Commit Graph

24426 Commits

Author SHA1 Message Date
ImLukeF b2bb129e2c docs(changelog): note chat error fallback fix 2026-04-01 20:53:35 +11:00
ImLukeF 78b48735fa test: restore fetch stubs in embedding suites 2026-04-01 20:53:16 +11:00
ImLukeF 101c31f5e1 test: harden ci-sensitive unit suites 2026-04-01 20:53:16 +11:00
ImLukeF 4e63dc0b1c fix: hide raw provider errors from chat replies 2026-04-01 20:53:16 +11:00
ryanlee-gemini fbe3ca4d7d fix(plugins): pass dangerouslyForceUnsafeInstall through archive and … (#58879)
Merged via squash.

Prepared head SHA: 87eb27d902e03fa9ae5804e652b931464ed3d970
Co-authored-by: ryanlee-gemini <181323138+ryanlee-gemini@users.noreply.github.com>
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Reviewed-by: @odysseus0
2026-04-01 02:52:01 -07:00
Vincent Koc 72af92ba4e qqbot: require explicit allowlist for /bot-logs to prevent info disclosure (#58895)
* qqbot: harden /bot-logs authorization fallback

* fix(qqbot): harden bot logs allowlist guard

* fix(qqbot): normalize bot logs allowlist entries
2026-04-01 18:40:46 +09:00
Vincent Koc 07c60ae461 fix(agent): treat webchat exec approvals as native UI (#58904)
* fix(agent): treat webchat exec approvals as native UI

* docs(changelog): note webchat exec approval UI fix

* test(agent): cover webchat native approval guidance
2026-04-01 18:36:21 +09:00
Peter Steinberger 8b2d24b62b docs(security): clarify node pairing trust boundary 2026-04-01 18:27:23 +09:00
Peter Steinberger 29784af1e2 style(gateway): normalize node reconnect formatting 2026-04-01 18:27:06 +09:00
Peter Steinberger f6317fb747 fix(gateway): stop pinning node commands to pairing state 2026-04-01 18:27:06 +09:00
Peter Steinberger fe57ee513f test: drop stale task boundary allowlist entries 2026-04-01 10:17:47 +01:00
Peter Steinberger d005cc8b42 test: align cron abort regression with #58833 2026-04-01 10:17:47 +01:00
Peter Steinberger 92f1772e93 test: allow boundary test on main 2026-04-01 10:17:47 +01:00
Peter Steinberger f559ea126d fix: land slash command metadata parsing (#58725) (thanks @Mlightsnow) 2026-04-01 10:17:47 +01:00
HansY 3b1f8e3461 fix: strip inbound metadata before slash command detection (#58674)
Slash commands like /model and /new were silently ignored when the inbound
message body included metadata prefix blocks (Conversation info, Sender info,
timestamps) injected by buildInboundUserContextPrefix. The command detection
functions (hasControlCommand, isControlCommandMessage, parseSendPolicyCommand)
now call stripInboundMetadata before normalizeCommandBody so embedded slash
commands are correctly recognized.
2026-04-01 10:17:20 +01:00
Ayaan Zaidi fb28b02540 fix: preserve bundled channel plugin compat (#58873)
* fix: preserve bundled channel plugin compat

* fix: preserve bundled channel plugin compat (#58873)

* fix: scope channel plugin compat to bundled plugins (#58873)
2026-04-01 14:42:36 +05:30
Vincent Koc 2d53ffdec1 fix(exec): resolve remote approval regressions (#58792)
* fix(exec): restore remote approval policy defaults

* fix(exec): handle headless cron approval conflicts

* fix(exec): make allow-always durable

* fix(exec): persist exact-command shell trust

* fix(doctor): match host exec fallback

* fix(exec): preserve blocked and inline approval state

* Doctor: surface allow-always ask bypass

* Doctor: match effective exec policy

* Exec: match node durable command text

* Exec: tighten durable approval security

* Exec: restore owner approver fallback

* Config: refresh Slack approval metadata

---------

Co-authored-by: scoootscooob <zhentongfan@gmail.com>
2026-04-01 02:07:20 -07:00
Peter Steinberger 4ceb01f9ed docs(gateway): document node pairing repair flow 2026-04-01 18:02:56 +09:00
Peter Steinberger db0cea5689 refactor(gateway): extract node pairing reconciliation 2026-04-01 18:02:31 +09:00
Peter Steinberger 4590ac31cc fix: note exec approval continuation in changelog (#58860) (thanks @Nanako0129) 2026-04-01 17:56:55 +09:00
nanakotsai 7f53c1ca00 test(exec): cover delayed Discord approval continuation 2026-04-01 17:56:55 +09:00
nanakotsai 63da2c7034 fix(exec): resume agent session after approval completion 2026-04-01 17:56:55 +09:00
Forgely3D 4fa11632b4 fix: escalate to model fallback after rate-limit profile rotation cap (#58707)
* fix: escalate to model fallback after rate-limit profile rotation cap

Per-model rate limits (e.g. Anthropic Sonnet-only quotas) are not
relieved by rotating auth profiles — if all profiles share the same
model quota, cycling between them loops forever without falling back
to the next model in the configured fallbacks chain.

Apply the same rotation-cap pattern introduced for overloaded_error
(#58348) to rate_limit errors:

- Add `rateLimitedProfileRotations` to auth.cooldowns config (default: 1)
- After N profile rotations on a rate_limit error, throw FailoverError
  to trigger cross-provider model fallback
- Add `resolveRateLimitProfileRotationLimit` helper following the same
  pattern as `resolveOverloadProfileRotationLimit`

Fixes #58572

* fix: cap prompt-side rate-limit failover (#58707) (thanks @Forgely3D)

* fix: restore latest-main gates for #58707

---------

Co-authored-by: Ember (Forgely3D) <ember@forgely.co>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-04-01 17:54:10 +09:00
Vincent Koc 8fce663861 fix(subagents): harden task-registry lifecycle writes (#58869)
* fix(subagents): harden task-registry lifecycle writes

* chore(changelog): note subagent task-registry hardening

* fix(subagents): align lifecycle terminal timestamps

* fix(subagents): sanitize lifecycle warning metadata
2026-04-01 17:50:52 +09:00
sandpile 1ce410a7be fix(sandbox): use browser image for browser runtime matching (#58759)
* fix(sandbox): compare browser runtimes against sandbox browser image

* refactor(sandbox): route docker runtime matching by config label kind

* fix(sandbox): tag browser runtime removals correctly

* test(sandbox): share docker backend test config

* fix(sandbox): normalize browser runtime image matching

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-04-01 17:44:52 +09:00
scoootscooob 10750fb80e Cron: avoid busy-wait drift for recurring main jobs (#58872) 2026-04-01 01:31:21 -07:00
Peter Steinberger 2b67f96895 docs(anthropic): note oauth context1m fallback 2026-04-01 09:21:49 +01:00
Peter Steinberger 32f392eda4 refactor(core): drop old anthropic stream wrapper file 2026-04-01 09:21:48 +01:00
Peter Steinberger 59c23dee09 refactor(anthropic): move stream wrappers into plugin 2026-04-01 09:21:48 +01:00
Peter Steinberger 2bc8a0d67c refactor: add doctor cron migration helpers 2026-04-01 17:06:24 +09:00
Peter Steinberger 19d0c2dd1d refactor: remove cron legacy delivery from runtime 2026-04-01 17:06:01 +09:00
Vincent Koc 2d79c9cb16 docs: add WhatsApp reactionLevel and Feishu Drive comment actions 2026-04-01 16:56:47 +09:00
Peter Steinberger 95182d51cc fix: harden bundled plugin runtime deps 2026-04-01 08:55:00 +01:00
Vincent Koc edfac5f2df docs(changelog): note line runtime packaging fix 2026-04-01 13:20:50 +05:30
Vincent Koc d4643e06bd fix(line): resolve dist runtime contract path 2026-04-01 13:20:50 +05:30
Vincent Koc facdeb3432 feat(tasks): add chat-native task board (#58828) 2026-04-01 16:48:36 +09:00
Peter Steinberger 7cf8ccf9b3 fix: avoid startup gateway reload loop (#58678) (thanks @yelog) 2026-04-01 16:47:55 +09:00
Vincent Koc 71f341c4b4 docs: add /tasks chat command, cleanup-aware status, and QQ Bot troubleshooting 2026-04-01 16:46:04 +09:00
Peter Steinberger f5431bc07e docs: clarify doctor cron migration guidance 2026-04-01 16:44:10 +09:00
Peter Steinberger 802bdb099e refactor: move cron legacy delivery migration to doctor 2026-04-01 16:44:10 +09:00
Peter Steinberger 31ed09bc96 fix: run bundled deps postinstall for global npm 2026-04-01 08:38:24 +01:00
Vincent Koc cfa307baed fix(status): keep task snapshots pure 2026-04-01 16:36:57 +09:00
Ayaan Zaidi 5a95d65f1e fix: restore bundled runtime dependency provisioning (#58782) (thanks @obviyus)
* fix: restore bundled runtime dependency provisioning

* fix: ship npm runner in packed installs

* fix: address bundled runtime staging review feedback

* fix: include npm runner in docker build contexts

* fix: restore bundled runtime dependency provisioning (#58782) (thanks @obviyus)

* fix: allow caret specs through windows npm cmd (#58782) (thanks @obviyus)
2026-04-01 13:03:36 +05:30
Peter Steinberger 86b519850e refactor: consolidate cron delivery boundary parsing 2026-04-01 16:31:51 +09:00
Vincent Koc 340c99d657 fix(status): filter stale task rows from status cards (#58810)
* fix(status): filter stale task rows

* test(status): use real task snapshot semantics

* fix(status): prefer failure task context in recent failures
2026-04-01 16:19:02 +09:00
Peter Steinberger 9ab3352b1a fix: avoid duplicate discord resolve logs 2026-04-01 08:14:54 +01:00
Peter Steinberger 622b91d04e fix: queue model switches behind busy runs 2026-04-01 16:14:10 +09:00
Peter Steinberger 6776306387 fix: preserve telegram topic delivery routing (#58489) (thanks @cwmine) 2026-04-01 16:13:24 +09:00
yi-bot e643ba2f5e fix: preserve telegram topic routing in announce and delivery context 2026-04-01 16:13:24 +09:00
wittam-01 1b94e8ca14 feat: feishu comment event (#58497)
Merged via squash.

Prepared head SHA: a9dfeb0d62cfdfef2909bb0ab447aaf303c592ff
Co-authored-by: wittam-01 <271711640+wittam-01@users.noreply.github.com>
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Reviewed-by: @odysseus0
2026-04-01 00:12:38 -07:00