test#1
Closed
hclsys wants to merge 9789 commits into
Closed
Conversation
Co-authored-by: Niels Kaspers <kaspersniels@gmail.com> Co-authored-by: Zhaocun <zhaocunsun@gmail.com> Co-authored-by: Henson <zccyman@163.com>
…w#72268) * fix(exec): parse nested approval metadata in followups (cherry picked from commit 10ff9b318e77cda3d65f40d59bbab0f4a3f59da8) * docs(changelog): note exec approval nested-paren parser fix * fix(exec): sanitize denied-reason literals in (...)-delimited approval messages The exec-approval followup wire format is `Exec denied (gateway id=..., <deniedReason>): cmd`. The producer at `src/agents/bash-tools.exec-host-gateway.ts:606` was emitting `approval-timeout (allowlist-miss)`, which embedded literal parens inside the metadata segment and broke the metadata/body boundary for naive parsers. Switch the literal to a colon-separated form (`approval-timeout: allowlist-miss`) so the surrounding `(...)` delimiter stays unambiguous. The Gateway node-event surface at `src/gateway/server-node-events.ts:734` interpolates an untrusted `obj.reason` into the same `Exec denied (node=..., <reason>)` format. Strip parens from that field before interpolation so a buggy or hostile node payload cannot smuggle metadata into the body slot. The robust nested-paren parser already in `src/agents/exec-approval-result.ts` stays as defense in depth. Extend `exec-approval-result.test.ts` to cover the canonical colon-separated `deniedReason` and confirm `formatExecDeniedUserMessage` still maps it to the timeout copy. * fix(exec): require gateway/node metadata source to reject spoofed approval wrappers The exec-approval result parser previously accepted any string starting with "Exec denied (..." or "Exec finished (..." as a structured approval wrapper. Generic command stdout that happened to start with these tokens would be classified as kind: "denied" or "finished", letting a tool's output spoof a resolved-approval event in pi-embedded-subscribe.handlers.tools.ts:1173. Reported by Aisle as CWE-841 (Improper Enforcement of Behavioral Workflow), medium severity. The fix validates that the parenthesized metadata starts with either "gateway id=" or "node=" — both prefixes are emitted by the legitimate approval generators (bash-tools.exec-host-gateway.ts, bash-tools.exec-host-node.ts, gateway/server-node-events.ts) and are unlikely to appear in arbitrary command output. Inputs that fail this check now return kind: "other", which all callers already handle as a no-op. * fix(exec): keep sandbox_blocked classification for raw exec-denied messages After the spoof-guard tightening of parseExecApprovalResultText, inputs that lack a gateway/node-sourced metadata prefix (such as the synthetic "exec denied (allowlist-miss):" string used in classifier tests) no longer return kind: "denied" and therefore no longer trigger formatExecDeniedUserMessage, so isSandboxBlockedErrorMessage stopped recognising them. Add a direct \bexec denied\s*\( alternative to SANDBOX_BLOCKED_RE so the classifier still treats any raw "exec denied (" prefix as sandbox-blocked, independent of whether the parser accepts the surrounding wrapper. This keeps classifyProviderRuntimeFailureKind's existing behavior for unstructured exec- denied messages.
* fix(cron): suppress fatal error completion announce * fix(cron): preserve cleanup for fatal announce suppression * test(cron): avoid spreading typed-never announce fixture --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
* fix: release cron runtime state after isolated runs After an isolated cron/subagent run completes, the prepared context retains references to the full in-memory session store and the registered agent run context. Over many runs, these retained objects accumulate -- heap snapshots showed ~2.0 GiB from ~113k copies of the skill prompt string flowing through skillsSnapshot.prompt -> session entry -> cronSession.store -> cron run context. Changes: - Add disposeCronRunContext() to runCronIsolatedAgentTurn's finally block - Calls clearAgentRunContext(sessionId) to remove the run context from the global agent-events map - Nulls cronSession.store to release the in-memory session registry copy - Export clearAgentRunContext from run-execution.runtime.ts barrel - The disposal is shallow O(1) -- no deep traversal, no hot-path disk writes - Session persistence is unaffected (on-disk sessions.json is untouched) The finally block guarantees cleanup on both success and error paths, including timeout/abort scenarios. Includes unit tests for clearAgentRunContext, store disposal, and sweepStaleRunContexts. * fix: remove duplicate storePath property in test fixture * fix: remove unused clearAgentRunContext import from run-executor * fix(cron): use initial sessionId for disposeCronRunContext in finally block finalizeCronRun calls adoptCronRunSessionMetadata() which can rotate sessionEntry.sessionId before the finally block runs. Capturing the sessionId before the try block ensures clearAgentRunContext clears the correct registered context instead of the potentially-rotated one. Also removes unused imports (vi, beforeEach) from the runtime cleanup test. * chore: trigger CI re-check for proof gate * chore: retrigger CI proof gate * test(cron): prove isolated run cleanup path * fix(cron): keep shared run contexts active * test(cron): avoid spreading typed-never fixture --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
…aw#83131) The SIGTERM handler's fire-and-forget IIFE can reject if the graceful drain or tunnel-teardown throws. Without a catch, this becomes an unhandled promise rejection. Add .catch() that logs the error and falls back to a hard stop request. Same treatment for SIGUSR1. Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
…nclaw#77375) * fix(tui): dismiss watchdog notice when response actually arrives The streaming watchdog renders 'This response is taking longer than expected. Send another message to continue.' after 30s without a chat delta. If a delta or final then arrives — common for runs that are slow but not stuck — the notice stays in the log alongside the recovered response and contradicts what the user sees. Track the notice by runId in the chat log via a new `addPendingSystem` + `dismissPendingSystem` pair (mirroring the existing pendingUsers pattern) and dismiss it from `handleChatEvent` whenever any further chat event for that run is processed. The watchdog's internal cleanup (`activeChatRunId` reset, status idle, history reload) is unchanged. Refs openclaw#67052, openclaw#69081 (closed). Prior attempt openclaw#69026 raised the threshold and suppressed the notice entirely; this is the narrower fix that keeps the warning useful for genuinely stuck runs. * fix(tui): adapt pending notice to repeatable system entries --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
Coalesce provider auth-state rewarms after auth-profile failures and include event-loop delay in provider auth warm logs.
Co-authored-by: Bob Du <i@bobdu.cc> Co-authored-by: alitariksahin <alitariksah@gmail.com> Co-authored-by: Jefsky <hwj3344@hotmail.com> Co-authored-by: Musaab Hasan <m9.3b@Hotmail.com> Co-authored-by: Intern Dev <dev@wukongai.io> Co-authored-by: majin.nathan <majin.nathan@bytedance.com>
…penclaw#84634) `parseSlashCommandActionArgs` used a naive `startsWith` against the configured slash prefix. When a skill name shares a prefix with a built-in command (e.g. a skill named `config-check` vs the built-in `/config`), the longer name was captured by the shorter built-in handler and surfaced as an invalid action:⚠️ /config is disabled. Set commands.config=true to enable. Any skill whose name starts with a built-in command prefix (`config-*`, `debug-*`, `models-*`, etc.) was unreachable via slash invocation from any channel. Fix: after the prefix match, require that the next character is whitespace, a colon, or end-of-string. Otherwise the prefix collided with a longer command name and we return `no-match` so the longer handler — or the skill router — gets a chance to claim it. Adds a regression test file `commands-slash-parse.test.ts` covering: - `/config-check <args>` returns null (the reported case) - `/configfoo` (no separator) returns null - `/modelsy` returns null for the `/models` prefix - `/config:json` still matches (colon is a valid boundary) - `/config show enabled` still parses cleanly (whitespace boundary) - empty body still returns the default action Fixes openclaw#84572. Co-authored-by: infracore <infracore@users.noreply.github.com>
…lback (openclaw#85347) * fix(daemon): use exit code instead of localized text for schtasks fallback Problem: - shouldFallbackToStartupEntry() only matched English/Spanish error messages ("access is denied" / "acceso denegado"), causing silent fallback failure on non-English Windows systems (Chinese, Japanese, French, German, etc.) Fix: - Replace regex matching with exit code check (params.code === 1) - schtasks returns exit code 1 for access denied / generic failure regardless of system locale Fixes: openclaw#85255 * test(daemon): cover localized schtasks fallback --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
…openclaw#84449) Replace empty .catch(() => {}) on two failDelivery calls with log.warn() so delivery queue mark-failed errors leave a diagnostic trail instead of being silently discarded. Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
* feat(policy): add secrets auth conformance * fix(policy): include sandbox ssh secret data * fix(policy): complete secret input provenance * fix(policy): cover media request secrets * fix(policy): satisfy policy lint * fix(policy): narrow secret conformance evidence * fix(policy): cover request bearer token secrets
* fix(ui): keep chat session search inline * fix(ui): tolerate partial chat session search state
…n check (openclaw#85101) When the Slack adapter's startup auth.test call fails (bad token, transient error, etc.), the bot user id silently stays empty for the life of the process. The downstream explicit-bot mention check is `botUserId && mentionedUserIds.includes(botUserId)`, which always returns false when botUserId is empty. The result is that explicit <@bot> mentions are silently classified as non-mentions with no log trace explaining why. Changes: - provider.ts: stop swallowing auth.test failures; emit a warn log at boot so the degraded state is observable. Empty user_id is treated as a failure too. - prepare.ts + subteam-mentions.ts: export the existing normalizeSlackId helper and apply it to both sides of the explicit-bot equality check (and to the mentioned-ids list). Real Slack ids are already uppercase, so this is a no-op on healthy traffic, but it locks the invariant down and removes the asymmetry between collected ids and the ctx bot id. - prepare.test.ts: add two regression tests pinning the exact symptom: positive case (botUserId set -> explicit_bot), negative case (botUserId='' -> not explicit_bot, mention_source not explicit_bot). 🤖 AI-assisted. Co-authored-by: in-liberty420 <in-liberty420@users.noreply.github.com>
…ble hover Problem: - Select dropdown arrow uses hardcoded openclaw#888 SVG stroke, barely visible on light backgrounds - Chat bubble hover border uses 28% accent blend, too subtle in light theme for meaningful visual feedback Fix: - Darken dropdown arrow SVG to openclaw#444 in light theme (.cfg-select) - Increase chat-bubble:hover accent blend from 28% to 48% in light theme - Add subtle box-shadow on bubble hover for clearer feedback Fixes: openclaw#85713
Signed-off-by: sallyom <somalley@redhat.com>
…5707) * fix(ollama): bypass proxy for local embeddings * fix(ollama): keep managed proxy bypass loopback-only * fix(ollama): keep proxy bypass internal * fix(ollama): keep proxy bypass private * fix(ollama): harden internal proxy bypass * chore(plugin-sdk): refresh api baseline * fix(ollama): keep internal bypass out of qa aliases * test(ollama): keep ssrf runtime mock complete * fix(ollama): keep dist sdk aliases public-only * fix(ollama): keep fetch bypass out of infra runtime * fix(ollama): preserve packaged private sdk alias * test(ollama): harden private ssrf alias coverage * test(ollama): cover private ssrf resolver edges * fix(ollama): scope private sdk native aliases * test(ollama): audit blocked loopback bypasses * fix(plugins): keep staged sdk aliases public-only * test(ollama): harden proxy bypass proof * test(ollama): cover origin mismatch proxy path * test(ollama): cover ipv6 and batch bypass paths * fix lint findings in Ollama proxy tests * refactor: tighten Ollama proxy bypass * fix: widen private sdk owner registry type * test: stabilize Ollama proxy PR checks --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
* refactor: use channel target resolution apis * refactor: satisfy delivery lint * refactor: remove unused target parsing shim * fix: preserve routed cron topic targets
* feat: adapt image compression quality * refactor: move image limits into model metadata * test: cover adaptive image downscaling * test: cover image tool live providers * fix: apply media metadata to all image paths * fix: align providerless image compression * fix: add chutes runtime image limits * fix: optimize image data urls with model limits * fix: type media metadata merge * fix: optimize data url byte limits after decode * fix: preserve data url optimizer fallback * fix: keep low-side image compression fallbacks * fix: enforce data url image compression policy * fix: preserve gif data url media policy * fix: satisfy adaptive image type checks * test: keep cron provider-runtime mock current
* feat(whatsapp): support emoji approval reactions * fix(whatsapp): simplify approval resolved text * fix(whatsapp): gate approvals on forwarding config * ci: ignore injected secrets helpers in oxlint * fix(whatsapp): use thumb reactions for approvals * ci: keep secret helpers linted * fix(approvals): preserve plugin turn source routes * docs(approvals): remove whatsapp exec approval field refs
Expose a path-free estimated context budget status on session entries and gateway session rows, render it in status when fresh provider usage is unavailable, and clear stale estimates across reset, refresh, compaction, and session-rotation boundaries. Verification: focused local Vitest covered session persistence, status rendering, gateway rows, model resets, compaction, and session rotation; GitHub CI passed on clean head cad199e. Refs openclaw#80594, openclaw#54996, openclaw#77992, openclaw#84490, openclaw#83177, openclaw#43009, openclaw#83526, openclaw#8635.
…#84411) Summary: - The PR removes forced consult diagnostics from Discord and phone-call realtime consult payloads, adds private debug logs and regression tests, and records the fix in the changelog. - Reproducibility: yes. by source inspection. Current main builds the forced Discord consult message with the ... gent_consult` diagnostic string, and the phone-call fallback passes the same diagnostic as consult context. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(discord): log forced consult fallback reason - PR branch already contained follow-up commit before automerge: fix(discord): keep forced voice consult diagnostics private Validation: - ClawSweeper review passed for head c159253. - Required merge gates passed before the squash merge. Prepared head SHA: c159253 Review: openclaw#84411 (comment) Co-authored-by: FullerStackDev <263060202+fuller-stack-dev@users.noreply.github.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com>
* codex: honor verbose in group dispatch * codex: address group verbose review findings Record the final local review pass for the group /verbose PR. Codex review against origin/main completed clean after tightening the shared group progress gate, keeping public plugin hook types stable, preserving ACP hidden tool boundaries, and adding regressions for live verbose gating and progress-callback suppression. * codex: require explicit group verbose progress Normal group tool/progress summaries now require an explicit session verbose override instead of inherited agent verbose defaults. This addresses the PR review concern that existing verboseDefault configurations could expose group progress after upgrade. DMs and forum-topic behavior continue to use the effective verbose state, while normal groups use the live explicit session verbose state set by /verbose on|full|off. * codex: document Slack group verbose caveat * fix(channels): simplify verbose progress gating * docs(changelog): note verbose channel fix * fix(channels): preserve quiet default for group progress * fix(channels): keep verbose error policy dynamic * fix(channels): default verbose progress off everywhere * fix(channels): keep followup verbose default quiet * fix(channels): latch visible tool-error progress * fix(channels): track failed verbose progress events * fix(channels): latch delivered tool errors * fix(channels): prevent progress opt-out bypass * fix(channels): isolate followup error warning state * fix(channels): keep full verbose followup warnings * fix(channels): latch tool errors after visible progress * fix(channels): require visible followup failure progress * fix(channels): refresh followup verbose state * fix(channels): honor live verbose for error details * test(channels): expect live verbose off warning mode * fix(channels): preserve static tool error suppression semantics * fix(channels): bypass acp for colon verbose commands * fix(channels): narrow dynamic tool warning override * fix(channels): gate compaction notices on live verbose * fix(channels): suppress quiet followup compaction callbacks * fix(channels): suppress tts for hidden tool summaries --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
* perf: reuse plugin metadata snapshots * test: update plugin metadata snapshot mocks
Owner
Author
|
Closing diagnostic PR created while checking upstream PR-create failure scope. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
test