Mirrors/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-18 14:48:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
49,728 Commits 1,664 Branches 200 Tags
jesse/command-auth-planner-contract
Commit Graph

101 Commits

Author SHA1 Message Date
Mariano
a5c1956ca1 feat(codex): bind CLI sessions from nodes 
Adds node-backed Codex CLI session listing and resume binding for paired nodes, including Windows shim-safe Codex resume spawning, docs, changelog, and focused Codex coverage.

Verification:
- pnpm exec oxfmt --check --threads=1 CHANGELOG.md docs/plugins/codex-harness.md extensions/codex/index.ts extensions/codex/src/command-formatters.ts extensions/codex/src/command-handlers.ts extensions/codex/src/commands.test.ts extensions/codex/src/conversation-binding-data.ts extensions/codex/src/conversation-binding.test.ts extensions/codex/src/conversation-binding.ts extensions/codex/src/node-cli-sessions.ts extensions/codex/src/node-cli-sessions.test.ts
- pnpm run lint:tmp:no-random-messaging
- pnpm run lint:extensions:bundled
- OPENCLAW_VITEST_MAX_WORKERS=4 pnpm test extensions/codex/src/node-cli-sessions.test.ts extensions/codex/src/conversation-binding.test.ts extensions/codex/src/commands.test.ts
- pnpm tsgo:extensions
- git diff --check
- AWS Crabbox focused proof run_a901a61e006f
 2026-05-14 11:24:30 +02:00
Peter Steinberger
65ea6fdb49 docs: clarify Codex home isolation 2026-05-14 06:51:57 +01:00
Peter Steinberger
694ca50e97 Revert "refactor: move runtime state to SQLite" 
This reverts commit f91de52f0d.
 2026-05-13 13:33:38 +01:00
Peter Steinberger
f91de52f0d refactor: move runtime state to SQLite 
* refactor: remove stale file-backed shims

* fix: harden sqlite state ci boundaries

* refactor: store matrix idb snapshots in sqlite

* fix: satisfy rebased CI guardrails

* refactor: store current conversation bindings in sqlite table

* refactor: store tui last sessions in sqlite table

* refactor: reset sqlite schema history

* refactor: drop unshipped sqlite table migration

* refactor: remove plugin index file rollback

* refactor: drop unshipped sqlite sidecar migrations

* refactor: remove runtime commitments kv migration

* refactor: preserve kysely sync result types

* refactor: drop unshipped sqlite schema migration table

* test: keep session usage coverage sqlite-backed

* refactor: keep sqlite migration doctor-only

* refactor: isolate device legacy imports

* refactor: isolate push voicewake legacy imports

* refactor: isolate remaining runtime legacy imports

* refactor: tighten sqlite migration guardrails

* test: cover sqlite persisted enum parsing

* refactor: isolate legacy update and tui imports

* refactor: tighten sqlite state ownership

* refactor: move legacy imports behind doctor

* refactor: remove legacy session row lookup

* refactor: canonicalize memory transcript locators

* refactor: drop transcript path scope fallbacks

* refactor: drop runtime legacy session delivery pruning

* refactor: store tts prefs only in sqlite

* refactor: remove cron store path runtime

* refactor: use cron sqlite store keys

* refactor: rename telegram message cache scope

* refactor: read memory dreaming status from sqlite

* refactor: rename cron status store key

* refactor: stop remembering transcript file paths

* test: use sqlite locators in agent fixtures

* refactor: remove file-shaped commitments and cron store surfaces

* refactor: keep compaction transcript handles out of session rows

* refactor: derive transcript handles from session identity

* refactor: derive runtime transcript handles

* refactor: remove gateway session locator reads

* refactor: remove transcript locator from session rows

* refactor: store raw stream diagnostics in sqlite

* refactor: remove file-shaped transcript rotation

* refactor: hide legacy trajectory paths from runtime

* refactor: remove runtime transcript file bridges

* refactor: repair database-first rebase fallout

* refactor: align tests with database-first state

* refactor: remove transcript file handoffs

* refactor: sync post-compaction memory by transcript scope

* refactor: run codex app-server sessions by id

* refactor: bind codex runtime state by session id

* refactor: pass memory transcripts by sqlite scope

* refactor: remove transcript locator cleanup leftovers

* test: remove stale transcript file fixtures

* refactor: remove transcript locator test helper

* test: make cron sqlite keys explicit

* test: remove cron runtime store paths

* test: remove stale session file fixtures

* test: use sqlite cron keys in diagnostics

* refactor: remove runtime delivery queue backfill

* test: drop fake export session file mocks

* refactor: rename acp session read failure flag

* refactor: rename acp row session key

* refactor: remove session store test seams

* refactor: move legacy session parser tests to doctor

* refactor: reindex managed memory in place

* refactor: drop stale session store wording

* refactor: rename session row helpers

* refactor: rename sqlite session entry modules

* refactor: remove transcript locator leftovers

* refactor: trim file-era audit wording

* refactor: clean managed media through sqlite

* fix: prefer explicit agent for exports

* fix: use prepared agent for session resets

* fix: canonicalize legacy codex binding import

* test: rename state cleanup helper

* docs: align backup docs with sqlite state

* refactor: drop legacy Pi usage auth fallback

* refactor: move legacy auth profile imports to doctor

* refactor: keep Pi model discovery auth in memory

* refactor: remove MSTeams legacy learning key fallback

* refactor: store model catalog config in sqlite

* refactor: use sqlite model catalog at runtime

* refactor: remove model json compatibility aliases

* refactor: store auth profiles in sqlite

* refactor: seed copied auth profiles in sqlite

* refactor: make auth profile runtime sqlite-addressed

* refactor: migrate hermes secrets into sqlite auth store

* refactor: move plugin install config migration to doctor

* refactor: rename plugin index audit checks

* test: drop auth file assumptions

* test: remove legacy transcript file assertions

* refactor: drop legacy cli session aliases

* refactor: store skill uploads in sqlite

* refactor: keep subagent attachments in sqlite vfs

* refactor: drop subagent attachment cleanup state

* refactor: move legacy session aliases to doctor

* refactor: require node 24 for sqlite state runtime

* refactor: move provider caches into sqlite state

* fix: harden virtual agent filesystem

* refactor: enforce database-first runtime state

* refactor: rename compaction transcript rotation setting

* test: clean sqlite refactor test types

* refactor: consolidate sqlite runtime state

* refactor: model session conversations in sqlite

* refactor: stop deriving cron delivery from session keys

* refactor: stop classifying sessions from key shape

* refactor: hydrate announce targets from typed delivery

* refactor: route heartbeat delivery from typed sqlite context

* refactor: tighten typed sqlite session routing

* refactor: remove session origin routing shadow

* refactor: drop session origin shadow fixtures

* perf: query sqlite vfs paths by prefix

* refactor: use typed conversation metadata for sessions

* refactor: prefer typed session routing metadata

* refactor: require typed session routing metadata

* refactor: resolve group tool policy from typed sessions

* refactor: delete dead session thread info bridge

* Show Codex subscription reset times in channel errors (#80456)

* feat(plugin-sdk): consolidate session workflow APIs

* fix(agents): allow read-only agent mount reads

* [codex] refresh plugin regression fixtures

* fix(agents): restore compaction gateway logs

* test: tighten gateway startup assertions

* Redact persisted secret-shaped payloads [AI] (#79006)

* test: tighten device pair notify assertions

* test: tighten hermes secret assertions

* test: assert matrix client error shapes

* test: assert config compat warnings

* fix(heartbeat): remap cron-run exec events to session keys (#80214)

* fix(codex): route btw through native side threads

* fix(auth): accept friendly OpenAI order for Codex profiles

* fix(codex): rotate auth profiles inside harness

* fix: keep browser status page probe within timeout

* test: assert agents add outputs

* test: pin cron read status

* fix(agents): avoid Pi resource discovery stalls

Co-authored-by: dataCenter430 <titan032000@gmail.com>

* fix: retire timed-out codex app-server clients

* test: tighten qa lab runtime assertions

* test: check security fix outputs

* test: verify extension runtime messages

* feat(wake): expose typed sessionKey on wake protocol + system event CLI

* fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790)

* test: guard talk consult call helper

* fix(codex): scale context engine projection (#80761)

* fix(codex): scale context engine projection

* fix: document Codex context projection scaling

* fix: document Codex context projection scaling

* fix: document Codex context projection scaling

* fix: document Codex context projection scaling

* chore: align Codex projection changelog

* chore: realign Codex projection changelog

* fix: isolate Codex projection patch

---------

Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org>
Co-authored-by: Josh Lehman <josh@martian.engineering>

* refactor: move agent runtime state toward piless

* refactor: remove cron session reaper

* refactor: move session management to sqlite

* refactor: finish database-first state migration

* chore: refresh generated sqlite db types

* refactor: remove stale file-backed shims

* test: harden kysely type coverage

# Conflicts:
#	.agents/skills/kysely-database-access/SKILL.md
#	src/infra/kysely-sync.types.test.ts
#	src/proxy-capture/store.sqlite.test.ts
#	src/state/openclaw-agent-db.test.ts
#	src/state/openclaw-state-db.test.ts

* refactor: remove cron store path runtime

* refactor: keep compaction transcript handles out of session rows

* refactor: derive embedded transcripts from sqlite identity

* refactor: remove embedded transcript locator handoff

* refactor: remove runtime transcript file bridges

* refactor: remove transcript file handoffs

* refactor: remove MSTeams legacy learning key fallback

* refactor: store model catalog config in sqlite

* refactor: use sqlite model catalog at runtime

# Conflicts:
#	docs/cli/secrets.md
#	docs/gateway/authentication.md
#	docs/gateway/secrets.md

* fix: keep oauth sibling sync sqlite-local

# Conflicts:
#	src/commands/onboard-auth.test.ts

* refactor: remove task session store maintenance

# Conflicts:
#	src/commands/tasks.ts

* refactor: keep diagnostics in state sqlite

* refactor: enforce database-first runtime state

* refactor: consolidate sqlite runtime state

* Show Codex subscription reset times in channel errors (#80456)

* fix(codex): refresh subscription limit resets

* fix(codex): format reset times for channels

* Update CHANGELOG with latest changes and fixes

Updated CHANGELOG with recent fixes and improvements.

* fix(codex): keep command load failures on codex surface

* fix(codex): format account rate limits as rows

* fix(codex): summarize account limits as usage status

* fix(codex): simplify account limit status

* test: tighten subagent announce queue assertion

* test: tighten session delete lifecycle assertions

* test: tighten cron ops assertions

* fix: track cron execution milestones

* test: tighten hermes secret assertions

* test: assert matrix sync store payloads

* test: assert config compat warnings

* fix(codex): align btw side thread semantics

* fix(codex): honor codex fallback blocking

* fix(agents): avoid Pi resource discovery stalls

* test: tighten codex event assertions

* test: tighten cron assertions

* Fix Codex app-server OAuth harness auth

* refactor: move agent runtime state toward piless

* refactor: move device and push state to sqlite

* refactor: move runtime json state imports to doctor

* refactor: finish database-first state migration

* chore: refresh generated sqlite db types

* refactor: clarify cron sqlite store keys

* refactor: remove stale file-backed shims

* refactor: bind codex runtime state by session id

* test: expect sqlite trajectory branch export

* refactor: rename session row helpers

* fix: keep legacy device identity import in doctor

* refactor: enforce database-first runtime state

* refactor: consolidate sqlite runtime state

* build: align pi contract wrappers

* chore: repair database-first rebase

* refactor: remove session file test contracts

* test: update gateway session expectations

* refactor: stop routing from session compatibility shadows

* refactor: stop persisting session route shadows

* refactor: use typed delivery context in clients

* refactor: stop echoing session route shadows

* refactor: repair embedded runner rebase imports

# Conflicts:
#	src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts

* refactor: align pi contract imports

* refactor: satisfy kysely sync helper guard

* refactor: remove file transcript bridge remnants

* refactor: remove session locator compatibility

* refactor: remove session file test contracts

* refactor: keep rebase database-first clean

* refactor: remove session file assumptions from e2e

* docs: clarify database-first goal state

* test: remove legacy store markers from sqlite runtime tests

* refactor: remove legacy store assumptions from runtime seams

* refactor: align sqlite runtime helper seams

* test: update memory recall sqlite audit mock

* refactor: align database-first runtime type seams

* test: clarify doctor cron legacy store names

* fix: preserve sqlite session route projections

* test: fix copilot token cache test syntax

* docs: update database-first proof status

* test: align database-first test fixtures

* docs: update database-first proof status

* refactor: clean extension database-first drift

* test: align agent session route proof

* test: clarify doctor legacy path fixtures

* chore: clean database-first changed checks

* chore: repair database-first rebase markers

* build: allow baileys git subdependency

* chore: repair exp-vfs rebase drift

* chore: finish exp-vfs rebase cleanup

* chore: satisfy rebase lint drift

* chore: fix qqbot rebase type seam

* chore: fix rebase drift leftovers

* fix: keep auth profile oauth secrets out of sqlite

* fix: repair rebase drift tests

* test: stabilize pairing request ordering

* test: use source manifests in plugin contract checks

* fix: restore gateway session metadata after rebase

* fix: repair database-first rebase drift

* fix: clean up database-first rebase fallout

* test: stabilize line quick reply receipt time

* fix: repair extension rebase drift

* test: keep transcript redaction tests sqlite-backed

* fix: carry injected transcript redaction through sqlite

* chore: clean database branch rebase residue

* fix: repair database branch CI drift

* fix: repair database branch CI guard drift

* fix: stabilize oauth tls preflight test

* test: align database branch fast guards

* test: repair build artifact boundary guards

* chore: clean changelog rebase markers

---------

Co-authored-by: pashpashpash <nik@vault77.ai>
Co-authored-by: Eva <eva@100yen.org>
Co-authored-by: stainlu <stainlu@newtype-ai.org>
Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com>
Co-authored-by: Ruben Cuevas <hi@rubencu.com>
Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com>
Co-authored-by: dataCenter430 <titan032000@gmail.com>
Co-authored-by: Kaspre <kaspre@gmail.com>
Co-authored-by: pandadev66 <nova.full.stack@outlook.com>
Co-authored-by: Eva <admin@100yen.org>
Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org>
Co-authored-by: Josh Lehman <josh@martian.engineering>
Co-authored-by: jeffjhunter <support@aipersonamethod.com>
 2026-05-13 13:15:12 +01:00
Mariano
d728ff8183 fix(codex): release quiet completed app-server turns (#80776) 
Merged via squash.

Prepared head SHA: 59baf4110b

Reviewed-by: @mbelinky
 2026-05-12 09:39:09 +02:00
Kevin Lin
8954c03231 fix(codex): default plugin destructive actions on (#80792) 2026-05-11 16:50:15 -07:00
Peter Steinberger
309f000341 docs: format Codex harness options 2026-05-11 18:23:00 +01:00
Peter Steinberger
694f40fcee fix: constrain Codex app-server sandbox 2026-05-11 18:23:00 +01:00
pashpashpash
cc95d4dd28 fix(codex): rotate auth profiles inside harness 2026-05-11 12:41:21 +01:00
pashpashpash
517566e39a fix(auth): accept friendly OpenAI order for Codex profiles 2026-05-11 12:41:21 +01:00
pashpashpash
0e8a7e12da Enable Codex native code mode for OpenClaw harness runs (#80001) 
* fix(codex): enable native code mode in harness

* test(codex): update code mode prompt snapshots

* test(codex): align code mode thread config expectations

* chore(protocol): refresh generated Swift agent params

* fix(codex): enable code-mode-only harness threads

* test(discord): fix test mock type assertions

* test: fix remaining test type assertions

* test(matrix): guard avatar loader test callback
 2026-05-11 08:18:03 +09:00
Kevin Lin
b79de62b3c fix(codex): remove dynamic tools profile option 2026-05-09 21:34:33 -07:00
Kevin Lin
ce0584af89 docs: reorganize Codex harness docs (#80029) 
* docs: reorganize codex harness docs

* docs: address codex harness review findings

* docs: move codex references to reference nav

* docs: add codex topic configuration section
 2026-05-09 19:02:50 -07:00
Peter Steinberger
8e0486c6b7 fix: honor Codex dynamic tool timeouts 2026-05-09 14:45:38 +01:00
Peter Steinberger
4883a0e6c4 chore: update workspace dependencies 2026-05-09 10:58:36 +01:00
Kevin Lin
a7bfa44c35 docs: document codex harness model availability (#79582) 2026-05-08 18:10:15 -07:00
pashpashpash
02fe0d8978 Keep OpenAI Codex migrations on automatic runtime routing (#79238) 
* fix: keep migrated openai codex routes automatic

* scope runtime policy to providers and models

* fix runtime policy surfaces

* fix ci runtime policy checks

* fix doctor stale session runtime pins
 2026-05-08 16:05:35 +09:00
Kevin Lin
f62618f805 fix: respect Codex requirements for app-server defaults (#79151) 
* fix(codex): honor requirements for app-server defaults

* test(codex): harden requirements policy coverage

* fix(codex): match requirements sandbox constraints

* fix(codex): honor approval requirements in defaults

* fix(codex): honor reviewer requirements in defaults

* fix(codex): honor remote sandbox requirements
 2026-05-07 21:16:08 -07:00
pashpashpash
fb106fb9ae fix codex harness service tiers (#79152) 2026-05-08 12:10:41 +09:00
Kevin Lin
a1ac559ed7 feat(codex): enable native plugin app support (#78733) 
* feat(codex): add native plugin config schema

* feat(codex): add native plugin inventory activation

* feat(codex): configure native plugin apps for threads

* feat(codex): enforce plugin elicitation policy

* feat(codex): migrate native plugins

* docs(codex): document native plugin support

* fix(codex): harden plugin migration refresh

* fix(codex): satisfy plugin activation lint

* fix: stabilize codex plugin app config

* fix: address codex plugin review feedback

* fix: key codex plugin app cache by websocket credentials

* fix: keep codex plugin app fingerprints stable

* fix: refresh codex plugin cache test fixtures

* fix: refresh plugin app readiness after activation

* fix: support remote codex plugin activation

* fix: recover plugin app bindings after cache refresh

* fix: force codex app refresh after plugin activation

* fix: recover partial codex plugin app bindings

* fix: sync codex plugin selection config

* fix: keep codex plugin activation fail closed

* fix: align codex plugin protocol types with main

* fix: refresh partial codex plugin app bindings

* fix: key codex app cache by env api key

* fix: skip failed codex plugin migration config

* test: update codex prompt snapshots

* fix: fail closed on missing codex app inventory entries

* fix(codex): enforce native plugin policy gates

* fix(codex): normalize native plugin policy types

* fix(codex): fail closed on plugin refresh errors

* fix(codex): use native plugin destructive policy

* fix(codex): key plugin cache by api-key profiles

* fix(codex): drop unshipped plugin fingerprint compat

* fix(codex): let native app policy gate plugin tools

* fix(codex): allow open-world plugin app tools

* fix(codex): revalidate native plugin app bindings

* fix(codex): preserve plugin binding on recheck failure

* docs(codex): clarify plugin harness scope

* fix(codex): return activation report state exhaustively

* test(codex): refresh prompt snapshots after rebase

* fix(codex): match namespaced plugin ids
 2026-05-07 17:20:28 -07:00
pashpashpash
3f217964d1 Defer Codex dynamic tools behind search 
Defer OpenClaw Codex dynamic tools behind Codex tool_search, keep required turn-control tools direct, pin the managed Codex harness to 0.129.0-alpha.15, and document the real behavior/token impact from the live dev-agent watch.
 2026-05-07 16:40:37 -07:00
pashpashpash
1c33990108 Route OpenAI agents through Codex by default (#78899) 
* route openai agent runs through codex

* fix: load codex plugin for implicit openai runtime

* fix: preserve explicit OpenAI PI Codex auth routing

* fix: show codex auth for openai model listing

* fix: map codex auth into configured openai list rows

* fix: preserve explicit openai pi auth routes

* docs: keep openai model route examples canonical

* fix: clean openai codex test fixtures

* fix: scope codex auth status fallback

* fix: repair current ci boundary drift
 2026-05-07 19:46:49 +09:00
pashpashpash
3a901b5e95 Revert "Install Codex plugin on OpenAI model selection (#78799)" (#78878) 
This reverts commit c8f3fecad6.
 2026-05-07 18:13:59 +09:00
pashpashpash
c8f3fecad6 Install Codex plugin on OpenAI model selection (#78799) 
* route openai agent runs through codex

* fix: load codex plugin for implicit openai runtime

* docs: credit openai codex auth fix

* fix(agents): respect custom openai runtime routing

* fix(agents): install codex plugin on openai selection

* fix(agents): preserve OpenAI Codex auth switching

* fix(ci): restore channel contract runner expression

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-05-07 01:57:34 -07:00
Peter Steinberger
c22f414c69 fix(codex): keep app-server alive after turn activity 
Co-authored-by: Rubén Cuevas <4742789+rubencu@users.noreply.github.com>
 2026-05-07 05:51:16 +01:00
Shakker
f011d6bc0a Fix repeated Codex native approval prompts after allow-always (#78234) 
* fix: reuse codex native approvals

* fix: scope native approval reuse by session

* fix: let codex guardian own native permission approvals

* fix: refresh plugin approval protocol models

---------

Co-authored-by: pashpashpash <nik@vault77.ai>
 2026-05-07 05:55:38 +09:00
Shubhankar Tripathy
9edeffc751 fix(codex/app-server): forward bootstrap into developerInstructions (#77372) 
The OpenClaw workspace bootstrap block (SOUL.md, IDENTITY.md, USER.md,
TOOLS.md, BOOTSTRAP.md, MEMORY.md, HEARTBEAT.md) was only being merged into
Codex's config.instructions. The Codex app-server runtime overlay
consistently applies the explicit developerInstructions field, so persona
and style guidance present in the workspace was failing to shape Codex
behavior on session resume.

Build the workspace bootstrap block before finalizing developerInstructions
and join it into both:

- the baseline developerInstructions (initial assignment), and
- the context-engine developerInstructions (when context engine is active),
  preserving the existing config-engine projection addition.

The existing config.instructions merge stays intact, so the bootstrap now
reaches Codex through both paths and downstream hooks
(resolveAgentHarnessBeforePromptBuildResult) see what Codex will actually
receive. AGENTS.md remains excluded because Codex loads it natively.

Update the existing 'passes OpenClaw bootstrap files through ...' test to
also assert the developerInstructions field carries SOUL.md and the Codex
AGENTS.md substitution note while still excluding the native AGENTS.md
content.

Fixes #77363.
 2026-05-06 09:09:59 +01:00
Vincent Koc
bca6709203 fix(doctor): repair legacy Codex route config 
Repair legacy openai-codex route config and session pins safely.
 2026-05-05 17:42:41 -07:00
pashpashpash
b2c3202a15 Surface Codex usage-limit reset details in chat replies (#77557) 
* fix(codex): surface usage limit reset details

* fix(codex): satisfy extension lint

* fix: surface codex runtime failures in tool-only replies
 2026-05-05 09:00:39 +09:00
pashpashpash
5bcc321343 Scope Codex heartbeat guidance to heartbeat turns (#76788) 
* fix(codex): scope heartbeat guidance to collaboration mode

* fix heartbeat tool direct context

* test prompt heartbeat collaboration snapshots

* fix heartbeat changelog credit
 2026-05-04 01:58:39 +09:00
pashpashpash
8f4eaa9c00 Stop heartbeat tool turns from asking for HEARTBEAT_OK (#76338) 
* fix heartbeat tool prompt sentinel

* fix: remove agent runtime fallback config
 2026-05-03 13:46:26 +09:00
Peter Steinberger
9fdc0e7030 fix(codex): forward workspace bootstrap context 2026-05-02 23:21:29 +01:00
pashpashpash
9fb90f3d29 docs: clarify Codex subscription runtime (#75910) 2026-05-02 11:33:20 +09:00
Peter Steinberger
ed8f50f240 refactor: simplify plugin dependency handling 
Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.

Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.
 2026-05-01 21:32:22 +01:00
pashpashpash
439d8edf68 Add structured heartbeat responses and Codex tool replies 
* Add structured heartbeat response tool

* agents: default codex replies to tools

* agents: use flat heartbeat tool enums
 2026-05-01 11:30:41 -07:00
Peter Steinberger
42aaf0c98a Prefer Codex native workspace tools (#75308) 
Summary:
- The PR adds Codex dynamic-tool profile config defaulting to `native-first`, filters duplicate workspace/process/planning tools from Codex app-server thread payloads, keeps managed `web_search`, updates docs/manifest/config baselines/changelog, and adds regression tests.

ClawSweeper fixups:
- Included follow-up commit: test(codex): pin native-first tool catalog
- Included follow-up commit: chore(config): refresh generated schema baseline
- Included follow-up commit: chore: add codex native-first changelog
- Included follow-up commit: chore: move native-first changelog entry
- Included follow-up commit: chore: refresh config baseline after rebase

Validation:
- ClawSweeper review passed for head 30e5cecfb7.
- Required merge gates passed before the squash merge.

Prepared head SHA: 30e5cecfb7
Review: https://github.com/openclaw/openclaw/pull/75308#issuecomment-4356919781

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: pashpashpash <nik@vault77.ai>
 2026-05-01 11:36:17 +00:00
Peter Steinberger
c67629fe0c docs: surface Codex harness quick config 2026-05-01 00:05:24 +01:00
pashpashpash
027ea5f08b Isolate Codex app-server state per agent (#74556) 
* fix(codex): isolate app-server home per agent

* fix(codex): isolate native Codex assets per agent

* fix(channels): mark inbound system events untrusted

* fix(doctor): warn on personal Codex agent skills

* test(doctor): cover personal Codex agent skills warning

* fix(codex): forward auth profiles to harness runs

* fix(codex): preserve auto auth for harness runs

* fix(codex): auto-select harness auth profiles

* test(codex): type harness auth mock

* feat(codex): select migrated skills

* fix(codex): satisfy migration selection lint

* docs: add codex isolation changelog
 2026-05-01 04:49:02 +09:00
Peter Steinberger
30a2b3049a feat: default active steering to batched delivery 2026-04-30 01:22:43 +01:00
Peter Steinberger
072e73d7c3 fix(codex): release quiet app-server turns 2026-04-29 19:42:02 +01:00
Peter Steinberger
09baec68ea fix(codex): bound dynamic tool bridge responses 2026-04-29 18:13:53 +01:00
pashpashpash
6ce1058296 Wire diagnostics through the core chat command (#72936) 
* feat: wire codex diagnostics feedback

* fix: harden codex diagnostics hints

* fix: neutralize codex diagnostics output

* fix: tighten codex diagnostics safeguards

* fix: bound codex diagnostics feedback output

* fix: tighten codex diagnostics throttling

* fix: confirm codex diagnostics uploads

* docs: clarify codex diagnostics add-on

* fix: route diagnostics through core command

* fix: tighten diagnostics authorization

* fix: pin diagnostics to bundled codex command

* fix: limit owner status in plugin commands

* fix: scope diagnostics confirmations

* fix: scope codex diagnostics cooldowns

* fix: harden codex diagnostics ownership scopes

* fix: harden diagnostics command trust and display

* fix: keep diagnostics command trust internal

* fix: clarify diagnostics exec boundary

* fix: consume codex diagnostics confirmations atomically

* test: include codex diagnostics binding metadata

* test: use string codex binding timestamps

* fix: keep reserved command trust host-only

* fix: harden diagnostics trust and resume hints

* wire diagnostics through exec approval

* fix: keep diagnostics tests aligned with bundled root trust

* fix telegram diagnostics owner auth

* route trajectory exports through exec approval

* fix trajectory exec command encoding

* fix telegram group owner auth

* fix export trajectory approval hardening

* fix pairing command owner bootstrap

* fix telegram owner exec approvals

* fix: make diagnostics approval flow pasteable

* fix: route native sensitive command followups

* fix: invoke diagnostics exports with current cli

* fix: refresh exec approval protocol models

* fix: list codex diagnostics from thread bindings

* fix: fold codex diagnostics into exec approval

* fix: preserve diagnostics approval line breaks

* docs: clarify diagnostics codex workflow
 2026-04-29 07:40:37 +09:00
Peter Steinberger
c72f8f357b fix: harden mac app computer use docs 2026-04-28 01:25:31 +01:00
pashpashpash
401ae38f13 fix(codex): keep env fallback local to stdio app-server 2026-04-28 00:46:15 +01:00
Peter Steinberger
5f15bea6ce fix(codex): bootstrap app-server auth fallback 2026-04-28 00:46:15 +01:00
pashpashpash
20ff49f7c8 fix(codex): auto-clear api key for subscription auth 2026-04-28 00:46:15 +01:00
pashpashpash
aeb007e4e5 fix(codex): expose app-server env controls 2026-04-28 00:46:15 +01:00
Peter Steinberger
697d85aefe fix: auto-register bundled computer use marketplace 2026-04-28 00:36:19 +01:00
Peter Steinberger
39a2d1da96 docs(codex): add computer use guide 2026-04-27 23:56:25 +01:00
Peter Steinberger
ea2d95e23e refactor(codex): clarify computer use setup state 2026-04-27 23:53:53 +01:00