LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-07 22:44:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,662 Commits 633 Branches 70 Tags
eb8a8840d65fd082bdb4712d132fb7d262e24732
Commit Graph

238 Commits

Author SHA1 Message Date
Vincent Koc
99a48aad08 CI: increase checks-windows test shards to 4 2026-03-02 19:32:46 -08:00
Vincent Koc
8b80848ae9 CI: increase checks-windows test shards to 3 2026-03-02 19:31:27 -08:00
Vincent Koc
153a4f55db CI: reduce pre-test Windows setup latency 2026-03-02 19:30:29 -08:00
Vincent Koc
578a7a82be CI: add exact-key mode for pnpm cache restore 2026-03-02 19:30:29 -08:00
Vincent Koc
05aa16c040 CI: allow blacksmith 32 vCPU Windows runner in actionlint 2026-03-02 19:13:14 -08:00
Vincent Koc
2c6616b830 CI: gate Windows checks by windows-relevant scope (#32456) 
* CI: add windows scope output for changed-scope

* Test: cover windows scope gating in changed-scope

* CI: gate checks-windows by windows scope

* Docs: update CI windows scope and runner label

* CI: move checks-windows to 32 vCPU runner

* Docs: align CI windows runner with workflow
 2026-03-02 19:10:58 -08:00
Vincent Koc
f2c37e543e CI: optimize Windows lane by splitting bundle and dropping duplicate lanes 2026-03-02 18:58:43 -08:00
Josh Avant
806803b7ef feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580) 
* feat(secrets): expand secret target coverage and gateway tooling

* docs(secrets): align gateway and CLI secret docs

* chore(protocol): regenerate swift gateway models for secrets methods

* fix(config): restore talk apiKey fallback and stabilize runner test

* ci(windows): reduce test worker count for shard stability

* ci(windows): raise node heap for test shard stability

* test(feishu): make proxy env precedence assertion windows-safe

* fix(gateway): resolve auth password SecretInput refs for clients

* fix(gateway): resolve remote SecretInput credentials for clients

* fix(secrets): skip inactive refs in command snapshot assignments

* fix(secrets): scope gateway.remote refs to effective auth surfaces

* fix(secrets): ignore memory defaults when enabled agents disable search

* fix(secrets): honor Google Chat serviceAccountRef inheritance

* fix(secrets): address tsgo errors in command and gateway collectors

* fix(secrets): avoid auth-store load in providers-only configure

* fix(gateway): defer local password ref resolution by precedence

* fix(secrets): gate telegram webhook secret refs by webhook mode

* fix(secrets): gate slack signing secret refs to http mode

* fix(secrets): skip telegram botToken refs when tokenFile is set

* fix(secrets): gate discord pluralkit refs by enabled flag

* fix(secrets): gate discord voice tts refs by voice enabled

* test(secrets): make runtime fixture modes explicit

* fix(cli): resolve local qr password secret refs

* fix(cli): fail when gateway leaves command refs unresolved

* fix(gateway): fail when local password SecretRef is unresolved

* fix(gateway): fail when required remote SecretRefs are unresolved

* fix(gateway): resolve local password refs only when password can win

* fix(cli): skip local password SecretRef resolution on qr token override

* test(gateway): cast SecretRef fixtures to OpenClawConfig

* test(secrets): activate mode-gated targets in runtime coverage fixture

* fix(cron): support SecretInput webhook tokens safely

* fix(bluebubbles): support SecretInput passwords across config paths

* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths

* fix(bluebubbles): align SecretInput schema helper typing

* fix(cli): clarify secrets.resolve version-skew errors

* refactor(secrets): return structured inactive paths from secrets.resolve

* refactor(gateway): type onboarding secret writes as SecretInput

* chore(protocol): regenerate swift models for secrets.resolve

* feat(secrets): expand extension credential secretref support

* fix(secrets): gate web-search refs by active provider

* fix(onboarding): detect SecretRef credentials in extension status

* fix(onboarding): allow keeping existing ref in secret prompt

* fix(onboarding): resolve gateway password SecretRefs for probe and tui

* fix(onboarding): honor secret-input-mode for local gateway auth

* fix(acp): resolve gateway SecretInput credentials

* fix(secrets): gate gateway.remote refs to remote surfaces

* test(secrets): cover pattern matching and inactive array refs

* docs(secrets): clarify secrets.resolve and remote active surfaces

* fix(bluebubbles): keep existing SecretRef during onboarding

* fix(tests): resolve CI type errors in new SecretRef coverage

* fix(extensions): replace raw fetch with SSRF-guarded fetch

* test(secrets): mark gateway remote targets active in runtime coverage

* test(infra): normalize home-prefix expectation across platforms

* fix(cli): only resolve local qr password refs in password mode

* test(cli): cover local qr token mode with unresolved password ref

* docs(cli): clarify local qr password ref resolution behavior

* refactor(extensions): reuse sdk SecretInput helpers

* fix(wizard): resolve onboarding env-template secrets before plaintext

* fix(cli): surface secrets.resolve diagnostics in memory and qr

* test(secrets): repair post-rebase runtime and fixtures

* fix(gateway): skip remote password ref resolution when token wins

* fix(secrets): treat tailscale remote gateway refs as active

* fix(gateway): allow remote password fallback when token ref is unresolved

* fix(gateway): ignore stale local password refs for none and trusted-proxy

* fix(gateway): skip remote secret ref resolution on local call paths

* test(cli): cover qr remote tailscale secret ref resolution

* fix(secrets): align gateway password active-surface with auth inference

* fix(cli): resolve inferred local gateway password refs in qr

* fix(gateway): prefer resolvable remote password over token ref pre-resolution

* test(gateway): cover none and trusted-proxy stale password refs

* docs(secrets): sync qr and gateway active-surface behavior

* fix: restore stability blockers from pre-release audit

* Secrets: fix collector/runtime precedence contradictions

* docs: align secrets and web credential docs

* fix(rebase): resolve integration regressions after main rebase

* fix(node-host): resolve gateway secret refs for auth

* fix(secrets): harden secretinput runtime readers

* gateway: skip inactive auth secretref resolution

* cli: avoid gateway preflight for inactive secret refs

* extensions: allow unresolved refs in onboarding status

* tests: fix qr-cli module mock hoist ordering

* Security: align audit checks with SecretInput resolution

* Gateway: resolve local-mode remote fallback secret refs

* Node host: avoid resolving inactive password secret refs

* Secrets runtime: mark Slack appToken inactive for HTTP mode

* secrets: keep inactive gateway remote refs non-blocking

* cli: include agent memory secret targets in runtime resolution

* docs(secrets): sync docs with active-surface and web search behavior

* fix(secrets): keep telegram top-level token refs active for blank account tokens

* fix(daemon): resolve gateway password secret refs for probe auth

* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled

* fix(secrets): align token inheritance and exec timeout defaults

* docs(secrets): clarify active-surface notes in cli docs

* cli: require secrets.resolve gateway capability

* gateway: log auth secret surface diagnostics

* secrets: remove dead provider resolver module

* fix(secrets): restore gateway auth precedence and fallback resolution

* fix(tests): align plugin runtime mock typings

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-03 02:58:20 +00:00
Vincent Koc
24fd6c8278 CI: use Blacksmith docker builder in sandbox smoke 2026-03-02 18:48:18 -08:00
Vincent Koc
5cffbbda32 CI: use Blacksmith docker builder in install smoke 2026-03-02 18:48:18 -08:00
Vincent Koc
85d17fd429 CI: migrate docker release build cache to Blacksmith 2026-03-02 18:48:18 -08:00
Vincent Koc
96d56a9721 CI: enable sticky-disk pnpm cache on Linux CI jobs 2026-03-02 18:48:18 -08:00
Vincent Koc
ffd3ad032a CI: add sticky-disk mode to pnpm cache action 2026-03-02 18:48:18 -08:00
Vincent Koc
8a463af823 CI: add sticky-disk toggle to setup node action 2026-03-02 18:48:18 -08:00
Peter Steinberger
6bf1abf603 ci: use valid Blacksmith Windows runner label 2026-03-03 02:47:06 +00:00
Peter Steinberger
40f2e2b8a6 ci: scale Windows CI runner and test workers 2026-03-03 02:42:32 +00:00
Peter Steinberger
59567a8c5d ci: move changed-scope logic into tested script 2026-03-03 02:37:23 +00:00
Peter Steinberger
0fd77c9856 refactor: modularize plugin runtime and test hooks 2026-03-03 02:06:58 +00:00
Vincent Koc
1a42ea3abf fix(auto-reply): normalize block-reply callback to Promise for timeout path (#31200) 
* Auto-reply: wrap block reply callback in Promise.resolve for timeout safety

* Build: add strict smoke build script for CI regression gating

* CI: gate strict TS smoke build in check workflow

* docs(changelog): add auto-reply block reply timeout fix under Unreleased

* docs(changelog): credit original #19779 contributor and vincentkoc
 2026-03-01 19:23:38 -08:00
Vincent Koc
030565b18c Docker: add OCI base-image labels and document base-image metadata (#31196) 
* Docker: add OCI base image labels

* Docs(Docker): document base image metadata context

* Changelog: note Docker base annotation docs update

* Changelog: add author credit for Docker base annotations

* Update docker.md

* Docker: add OCI source and docs labels

* CI(Docker): publish OCI revision/version labels

* Docs(Docker): list OCI image annotations

* Changelog: expand OCI annotation coverage note

* Docker: set OCI license annotation to MIT

* Docs(Docker): align OCI license annotation to MIT

* Docker: note docs sync path for OCI annotations

* Docker: normalize OCI label block indentation
 2026-03-01 19:22:44 -08:00
Vincent Koc
94a5d28d26 CI: remove Vitest JSON report artifacts (#30976) 
* CI: remove vitest JSON report upload steps

* Tests: stop injecting vitest JSON reporter

* Tests: remove vitest slowest report script
 2026-03-01 13:03:06 -08:00
Tak Hoffman
ff563eef0f Issues: unify bug form and subtype auto-labeling (openclaw#30733) thanks @Takhoffman 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 09:20:57 -06:00
Shadow
54c46b7c8c temp disable stale workflow to help with ratelimits 2026-02-28 22:51:34 -06:00
Shadow
3685ccb536 chore: lock inactive closed issues 2026-02-28 20:48:02 -06:00
Tak Hoffman
7ae683194f GitHub: add regression bug issue template and routing (openclaw#29864) thanks @Takhoffman 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-28 10:02:55 -06:00
Shadow
a5b1e86535 chore: add fallback GitHub App token 2026-02-27 22:49:58 -06:00
Peter Steinberger
645791c35e ci: add timeout for windows checks job 2026-02-27 16:20:02 +00:00
Vincent Koc
62fa65ec85 Fix npm global install deprecation warnings (#28318) 
* Dependencies: make @discordjs/opus an optional peer

* Dependencies: bump node-llama-cpp peer to 3.16.2

* Dependencies: pin Google auth deps to warning-free versions

* CI: reduce Dependabot cooldown to 2 days

* CI: fix invalid Dependabot npm registry config

* CI: restore Dependabot npm registry with token auth

* Dependencies: remove global Google auth pnpm overrides

* CI: make Dependabot updates daily

* Dependencies: restore optional install semantics for @discordjs/opus

* CI: keep Docker Dependabot interval weekly
 2026-02-27 07:38:02 -08:00
Vincent Koc
e8e673992a CI: smoke test root Dockerfile openclaw CLI (#28308) 2026-02-26 23:54:17 -05:00
Shadow
03159f3942 CI: add maintainer ping auto-response 2026-02-26 13:30:12 -06:00
Onur Solmaz
a7d56e3554 feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
Josh Avant
72adf2458b CI: shard Windows test lane for faster CI critical path (#27234) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f7c41089e0
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-02-26 00:33:36 -06:00
Ayaan Zaidi
7493f11b40 fix(ci): allow legacy patch tags to publish docker latest 2026-02-26 09:38:13 +05:30
Ayaan Zaidi
41314c691d fix(ci): gate docker latest tag to stable release format 2026-02-26 09:38:13 +05:30
Ayaan Zaidi
bf70614943 fix(ci): publish latest tag for stable docker release 2026-02-26 09:38:13 +05:30
Shakker
e9750104b2 ui: block svg data image opens and harden tests 2026-02-24 22:28:58 +00:00
Julia HeySalad
8897c9d53a ci: install pyyaml in skills-python job 2026-02-23 10:44:18 +00:00
Vincent Koc
1be8897339 Security: enforce pre-commit security checks in hooks and CI (#24265) 
* chore(pre-commit): add security audit hooks

* ci(security): enforce security hooks in ci

* docs(changelog): add security hooks and ci attribution
 2026-02-23 02:20:00 -05:00
Vincent Koc
76dabd5214 CI/Skills: add Python lint and test harness for skills scripts (#24246) 
* CI: add skills Python checks job

* Chore: add Python lint and test pre-commit hooks

* Tests: fix skill-creator package test import path

* Chore: add Python tooling config for skills scripts

* CI: run all skills Python tests

* Chore: run all skills Python tests in pre-commit

* Chore: enable pytest discovery for all skills tests

* Changelog: note skills Python quality harness
 2026-02-23 01:52:00 -05:00
Vincent Koc
d9844c6afa CI: remove docs spellcheck step (#22738) 2026-02-21 10:58:34 -05:00
Vincent Koc
3f19259843 Update bug_report.yml 2026-02-21 04:06:07 -05:00
Vincent Koc
d2a7293744 Docs: issue template copy cleanup (#22546) 
* docs: reduce channel-specific wording in feature template placeholder

* docs: make bug report template placeholders version-neutral

* docs: fix YAML indentation in bug report placeholder

* docs: fix indentation of version field in bug report template
 2026-02-21 03:43:35 -05:00
Vincent Koc
5eca08dab7 Chore: trim stale TODOs and issue-template language (#22534) 
* docs: refresh issue template contact copy

* chore: remove OneDrive resumable upload TODO note
 2026-02-21 03:31:17 -05:00
Vincent Koc
92ac6c95cc CI: format github workflow (#22497) 2026-02-21 02:12:36 -05:00
Vincent Koc
3002be76e4 docs: add custom spellcheck dictionary and fix docs typos (#22457) 
* docs: fix typos and add docs spellcheck workflow

* docs: add changelog entry for docs spellcheck updates

* docs: fix FAQ TOC fragment links for markdownlint

* docs: fix TOC nesting and spellcheck dictionary flags
 2026-02-21 01:35:35 -05:00
Vincent Koc
d3bb924709 chore(deadcode): add deadcode scanning and remove unused lockfile deps (#22468) 
* chore(deadcode): add deadcode scanning and remove unused lockfile deps

* chore(changelog): mention deadcode CI scan pass

* ci: disable deadcode job temporarily

* docs(changelog): add PR ref and thanks for deadcode scan entry

* ci: comment out deadcode job condition while keeping it disabled
 2026-02-21 01:29:20 -05:00
Shadow
df002ef840 Workflow: clarify dirty PR response 2026-02-20 16:32:05 -06:00
Coy Geek
8ae2d5110f fix(docker): pin base images to SHA256 digests (#7734) 
* fix(docker): pin base images to SHA256 digests for supply chain security

Pin all 9 Dockerfiles to immutable SHA256 digests to prevent supply chain
attacks where a compromised upstream image could be silently pulled into
production builds.

Also add Docker ecosystem to Dependabot configuration for automated
digest updates.

Images pinned:
- node:22-bookworm@sha256:cd7bcd2e7a1e6f72052feb023c7f6b722205d3fcab7bbcbd2d1bfdab10b1e935
- node:22-bookworm-slim@sha256:3cfe526ec8dd62013b8843e8e5d4877e297b886e5aace4a59fec25dc20736e45
- debian:bookworm-slim@sha256:98f4b71de414932439ac6ac690d7060df1f27161073c5036a7553723881bffbe
- ubuntu:24.04@sha256:cd1dba651b3080c3686ecf4e3c4220f026b521fb76978881737d24f200828b2b

Fixes #7731

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test(docker): add digest pinning regression coverage

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-19 12:42:07 -08:00
Peter Steinberger
7880947bb5 fix(ci): restore actionlint rules and add blacksmith 16 ignore 2026-02-19 17:29:51 +01:00
Peter Steinberger
e500110ef7 fix(ci): allow blacksmith 16vcpu labels in actionlint 2026-02-19 17:29:20 +01:00