81d
Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-05 07:25:04 +00:00
Shakker
60849f3335 chore(pr): enforce changelog placement and reduce merge sync churn 2026-03-05 06:37:53 +00:00
Sid
3a6b412f00 fix(gateway): pass actual version to Control UI client instead of dev (#35230) 
* fix(gateway): pass actual version to Control UI client instead of "dev"

The GatewayClient, CLI WS client, and browser Control UI all sent
"dev" as their clientVersion during handshake, making it impossible
to distinguish builds in gateway logs and health snapshots.

- GatewayClient and CLI WS client now use the resolved VERSION constant
- Control UI reads serverVersion from the bootstrap endpoint and
  forwards it when connecting
- Bootstrap contract extended with serverVersion field

Closes #35209

* Gateway: fix control-ui version version-reporting consistency

* Control UI: guard deferred bootstrap connect after disconnect

* fix(ui): accept same-origin http and relative gateway URLs for client version

---------

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 00:01:34 -06:00
alexyyyander
c4dab17ca9 fix(gateway): prevent internal route leakage in chat.send 
Synthesis of routing fixes from #35321, #34635, and #35356 for internal-client reply safety.

- Require explicit `deliver: true` before inheriting any external delivery route.
- Keep webchat/TUI/UI-origin traffic on internal routing by default.
- Allow configured-main session inheritance only for non-Webchat/UI clients, and honor `session.mainKey`.
- Add regression tests for UI no-inherit, configured-main CLI inherit, and deliver-flag behavior.

Co-authored-by: alexyyyander <alexyyyander@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Linux2010 <35169750+Linux2010@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-04 23:57:35 -06:00
Sid
463fd4735e fix(agents): guard context pruning against malformed thinking blocks (#35146) 
Merged via squash.

Prepared head SHA: a196a565b1
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-05 05:52:24 +00:00
不做了睡大觉
8891e1e48d fix(web-ui): render Accounts schema node properly (#35380) 
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com>
Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-04 23:50:18 -06:00
Sid
d9b69a6145 fix(agents): guard promoteThinkingTagsToBlocks against malformed content entries (#35143) 
Merged via squash.

Prepared head SHA: 3971122f5f
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-05 05:37:33 +00:00