fix(release): preserve shipped channel surfaces in npm tar by ngutman · Pull Request #52913 · openclaw/openclaw

ngutman · 2026-03-23T14:08:43Z

Summary

Describe the problem and fix in 2–5 bullets:

Problem: 2026.3.22 stripped previously shipped optional bundled extension metadata and dist/control-ui from the npm tarball, which left upgraded packaged installs with missing channel discovery and missing UI assets.
Why it matters: upgraded users could hit Unknown channel: whatsapp, lose auto-install discovery for install-on-demand channels, and end up with missing Control UI assets after upgrade.
What changed: ship the official channel catalog fallback, keep previously shipped optional bundled upgrade surfaces in npm release artifacts by default, require dist/control-ui/index.html plus optional bundled extension manifests in release-check, and make release:check build Control UI before validating the pack.
What did NOT change (scope boundary): this does not publish @openclaw/whatsapp, does not change plugin install semantics beyond restoring discovery and shipped upgrade surfaces, and does not force optional bundles for lanes that explicitly opt out with OPENCLAW_INCLUDE_OPTIONAL_BUNDLED=0.

Change Type (select all)

Scope (select all touched areas)

Linked Issue/PR

Closes #
Related [Bug]: WhatsApp (and other optional bundled plugins) silently broken after upgrade to 2026.3.22 #52838

User-visible / Behavior Changes

Packaged installs keep dist/control-ui and the previously shipped optional bundled extension metadata needed for upgrade continuity.
Official install-on-demand channels remain discoverable in packaged installs even when their runtime is not bundled.
No operator-facing config changes are required for the normal release lane.

Security Impact (required)

New permissions/capabilities? (Yes/No) No
Secrets/tokens handling changed? (Yes/No) No
New/changed network calls? (Yes/No) No
Command/tool execution surface changed? (Yes/No) No
Data access scope changed? (Yes/No) No
If any Yes, explain risk + mitigation:

Repro + Verification

Environment

OS: macOS
Runtime/container: local build + clean npm pack install
Model/provider: n/a
Integration/channel (if any): WhatsApp / Control UI
Relevant config (redacted): clean OPENCLAW_STATE_DIR for packaged-install repro

Steps

Install [email protected] into a clean temporary directory.
Run openclaw channels add --channel whatsapp or inspect the packaged tarball contents.
Observe that WhatsApp metadata and dist/control-ui are missing from the shipped artifact.

Expected

Previously shipped upgrade surfaces remain present in the npm tarball, and official install-on-demand channels stay discoverable.

Actual

Clean packaged installs lost WhatsApp discoverability and the tarball omitted Control UI assets.

Evidence

Attach at least one:

Failing test/log before + passing after
Trace/log snippets
Screenshot/recording
Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

Verified scenarios:
- pnpm check
- pnpm build
- pnpm test -- test/official-channel-catalog.test.ts
- pnpm test -- src/channels/plugins/plugins-core.test.ts
- pnpm test -- src/plugins/copy-bundled-plugin-metadata.test.ts
- pnpm test -- test/release-check.test.ts
- node scripts/stage-bundled-plugin-runtime-deps.mjs
- pnpm ui:build
- node --import tsx scripts/release-check.ts
- npm pack --dry-run --json --ignore-scripts includes dist/channel-catalog.json, dist/control-ui/index.html, and the optional bundled extension manifests for acpx, diagnostics-otel, diffs, googlechat, matrix, memory-lancedb, msteams, nostr, tlon, twitch, whatsapp, and zalouser
Edge cases checked:
- shipped official catalog entries load when bundled metadata is absent
- bundled metadata-backed channel entries still preserve pluginId
- default packaging now keeps the prior shipped optional-bundle upgrade surface
- explicit OPENCLAW_INCLUDE_OPTIONAL_BUNDLED=0 still disables optional bundles for size-sensitive lanes
- release-check fails when required shipped paths are missing
What you did not verify:
- publishing/installing the actual @openclaw/whatsapp package
- the full top-level pnpm release:check wrapper is still blocked earlier by existing config baseline drift on current main; the pack-validation portion was run directly and passed

Review Conversations

I replied to or resolved every bot review conversation I addressed in this PR.
I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

Backward compatible? (Yes/No) Yes
Config/env changes? (Yes/No) No
Migration needed? (Yes/No) No
If yes, exact upgrade steps:

Failure Recovery (if this breaks)

How to disable/revert this change quickly: revert 2f1f4100ec, or set OPENCLAW_INCLUDE_OPTIONAL_BUNDLED=0 on a size-sensitive packaging lane that must opt out explicitly
Files/config to restore: scripts/lib/optional-bundled-clusters.mjs, scripts/release-check.ts, package.json
Known bad symptoms reviewers should watch for: packaged installs missing dist/control-ui/index.html, missing optional bundled extension manifests, or pack size growing materially beyond the new 176 MiB budget

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

Risk: restoring the shipped upgrade surface increases npm pack size.
- Mitigation: the budget is raised only to 176 MiB, while remaining well below the 2026.3.12 213.6 MiB regression guardrail, and release-check still enforces the budget.
Risk: some size-sensitive packaging lanes may still want the old stripped behavior.
- Mitigation: those lanes can opt out explicitly with OPENCLAW_INCLUDE_OPTIONAL_BUNDLED=0.

aisle-research-bot · 2026-03-23T14:08:50Z

🔒 Aisle Security Analysis

We found 3 potential security issue(s) in this PR:

#	Severity	Title
1	🟡 Medium	Untrusted official channel-catalog.json search paths allow catalog spoofing and arbitrary npmSpec suggestions
2	🔵 Low	Potential DoS via unbounded synchronous loading/parsing of plugin catalog JSON from configurable paths
3	🔵 Low	Prototype pollution via untrusted channel IDs used as object keys in UI catalog builders

1. 🟡 Untrusted official channel-catalog.json search paths allow catalog spoofing and arbitrary npmSpec suggestions

Property	Value
Severity	Medium
CWE	CWE-494
Location	`src/channels/plugins/catalog.ts:138-156`

Description

listChannelPluginCatalogEntries() now loads an “official” channel catalog from multiple implicit filesystem locations (derived from process.cwd(), import.meta.url package roots, and especially path.dirname(process.execPath)), without integrity/authenticity checks.

Impact:

If an attacker can drop or modify a channel-catalog.json in any searched location (e.g., a writable portable install directory / the executable directory, or a manipulated working directory/package root), they can inject/override catalog entries.
Catalog entries carry an install.npmSpec value that is later displayed to users and used as the install spec when installing channel plugins (via installPluginFromNpmSpec({ spec: entry.install.npmSpec })).
This enables supply-chain style plugin spoofing: the UI/CLI may present attacker-controlled plugins as “official” and install attacker-chosen packages if the user proceeds, potentially leading to code execution via plugin installation.

Vulnerable code (new behavior):

const execDir = path.dirname(process.execPath);
candidates.push(path.join(execDir, OFFICIAL_CHANNEL_CATALOG_RELATIVE_PATH));
candidates.push(path.join(execDir, "channel-catalog.json"));
...
for (const entry of loadOfficialCatalogEntries(options)) {
  const priority = ORIGIN_PRIORITY.bundled ?? 99;
  ... resolved.set(entry.id, { entry, priority });
}

Why this is risky:

The exec directory and/or cwd-derived package roots are not guaranteed to be read-only.
The code treats loaded entries with bundled priority, so they can override other sources for the same id.
No signature, hash, or trusted-only path policy is enforced for “official” data.

Recommendation

Restrict “official” catalog loading to trusted, immutable locations and/or verify authenticity.

Recommended fixes (pick one or combine):

Only load the official catalog from the application’s own installed resources (e.g., a path resolved relative to the currently executing module/package), and do not consult process.cwd() or process.execPath.
Cryptographically verify the catalog before use (signature validation), and ignore any unsigned/invalid file.
If you must keep multiple fallback paths, enforce a trust policy:

Only accept catalogs under a known app-owned directory with correct ownership/permissions
Do not assign bundled priority to filesystem-discovered catalogs; treat them as external (lowest priority)

Example: only load from package root resolved from import.meta.url, and demote priority:

function resolveOfficialCatalogPaths(): string[] {
  const root = resolveOpenClawPackageRootSync({ moduleUrl: import.meta.url });
  return root ? [path.join(root, OFFICIAL_CHANNEL_CATALOG_RELATIVE_PATH)] : [];
}

// When merging, do NOT treat as bundled
const priority = 98; // lower trust than bundled

2. 🔵 Potential DoS via unbounded synchronous loading/parsing of plugin catalog JSON from configurable paths

Property	Value
Severity	Low
CWE	CWE-400
Location	`src/channels/plugins/catalog.ts:122-131`

Description

loadCatalogEntriesFromPaths() synchronously reads entire catalog files into memory and parses them with JSON.parse() for each configured/existing catalog path (including env-resolved paths and multiple “official” fallback locations).

Impact:

A very large JSON file (or many files) can cause high CPU/memory usage and block the Node.js event loop (startup/CLI hang).
Catalog paths can be influenced via environment variables (OPENCLAW_PLUGIN_CATALOG_PATHS / OPENCLAW_MPM_CATALOG_PATHS) or via officialCatalogPaths option. If an attacker can control these inputs in a service context, they can trigger a denial of service.

Vulnerable code:

const payload = JSON.parse(fs.readFileSync(resolvedPath, "utf-8")) as unknown;

Recommendation

Add hard limits and safer loading when ingesting catalog files:

Enforce a maximum catalog file size before reading (e.g., 1–5MB).
Optionally enforce a maximum number of catalog paths processed.
Prefer async I/O to avoid blocking, or perform parsing in a worker thread if this is on a latency-sensitive path.

Example (size guard):

const MAX_BYTES = 5 * 1024 * 1024;

const stat = fs.statSync(resolvedPath);
if (!stat.isFile() || stat.size > MAX_BYTES) {
  continue; // or log/throw
}

const text = fs.readFileSync(resolvedPath, "utf-8");
const payload = JSON.parse(text) as unknown;

3. 🔵 Prototype pollution via untrusted channel IDs used as object keys in UI catalog builders

Property	Value
Severity	Low
CWE	CWE-1321
Location	`src/channels/plugins/catalog.ts:359-370`

Description

buildChannelUiCatalog builds several plain object maps (labels, detailLabels, systemImages, byId) and indexes them with entry.id.

entry.id ultimately comes from plugin manifests / external catalog JSON (manifest.channel.id).
External catalog paths can be user-controlled via environment variables (e.g., OPENCLAW_PLUGIN_CATALOG_PATHS, OPENCLAW_MPM_CATALOG_PATHS).
If an attacker can supply a catalog entry with id set to "__proto__", "prototype", or "constructor", assignments like byId[entry.id] = entry can mutate object prototypes in JavaScript, leading to prototype pollution and potentially unexpected behavior/security bypasses wherever these maps are later used.

Vulnerable code:

labels[entry.id] = entry.label;
detailLabels[entry.id] = entry.detailLabel;
...
byId[entry.id] = entry;

Recommendation

Prevent prototype pollution by ensuring these dictionaries cannot have their prototype mutated and/or by rejecting dangerous keys.

Option A (preferred): create null-prototype maps

const labels: Record<string, string> = Object.create(null);
const detailLabels: Record<string, string> = Object.create(null);
const systemImages: Record<string, string> = Object.create(null);
const byId: Record<string, ChannelUiMetaEntry> = Object.create(null);

Option B: validate IDs before using them as keys

function isSafeKey(key: string): boolean {
  return key !== "__proto__" && key !== "prototype" && key !== "constructor";
}
...
if (!isSafeKey(entry.id)) continue;
byId[entry.id] = entry;

Doing both is even safer. Also consider validating manifest.channel.id at ingestion time (when building catalog entries from external JSON).

Analyzed PR: #52913 at commit 7bd8d7d

_{Last updated on: 2026-03-23T15:53:09Z}

greptile-apps · 2026-03-23T14:12:14Z

Greptile Summary

This PR fixes the 2026.3.22 regression where optional bundled extension metadata and dist/control-ui were inadvertently stripped from the npm tarball. It restores the previously shipped upgrade surface by flipping shouldIncludeOptionalBundledClusters from opt-in (=== "1") to opt-out (!== "0"), adds a new write-official-channel-catalog.mjs build step that emits a dist/channel-catalog.json fallback for install-on-demand discovery, and strengthens release-check to validate that these artifacts are present in every release pack.

Key changes:

optional-bundled-clusters.mjs: default behavior is now "include unless explicitly disabled", preserving the shipped upgrade surface without requiring callers to set OPENCLAW_INCLUDE_OPTIONAL_BUNDLED=1.
write-official-channel-catalog.mjs (new): walks extensions/*/package.json and emits a sorted dist/channel-catalog.json from entries with openclaw.release.publishToNpm === true. Called in runRuntimePostBuild so it runs automatically as part of the runtime build.
catalog.ts: loadOfficialCatalogEntries injects shipped catalog entries at ORIGIN_PRIORITY.bundled priority before external catalog entries, ensuring official channels like WhatsApp remain discoverable even when bundled plugin metadata is absent.
release-check.ts: extracts collectMissingPackPaths as an exported, tested function; adds dist/channel-catalog.json, dist/control-ui/index.html, and all non-ui optional-bundled extension manifests to required pack paths; raises size budget from 160 MiB to 176 MiB.
package.json: release:check now runs pnpm ui:build before the pack validation so dist/control-ui/index.html is guaranteed present.
Tests updated throughout to reflect the new opt-out default and to cover the new catalog generation and release-check validation paths.

Confidence Score: 5/5

This PR is safe to merge — it is a focused regression fix with comprehensive test coverage and no breaking interface changes.
The changes are well-scoped and directly address the documented regression. The opt-out default for optional bundled clusters is clearly intentional and documented in both code and PR description. The new catalog generation script has thorough defensive parsing. Priority logic in catalog.ts is consistent with the existing loadBundledMetadataCatalogEntries pattern. Release-check validation is strengthened, not weakened. The one inline comment is a P2 style observation about dead code in resolveOfficialCatalogPaths that has no runtime impact. Prior PR concerns are addressed or explicitly tracked.
No files require special attention beyond the minor try/catch dead-code note in src/channels/plugins/catalog.ts.

Comments Outside Diff (1)

src/channels/plugins/catalog.ts, line 351-357 (link)

Unreachable try/catch block around path.dirname/path.join

Neither path.dirname(process.execPath) nor the subsequent path.join calls can throw — process.execPath is always a string in Node, and both path.dirname and path.join are purely synchronous string operations. The try/catch here is dead code and could mislead future readers into thinking this block has a known failure mode.

Consider removing the try/catch wrapper, or — if the intent is to guard against exotic environments where process.execPath could be absent — narrow the guard to just if (process.execPath) instead.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/channels/plugins/catalog.ts
Line: 351-357

Comment:
**Unreachable `try/catch` block around `path.dirname`/`path.join`**

Neither `path.dirname(process.execPath)` nor the subsequent `path.join` calls can throw — `process.execPath` is always a string in Node, and both `path.dirname` and `path.join` are purely synchronous string operations. The `try/catch` here is dead code and could mislead future readers into thinking this block has a known failure mode.

Consider removing the `try/catch` wrapper, or — if the intent is to guard against exotic environments where `process.execPath` could be absent — narrow the guard to just `if (process.execPath)` instead.



How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/channels/plugins/catalog.ts
Line: 351-357

Comment:
**Unreachable `try/catch` block around `path.dirname`/`path.join`**

Neither `path.dirname(process.execPath)` nor the subsequent `path.join` calls can throw — `process.execPath` is always a string in Node, and both `path.dirname` and `path.join` are purely synchronous string operations. The `try/catch` here is dead code and could mislead future readers into thinking this block has a known failure mode.

Consider removing the `try/catch` wrapper, or — if the intent is to guard against exotic environments where `process.execPath` could be absent — narrow the guard to just `if (process.execPath)` instead.

```suggestion
  const execDir = path.dirname(process.execPath);
  candidates.push(path.join(execDir, OFFICIAL_CHANNEL_CATALOG_RELATIVE_PATH));
  candidates.push(path.join(execDir, "channel-catalog.json"));
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (2): Last reviewed commit: "fix(release): keep shipped bundles in np..." | Re-trigger Greptile}

greptile-apps · 2026-03-23T14:12:18Z

src/channels/plugins/catalog.ts

+  for (const entry of loadOfficialCatalogEntries(options)) {
+    const priority = ORIGIN_PRIORITY.bundled ?? 99;
+    const existing = resolved.get(entry.id);
+    if (!existing || priority < existing.priority) {
+      resolved.set(entry.id, { entry, priority });
+    }
+  }


Official catalog silently overrides user external-catalog customizations

Official catalog entries are inserted with ORIGIN_PRIORITY.bundled (= 3), and external catalog entries are only appended via if (!resolved.has(entry.id)) (line 415). This means that once a channel ID appears in the official catalog, any user-defined external catalog entry for the same channel ID (set via OPENCLAW_PLUGIN_CATALOG_PATHS or the default config-dir catalog) is silently ignored.

Before this PR, in a packaged install where bundled metadata was absent, external catalog entries for official channels (e.g. a user pointing at a self-hosted @openclaw/whatsapp fork) would still be respected. After this PR they are not, because the official catalog entry takes the slot first.

If this is intentional (official channels should not be user-overridable via external catalogs), it's worth a short in-code comment so the next reader doesn't mistake the skip for a bug. If users should be able to override, the official catalog priority should be set higher (e.g. ORIGIN_PRIORITY.bundled + 1 or a dedicated official origin) so that external entries can replace it:

// current – official cannot be overridden by external catalog const priority = ORIGIN_PRIORITY.bundled ?? 99; // 3 // alternative – give official a lower-priority slot const priority = (ORIGIN_PRIORITY.bundled ?? 3) + 1; // 4, so external-catalog wins

Prompt To Fix With AI

This is a comment left during a code review. Path: src/channels/plugins/catalog.ts Line: 403-409 Comment: **Official catalog silently overrides user external-catalog customizations** Official catalog entries are inserted with `ORIGIN_PRIORITY.bundled` (= 3), and external catalog entries are only appended via `if (!resolved.has(entry.id))` (line 415). This means that once a channel ID appears in the official catalog, any user-defined external catalog entry for the same channel ID (set via `OPENCLAW_PLUGIN_CATALOG_PATHS` or the default config-dir catalog) is silently ignored. Before this PR, in a packaged install where bundled metadata was absent, external catalog entries for official channels (e.g. a user pointing at a self-hosted `@openclaw/whatsapp` fork) would still be respected. After this PR they are not, because the official catalog entry takes the slot first. If this is intentional (official channels should not be user-overridable via external catalogs), it's worth a short in-code comment so the next reader doesn't mistake the skip for a bug. If users should be able to override, the official catalog priority should be set higher (e.g. `ORIGIN_PRIORITY.bundled + 1` or a dedicated `official` origin) so that external entries can replace it: ```typescript // current – official cannot be overridden by external catalog const priority = ORIGIN_PRIORITY.bundled ?? 99; // 3 // alternative – give official a lower-priority slot const priority = (ORIGIN_PRIORITY.bundled ?? 3) + 1; // 4, so external-catalog wins ``` How can I resolve this? If you propose a fix, please make it concise.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8bee5a73a3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-03-23T14:13:36Z

src/channels/plugins/catalog.ts

+  for (const entry of loadOfficialCatalogEntries(options)) {
+    const priority = ORIGIN_PRIORITY.bundled ?? 99;
+    const existing = resolved.get(entry.id);
+    if (!existing || priority < existing.priority) {
+      resolved.set(entry.id, { entry, priority });
+    }


Preserve external catalog precedence for official channels

When OPENCLAW_PLUGIN_CATALOG_PATHS / OPENCLAW_MPM_CATALOG_PATHS contains an entry for an official channel ID (for example to point whatsapp at a private mirror or fork), this new loop inserts the shipped catalog entry first with bundled priority. The later external-catalog pass only adds entries that are not already present (src/channels/plugins/catalog.ts:411-417), so the custom install.npmSpec is ignored and channel setup will install the hard-coded @openclaw/* package instead (src/commands/channel-setup/plugin-install.ts:185-203). Before this commit, those external entries were the only source for missing official channels, so this is a regression for catalog-driven installs.

Useful? React with 👍 / 👎.

ngutman · 2026-03-23T15:22:49Z

@greptile-apps please re-review this PR.

New work since the last Greptile review:

2f1f4100ec fix(release): keep shipped bundles in npm tar (#52838)
PR body updated to cover the release-packaging follow-up and verification
packaged tar now keeps dist/control-ui/index.html and the previously shipped optional bundled extension manifests

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2f1f4100ec

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-03-23T15:26:48Z

scripts/lib/optional-bundled-clusters.mjs

 export function shouldIncludeOptionalBundledClusters(env = process.env) {
-  return env[OPTIONAL_BUNDLED_BUILD_ENV] === "1";
+  // Release artifacts should preserve the last shipped upgrade surface by
+  // default. Specific size-sensitive lanes can still opt out explicitly.
+  return env[OPTIONAL_BUNDLED_BUILD_ENV] !== "0";


Keep optional bundled clusters opt-in for default builds

With OPENCLAW_INCLUDE_OPTIONAL_BUNDLED unset (the normal pnpm build / CI path), this now returns true, and both tsdown.config.ts:87-93 and scripts/copy-bundled-plugin-metadata.mjs:192-194 start treating every optional cluster as bundled. That means the release build now compiles and ships the full dist/extensions/whatsapp, matrix, etc. trees again, instead of only adding the new catalog metadata. Besides the pack-size jump already reflected in this PR, that broadens the bundled runtime surface for every stable/beta install and undermines the “discoverability only” fix described here.

Useful? React with 👍 / 👎.

chatgpt-codex-connector · 2026-03-23T15:26:48Z

scripts/release-check.ts

+const requiredOptionalBundledPackPaths = [
+  "dist/control-ui/index.html",
+  ...optionalBundledClusters
+    .filter((cluster) => cluster !== "ui")
+    .flatMap((cluster) => [
+      `dist/extensions/${cluster}/openclaw.plugin.json`,
+      `dist/extensions/${cluster}/package.json`,
+    ]),
+];


Respect explicit optional-bundle opt-out in release-check

This new required-path list is unconditional, so pnpm release:check now fails whenever a build intentionally sets OPENCLAW_INCLUDE_OPTIONAL_BUNDLED=0. That opt-out is still advertised in shouldIncludeOptionalBundledClusters(), and scripts/copy-bundled-plugin-metadata.mjs:192-194 will remove those dist/extensions/* directories in that mode, but collectMissingPackPaths() now always requires them. As written, any size-sensitive lane that disables optional bundles can no longer pass release verification.

Useful? React with 👍 / 👎.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7bd8d7d7d7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-03-23T15:48:06Z

package.json

    "protocol:gen": "node --import tsx scripts/protocol-gen.ts",
    "protocol:gen:swift": "node --import tsx scripts/protocol-gen-swift.ts",
-    "release:check": "pnpm config:docs:check && pnpm plugin-sdk:api:check && node scripts/stage-bundled-plugin-runtime-deps.mjs && node --import tsx scripts/release-check.ts",
+    "release:check": "pnpm config:docs:check && pnpm plugin-sdk:api:check && node scripts/stage-bundled-plugin-runtime-deps.mjs && pnpm ui:build && node --import tsx scripts/release-check.ts",


Keep release-check from rebuilding Control UI assets

In .github/workflows/ci.yml, the release-check job downloads the dist/ artifact from build-artifacts and then runs pnpm release:check. Adding pnpm ui:build here means the validator regenerates dist/control-ui locally before npm pack --dry-run, so this guard no longer verifies the artifact that was actually built and uploaded. If build-artifacts ever omits or ships stale Control UI files again, release-check will repair them in place and still pass, which defeats the regression check this PR is trying to add.

Useful? React with 👍 / 👎.

chatgpt-codex-connector · 2026-03-23T15:48:06Z

src/channels/plugins/catalog.ts

+  const packageRoots = [
+    resolveOpenClawPackageRootSync({ cwd: process.cwd() }),
+    resolveOpenClawPackageRootSync({ moduleUrl: import.meta.url }),
+  ].filter((entry, index, all): entry is string => Boolean(entry) && all.indexOf(entry) === index);


Derive official catalog paths from the selected bundle tree

listChannelPluginCatalogEntries() already threads options.env through plugin discovery and external catalog loading, but this helper ignores that env and always anchors the official fallback to the current checkout / executable. In flows that point OPENCLAW_BUNDLED_PLUGINS_DIR at a different install tree, channel-setup callers like src/commands/channels/add.ts and src/commands/onboard-channels.ts will still merge official entries from the wrong build (or miss the catalog next to the chosen bundle), so discovery can advertise channels that do not belong to the selected runtime.

Useful? React with 👍 / 👎.

…52913) * fix(channels): ship official channel catalog (openclaw#52838) * fix(release): keep shipped bundles in npm tar (openclaw#52838) * build(release): fix rebased release-check helpers (openclaw#52838)

@CodeForgeNet

…d off (#2) * refactor(plugins): move remaining channel and provider ownership out of src * refactor(plugins): finish provider and whatsapp cleanup * fix(gateway): pass process.env in status command probe auth to resolve SecretRef Fixes openclaw#52360 resolveGatewayProbeAuthSafe was called from status-all.ts without an env argument, causing the credential resolution chain to fall back to an empty object instead of process.env. This made env-backed SecretRef tokens (gateway.auth.token, Telegram botToken, etc.) appear unresolved in the status command path even when the runtime was healthy. Added process.env as default fallback in buildGatewayProbeCredentialPolicy and passed env explicitly from status-all.ts callers. Related: openclaw#33070, openclaw#38973, openclaw#39415, openclaw#46014, openclaw#49730 * fix(status): resolve only selected probe-auth branch and fix plain status path Address two Codex P1/P2 issues: 1. (P1) Plain 'openclaw status' and 'openclaw status --json' still went through the sync resolveGatewayProbeAuthSafe path in status.gateway-probe.ts, which cannot expand SecretRef objects. Switched to async resolveGatewayProbeAuthSafeWithSecretInputs. 2. (P2) status-all.ts was eagerly resolving both local and remote probe auth before deciding which to use. A stale SecretRef in the unused branch could abort the command. Collapsed to a single resolution call using the correct mode upfront. Updated status.scan.test.ts to use mockResolvedValue since resolveGatewayProbeAuthResolution is now async. * fix(status): await resolveGatewayProbeAuthResolution in scan.shared Function is now async after switching to resolveGatewayProbeAuthSafeWithSecretInputs. Missing await caused TS error: Property 'auth' does not exist on type 'Promise<...>'. * fix: finish gateway probe auth landing (openclaw#52513) (thanks @CodeForgeNet) * fix: finish gateway probe auth landing (openclaw#52513) (thanks @CodeForgeNet) * test: clear msteams gate drift for gateway probe auth landing (openclaw#52513) (thanks @CodeForgeNet) * fix(exec): return plain-text tool result on failure instead of raw JSON When an exec command fails (e.g. timeout), the tool previously rejected with an Error, which the tool adapter caught and wrapped in a JSON object ({ status, tool, error }). The model then received this raw JSON as the tool result and could parrot it verbatim to the user. Now exec failures resolve with a proper tool result containing the error as human-readable text in content[], matching the success path structure. The model sees plain text it can naturally incorporate into its reply. Also fixes a pre-existing format issue in update-cli.test.ts. Fixes openclaw#52484 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * fix: finish exec tool failure landing (openclaw#52508) (thanks @martingarramon) * fix(openshell): bundle upstream cli fallback * perf(reply): lazy-load session store writes * fix(build): restore plugin-sdk and line compat after refactor * refactor(kilocode): route shared model constants through core seam * refactor(plugin-sdk): route core provider and telegram seams through sdk barrels * fix(acp): preserve hidden thought chunks from gateway chat * fix(docs): rename 'Channel Options' to 'Options' in sdk-entrypoints This heading labels definePluginEntry options (generic, not channel-specific). Another agent reverted the previous fix during a merge. * fix(line): narrow plugin-sdk seams after refactor * test(voice-call): cover helper utilities * test(voice-call): cover manager and api helpers * fix(acp): preserve hidden thought replay on session load * test(voice-call): cover twilio and reaper helpers * docs(changelog): note ACP hidden thought replay fix * test(voice-call): cover utility and tailscale helpers * fix(ci): resync generated baselines and line runtime seam * fix(docs): remove duplicate '### Options' headings (MD024) * fix(ci): restore plugin manifests and boundary tests * style(docs): format sdk entrypoints doc * docs(config): refresh generated baseline * test(voice-call): cover outbound call flow helpers * fix(ci): repair tts and matrix refactor fallout * fix(ci): repair voice-call typing and provider contracts * fix(ci): satisfy voice-call typing and extension boundaries * Remove personal references from docs (openclaw#25260) * docs: remove personal references from AGENTS.md * docs: remove personal reference from sag skill * docs: note generic agent guidance cleanup * Update CHANGELOG.md --------- Co-authored-by: Josh Lehman <[email protected]> Co-authored-by: Vincent Koc <[email protected]> * fix(plugins): route keyed queue imports through core (openclaw#52608) * fix(matrix): preserve send aliases and voice intent * fix(build): repair stale plugin sdk surfaces * fix(plugin-sdk): export line runtime subpath * fix(auth): route copilot login through sdk seam * feat(web-search): add bundled Exa plugin (openclaw#52617) * test(msteams): await async setup status lines * fix(whatsapp): remove outbound runtime cycle * fix(plugin-sdk): fast-path root diagnostic subscriptions * fix(exa): align freshness typing and config docs * fix(matrix): avoid touching dropped room bindings * fix(web-search): align Exa plugin with current API * docs(tools): add DuckDuckGo Search provider page New page: tools/duckduckgo-search.md - Key-free fallback provider, no API key needed - Clear Warning about unofficial HTML-based integration - Limitations section covering bot-challenge risk and reliability - CardGroup showing good-for vs not-recommended-for use cases Updated: tools/web.md with DuckDuckGo in CardGroup and comparison table Updated: docs.json nav and redirect * test(telegram): align webhook grammy mock * docs(tools): add Exa Search page, align all search provider docs New page: tools/exa-search.md - Neural/keyword/hybrid search modes with content extraction - Tool parameters including contents (highlights, text, summary) - Search mode reference table Rewritten: tools/duckduckgo-search.md - Aligned to consistent template (Setup, Config, Tool parameters, Notes, Related) - Simplified from previous version Aligned across all providers: - Every search page now ends with a consistent ## Related section - Replaced 'See [Web tools]' with proper Related links - Added Exa + DuckDuckGo to web.md overview CardGroup and comparison table - Added Exa to docs.json nav and redirects * fix(telegram): inject media loader through bot deps * fix(ci): harden telegram seams and cap job timeouts * docs(tools): update Exa Search notes for current API behavior Add notes about default highlights contents, highlightScores/summary preservation from responses, description resolution order, and 100-result cap. * perf: add vitest test perf workflows * fix(ci): harden changed extension diff fallback * fix(telegram): harden grammy seams across tests * refactor: extract exec outcome and tool result helpers * test: isolate exec foreground failure coverage * fix(test): allow empty extension lane * perf: enable vitest fs module cache by default * fix(cli): route plugin logs to stderr during --json output * fix(cli): route deferred plugin logs to stderr in status --json * fix: keep status --json stdout clean (openclaw#52449) (thanks @cgdusek) * refactor(ci): collapse fast setup jobs into preflight * fix(exec): accept runtime failure kind in formatter * fix: include .env file vars in gateway service environment on install When building the gateway install plan, read and parse ~/.openclaw/.env (or $OPENCLAW_STATE_DIR/.env) and merge those key-value pairs into the service environment at the lowest priority — below config env vars, auth-profile refs, and the core service environment (HOME, PATH, OPENCLAW_*). This ensures that user-defined secrets stored in .env (e.g. BRAVE_API_KEY, OPENROUTER_API_KEY, DISCORD_BOT_TOKEN) are embedded in the LaunchAgent plist (macOS), systemd unit (Linux), and Scheduled Task (Windows) at install time, rather than relying solely on the gateway process loading them via dotenv.config() at startup. Previously, on macOS the LaunchAgent plist never included .env vars, which meant: - launchctl print did not show user secrets (hard to debug) - Child processes spawned before dotenv loaded had no access - If the same key existed in both .env and the plist, the stale plist value won via dotenv override:false semantics Dangerous host env vars (NODE_OPTIONS, LD_PRELOAD, etc.) are filtered using the same security policy applied to config env vars. Fixes openclaw#37101 Relates to openclaw#22663 * fix: normalize env var keys and isolate tests from real .env - Apply normalizeEnvVarKey({ portable: true }) before security filtering, matching the established pattern in env-vars.ts. Rejects non-portable key names (spaces, special chars) that would produce invalid plist/systemd syntax. - Isolate existing tests from the developer's real ~/.openclaw/.env by providing a temp HOME directory, preventing flaky failures when the test machine has a populated .env file. * fix: narrow exec exit failure kind typing * fix(test): isolate flaky extension lanes * feat(web-search): add DuckDuckGo bundled plugin (openclaw#52629) * feat(web-search): add DuckDuckGo bundled plugin * chore(changelog): restore main changelog * fix(web-search): harden DuckDuckGo challenge detection * refactor: split durable service env helpers * refactor: extract gateway install token helpers * fix(web-search): mark DuckDuckGo experimental * docs(tools): update DuckDuckGo Search for landed plugin code - Mark as experimental (not just unofficial) - Add region and safeSearch tool parameters (from DDG schema) - Add plugin config example for region/safeSearch defaults - Document auto-detection order (100 = last) - Note SafeSearch defaults to moderate - Verified against extensions/duckduckgo/src/ * fix(agents): deny local MEDIA paths for MCP results * Usage: include reset and deleted session archives (openclaw#43215) Merged via squash. Prepared head SHA: 49ed6c2 Co-authored-by: rcrick <[email protected]> Co-authored-by: frankekn <[email protected]> Reviewed-by: @frankekn * docs(tools): soften DDG wording (scrapes -> pulls/gathers) * fix(build): add stable memory-cli dist entry (openclaw#51759) Co-authored-by: oliviareid-svg <[email protected]> Co-authored-by: Frank <[email protected]> * refactor!: drop legacy CLAWDBOT env compatibility * refactor!: remove moltbot state-dir migration fallback * fix(gateway): preserve async hook ingress provenance * fix(ci): write dist build stamp after builds * perf: trim vitest hot imports and refresh manifests * fix(security): unwrap time dispatch wrappers * fix(plugin-sdk): fall back to src root alias files * fix(ci): skip docs-only preflight pnpm audit * docs(changelog): note time exec approval fix * docs: refresh plugin-sdk api baseline * fix(runtime): make dist-runtime staging idempotent * fix(media): bound remote error-body snippet reads * fix(gateway): gate internal command persistence mutations * fix: restrict remote marketplace plugin sources * fix(runtime): skip peer resolution for bundled plugin deps * docs(agents): prefer current test model examples * fix(exec): escape invisible approval filler chars * test(models): refresh example model fixtures * fix(security): unify dispatch wrapper approval hardening * fix(security): harden explicit-proxy SSRF pinning * fix: gate synology chat reply name matching * docs: clarify sessions_spawn ACP vs subagent policies * refactor(exec): split wrapper resolution modules * refactor(exec): make dispatch wrapper semantics spec-driven * refactor(exec): share wrapper trust planning * refactor(exec): rename wrapper plans for trust semantics * fix: include .npmrc in onboard docker build * test: trim docker live auth mounts * Docs: refresh config baseline for Synology Chat * refactor: clarify synology delivery identity names * refactor: centralize synology dangerous name matching * refactor: narrow synology legacy name lookup * refactor: audit synology dangerous name matching * refactor: dedupe synology config schema * fix: normalize scoped vitest filter paths * fix(voice-call): harden webhook pre-auth guards * fix(synology-chat): fail closed shared webhook paths * docs: credit nexrin in synology changelog * test: fix base vitest thread regressions * test: finish base vitest thread fixture fixes * test(voice-call): accept oversize webhook socket resets * test: honor env auth in gateway live probes * fix: harden plugin docker e2e * Docs: align MiniMax examples with M2.7 * fix(ci): restore stale guardrails and baselines * Test: isolate qr dashboard integration suite * Gateway: resolve fallback plugin context lazily * fix: bind bootstrap setup codes to node profile * fix(tlon): unify settings reconciliation semantics * refactor(synology-chat): type startup webhook path policy * docs(synology-chat): clarify multi-account webhook paths * refactor: unify minimax model and failover live policies * docs: sync minimax m2.7 references * fix: harden Windows Parallels smoke installs * docs: reorder unreleased changelog by user impact * refactor: remove embedded runner cwd mutation * Infra: support shell carrier allow-always approvals * refactor: centralize bootstrap profile handling * refactor: reuse canonical setup bootstrap profile * fix(plugin-sdk): resolve hashed diagnostic events chunks * fix(plugin-sdk): normalize hashed diagnostic event exports * test: fix ci env-sensitive assertions * fix(gateway): fail closed on unresolved discovery endpoints * feat: add slash plugin installs * fix(media): block remote-host file URLs in loaders * fix(media): harden secondary local path seams * test: harden no-isolate reply teardown * docs(changelog): add Windows media security fix * refactor(gateway): centralize discovery target handling * test: narrow live transcript scaffolding strip * test: fix ci docs drift and bun qr exit handling * fix(browser): enforce node browser proxy allowProfiles * refactor(media): share local file access guards * test: stabilize ci test harnesses * test: harden no-isolate test module resets * fix(plugins): preserve live hook registry during gateway runs * test: fix channel summary registry setup * test: harden isolated test mocks * chore(plugins): remove opik investigation checkpoints * ACPX: align pinned runtime version (openclaw#52730) * ACPX: align pinned runtime version * ACPX: drop version example from help text * test: stop leaking image workspace temp dirs * fix(android): gate canvas bridge to trusted pages (openclaw#52722) * fix(android): gate canvas bridge to trusted pages * fix(changelog): note android canvas bridge gating * Update apps/android/app/src/main/java/ai/openclaw/app/node/CanvasActionTrust.kt Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix(android): snapshot canvas URL on UI thread --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * test: isolate base vitest thread blockers * fix: sync agent and autoreply e2e updates * test: harden no-isolate mocked module resets * docs: reorder unreleased changelog * fix(changelog): note windows media path guardrails (openclaw#52738) * fix: alphabetize web search provider listings * docs: clarify unreleased breaking changes * test: harden ci isolated mocks * fix: align websocket stream fallback types * test: finish no-isolate suite hardening * style: format image-generation runtime tests * fix(memory-core): register memory tools independently to prevent coupled failure (openclaw#52668) Merged via admin squash because current required CI failures are inherited from base and match latest `main` failures outside this PR's `memory-core` surface. Prepared head SHA: df7f968 Co-authored-by: artwalker <[email protected]> Reviewed-by: @frankekn * fix(status): recompute fallback context window (openclaw#51795) * fix(status): recompute fallback context window * fix(status): keep live context token caps on fallback * fix(status): preserve fallback runtime context windows * fix(status): preserve configured fallback context caps * fix(status): keep provider-aware transcript context lookups * fix(status): preserve explicit fallback context caps * fix(status): clamp fallback configured context caps * fix(status): keep raw runtime slash ids * fix(status): refresh plugin-sdk api baseline * fix(status): preserve fallback context lookup * test(status): refresh plugin-sdk api baseline * fix(status): keep runtime slash-id context lookup --------- Co-authored-by: create <[email protected]> Co-authored-by: Frank Yang <[email protected]> Co-authored-by: RichardCao <[email protected]> * fix(telegram): make buttons schema optional in message tool The Telegram plugin injects a `buttons` property into the message tool schema via `createMessageToolButtonsSchema()`, but without wrapping it in `Type.Optional()`. This causes TypeBox to include `buttons` in the JSON Schema `required` array. In isolated sessions (e.g. cron jobs) where no `currentChannel` is set, all plugin schemas are merged into the message tool. When the LLM calls the message tool without a `buttons` parameter, AJV validation fails with: `buttons: must have required property 'buttons'`. Wrap the buttons schema in `Type.Optional()` so it is not required. * fix: keep message-tool buttons optional for Telegram and Mattermost (openclaw#52589) (thanks @tylerliu612) * test: update codex test fixtures to gpt-5.4 * fix: repair runtime seams after rebase * fix: restore Telegram topic announce delivery (openclaw#51688) (thanks @mvanhorn) When `replyLike.text` or `replyLike.caption` is an unexpected non-string value (edge case from some Telegram API responses), the reply body was coerced to "[object Object]" via string concatenation. Add a `typeof === "string"` guard to gracefully fall back to empty string, matching the existing pattern used for `quoteText` in the same function. Co-authored-by: Penchan <[email protected]> * docs: sync generated release baselines * test: isolate pi embedded model thread fixtures * fix: restore provider runtime lazy boundary * fix: preserve Telegram reply context text (openclaw#50500) (thanks @p3nchan) * fix: guard Telegram reply context text (openclaw#50500) (thanks @p3nchan) * fix: preserve Telegram reply caption fallback (openclaw#50500) (thanks @p3nchan) --------- Co-authored-by: Ayaan Zaidi <[email protected]> * fix: harden gateway SIGTERM shutdown (openclaw#51242) (thanks @juliabush) * fix: increase shutdown timeout to avoid SIGTERM hang * fix(telegram): abort polling fetch on shutdown to prevent SIGTERM hang * fix(gateway): enforce hard exit on shutdown timeout for SIGTERM * fix: tighten gateway shutdown watchdog * fix: harden gateway SIGTERM shutdown (openclaw#51242) (thanks @juliabush) --------- Co-authored-by: Ayaan Zaidi <[email protected]> * build: prepare 2026.3.22-beta.1 * fix: restore provider runtime lazy boundary * test: add parallels npm update smoke * test: split pi embedded model thread fixtures * fix: stop browser server tests from launching real chrome * test: stabilize live provider docker probes * fix: restart windows gateway after npm update * test: isolate server-context browser harness imports * test: inject model runtime hooks for thread-safe tests * test: snapshot ci timeout investigation * test: target gemini 3.1 flash alias * test: stabilize trigger handling and hook e2e tests * build: prepare 2026.3.22 * test: harden channel suite isolation * test: inject thread-safe deps for agent tools * test: raise timeout for slow provider auth normalization * ci: stabilize windows and bun unit lanes * test: inject thread-safe gateway and ACP seams * test: isolate pi model and reset-model thread fixtures * build: prepare 2026.3.23 * test: inject image-tool provider deps for raw threads * test: stabilize e2e module isolation * test: decouple vitest config checks from ambient env * fix: harden parallels smoke agent invocation * test: avoid repo-root perf profile artifacts * test: inject thread-safe base seams * fix: document Telegram asDocument alias (openclaw#52461) (thanks @bakhtiersizhaev) * feat(telegram): add asDocument param to message tool Adds `asDocument` as a user-facing alias for the existing `forceDocument` parameter in the message tool. When set to `true`, media files (images, videos, GIFs) are sent via `sendDocument` instead of `sendPhoto`/ `sendVideo`/`sendAnimation`, preserving the original file quality without Telegram compression. This is useful when agents need to deliver high-resolution images or uncompressed files to users via Telegram. `asDocument` is intentionally an alias rather than a replacement — the existing `forceDocument` continues to work unchanged. Changes: - src/agents/tools/message-tool.ts: add asDocument to send schema - src/agents/tools/telegram-actions.ts: OR asDocument into forceDocument - src/infra/outbound/message-action-runner.ts: same OR logic for outbound path - extensions/telegram/src/channel-actions.ts: read and forward asDocument - src/channels/plugins/actions/actions.test.ts: add test case * fix: restore channel-actions.ts to main version (rebase conflict fix) * fix(test): match asDocument test payload to actual params structure * fix(telegram): preserve forceDocument alias semantics * fix: document Telegram asDocument alias (openclaw#52461) (thanks @bakhtiersizhaev) --------- Co-authored-by: Бахтиер Сижаев <[email protected]> Co-authored-by: Ayaan Zaidi <[email protected]> * fix: refactor deepseek bundled plugin (openclaw#48762) (thanks @07akioni) * fix: declare typebox runtime dep for mattermost plugin * test: reset line webhook mocks between cases * test: split attempt spawn-workspace thread fixtures * test: remove replaced spawn-workspace monolith * refactor: isolate attempt context engine thread helpers * CI: remove npm release preview workflow (openclaw#52825) * CI: remove npm release preview workflow * Docs: align release maintainer skill with manual publish * Docs: expand release maintainer skill flow * test: stabilize gateway thread harness * test: fix status plugin pagination expectation * test: harden channel suite isolation * build: sync lockfile for mattermost plugin * fix: ensure env proxy dispatcher before MiniMax and OpenAI Codex OAuth flows (openclaw#52228) Verified: - pnpm install --frozen-lockfile - NPM_CONFIG_CACHE=/tmp/openclaw-npm-cache-52228 pnpm build - pnpm check - pnpm test:macmini (failed on inherited pre-existing plugin contract test: src/plugins/contracts/registry.contract.test.ts missing deepseek in bundled provider contract registry outside this PR surface) Co-authored-by: openperf <[email protected]> Co-authored-by: Tak Hoffman <[email protected]> * fix: restore ci gates * test: stabilize channel ci gate * docs: refresh generated config baseline * release: verify control-ui assets are included in npm tarball * release-check: include stderr/stdout when npm pack fails * release: add changelog for control UI tarball check * fix: keep session transcript pointers fresh after compaction (openclaw#50688) Co-authored-by: Frank Yang <[email protected]> * fix(msteams): isolate probe test env credentials * release: automate macOS publishing (openclaw#52853) * release: automate macOS publishing * release: keep mac appcast in openclaw repo * release: add preflight-only release workflow runs * release: keep appcast updates manual * release: generate signed appcast as workflow artifact * release: require preflight before publish * release: require mac app for every release * docs: clarify every release ships mac app * release: document Sparkle feed and SHA rules * release: keep publish flow tag-based * release: stabilize mac appcast flow * release: document local mac fallback * Update CHANGELOG.md * Improve PR template regression prompts * fix(agents): preserve anthropic thinking block order (openclaw#52961) * fix(release): ship bundled plugins in pack artifacts * fix(config): keep built-in channels out of plugin allowlists (openclaw#52964) * fix(config): keep built-in channels out of plugin allowlists * docs(changelog): note doctor whatsapp allowlist fix * docs(changelog): move doctor whatsapp fix to top * Update CHANGELOG.md * fix(config): keep built-in auto-enable idempotent * fix(release): preserve shipped channel surfaces in npm tar (openclaw#52913) * fix(channels): ship official channel catalog (openclaw#52838) * fix(release): keep shipped bundles in npm tar (openclaw#52838) * build(release): fix rebased release-check helpers (openclaw#52838) * fix(gateway): harden supervised lock and browser attach readiness * fix(matrix): avoid duplicate runtime api exports * fix(gateway): avoid probe false negatives after connect * docs(changelog): note release and matrix fixes * fix(plugins): unblock Discord/Slack message tool sends and Feishu media (openclaw#52991) * fix(plugins): unblock Discord and Slack message tool payloads * docs(changelog): note Discord Slack and Feishu message fixes * fix(channels): preserve external catalog overrides (openclaw#52988) * fix(channels): preserve external catalog overrides * fix(channels): clarify catalog precedence * fix(channels): respect overridden install specs * fix(gateway): require admin for agent session reset * fix(voice-call): stabilize plivo v2 replay keys * fix(gateway): require auth for canvas routes * feat(context-pruning): cache media to disk during pruning instead of stripping When cacheMedia is enabled, pruned image blocks are saved to ~/.openclaw/media/cache/ and replaced with a file path reference so the agent can re-read them on demand. Includes TTL cleanup and session-scoped cache management. * feat(media): add media cache module for context pruning * feat(whatsapp): make block streaming configurable instead of hardcoded off --------- Co-authored-by: Vincent Koc <[email protected]> Co-authored-by: CodeForgeNet <[email protected]> Co-authored-by: Peter Steinberger <[email protected]> Co-authored-by: Martin Garramon <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]> Co-authored-by: François Martin <[email protected]> Co-authored-by: Josh Lehman <[email protected]> Co-authored-by: Charles Dusek <[email protected]> Co-authored-by: Kevin ONeill <[email protected]> Co-authored-by: Rick_Xu <[email protected]> Co-authored-by: rcrick <[email protected]> Co-authored-by: frankekn <[email protected]> Co-authored-by: oliviareid-svg <[email protected]> Co-authored-by: oliviareid-svg <[email protected]> Co-authored-by: Frank <[email protected]> Co-authored-by: scoootscooob <[email protected]> Co-authored-by: ruochen <[email protected]> Co-authored-by: Onur Solmaz <[email protected]> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Frank Yang <[email protected]> Co-authored-by: artwalker <[email protected]> Co-authored-by: RichardCao <[email protected]> Co-authored-by: create <[email protected]> Co-authored-by: RichardCao <[email protected]> Co-authored-by: liuyang <[email protected]> Co-authored-by: Ayaan Zaidi <[email protected]> Co-authored-by: Matt Van Horn <[email protected]> Co-authored-by: Penchan <[email protected]> Co-authored-by: Penchan <[email protected]> Co-authored-by: Julia Bush <[email protected]> Co-authored-by: Bakhtier Sizhaev <[email protected]> Co-authored-by: Бахтиер Сижаев <[email protected]> Co-authored-by: wangchunyue <[email protected]> Co-authored-by: Tak Hoffman <[email protected]> Co-authored-by: evann <[email protected]> Co-authored-by: Robin Waslander <[email protected]> Co-authored-by: Sathvik Veerapaneni <[email protected]> Co-authored-by: Nimrod Gutman <[email protected]>

@frankekn

…claw#105) * fix(web-search): mark DuckDuckGo experimental * docs(tools): update DuckDuckGo Search for landed plugin code - Mark as experimental (not just unofficial) - Add region and safeSearch tool parameters (from DDG schema) - Add plugin config example for region/safeSearch defaults - Document auto-detection order (100 = last) - Note SafeSearch defaults to moderate - Verified against extensions/duckduckgo/src/ * fix(agents): deny local MEDIA paths for MCP results * Usage: include reset and deleted session archives (openclaw#43215) Merged via squash. Prepared head SHA: 49ed6c2 Co-authored-by: rcrick <[email protected]> Co-authored-by: frankekn <[email protected]> Reviewed-by: @frankekn * docs(tools): soften DDG wording (scrapes -> pulls/gathers) * fix(build): add stable memory-cli dist entry (openclaw#51759) Co-authored-by: oliviareid-svg <[email protected]> Co-authored-by: Frank <[email protected]> * refactor!: drop legacy CLAWDBOT env compatibility * refactor!: remove moltbot state-dir migration fallback * fix(gateway): preserve async hook ingress provenance * fix(ci): write dist build stamp after builds * perf: trim vitest hot imports and refresh manifests * fix(security): unwrap time dispatch wrappers * fix(plugin-sdk): fall back to src root alias files * fix(ci): skip docs-only preflight pnpm audit * docs(changelog): note time exec approval fix * docs: refresh plugin-sdk api baseline * fix(runtime): make dist-runtime staging idempotent * fix(media): bound remote error-body snippet reads * fix(gateway): gate internal command persistence mutations * fix: restrict remote marketplace plugin sources * fix(runtime): skip peer resolution for bundled plugin deps * docs(agents): prefer current test model examples * fix(exec): escape invisible approval filler chars * test(models): refresh example model fixtures * fix(security): unify dispatch wrapper approval hardening * fix(security): harden explicit-proxy SSRF pinning * fix: gate synology chat reply name matching * docs: clarify sessions_spawn ACP vs subagent policies * refactor(exec): split wrapper resolution modules * refactor(exec): make dispatch wrapper semantics spec-driven * refactor(exec): share wrapper trust planning * refactor(exec): rename wrapper plans for trust semantics * fix: include .npmrc in onboard docker build * test: trim docker live auth mounts * Docs: refresh config baseline for Synology Chat * refactor: clarify synology delivery identity names * refactor: centralize synology dangerous name matching * refactor: narrow synology legacy name lookup * refactor: audit synology dangerous name matching * refactor: dedupe synology config schema * fix: normalize scoped vitest filter paths * fix(voice-call): harden webhook pre-auth guards * fix(synology-chat): fail closed shared webhook paths * docs: credit nexrin in synology changelog * test: fix base vitest thread regressions * test: finish base vitest thread fixture fixes * test(voice-call): accept oversize webhook socket resets * test: honor env auth in gateway live probes * fix: harden plugin docker e2e * Docs: align MiniMax examples with M2.7 * fix(ci): restore stale guardrails and baselines * Test: isolate qr dashboard integration suite * Gateway: resolve fallback plugin context lazily * fix: bind bootstrap setup codes to node profile * fix(tlon): unify settings reconciliation semantics * refactor(synology-chat): type startup webhook path policy * docs(synology-chat): clarify multi-account webhook paths * refactor: unify minimax model and failover live policies * docs: sync minimax m2.7 references * fix: harden Windows Parallels smoke installs * docs: reorder unreleased changelog by user impact * refactor: remove embedded runner cwd mutation * Infra: support shell carrier allow-always approvals * refactor: centralize bootstrap profile handling * refactor: reuse canonical setup bootstrap profile * fix(plugin-sdk): resolve hashed diagnostic events chunks * fix(plugin-sdk): normalize hashed diagnostic event exports * test: fix ci env-sensitive assertions * fix(gateway): fail closed on unresolved discovery endpoints * feat: add slash plugin installs * fix(media): block remote-host file URLs in loaders * fix(media): harden secondary local path seams * test: harden no-isolate reply teardown * docs(changelog): add Windows media security fix * refactor(gateway): centralize discovery target handling * test: narrow live transcript scaffolding strip * test: fix ci docs drift and bun qr exit handling * fix(browser): enforce node browser proxy allowProfiles * refactor(media): share local file access guards * test: stabilize ci test harnesses * test: harden no-isolate test module resets * fix(plugins): preserve live hook registry during gateway runs * test: fix channel summary registry setup * test: harden isolated test mocks * chore(plugins): remove opik investigation checkpoints * ACPX: align pinned runtime version (openclaw#52730) * ACPX: align pinned runtime version * ACPX: drop version example from help text * test: stop leaking image workspace temp dirs * fix(android): gate canvas bridge to trusted pages (openclaw#52722) * fix(android): gate canvas bridge to trusted pages * fix(changelog): note android canvas bridge gating * Update apps/android/app/src/main/java/ai/openclaw/app/node/CanvasActionTrust.kt Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix(android): snapshot canvas URL on UI thread --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * test: isolate base vitest thread blockers * fix: sync agent and autoreply e2e updates * test: harden no-isolate mocked module resets * docs: reorder unreleased changelog * fix(changelog): note windows media path guardrails (openclaw#52738) * fix: alphabetize web search provider listings * docs: clarify unreleased breaking changes * test: harden ci isolated mocks * fix: align websocket stream fallback types * test: finish no-isolate suite hardening * style: format image-generation runtime tests * fix(memory-core): register memory tools independently to prevent coupled failure (openclaw#52668) Merged via admin squash because current required CI failures are inherited from base and match latest `main` failures outside this PR's `memory-core` surface. Prepared head SHA: df7f968 Co-authored-by: artwalker <[email protected]> Reviewed-by: @frankekn * fix(status): recompute fallback context window (openclaw#51795) * fix(status): recompute fallback context window * fix(status): keep live context token caps on fallback * fix(status): preserve fallback runtime context windows * fix(status): preserve configured fallback context caps * fix(status): keep provider-aware transcript context lookups * fix(status): preserve explicit fallback context caps * fix(status): clamp fallback configured context caps * fix(status): keep raw runtime slash ids * fix(status): refresh plugin-sdk api baseline * fix(status): preserve fallback context lookup * test(status): refresh plugin-sdk api baseline * fix(status): keep runtime slash-id context lookup --------- Co-authored-by: create <[email protected]> Co-authored-by: Frank Yang <[email protected]> Co-authored-by: RichardCao <[email protected]> * fix(telegram): make buttons schema optional in message tool The Telegram plugin injects a `buttons` property into the message tool schema via `createMessageToolButtonsSchema()`, but without wrapping it in `Type.Optional()`. This causes TypeBox to include `buttons` in the JSON Schema `required` array. In isolated sessions (e.g. cron jobs) where no `currentChannel` is set, all plugin schemas are merged into the message tool. When the LLM calls the message tool without a `buttons` parameter, AJV validation fails with: `buttons: must have required property 'buttons'`. Wrap the buttons schema in `Type.Optional()` so it is not required. * fix: keep message-tool buttons optional for Telegram and Mattermost (openclaw#52589) (thanks @tylerliu612) * test: update codex test fixtures to gpt-5.4 * fix: repair runtime seams after rebase * fix: restore Telegram topic announce delivery (openclaw#51688) (thanks @mvanhorn) When `replyLike.text` or `replyLike.caption` is an unexpected non-string value (edge case from some Telegram API responses), the reply body was coerced to "[object Object]" via string concatenation. Add a `typeof === "string"` guard to gracefully fall back to empty string, matching the existing pattern used for `quoteText` in the same function. Co-authored-by: Penchan <[email protected]> * docs: sync generated release baselines * test: isolate pi embedded model thread fixtures * fix: restore provider runtime lazy boundary * fix: preserve Telegram reply context text (openclaw#50500) (thanks @p3nchan) * fix: guard Telegram reply context text (openclaw#50500) (thanks @p3nchan) * fix: preserve Telegram reply caption fallback (openclaw#50500) (thanks @p3nchan) --------- Co-authored-by: Ayaan Zaidi <[email protected]> * fix: harden gateway SIGTERM shutdown (openclaw#51242) (thanks @juliabush) * fix: increase shutdown timeout to avoid SIGTERM hang * fix(telegram): abort polling fetch on shutdown to prevent SIGTERM hang * fix(gateway): enforce hard exit on shutdown timeout for SIGTERM * fix: tighten gateway shutdown watchdog * fix: harden gateway SIGTERM shutdown (openclaw#51242) (thanks @juliabush) --------- Co-authored-by: Ayaan Zaidi <[email protected]> * build: prepare 2026.3.22-beta.1 * fix: restore provider runtime lazy boundary * test: add parallels npm update smoke * test: split pi embedded model thread fixtures * fix: stop browser server tests from launching real chrome * test: stabilize live provider docker probes * fix: restart windows gateway after npm update * test: isolate server-context browser harness imports * test: inject model runtime hooks for thread-safe tests * test: snapshot ci timeout investigation * test: target gemini 3.1 flash alias * test: stabilize trigger handling and hook e2e tests * build: prepare 2026.3.22 * test: harden channel suite isolation * test: inject thread-safe deps for agent tools * test: raise timeout for slow provider auth normalization * ci: stabilize windows and bun unit lanes * test: inject thread-safe gateway and ACP seams * test: isolate pi model and reset-model thread fixtures * build: prepare 2026.3.23 * test: inject image-tool provider deps for raw threads * test: stabilize e2e module isolation * test: decouple vitest config checks from ambient env * fix: harden parallels smoke agent invocation * test: avoid repo-root perf profile artifacts * test: inject thread-safe base seams * fix: document Telegram asDocument alias (openclaw#52461) (thanks @bakhtiersizhaev) * feat(telegram): add asDocument param to message tool Adds `asDocument` as a user-facing alias for the existing `forceDocument` parameter in the message tool. When set to `true`, media files (images, videos, GIFs) are sent via `sendDocument` instead of `sendPhoto`/ `sendVideo`/`sendAnimation`, preserving the original file quality without Telegram compression. This is useful when agents need to deliver high-resolution images or uncompressed files to users via Telegram. `asDocument` is intentionally an alias rather than a replacement — the existing `forceDocument` continues to work unchanged. Changes: - src/agents/tools/message-tool.ts: add asDocument to send schema - src/agents/tools/telegram-actions.ts: OR asDocument into forceDocument - src/infra/outbound/message-action-runner.ts: same OR logic for outbound path - extensions/telegram/src/channel-actions.ts: read and forward asDocument - src/channels/plugins/actions/actions.test.ts: add test case * fix: restore channel-actions.ts to main version (rebase conflict fix) * fix(test): match asDocument test payload to actual params structure * fix(telegram): preserve forceDocument alias semantics * fix: document Telegram asDocument alias (openclaw#52461) (thanks @bakhtiersizhaev) --------- Co-authored-by: Бахтиер Сижаев <[email protected]> Co-authored-by: Ayaan Zaidi <[email protected]> * fix: refactor deepseek bundled plugin (openclaw#48762) (thanks @07akioni) * fix: declare typebox runtime dep for mattermost plugin * test: reset line webhook mocks between cases * test: split attempt spawn-workspace thread fixtures * test: remove replaced spawn-workspace monolith * refactor: isolate attempt context engine thread helpers * CI: remove npm release preview workflow (openclaw#52825) * CI: remove npm release preview workflow * Docs: align release maintainer skill with manual publish * Docs: expand release maintainer skill flow * test: stabilize gateway thread harness * test: fix status plugin pagination expectation * test: harden channel suite isolation * build: sync lockfile for mattermost plugin * fix: ensure env proxy dispatcher before MiniMax and OpenAI Codex OAuth flows (openclaw#52228) Verified: - pnpm install --frozen-lockfile - NPM_CONFIG_CACHE=/tmp/openclaw-npm-cache-52228 pnpm build - pnpm check - pnpm test:macmini (failed on inherited pre-existing plugin contract test: src/plugins/contracts/registry.contract.test.ts missing deepseek in bundled provider contract registry outside this PR surface) Co-authored-by: openperf <[email protected]> Co-authored-by: Tak Hoffman <[email protected]> * fix: restore ci gates * test: stabilize channel ci gate * docs: refresh generated config baseline * release: verify control-ui assets are included in npm tarball * release-check: include stderr/stdout when npm pack fails * release: add changelog for control UI tarball check * fix: keep session transcript pointers fresh after compaction (openclaw#50688) Co-authored-by: Frank Yang <[email protected]> * fix(msteams): isolate probe test env credentials * release: automate macOS publishing (openclaw#52853) * release: automate macOS publishing * release: keep mac appcast in openclaw repo * release: add preflight-only release workflow runs * release: keep appcast updates manual * release: generate signed appcast as workflow artifact * release: require preflight before publish * release: require mac app for every release * docs: clarify every release ships mac app * release: document Sparkle feed and SHA rules * release: keep publish flow tag-based * release: stabilize mac appcast flow * release: document local mac fallback * Update CHANGELOG.md * Improve PR template regression prompts * fix(agents): preserve anthropic thinking block order (openclaw#52961) * fix(release): ship bundled plugins in pack artifacts * fix(config): keep built-in channels out of plugin allowlists (openclaw#52964) * fix(config): keep built-in channels out of plugin allowlists * docs(changelog): note doctor whatsapp allowlist fix * docs(changelog): move doctor whatsapp fix to top * Update CHANGELOG.md * fix(config): keep built-in auto-enable idempotent * fix(release): preserve shipped channel surfaces in npm tar (openclaw#52913) * fix(channels): ship official channel catalog (openclaw#52838) * fix(release): keep shipped bundles in npm tar (openclaw#52838) * build(release): fix rebased release-check helpers (openclaw#52838) * fix(gateway): harden supervised lock and browser attach readiness * fix(matrix): avoid duplicate runtime api exports * fix(gateway): avoid probe false negatives after connect * docs(changelog): note release and matrix fixes * fix(plugins): unblock Discord/Slack message tool sends and Feishu media (openclaw#52991) * fix(plugins): unblock Discord and Slack message tool payloads * docs(changelog): note Discord Slack and Feishu message fixes * fix(channels): preserve external catalog overrides (openclaw#52988) * fix(channels): preserve external catalog overrides * fix(channels): clarify catalog precedence * fix(channels): respect overridden install specs * fix(gateway): require admin for agent session reset * fix(voice-call): stabilize plivo v2 replay keys * fix(gateway): require auth for canvas routes * fix(clawhub): resolve auth token for skill browsing (openclaw#53017) * fix(clawhub): resolve auth token for skill browsing * docs(changelog): note clawhub skill auth fix * fix(release): raise npm pack size budget * Tests: fix fresh-main regressions (openclaw#53011) * Tests: fix fresh-main regressions * Tests: avoid chat notice cache priming --------- Co-authored-by: Vincent Koc <[email protected]> * fix(config): ignore stale plugin allow entries * fix(browser): reuse running loopback browser after probe miss * fix(clawhub): honor macOS auth config path (openclaw#53034) * docs: fix nav ordering, missing pages, and stale model references - Sort providers alphabetically in docs.json nav - Sort channels alphabetically in docs.json nav (slack before synology-chat) - Add install/migrating-matrix to Maintenance nav section (was orphaned) - Remove zh-CN/plugins/architecture from nav (file does not exist) - Add Voice Call to channels index page - Add missing providers to providers index (DeepSeek, GitHub Copilot, OpenCode Go, Synthetic) - Sort providers index alphabetically - Update stale claude-3-5-sonnet model reference to claude-sonnet-4-6 in webhook docs * fix(clawhub): preserve XDG auth path on macOS * Agents: fix runtime web_search provider selection (openclaw#53020) Co-authored-by: Vincent Koc <[email protected]> * docs: fix CLI command tree, SDK import path, and tool group listing - Remove non-existent 'secrets migrate' from CLI command tree - Add actual secrets subcommands: audit, configure, apply - Add missing plugin subcommands: inspect, uninstall, update, marketplace list - Fix plugins info -> inspect (actual command name) - Add message send and broadcast subcommands to command tree - Remove misleading deprecated import from sdk-overview - Add sessions_yield and subagents to group:sessions tool group docs - Fix formatting * fix(gateway): guard openrouter auto pricing recursion (openclaw#53055) * test: refresh thread-safe agent fixtures * Release: fix npm release preflight under pnpm (openclaw#52985) Co-authored-by: Vincent Koc <[email protected]> * docs(changelog): add channel catalog override note (openclaw#52988) (openclaw#53059) * fix: harden update dev switch and refresh changelog * fix(mistral): repair max-token defaults and doctor migration (openclaw#53054) * fix(mistral): repair max-token defaults and doctor migration * fix(mistral): add missing small-model repair cap * fix(plugins): enable bundled Brave web search plugin by default (openclaw#52072) Brave is a bundled web search plugin but was missing from BUNDLED_ENABLED_BY_DEFAULT, causing it to be filtered out during provider resolution. This made web_search unavailable even when plugins.entries.brave.enabled was configured. Fixes openclaw#51937 Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Vincent Koc <[email protected]> * fix(release): fail empty control ui tarballs * Revert "fix(plugins): enable bundled Brave web search plugin by default (openclaw#52072)" This reverts commit 0ea3c4d. * Telegram: preserve inbound debounce order * Telegram: fix fire-and-forget debounce order * fix(reply): refresh followup drain callbacks * Update CHANGELOG.md * fix(reply): preserve no-debounce inbound concurrency * fix(reply): clear idle followup callbacks * fix(inbound): bound tracked debounce keys * fix: preserve debounce and followup ordering (openclaw#52998) (thanks @osolmaz) * fix(discord): reply on native command auth failures (openclaw#53072) * docs(changelog): add missing recent fixes * fix: bound tracked debounce key accounting * fix packaged control ui asset lookup (openclaw#53081) * fix(cli): preserve posix default git dir * build: prepare 2026.3.23-beta.1 * test: harden canvas host undici isolation * docs(changelog): credit web search runtime fix * fix(openai-codex): bootstrap proxy on oauth refresh (openclaw#53078) Verified: - pnpm install --frozen-lockfile - pnpm exec vitest run extensions/openai/openai-codex-provider.runtime.test.ts extensions/openai/openai-provider.test.ts * release: harden preflight workflows (openclaw#53087) * release: harden preflight-only workflows * release: require main for publish runs * release: select xcode for macos workflow * release: retry flaky macos preflight steps * ci: shard bun test lane * Fix Control UI operator.read scope handling (openclaw#53110) Preserve Control UI scopes through the device-auth bypass path, normalize implied operator device-auth scopes, ignore cached under-scoped operator tokens, and degrade read-backed main pages gracefully when a connection truly lacks operator.read. Co-authored-by: Val Alexander <[email protected]> * build: prepare 2026.3.23 * fix(agents): prefer runtime snapshot for skill secrets * docs(changelog): note skill secretref runtime fix * fix(memory): bootstrap lancedb runtime on demand (openclaw#53111) Bootstrap LanceDB into plugin runtime state on first use for packaged/global installs, keep @lancedb/lancedb plugin-local, and add regression coverage for bundled, cached, retry, and Nix fail-fast runtime paths. Co-authored-by: Val Alexander <[email protected]> * build: finalize 2026.3.23 release * release: upload macos preflight artifacts (openclaw#53105) * release: upload macos preflight artifacts * release: speed up macos preflight * release: use xlarge macos runner * release: skip dmg path in macos preflight * fix(subagents): recheck timed-out announce waits (openclaw#53127) Recheck timed-out subagent announce waits against the latest runtime snapshot before announcing timeout, and keep that recheck best-effort so transient gateway failures do not suppress the announcement. Co-authored-by: Val Alexander <[email protected]> * docs(feishu): replace botName with name in config examples (openclaw#52753) Merged via squash. Prepared head SHA: 5237726 Co-authored-by: haroldfabla2-hue <[email protected]> Co-authored-by: altaywtf <[email protected]> Reviewed-by: @altaywtf * fix(plugins): accept clawhub uninstall specs * test(auth): align device scope expectations (openclaw#53151) * fix: prevent delivery-mirror re-delivery and raise Slack chunk limit (openclaw#45489) Merged via squash. Prepared head SHA: c7664c7 Co-authored-by: theo674 <[email protected]> Co-authored-by: altaywtf <[email protected]> Reviewed-by: @altaywtf * Infra: tighten shell-wrapper positional-argv allowlist matching (openclaw#53133) * Infra: tighten shell carrier allowlist matching * fix(security): tighten shell carrier allowlist matcher * fix: generalize api_error detection for fallback model triggering (openclaw#49611) Co-authored-by: Ayush Ojha <[email protected]> Co-authored-by: altaywtf <[email protected]> * feat(modelstudio): add standard (pay-as-you-go) DashScope endpoints for Qwen (openclaw#43878) Add Standard API Key auth methods for China (dashscope.aliyuncs.com) and Global/Intl (dashscope-intl.aliyuncs.com) pay-as-you-go endpoints alongside the existing Coding Plan (subscription) endpoints. Also updates group label to 'Qwen (Alibaba Cloud Model Studio)' and fixes glm-4.7 -> glm-5 in Coding Plan note messages. Co-authored-by: wenmeng zhou <[email protected]> * Release: privatize macOS publish flow (openclaw#53166) * fix(diagnostics): redact credentials from cache-trace diagnostic output Refs openclaw#53103 * Release: document manual macOS asset upload (openclaw#53178) * Release: document manual macOS asset upload * Release: document macOS smoke-test mode * docs(changelog): reorder release highlights * test(whatsapp): stabilize login coverage in shared workers * test(whatsapp): preserve session exports in login coverage * test(whatsapp): preserve media test module exports * test(whatsapp): preserve harness session exports * fix(ci): stabilize whatsapp extension checks * test: make update-cli checkout path assertion platform-safe * fix(auth): prevent stale auth store reverts (openclaw#53211) * Doctor: prune stale plugin allowlist and entry refs (openclaw#53187) Signed-off-by: sallyom <[email protected]> * test: stabilize test isolation * test: update command coverage * test: expand gemini live transcript stripping * test: fix update-cli default path assertion * chore(sre:PLA-920): adopt upstream sync changes * fix(sre:PLA-920): align branch with adopted upstream tree * build(sre:PLA-920): refresh dist artifacts * test(sre:PLA-920): align incident-format expectations --------- Signed-off-by: sallyom <[email protected]> Co-authored-by: Vincent Koc <[email protected]> Co-authored-by: Peter Steinberger <[email protected]> Co-authored-by: Rick_Xu <[email protected]> Co-authored-by: rcrick <[email protected]> Co-authored-by: frankekn <[email protected]> Co-authored-by: oliviareid-svg <[email protected]> Co-authored-by: oliviareid-svg <[email protected]> Co-authored-by: Frank <[email protected]> Co-authored-by: scoootscooob <[email protected]> Co-authored-by: ruochen <[email protected]> Co-authored-by: Onur Solmaz <[email protected]> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Frank Yang <[email protected]> Co-authored-by: artwalker <[email protected]> Co-authored-by: RichardCao <[email protected]> Co-authored-by: create <[email protected]> Co-authored-by: RichardCao <[email protected]> Co-authored-by: liuyang <[email protected]> Co-authored-by: Ayaan Zaidi <[email protected]> Co-authored-by: Matt Van Horn <[email protected]> Co-authored-by: Penchan <[email protected]> Co-authored-by: Penchan <[email protected]> Co-authored-by: Julia Bush <[email protected]> Co-authored-by: Bakhtier Sizhaev <[email protected]> Co-authored-by: Бахтиер Сижаев <[email protected]> Co-authored-by: wangchunyue <[email protected]> Co-authored-by: Tak Hoffman <[email protected]> Co-authored-by: evann <[email protected]> Co-authored-by: Robin Waslander <[email protected]> Co-authored-by: Sathvik Veerapaneni <[email protected]> Co-authored-by: Nimrod Gutman <[email protected]> Co-authored-by: Luke <[email protected]> Co-authored-by: scoootscooob <[email protected]> Co-authored-by: Jamil Zakirov <[email protected]> Co-authored-by: TheRipper <[email protected]> Co-authored-by: Quinn H. <[email protected]> Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Val Alexander <[email protected]> Co-authored-by: betoblair <[email protected]> Co-authored-by: haroldfabla2-hue <[email protected]> Co-authored-by: altaywtf <[email protected]> Co-authored-by: Altay <[email protected]> Co-authored-by: theo674 <[email protected]> Co-authored-by: theo674 <[email protected]> Co-authored-by: Ayush Ojha <[email protected]> Co-authored-by: Ayush Ojha <[email protected]> Co-authored-by: George Zhang <[email protected]> Co-authored-by: wenmeng zhou <[email protected]> Co-authored-by: Onur <[email protected]> Co-authored-by: Sally O'Malley <[email protected]>

ngutman requested a review from a team as a code owner March 23, 2026 14:08

openclaw-barnacle bot added scripts Repository scripts size: M maintainer Maintainer-authored PR labels Mar 23, 2026

greptile-apps bot reviewed Mar 23, 2026

View reviewed changes

chatgpt-codex-connector bot reviewed Mar 23, 2026

View reviewed changes

openclaw-barnacle bot added size: L and removed size: M labels Mar 23, 2026

ngutman changed the title ~~fix(channels): ship official channel catalog~~ fix(release): preserve shipped channel surfaces in npm tar Mar 23, 2026

chatgpt-codex-connector bot reviewed Mar 23, 2026

View reviewed changes

ngutman added 3 commits March 23, 2026 17:30

fix(channels): ship official channel catalog (#52838)

5e71388

fix(release): keep shipped bundles in npm tar (#52838)

31f20ff

build(release): fix rebased release-check helpers (#52838)

7bd8d7d

ngutman force-pushed the fix/official-channel-catalog branch from 2f1f410 to 7bd8d7d Compare March 23, 2026 15:38

ngutman merged commit b84a130 into main Mar 23, 2026
10 checks passed

ngutman deleted the fix/official-channel-catalog branch March 23, 2026 15:39

chatgpt-codex-connector bot reviewed Mar 23, 2026

View reviewed changes

ngutman mentioned this pull request Mar 23, 2026

fix(channels): preserve external catalog overrides #52988

Merged

25 tasks

github-actions bot mentioned this pull request Mar 23, 2026

📡 Upstream Digest — 2026-03-23 16:50 UTC curtismercier/openclaw-mods#343

Open

steipete mentioned this pull request Mar 24, 2026

fix(release): add build steps to publish job so Control UI assets ship in npm package #53147

Closed

Uh oh!

Conversation

ngutman commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Change Type (select all)

Scope (select all touched areas)

Linked Issue/PR

User-visible / Behavior Changes

Security Impact (required)

Repro + Verification

Environment

Steps

Expected

Actual

Evidence

Human Verification (required)

Review Conversations

Compatibility / Migration

Failure Recovery (if this breaks)

Risks and Mitigations

Uh oh!

aisle-research-bot bot commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔒 Aisle Security Analysis

1. 🟡 Untrusted official channel-catalog.json search paths allow catalog spoofing and arbitrary npmSpec suggestions

Description

Recommendation

2. 🔵 Potential DoS via unbounded synchronous loading/parsing of plugin catalog JSON from configurable paths

Description

Recommendation

3. 🔵 Prototype pollution via untrusted channel IDs used as object keys in UI catalog builders

Description

Recommendation

Uh oh!

greptile-apps bot commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Greptile Summary

Confidence Score: 5/5

Comments Outside Diff (1)

Uh oh!

greptile-apps bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

ngutman commented Mar 23, 2026

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

chatgpt-codex-connector bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

chatgpt-codex-connector bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

ngutman commented Mar 23, 2026 •

edited

Loading

aisle-research-bot bot commented Mar 23, 2026 •

edited

Loading

greptile-apps bot commented Mar 23, 2026 •

edited

Loading