Skip to content

fix(runtime): stabilize dist runtime artifacts#53855

Merged
vincentkoc merged 8 commits intomainfrom
fix/runtime-artifact-hardening-pr
Mar 24, 2026
Merged

fix(runtime): stabilize dist runtime artifacts#53855
vincentkoc merged 8 commits intomainfrom
fix/runtime-artifact-hardening-pr

Conversation

@vincentkoc
Copy link
Copy Markdown
Member

@vincentkoc vincentkoc commented Mar 24, 2026
edited
Loading

AI-assisted: yes

Summary

Describe the problem and fix in 2–5 bullets:

  • Problem: long-lived lazy runtime seams in dist/ were emitted behind content-hashed filenames, so a rebuilt tree could strand already-running processes on missing chunk imports.
  • Why it matters: local gateway/debug flows broke after rebuilds with errors like Cannot find module '/.../dist/provider-runtime-*.js' or status.summary.runtime-* / auth-profiles.runtime-* misses, and bundled plugin staging could still fall back to a broken bare-npm shell path, and on Windows that fallback ran through shell resolution from the plugin directory.
  • What changed: pinned the affected lazy runtime seams to stable entry paths, and hardened bundled plugin runtime dependency staging to prefer the toolchain-local npm CLI, then an absolute adjacent npm.exe/npm.cmd on Windows, and fail closed with a clearer message only after those local fallbacks are exhausted.
  • What did NOT change (scope boundary): no run-node retry/rebuild control-flow changes in this PR.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #
  • Related #
  • This PR fixes a bug or regression

Root Cause / Regression History (if applicable)

For bug fixes or regressions, explain why this happened, not just what changed. Otherwise write N/A. If the cause is unclear, write Unknown.

  • Root cause: a few lazy runtime boundaries that stay live in long-running processes were emitted as hashed chunks instead of stable entry files, and bundled plugin staging could still drop to a broken bare-npm shell path when toolchain-local npm resolution was unavailable.
  • Missing detection / guardrail: we had coverage for cli/memory-cli stable entry emission, but not these other runtime seams; the npm runner tests also did not cover PATH-prefixed fallback behavior or isolate themselves from ambient process.env.
  • Prior context (git blame, prior PR, issue, or refactor if known): cli/memory-cli already used the same stable-entry pattern for deterministic runtime imports.
  • Why this regressed now: Slack demo/debug flows kept a gateway process alive across rebuilds, which exposed the missing stable filenames; the same environment also had a broken default nodenv shim on bare PATH.
  • If unknown, what was ruled out: N/A.

Regression Test Plan (if applicable)

For bug fixes or regressions, name the smallest reliable test coverage that should have caught this. Otherwise write N/A.

  • Coverage level that should have caught this:
    • Unit test
    • Seam / integration test
    • End-to-end test
    • Existing coverage already sufficient
  • Target test or file: src/infra/tsdown-config.test.ts, test/scripts/stage-bundled-plugin-runtime-deps.test.ts
  • Scenario the test should lock in: the affected runtime seams stay on deterministic dist/...runtime.js paths, and bundled plugin staging resolves npm from the active Node toolchain, and on Windows use an adjacent npm-cli.js, npm.exe, or wrapped absolute npm.cmd before failing closed.
  • Why this is the smallest reliable guardrail: both bugs are emitted/selection logic bugs, so unit tests at the config/runner seam catch them directly without a longer gateway harness.
  • Existing test that already covers this (if any): the existing cli/memory-cli stable-entry expectation in src/infra/tsdown-config.test.ts.
  • If no new test is added, why not: N/A.

User-visible / Behavior Changes

  • local rebuilds are less likely to break long-running gateway/CLI processes on missing hashed runtime chunks.
  • bundled plugin runtime dep staging is more resilient on broken shell PATHs, and Windows now uses only absolute toolchain-local npm paths with a clearer fail-closed error if none exist.

Security Impact (required)

  • New permissions/capabilities? (No)
  • Secrets/tokens handling changed? (No)
  • New/changed network calls? (No)
  • Command/tool execution surface changed? (No)
  • Data access scope changed? (No)
  • If any Yes, explain risk + mitigation:

Repro + Verification

Environment

  • OS: macOS
  • Runtime/container: local repo checkout, Node 24.13.0 via nodenv
  • Model/provider: N/A
  • Integration/channel (if any): Slack-triggered local gateway/debug flows
  • Relevant config (redacted): default shell PATH had broken nodenv shims unless Node 24 bin was prefixed

Steps

  1. Keep a process alive against a built dist/ tree and rebuild the repo.
  2. Trigger code paths that lazy-load provider/auth/status runtime helpers, or stage bundled plugin runtime deps.
  3. Observe missing hashed-chunk imports or bare-npm staging failures.

Expected

  • runtime helpers stay importable after rebuilds.
  • bundled plugin staging uses the active toolchain instead of a broken shell shim.

Actual

  • before: Cannot find module '/.../dist/provider-runtime-*.js' and similar auth-profiles.runtime-* / status.summary.runtime-* misses.
  • before: runtime staging could fail behind a broken bare npm resolution, and Windows fallback execution depended on shell command lookup from the plugin directory.
  • after: deterministic runtime entry files are emitted and pnpm openclaw agent --help succeeds after pnpm build.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

  • Verified scenarios: pnpm test -- test/scripts/stage-bundled-plugin-runtime-deps.test.ts src/infra/tsdown-config.test.ts, pnpm build, pnpm openclaw agent --help.
  • Edge cases checked: PATH-prefixed non-Windows bare-npm fallback, Windows adjacent npm-cli.js/npm.exe resolution, wrapped absolute npm.cmd fallback, and the clearer Windows fail-closed message, deterministic dist/agents/*.runtime.js / dist/commands/status.summary.runtime.js / dist/plugins/provider-runtime.runtime.js emission.
  • What you did not verify: full pnpm test, parallel build/CLI races, or a full gateway smoke after this branch split.

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

  • Backward compatible? (Yes)
  • Config/env changes? (No)
  • Migration needed? (No)
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly: revert commits 2349807f12, f100570827, 036a077fc0, a27d88e24c, and a42589c69d.
  • Files/config to restore: tsdown.config.ts, src/infra/tsdown-config.test.ts, scripts/stage-bundled-plugin-runtime-deps.mjs, test/scripts/stage-bundled-plugin-runtime-deps.test.ts.
  • Known bad symptoms reviewers should watch for: missing dist/...runtime.js stable entries, or bundled plugin staging regressing back to broken bare-npm behavior.

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

  • Risk: adding stable entry points can slightly change dist layout expectations.
    • Mitigation: the config test asserts the exact entry presence, and the emitted files were verified locally.
  • Risk: npm runner fallback env shaping could behave differently on Windows.
    • Mitigation: added explicit Windows-path unit coverage and kept the shell-mode behavior unchanged.

@vincentkoc vincentkoc self-assigned this Mar 24, 2026
@openclaw-barnacle openclaw-barnacle bot added scripts Repository scripts size: S maintainer Maintainer-authored PR labels Mar 24, 2026
@vincentkoc vincentkoc marked this pull request as ready for review March 24, 2026 17:42
@aisle-research-bot
Copy link
Copy Markdown

aisle-research-bot bot commented Mar 24, 2026
edited
Loading

🔒 Aisle Security Analysis

We found 2 potential security issue(s) in this PR:

# Severity Title
1 🔵 Low PATH hijack risk when resolving bare npm by prepending nodeDir to PATH
2 🔵 Low PATH hardening bypass via case-insensitive PATH key selection leads to npm path hijack
Vulnerabilities

1. 🔵 PATH hijack risk when resolving bare npm by prepending nodeDir to PATH

Property Value
Severity Low
CWE CWE-426
Location scripts/stage-bundled-plugin-runtime-deps.mjs:103-116

Description

resolveNpmRunner() falls back to executing a bare npm binary (with shell: false) and prepends PATH with nodeDir (derived from process.execPath). This creates an untrusted search-path situation:

  • input: process.execPath (or params.execPath) determines nodeDir
  • input: process.env (or params.env) provides the baseline PATH
  • behavior: PATH is rewritten to prefer executables found in nodeDir
  • sink: spawnSync('npm', ...) will resolve npm via this modified PATH

If nodeDir is writable/attacker-controlled (e.g., poisoned CI toolcache, compromised Node installation directory, or any scenario where the Node binary is executed from an untrusted directory), an attacker can plant a malicious npm executable/shim in that directory, causing arbitrary code execution when installPluginRuntimeDeps() runs.

Vulnerable code:

return {
  command: "npm",
  args: [],
  shell: false,
  env: {
    ...env,
    [pathKey]:
      typeof currentPath === "string" && currentPath.length > 0
        ? `${nodeDir}${path.delimiter}${currentPath}`
        : nodeDir,
  },
};

Recommendation

Avoid resolving npm via PATH search when you can execute a pinned executable/script.

Safer options:

  1. Prefer invoking toolchain npm via an absolute path (like the existing npm-cli.js approach), and if not found, fail closed (as you already do on Windows) instead of searching PATH.

  2. If a fallback is required, do not prepend an additional directory to PATH. Instead, either:

    • use the existing env.PATH unchanged, or
    • resolve npm to an absolute path using a trusted lookup (e.g., which/command -v) without injecting a new, potentially writable directory.

Example (fail closed on all platforms when toolchain npm is missing):

const npmCliPath = resolveToolchainNpmCliPath({ existsSync, nodeDir, pathImpl });
if (!npmCliPath) {
  throw new Error(`failed to resolve a toolchain-local npm CLI next to ${execPath}`);
}
return { command: execPath, args: [npmCliPath], shell: false };

If you must support bare npm, consider validating that nodeDir is not world-writable and is owned by an expected user (platform-dependent), and/or require an explicit opt-in flag to enable PATH modification.

2. 🔵 PATH hardening bypass via case-insensitive PATH key selection leads to npm path hijack

Property Value
Severity Low
CWE CWE-426
Location scripts/stage-bundled-plugin-runtime-deps.mjs:127-129

Description

The POSIX fallback path for resolveNpmRunner() executes npm by name and attempts to harden the environment by prefixing the Node toolchain directory onto the PATH. However, it determines which env var to modify via a case-insensitive search:

  • resolvePathEnvKey(env) returns the first key whose lowercase equals "path".
  • On POSIX, environment variable names are case-sensitive and process execution uses the PATH variable specifically.
  • If env contains both PATH and another variant such as Path (or only Path), the function may select the wrong key and update env.Path while leaving env.PATH unchanged.
  • In that scenario, the spawned process still resolves npm using the unmodified PATH, allowing an attacker-controlled npm earlier in PATH to be executed (path hijacking).

Vulnerable code:

function resolvePathEnvKey(env) {
  return Object.keys(env).find((key) => key.toLowerCase() === "path") ?? "PATH";
}

This is security-relevant because resolveNpmRunner() can accept a custom params.env, and even with default process.env, a hostile runtime environment can include multiple PATH-like keys with different casing.

Recommendation

On non-Windows platforms, always use PATH (exact casing) as the key to read/write.

On Windows, handle case-insensitivity explicitly (e.g., prefer Path if present, else PATH). Also consider normalizing by deleting other PATH-like keys to avoid ambiguity.

Example fix:

function resolvePathEnvKey(env, platform) {
  if (platform !== "win32") return "PATH";// Windows is case-insensitive; Node commonly exposes `Path`
  if (Object.prototype.hasOwnProperty.call(env, "Path")) return "Path";
  if (Object.prototype.hasOwnProperty.call(env, "PATH")) return "PATH";
  return "Path";
}// usage
const pathKey = resolvePathEnvKey(env, platform);

Additionally, when constructing the child environment, consider setting the other common-casing key too on Windows to reduce surprises:

env: { ...env, PATH: newValue, Path: newValue }

(only for win32).

Analyzed PR: #53855 at commit a27d88e

Last updated on: 2026-03-24T18:46:02Z

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 24, 2026

Greptile Summary

This PR fixes two related stability bugs: it pins four lazy runtime seams (auth-profiles.runtime, pi-model-discovery-runtime, status.summary.runtime, provider-runtime.runtime) to deterministic dist/ entry paths so rebuilt trees don't strand long-running gateway processes on missing hashed chunks, and it hardens bundled plugin runtime dep staging to prefer npm_execpath (when it points to npm) or the active Node toolchain's bin dir over a potentially-broken bare npm on PATH.

Key changes:

  • tsdown.config.ts: four new stable entry points following the existing cli/memory-cli pattern.
  • src/infra/tsdown-config.test.ts: extends the existing stable-entry regression guard to cover the four new entries.
  • scripts/stage-bundled-plugin-runtime-deps.mjs: resolveNpmRunner now checks npm_execpath first (filtered by isNpmExecPath), and prefixes the active Node bin dir onto PATH in the bare-npm fallback; the resolved env is forwarded to spawnSync.
  • test/scripts/stage-bundled-plugin-runtime-deps.test.ts: new tests for npm_execpath resolution, PATH-prefixed fallback on Linux, and Windows Path key handling.

One minor test-isolation issue: the pre-existing "anchors npm staging" test case does not pass an env parameter and would fail when invoked via plain npm test because the new npm_execpath priority branch would fire before the existsSync path.

Confidence Score: 5/5

  • Safe to merge; changes are narrowly scoped, well-tested, and follow established patterns in the codebase.
  • Both fixes are straightforward — stable entry pin follows an existing, proven pattern, and the npm runner logic is fully unit-tested including Windows edge cases. The only issue found (missing env: {} in one test) is a non-blocking style concern that only matters when tests are run via plain npm rather than pnpm, which is not the project's standard workflow.
  • No files require special attention.
Prompt To Fix All With AI 
This is a comment left during a code review.
Path: test/scripts/stage-bundled-plugin-runtime-deps.test.ts
Line: 23-41

Comment:
**Test not isolated from `process.env.npm_execpath`**

The "anchors npm staging" test doesn't pass an `env` parameter, so `resolveNpmRunner` falls back to `process.env`. The newly added `npm_execpath` branch now fires *before* the `existsSync` branch. If this test is run under a plain `npm test` invocation (where `process.env.npm_execpath` is set to something like `/usr/local/lib/node_modules/npm/bin/npm-cli.js`), `isNpmExecPath` returns `true`, and the function returns `args: [process.env.npm_execpath]` — which is almost certainly a different path than `expectedNpmCliPath`. The test will fail for any contributor who invokes it via `npm` instead of `pnpm`.

The other three tests guard against this by explicitly supplying an `env` object without `npm_execpath`.

```suggestion
    const runner = resolveNpmRunner({
      execPath,
      env: {},
      existsSync: (candidate: string) => candidate === expectedNpmCliPath,
      platform: "darwin",
    });
```

How can I resolve this? If you propose a fix, please make it concise.

Reviews (1): Last reviewed commit: "docs(changelog): note runtime artifact f..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Mar 24, 2026
View reviewed changes
@aisle-research-bot
Copy link
Copy Markdown

aisle-research-bot bot commented Mar 24, 2026
edited
Loading

🔒 Aisle Security Analysis

We found 1 potential security issue(s) in this PR:

# Severity Title
1 🔵 Low Code execution via untrusted npm_execpath in resolveNpmRunner()
Vulnerabilities

1. 🔵 Code execution via untrusted npm_execpath in resolveNpmRunner()

Property Value
Severity Low
CWE CWE-94
Location scripts/stage-bundled-plugin-runtime-deps.mjs:93-100

Description

resolveNpmRunner() trusts the environment variable npm_execpath to choose which script Node executes. The validation in isNpmExecPath() only checks the basename of the path (e.g., npm-cli.js), not the directory, whether it exists, or whether it points to the expected Node toolchain.

As a result, an attacker who can influence the environment for this script (e.g., a build/release process that runs with attacker-controlled env, or a wrapper that forwards env from untrusted sources) can set npm_execpath to an arbitrary JS file named npm-cli.js and cause Node to execute it:

  • input: process.env.npm_execpath
  • weak validation: path.basename(value) regex match
  • sink: spawnSync(execPath, [npmExecPath, ...]) where execPath is Node

Vulnerable code:

const npmExecPath = env.npm_execpath;
if (typeof npmExecPath === "string" && isNpmExecPath(npmExecPath)) {
  return { command: execPath, args: [npmExecPath], shell: false };
}

This leads to arbitrary code execution in the context running scripts/stage-bundled-plugin-runtime-deps.mjs.

Recommendation

Do not execute npm_execpath directly unless it is strongly validated.

Recommended fixes (pick one):

  1. Prefer the toolchain-local npm-cli.js only (already implemented via npmCliPath) and remove the npm_execpath branch entirely.

  2. If you must support npm_execpath, validate it strictly:

    • require an absolute path
    • fs.existsSync() and fs.statSync().isFile()
    • compare fs.realpathSync(npmExecPath) to an allowlist, e.g. the computed npmCliPath or within nodeDir/../lib/node_modules/npm/
    • reject relative paths and paths containing ..

Example (strict allowlist to computed npmCliPath):

const npmExecPath = env.npm_execpath;
if (typeof npmExecPath === 'string') {
  const real = fs.realpathSync.native?.(npmExecPath) ?? fs.realpathSync(npmExecPath);
  const expected = fs.realpathSync.native?.(npmCliPath) ?? fs.realpathSync(npmCliPath);
  if (real === expected) {
    return { command: execPath, args: [expected], shell: false };
  }
}

This prevents executing attacker-controlled scripts that merely share the filename.

Analyzed PR: #53855 at commit 7f867f4

Last updated on: 2026-03-24T17:55:51Z

@vincentkoc vincentkoc merged commit e4ce1d9 into main Mar 24, 2026
8 checks passed
@vincentkoc vincentkoc deleted the fix/runtime-artifact-hardening-pr branch March 24, 2026 18:37
@github-actions github-actions bot mentioned this pull request Mar 24, 2026
Open
luzhidong pushed a commit to luzhidong/openclaw that referenced this pull request Mar 24, 2026
@vincentkoc
fix(runtime): stabilize dist runtime artifacts (openclaw#53855)
329d253 
* fix(build): stabilize lazy runtime entry paths

* fix(runtime): harden bundled plugin npm staging

* docs(changelog): note runtime artifact fixes

* fix(runtime): stop trusting npm_execpath

* fix(runtime): harden Windows npm staging

* fix(runtime): add safe Windows npm fallback
siofra-seksbot added a commit to TheBotsters/botster-ego that referenced this pull request Mar 25, 2026
@siofra-seksbot @drobison00
@steipete @BunsDev @Takhoffman @Lukavyi @obviyus @vincentkoc @sudie-codes @claude @giulio-leone @hclsys @Protocol-zero-0 @SidU @lupuletic @TaoXieSZ @joelnishanth @mbelinky @Hollychou924 @altaywtf @neeravmakwana @sallyom @huntharo @davidguttman @onutc @osolmaz @hpt @mahopan @jalehman @w-sss @scoootscooob @dutifulbob @Kimbo7870
chore: upstream absorb 2026-03-24 (348 commits)
f50f676 
* Formatting fixes and remove trailing dash acceptance

* Remove lower casing -- preserving prior behavior

* fix: preserve legacy clawhub skill updates (openclaw#53206) (thanks @drobison00)

* feat(csp): support inline script hashes in Control UI CSP (openclaw#53307) thanks @BunsDev

Co-authored-by: BunsDev <[email protected]>
Co-authored-by: Nova <[email protected]>

* refactor: separate exec policy and execution targets

* test: print failed test lane output tails

* fix(cron): make --tz work with --at for one-shot jobs

Previously, `--at` with an offset-less ISO datetime (e.g. `2026-03-23T23:00:00`)
was always interpreted as UTC, even when `--tz` was provided. This caused one-shot
jobs to fire at the wrong time.

Changes:
- `parseAt()` now accepts an optional `tz` parameter
- When `--tz` is provided with `--at`, offset-less datetimes are interpreted in
  that IANA timezone using Intl.DateTimeFormat
- Datetimes with explicit offsets (e.g. `+01:00`, `Z`) are unaffected
- Removed the guard in cron-edit that blocked `--tz` with `--at`
- Updated `--at` help text to mention `--tz` support
- Added 2 tests verifying timezone resolution and offset preservation

* fix: land cron tz one-shot handling and prerelease config warnings (openclaw#53224) (thanks @RolfHegr)

* fix: clean changelog merge duplication (openclaw#53224) (thanks @RolfHegr)

* test: isolate line jiti runtime smoke

* refactor: harden extension runtime-api seams

* tests: improve boundary audit coverage and safety (openclaw#53080)

* tools: extend seam audit inventory

* tools: tighten seam audit heuristics

* tools: refine seam test matching

* tools: refine seam audit review heuristics

* style: format seam audit script

* tools: widen seam audit matcher coverage

* tools: harden seam audit coverage

* tools: tighten boundary audit matchers

* tools: ignore mocked import matches in boundary audit

* test: include native command reply seams in audit

* fix: command auth SecretRef resolution (openclaw#52791) (thanks @Lukavyi)

* fix(command-auth): handle unresolved SecretRef in resolveAllowFrom

* fix(command-auth): fall back to config allowlists

* fix(command-auth): avoid duplicate resolution fallback

* fix(command-auth): fail closed on invalid allowlists

* fix(command-auth): isolate fallback resolution errors

* fix: record command auth SecretRef landing notes (openclaw#52791) (thanks @Lukavyi)

---------

Co-authored-by: Ayaan Zaidi <[email protected]>

* refactor: extract cron schedule and test runner helpers

* fix: populate currentThreadTs in threading tool context fallback for Telegram DM topics (openclaw#52217)

When a channel plugin lacks a custom buildToolContext (e.g. Telegram),
the fallback path in buildThreadingToolContext did not set currentThreadTs
from the inbound MessageThreadId. This caused resolveTelegramAutoThreadId
to return undefined, so message tool sends without explicit threadId
would route to the main chat instead of the originating DM topic.

Fixes openclaw#52217

* fix: unblock runtime-api smoke checks

* refactor: split tracked ClawHub update flows

* build: prepare 2026.3.23-2

* fix: preserve command auth resolution errors on empty inferred allowlists

* docs: refresh plugin-sdk api baseline

* test: harden linux runtime smoke guards

* fix(runtime): anchor bundled plugin npm staging to active node

* tests: cron coverage and NO_REPLY delivery fixes (openclaw#53366)

* tools: extend seam audit inventory

* tools: audit cron seam coverage gaps

* test: add cron seam coverage tests

* fix: avoid marking NO_REPLY cron deliveries as delivered

* fix: clean up delete-after-run NO_REPLY cron sessions

* fix: verify global npm correction installs

* build: prepare 2026.3.24

* docs: update mac release automation guidance

* fix: fail closed when provider inference drops errored allowlists

* fix: reject nonexistent zoned cron at-times

* fix: hash inline scripts with data-src attributes

* ci: balance shards and reuse pr artifacts

* refactor: simplify provider inference and zoned parsing helpers

* fix: unify live model auth gating

* tests: add boundary coverage for media delivery (openclaw#53361)

* tests: add boundary coverage for media delivery

* tests: isolate telegram outbound adapter transport

* tests: harden telegram webhook certificate assertion

* tests: fix guardrail false positives on rebased branch

* msteams: extract structured quote/reply context (openclaw#51647)

* msteams: extract structured quote/reply context from Teams HTML attachments

* msteams: address PR openclaw#51647 review feedback

* msteams: add message edit and delete support (openclaw#49925)

- Add edit/delete action handlers with toolContext.currentChannelId
  fallback for in-thread edits/deletes without explicit target
- Add editMessageMSTeams/deleteMessageMSTeams to channel runtime
- Add updateActivity/deleteActivity to SendContext and MSTeamsTurnContext
- Extend content param with text/content/message fallback chain
- Update test mocks for new SendContext shape

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

* fix(doctor): honor --fix in non-interactive mode

Ensure repair-mode doctor prompts auto-accept recommended fixes even when running non-interactively, while still requiring --force for aggressive rewrites.

This restores the expected behavior for upgrade/doctor flows that rely on 'openclaw doctor --fix --non-interactive' to repair stale gateway service configuration such as entrypoint drift after global updates.

Co-authored-by: Copilot <[email protected]>

* Preserve no-restart during update doctor fixes

Co-authored-by: Copilot <[email protected]>

* fix(doctor): skip service config repairs during updates

Co-authored-by: Copilot <[email protected]>

* fix: add config clobber forensics

* fix(ui): resolve model provider from catalog instead of stale session default

When the server returns a bare model name (e.g. "deepseek-chat") with
a session-level modelProvider (e.g. "zai"), the UI blindly prepends
the provider — producing "zai/deepseek-chat" instead of the correct
"deepseek/deepseek-chat". This causes "model not allowed" errors
when switching between models from different providers.

Root cause: resolveModelOverrideValue() and resolveDefaultModelValue()
in app-render.helpers.ts, plus the /model slash command handler in
slash-command-executor.ts, all call resolveServerChatModelValue()
which trusts the session's default provider. The session provider
reflects the PREVIOUS model, not the newly selected one.

Fix: for bare model names, create a raw ChatModelOverride and resolve
through normalizeChatModelOverrideValue() which looks up the correct
provider from the model catalog. Falls back to server-provided provider
only if the catalog lookup fails. All 3 call sites are fixed.

Closes openclaw#53031

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Signed-off-by: HCL <[email protected]>

* style(ui): polish agent file preview and usage popovers (openclaw#53382)

* feat: make workspace links clickable in agent context card and files list

Updated the agent context card and files list to render workspace names as clickable links, allowing users to easily access the corresponding workspace files. This enhances usability by providing direct navigation to the workspace location.

* style(ui): polish markdown preview dialog

* style(ui): reduce markdown preview list indentation

* style(ui): update markdown preview dialog width and alignment

* fix(ui): open usage filter popovers toward the right

* style(ui): adjust positioning of usage filter and export popovers

* style(ui): update sidebar footer padding and modify usage header z-index

* style(ui): adjust positioning of usage filter popover to the left and export popover to the right

* style(ui): simplify workspace link rendering in agent context card

* UI: make workspace paths interactive buttons or plain text

Agent Context card workspace (Channels/Cron panels): replace non-interactive
<div> with a real <button> wired to onSelectPanel('files'), matching the
Overview panel pattern.

Core Files footer workspace: drop workspace-link class since the user is
already on the Files panel — keep as plain text.

* fix(agents): suppress heartbeat prompt for cron-triggered embedded runs

Prevent cron-triggered embedded runs from inheriting the default heartbeat prompt so non-cron session targets stop reading HEARTBEAT.md and polluting scheduled turns.

Made-with: Cursor

* test(agents): cover additional heartbeat prompt triggers

Document that default-agent heartbeat prompt injection still applies to memory-triggered and triggerless runs while cron remains excluded.

Made-with: Cursor

* fix: land cron heartbeat prompt suppression (openclaw#53152) (thanks @Protocol-zero-0)

* msteams: implement Teams AI agent UX best practices (openclaw#51808)

Migrates the Teams extension from @microsoft/agents-hosting to the official Teams SDK (@microsoft/teams.apps + @microsoft/teams.api) and implements Microsoft's AI UX best practices for Teams agents.

- AI-generated label on all bot messages (Teams native badge + thumbs up/down)
- Streaming responses in 1:1 chats via Teams streaminfo protocol
- Welcome card with configurable prompt starters on bot install
- Feedback with reflective learning (negative feedback triggers background reflection)
- Typing indicators for personal + group chats (disabled for channels)
- Informative status updates (progress bar while LLM processes)
- JWT validation via Teams SDK createServiceTokenValidator
- User-Agent: teams.ts[apps]/<sdk-version> OpenClaw/<version> on outbound requests
- Fix copy-pasted image downloads (smba.trafficmanager.net auth allowlist)
- Pre-parse auth gate (reject unauthenticated requests before body parsing)
- Reflection dispatcher lifecycle fix (prevent leaked dispatchers)
- Colon-safe session filenames (Windows compatibility)
- Cooldown cache eviction (prevent unbounded memory growth)

Closes openclaw#51806

* refactor: tighten embedded prompt and sidecar guards

* test: audit subagent seam coverage inventory

* test: add exact-stem subagent seam tests

* refactor: clarify doctor repair flow

* fix(plugins): make Matrix recovery paths tolerate stale plugin config (openclaw#52899)

* fix(plugins): address review feedback for Matrix recovery paths (openclaw#52899)

1. Narrow loadConfigForInstall() to catch only INVALID_CONFIG errors,
   letting real failures (fs permission, OOM) propagate.
2. Assert allow array is properly cleaned in stale-cleanup test.
3. Add comment clarifying version-resolution is already addressed via
   the shared VERSION constant.
4. Run cleanStaleMatrixPluginConfig() during install so
   persistPluginInstall() → writeConfigFile() does not fail validation
   on stale Matrix load paths.

* fix(plugins): address review feedback for Matrix recovery paths (openclaw#52899)

* fix: fetch model catalog for slash command updates

* fix: restore teams sdk adapter contracts

* fix: keep slash command model qualification on rebase

* fix: clear production dependency advisories

* fix: delete subagent runs after announce give-up

* refactor: polish trigger and manifest seams

* refactor(ui): extract chat model resolution state

* fix(feishu): preserve docx block tree order (openclaw#40524)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm vitest run extensions/feishu/src/docx.test.ts

Co-authored-by: Tao Xie <[email protected]>

* fix: stabilize matrix and teams ci assertions

* fix: preserve subagent ended hooks until runtime init

* test: prune low-signal live model sweeps

* test: harden parallels smoke harness

* fix: preserve direct subagent dispatch failures on abort

* fix: report dropped subagent announce queue deliveries

* fix: unblock live harness provider discovery

* fix: finalize resumed subagent cleanup give-ups

* refactor: centralize plugin install config policy

* fix: format subagent registry test

* fix: finalize deferred subagent expiry cleanup

* fix(tui): preserve user message during slow model responses (openclaw#53115)

When a local run ends with an empty final event while another run is active,
skip history reload to prevent clearing the user's pending message from the
chat log. This fixes the 'message disappears' issue with slow models like Ollama.

* fix: preserve deferred TUI history sync (openclaw#53130) (thanks @joelnishanth)

* test: sync app chat model override expectation

* feat(ui): Control UI polish — skills revamp, markdown preview, agent workspace, macOS config tree (openclaw#53411) thanks @BunsDev

Co-authored-by: BunsDev <[email protected]>
Co-authored-by: Nova <[email protected]>

* fix(security): resolve Aisle findings — skill installer validation, terminal sanitization, URL scheme allowlisting (openclaw#53471) thanks @BunsDev

Co-authored-by: BunsDev <[email protected]>
Co-authored-by: Nova <[email protected]>

* fix: widen installer regex allowlists and deduplicate safeExternalHref calls

- SAFE_GO_MODULE: allow uppercase in module paths (A-Z)
- SAFE_BREW_FORMULA: allow @ for versioned formulas ([email protected])
- SAFE_UV_PACKAGE: allow extras [standard] and equality pins ==
- Cache safeExternalHref result in skills detail API key section

* docs: update CONTRIBUTING.md

* test: continue vitest threads migration

* test: continue vitest threads migration

* test: harden threaded shared-worker suites

* test: harden threaded channel follow-ups

* test: defer slack bolt interop for helper-only suites

* fix(agents): harden edit tool recovery (openclaw#52516)

Merged via squash.

Prepared head SHA: e23bde8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

* fix(docs): correct json55 typo to json5 in IRC channel docs (openclaw#50831) (openclaw#50842)

Merged via squash.

Prepared head SHA: 0f743bf
Co-authored-by: Hollychou924 <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Reviewed-by: @altaywtf

* fix(secrets): prevent unresolved SecretRef from crashing embedded agent runs

Root cause: Telegram channel monitor captures config at startup before secrets
are resolved and passes it as configOverride into the reply pipeline. Since
getReplyFromConfig() uses configOverride directly (skipping loadConfig() which
reads the resolved runtime snapshot), the unresolved SecretRef objects propagate
into FollowupRun.run.config and crash runEmbeddedPiAgent().

Fix (defense in depth):
- get-reply.ts: detect unresolved SecretRefs in configOverride and fall back to
  loadConfig() which returns the resolved runtime snapshot
- message-tool.ts: try-catch around schema/description building at tool creation
  time so channel discovery errors don't crash the agent
- message-tool.ts: detect unresolved SecretRefs in pre-bound config at tool
  execution time and fall back to gateway secret resolution

Fixes: openclaw#45838

* fix: merge explicit reply config overrides onto fresh config

* fix: clean up failed non-thread subagent spawns

* fix: initialize plugins before killed subagent hooks

* fix: report qmd status counts from real qmd manager (openclaw#53683) (thanks @neeravmakwana)

* fix(memory): report qmd status counts from index

* fix(memory): reuse full qmd manager for status

* fix(memory): harden qmd status manager lifecycle

* fix: ci

* fix: finalize killed delete-mode subagent cleanup

* fix: clean up attachments for killed subagent runs

* feat(cli): support targeting running containerized openclaw instances (openclaw#52651)

Signed-off-by: sallyom <[email protected]>

* fix: ci

* Telegram: recover General topic bindings (openclaw#53699)

Merged via squash.

Prepared head SHA: 546f0c8
Co-authored-by: huntharo <[email protected]>
Co-authored-by: huntharo <[email protected]>
Reviewed-by: @huntharo

* fix: clean up attachments for released subagent runs

* fix(ci): do not cancel in-progress main runs

* fix: clean up attachments for orphaned subagent runs

* test: speed up discord extension suites

* test: speed up slack extension suites

* test: speed up telegram extension suites

* test: speed up whatsapp and shared test suites

* fix(ci): do not cancel in-progress bun runs on main

* fix: clean up attachments when replacing subagent runs

* feat(discord): add autoThreadName 'generated' strategy (openclaw#43366)

* feat(discord): add autoThreadName 'generated' strategy

Adds async thread title generation for auto-created threads:
- autoThread: boolean - enables/disables auto-threading
- autoThreadName: 'message' | 'generated' - naming strategy
- 'generated' uses LLM to create concise 3-6 word titles
- Includes channel name/description context for better titles
- 10s timeout with graceful fallback

* Discord: support non-key auth for generated thread titles

* Discord: skip fallback auto-thread rename

* Discord: normalize generated thread title first content line

* Discord: split thread title generation helpers

* Discord: tidy thread title generation constants and order

* Discord: use runtime fallback model resolution for thread titles

* Discord: resolve thread-title model aliases

* Discord: fallback thread-title model selection to runtime defaults

* Agents: centralize simple completion runtime

* fix(discord): pass apiKey to complete() for thread title generation

The setRuntimeApiKey approach only works for full agent runs that use
authStorage.getApiKey(). The pi-ai complete() function expects apiKey
directly in options or falls back to env vars — it doesn't read from
authStorage.runtimeOverrides.

Fixes thread title generation for Claude/Anthropic users.

* fix(agents): return exchanged Copilot token from prepareSimpleCompletionModel

The recent thread-title fix (3346ba6) passes prepared.auth.apiKey to
complete(). For github-copilot, this was still the raw GitHub token
rather than the exchanged runtime token, causing auth failures.

Now setRuntimeApiKeyForCompletion returns the resolved token and
prepareSimpleCompletionModel includes it in auth.apiKey, so both the
authStorage path and direct apiKey pass-through work correctly.

* fix(agents): catch auth lookup exceptions in completion model prep

getApiKeyForModel can throw for credential issues (missing profile, etc).
Wrap in try/catch to return { error } for fail-soft handling rather than
propagating rejected promises to callers like thread title generation.

* Discord: strip markdown wrappers from generated thread titles

* Discord/agents: align thread-title model and local no-auth completion headers

* Tests: import fresh modules for mocked thread-title/simple-completion suites

* Agents: apply exchanged Copilot baseUrl in simple completions

* Discord: route thread runtime imports through plugin SDK

* Lockfile: add Discord pi-ai runtime dependency

* Lockfile: regenerate Discord pi-ai runtime dependency entries

* Agents: use published Copilot token runtime module

* Discord: refresh config baseline and lockfile

* Tests: split extension runs by isolation

* Discord: add changelog for generated thread titles (openclaw#43366) (thanks @davidguttman)

---------

Co-authored-by: Onur Solmaz <[email protected]>
Co-authored-by: Onur Solmaz <[email protected]>

* add missing autoArchiveDuration to DiscordGuildChannelConfig type (openclaw#43427)

* add missing autoArchiveDuration to DiscordGuildChannelConfig type

The autoArchiveDuration field is present in the Zod schema
(DiscordGuildChannelSchema) and actively used at runtime in
threading.ts and allow-list.ts, but was missing from the
canonical TypeScript type definition.

Add autoArchiveDuration to DiscordGuildChannelConfig to align
the type with the schema and runtime usage.

* Discord: add changelog for config type fix (openclaw#43427) (thanks @davidguttman)

---------

Co-authored-by: Onur Solmaz <[email protected]>

* refactor: dedupe test and script helpers

* test: speed up discord extension suites

* test: speed up slack extension suites

* test: speed up telegram extension suites

* test: speed up signal and whatsapp extension suites

* fix(discord): avoid bundling pi-ai runtime deps

* fix(lockfile): sync discord dependency removal

* test: speed up discord slack telegram suites

* test: speed up whatsapp and signal suites

* test: speed up google and twitch suites

* test: speed up core unit suites

* fix: preserve cleanup hooks after subagent register failure

* fix: preserve session cleanup hooks after subagent announce

* Feishu: avoid CLI startup failure on unresolved SecretRef

* fix(doctor): add missing baseUrl and models when migrating nano-banana apiKey to google provider

The legacy nano-banana-pro skill migration moves the Gemini API key to
models.providers.google.apiKey but does not populate the required baseUrl
and models fields on the provider entry. When the google provider object
is freshly created (no pre-existing config), the resulting config fails
Zod validation on write:

  Config validation failed: models.providers.google.baseUrl:
  Invalid input: expected string, received undefined

Fix: default baseUrl to 'https://generativelanguage.googleapis.com' and
models to [] when they are not already set, matching the defaults used
elsewhere in the codebase (embeddings-gemini, pdf-native-providers).

Fixes the 'doctor --fix' crash for users who only have a legacy
nano-banana-pro skill entry and no existing models.providers.google.

* fix: use v1beta for migrated google nano banana provider (openclaw#53757) (thanks @mahopan)

* docs: add changelog for PR openclaw#53675 (thanks @hpt)

* fix(msteams): harden feedback reflection follow-ups

* test: stabilize preaction process title assertion (openclaw#53808)

Regeneration-Prompt: |
  Current origin/main fails src/cli/program/preaction.test.ts because the
  test asserts on process.title directly inside Vitest, where that runtime
  interaction is not stable enough to observe the write reliably. Keep the
  production preaction behavior unchanged. Make the test verify that the
  hook assigns the expected title by wrapping process.title with a local
  getter/setter during each test and restoring the original descriptor
  afterward so other tests keep the real process object behavior.

* fix(auth): protect fresher codex reauth state

- invalidate cached Codex CLI credentials when auth.json changes within the TTL window
- skip external CLI sync when the stored Codex OAuth credential is newer
- cover both behaviors with focused regression tests

Refs openclaw#53466

Co-authored-by: Copilot <[email protected]>

* fix: return structured errors for subagent control send failures

* refactor: centralize google API base URL handling

* refactor(msteams): split reply and reflection helpers

* refactor(auth): unify external CLI credential sync

* refactor: split feishu runtime and inspect secret resolution

* test(memory): clear browser and plugin caches between cases

* fix(types): add workspace module shims

* fix: avoid duplicate orphaned subagent resumes

* test(memory): enable lower-interval heap snapshots

* fix: audit clobbered config reads

* fix(whatsapp): filter fromMe messages in groups to prevent infinite loop (openclaw#53386)

* fix: suppress only recent whatsapp group echoes (openclaw#53624) (thanks @w-sss)

* test: speed up slack and telegram suites

* test: speed up cli and model command suites

* test: speed up command runtime suites

* test: speed up backup and doctor suites

* fix(memory): avoid caching status-only managers

* fix: stabilize logging config imports

* fix(slack): improve interactive reply parity (openclaw#53389)

* fix(slack): improve interactive reply parity

* fix(slack): isolate reply interactions from plugins

* docs(changelog): note slack interactive parity fixes

* fix(slack): preserve preview text for local agent replies

* fix(agent): preserve directive text in local previews

* test: preserve child_process exports in restart bun mock

* fix(memory): avoid caching qmd status managers

* test: speed up browser and gateway suites

* test: speed up media fetch suite

* fix(acp): deliver final result text as fallback when no blocks routed

- Check routedCounts.final to detect prior delivery
- Skip fallback for ttsMode='all' to avoid duplicate TTS processing
- Use delivery.deliver for proper routing in cross-provider turns
- Fixes openclaw#46814 where ACP child run results were not delivered

* fix: tighten ACP final fallback semantics (openclaw#53692) (thanks @w-sss)

* fix: unify pi runner usage snapshot fallback

* refactor: isolate ACP final delivery flow

* fix(ci): stop dropping pending main workflow runs

* test(memory): isolate new unit hotspot files

* test(memory): isolate browser remote-tab hotspot

* test(memory): isolate plugin-core hotspot

* test(memory): isolate telegram bot hotspot

* fix: continue subagent kill after session store write failures

* test(memory): isolate telegram fetch hotspot

* test: speed up plugin-sdk and cron suites

* test: speed up browser suites

* test(memory): isolate telegram monitor hotspot

* test(memory): isolate slack action-runtime hotspot

* test(memory): recycle shared channels batches

* fix: fail closed when subagent steer remap fails

* Providers: fix kimi-coding thinking normalization

* Providers: fix kimi fallback normalization

* Plugins: resolve sdk aliases from the running CLI

* Plugins: trust only startup cli sdk roots

* Plugins: sanitize sdk export subpaths

* Webchat: handle bare /compact as session compaction

* Chat UI: tighten compact transport handling

* Chat UI: guard compact retries

* fix: ignore stale subagent steer targets

* fix(discord): notify user on discord when inbound worker times out (openclaw#53823)

* fix(discord): notify user on discord when inbound worker times out.

* fix(discord): notify user on discord when inbound worker times out.

* Discord: await timeout fallback reply

* Discord: add changelog for timeout reply fix (openclaw#53823) (thanks @Kimbo7870)

---------

Co-authored-by: VioGarden <[email protected]>
Co-authored-by: Onur Solmaz <[email protected]>

* refactor(channels): route registry lookups through runtime

* refactor(plugins): make runtime registry lazy

* refactor(plugins): make hook runner global lazy

* refactor(plugins): make command registry lazy

* fix: allow compact retry after failed session compaction (openclaw#53875)

* refactor(gateway): make plugin fallback state lazy

* refactor(plugins): make interactive state lazy

* fix(memory): align status manager concurrency test

* fix(runtime): stabilize dist runtime artifacts (openclaw#53855)

* fix(build): stabilize lazy runtime entry paths

* fix(runtime): harden bundled plugin npm staging

* docs(changelog): note runtime artifact fixes

* fix(runtime): stop trusting npm_execpath

* fix(runtime): harden Windows npm staging

* fix(runtime): add safe Windows npm fallback

* ci: start required checks earlier (openclaw#53844)

* ci: start required checks earlier

* ci: restore pnpm in security-fast

* ci: skip docs-only payloads in early check jobs

* ci: harden untrusted pull request execution

* ci: pin gradle setup action

* ci: normalize pull request concurrency cancellation

* ci: remove duplicate early-lane setup

* ci: keep install-smoke push runs unique

* fix: unblock supervisor and memory gate failures

* test: stabilize low-profile parallel gate

* refactor(core): make event and queue state lazy

* fix(ci): refresh plugin sdk baseline and formatting

* chore: refresh plugin sdk api baseline

* fix: ignore stale subagent kill targets

* perf(plugins): scope web search plugin loads

* fix: ignore stale subagent send targets

* fix: validate agent workspace paths before writing identity files (openclaw#53882)

* fix: validate agent workspace paths before writing identity files

* Feedback updates and formatting fixes

* refactor: dedupe tests and harden suite isolation

* test: fix manifest registry fixture typing

* fix: ignore stale bulk subagent kill targets

* fix(cli): precompute bare root help startup path

* fix(test): stabilize npm runner path assertion

* test(gateway): align safe open error code

* test: speed up targeted unit suites

* fix: prefer current subagent targets over stale rows

* fix(ci): use target-platform npm path semantics

* Adjust CLI backend environment handling before spawn (openclaw#53921)

security(agents): sanitize CLI backend env overrides before spawn

* fix: surface finished subagent send targets

* perf(memory): avoid eager provider init on empty search

* fix(test): satisfy cli backend config typing

* fix: let subagent kill cascade through ended parents

* perf(sqlite): use existence probes for empty memory search

* fix: allow follow-up sends to finished subagents

* fix: steer ended subagent orchestrators with live descendants

* test: speed up browser pw-tools-core suites

* test: speed up memory and secrets suites

* fix(ci): align lazy memory provider tests

* fix(test): stabilize memory vector dedupe assertion

* fix(test): isolate github copilot token imports

* fix: keep active-descendant subagents visible in reply status

* refactor: dedupe helpers and source seams

* test: fix rebase gate regressions

* Adjust Feishu webhook request body limits (openclaw#53933)

* fix: dedupe stale subagent rows in reply views

* ci: batch shared extensions test lane

* fix: report deduped subagent totals

* fix: dedupe verbose subagent status counts

* fix: align /agents ids with subagent targets

* refactor: dedupe test helpers and harnesses

* perf(memory): builtin sqlite hot-path follow-ups (openclaw#53939)

* chore(perf): start builtin sqlite hotpath workstream

* perf(memory): reuse sqlite statements during sync

* perf(memory): snapshot file state during sync

* perf(memory): consolidate status sqlite reads

* docs(changelog): note builtin sqlite perf work

* perf(memory): avoid session table scans on targeted sync

* test: speed up memory provider suites

* test: speed up slack monitor suites

* test: speed up discord channel suites

* test: speed up telegram and whatsapp suites

* ci: increase test shard fanout

* fix: clean up matrix /agents binding labels

* fix: dedupe active child session counts

* fix: dedupe restarted descendant session counts

* fix: blcok non-owner authorized senders from chaning /send policy (openclaw#53994)

* fix(slack): trim DM reply overhead and restore Codex auto transport (openclaw#53957)

* perf(slack): instrument runtime and trim DM overhead

* perf(slack): lazy-init draft previews

* perf(slack): add turn summary diagnostics

* perf(core): trim repeated runtime setup noise

* perf(core): preselect default web search providers

* perf(agent): restore OpenAI auto transport defaults

* refactor(slack): drop temporary perf wiring

* fix(slack): address follow-up review notes

* fix(security): tighten slack and runtime defaults

* style(web-search): fix import ordering

* style(agent): remove useless spread fallback

* docs(changelog): note slack runtime hardening

* test: speed up discord monitor suites

* test: speed up cli and command suites

* test: speed up slack monitor suites

* fix: ignore stale rows in subagent activity checks

* fix: prefer latest subagent rows for session control

* fix: ignore stale rows in subagent admin kill

* fix: dedupe stale child completion announces

* fix: ignore stale rows in subagent steer

* fix: cascade bulk subagent kills past stale rows

* fix: address FootGun's PR #8 review — regenerate metadata + fix Zulip imports

1. Regenerated bundled-plugin-metadata.generated.ts (stale after upstream merge)
2. Fixed Zulip extension monolithic plugin-sdk imports:
   - OpenClawPluginApi → openclaw/plugin-sdk/plugin-entry
   - emptyPluginConfigSchema, PluginRuntime, OpenClawConfig → openclaw/plugin-sdk/core
   - ChannelAccountSnapshot inline imports → openclaw/plugin-sdk/zulip
3. Added ChannelAccountSnapshot re-export to src/plugin-sdk/zulip.ts

---------

Signed-off-by: HCL <[email protected]>
Signed-off-by: sallyom <[email protected]>
Co-authored-by: Devin Robison <[email protected]>
Co-authored-by: Peter Steinberger <[email protected]>
Co-authored-by: Val Alexander <[email protected]>
Co-authored-by: BunsDev <[email protected]>
Co-authored-by: Nova <[email protected]>
Co-authored-by: Rolfy <[email protected]>
Co-authored-by: Tak Hoffman <[email protected]>
Co-authored-by: Taras Lukavyi <[email protected]>
Co-authored-by: Ayaan Zaidi <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>
Co-authored-by: sudie-codes <[email protected]>
Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
Co-authored-by: giulio-leone <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: HCL <[email protected]>
Co-authored-by: Protocol-zero-0 <[email protected]>
Co-authored-by: Sid Uppal <[email protected]>
Co-authored-by: Catalin Lupuleti <[email protected]>
Co-authored-by: Tao Xie <[email protected]>
Co-authored-by: Tao Xie <[email protected]>
Co-authored-by: joelnishanth <[email protected]>
Co-authored-by: Mariano <[email protected]>
Co-authored-by: HollyChou <[email protected]>
Co-authored-by: altaywtf <[email protected]>
Co-authored-by: Neerav Makwana <[email protected]>
Co-authored-by: Sally O'Malley <[email protected]>
Co-authored-by: Harold Hunt <[email protected]>
Co-authored-by: huntharo <[email protected]>
Co-authored-by: David Guttman <[email protected]>
Co-authored-by: Onur Solmaz <[email protected]>
Co-authored-by: Onur Solmaz <[email protected]>
Co-authored-by: Han Pingtian <[email protected]>
Co-authored-by: Maho Pan <[email protected]>
Co-authored-by: Josh Lehman <[email protected]>
Co-authored-by: w-sss <[email protected]>
Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Bob <[email protected]>
Co-authored-by: VioGarden <[email protected]>
Co-authored-by: scoootscooob <[email protected]>
Co-authored-by: Devin Robison <[email protected]>
netandreus pushed a commit to netandreus/openclaw that referenced this pull request Mar 25, 2026
@vincentkoc @netandreus
fix(runtime): stabilize dist runtime artifacts (openclaw#53855)
e8ce4a1 
* fix(build): stabilize lazy runtime entry paths

* fix(runtime): harden bundled plugin npm staging

* docs(changelog): note runtime artifact fixes

* fix(runtime): stop trusting npm_execpath

* fix(runtime): harden Windows npm staging

* fix(runtime): add safe Windows npm fallback
npmisantosh pushed a commit to npmisantosh/openclaw that referenced this pull request Mar 25, 2026
@vincentkoc
fix(runtime): stabilize dist runtime artifacts (openclaw#53855)
617deb9 
* fix(build): stabilize lazy runtime entry paths

* fix(runtime): harden bundled plugin npm staging

* docs(changelog): note runtime artifact fixes

* fix(runtime): stop trusting npm_execpath

* fix(runtime): harden Windows npm staging

* fix(runtime): add safe Windows npm fallback
jacobtomlinson pushed a commit to jacobtomlinson/openclaw that referenced this pull request Mar 25, 2026
@vincentkoc @jacobtomlinson
fix(runtime): stabilize dist runtime artifacts (openclaw#53855)
f522ab9 
* fix(build): stabilize lazy runtime entry paths

* fix(runtime): harden bundled plugin npm staging

* docs(changelog): note runtime artifact fixes

* fix(runtime): stop trusting npm_execpath

* fix(runtime): harden Windows npm staging

* fix(runtime): add safe Windows npm fallback
godlin-gh pushed a commit to YouMindInc/openclaw that referenced this pull request Mar 27, 2026
@vincentkoc @godlin-gh
fix(runtime): stabilize dist runtime artifacts (openclaw#53855)
acbea46 
* fix(build): stabilize lazy runtime entry paths

* fix(runtime): harden bundled plugin npm staging

* docs(changelog): note runtime artifact fixes

* fix(runtime): stop trusting npm_execpath

* fix(runtime): harden Windows npm staging

* fix(runtime): add safe Windows npm fallback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@vincentkoc vincentkoc

Labels

maintainer Maintainer-authored PR scripts Repository scripts size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vincentkoc