negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
17,757 Commits 1 Branch 0 Tags
024857050a7f6f6ecd4aebb804bbf92bf63c6da7
Commit Graph

858 Commits

Author SHA1 Message Date
Ayaan Zaidi
d4ab731746 fix(telegram): use message previews in DMs 2026-03-08 21:59:43 +05:30
Ayaan Zaidi
e45fcc57ed fix(telegram): restore DM draft streaming 2026-03-08 08:23:25 +05:30
Peter Steinberger
9d7d961db8 fix: restore Telegram webhook-mode health after restarts 
Landed from contributor PR #39313 by @fellanH.

Co-authored-by: Felix Hellström <30758862+fellanH@users.noreply.github.com>
 2026-03-08 02:27:18 +00:00
Peter Steinberger
c2e1ae68a9 refactor(telegram): split bot message context helpers 2026-03-08 02:16:03 +00:00
Peter Steinberger
e7056272bc refactor(telegram): centralize text parsing helpers 2026-03-08 02:16:03 +00:00
Peter Steinberger
6a8081a7f3 refactor(routing): centralize inbound last-route policy 2026-03-08 02:16:03 +00:00
Vincent Koc
c22a4450ee fix(telegram): honor commands.allowFrom in native command auth (#39310) 
* telegram: honor commands.allowFrom in native auth

* test(telegram): cover native commands.allowFrom precedence

* changelog: note telegram native commands allowFrom fix

* Update CHANGELOG.md

* telegram: preserve group policy in native command auth

* test(telegram): keep commands.allowFrom under group gating
 2026-03-07 17:28:47 -08:00
Peter Steinberger
e381ab630e refactor(channels): share native command session targets 2026-03-08 01:27:05 +00:00
Peter Steinberger
269cc22b61 refactor(telegram): split lane delivery modules 2026-03-08 01:14:16 +00:00
Peter Steinberger
1135b7f12f refactor(telegram): precompute dm preview transport flag 2026-03-08 01:14:16 +00:00
Peter Steinberger
7b9a34939a refactor(telegram): share error graph traversal helper 2026-03-08 01:14:16 +00:00
Peter Steinberger
f866e57de3 refactor(telegram): dedupe non-idempotent request setup 2026-03-08 01:14:16 +00:00
Peter Steinberger
6337666ac0 fix(telegram): restore named-account DM fallback routing (from #32426) 
Rebased and landed contributor work from @chengzhichao-xydt for the
Telegram multi-account DM regression in #32351.

Co-authored-by: Zhichao Cheng <cheng.zhichao@xydigit.com>
 2026-03-08 01:05:08 +00:00
Peter Steinberger
eb09d8dd71 fix(telegram): land #34238 from @hal-crackbot 
Landed from contributor PR #34238 by @hal-crackbot.

Co-authored-by: Hal Crackbot <hal@crackbot.dev>
 2026-03-08 00:56:58 +00:00
Peter Steinberger
a505be78ab fix(telegram): land #38906 from @gambletan 
Landed from contributor PR #38906 by @gambletan.

Co-authored-by: gambletan <ethanchang32@gmail.com>
 2026-03-08 00:54:49 +00:00
Peter Steinberger
4869e24915 fix(telegram): land #34983 from @HOYALIM 
Landed from contributor PR #34983 by @HOYALIM.

Co-authored-by: Ho Lim <subhoya@gmail.com>
 2026-03-08 00:53:19 +00:00
Edward
02eef1d45a fix(telegram): use group allowlist for native command auth in groups (#39267) 
* fix(telegram): use group allowlist for native command auth in groups

Native slash commands (/status, /model, etc.) in Telegram supergroups
and forum topics reject authorized senders with "not authorized" even
when the sender is in groupAllowFrom.

The bug is in resolveTelegramCommandAuth — the final commandAuthorized
check only passes DM allowFrom as an authorizer, so senders who are
authorized via groupAllowFrom get rejected. Regular messages don't have
this problem because they go through evaluateTelegramGroupPolicyAccess
which correctly uses effectiveGroupAllow.

Add effectiveGroupAllow as a second authorizer when the message comes
from a group. resolveCommandAuthorizedFromAuthorizers uses .some(), so
either DM or group allowlist matching is sufficient.

Fixes #28216
Fixes #29135
Fixes #30234

* fix(test): resolve TS2769 type errors in group-auth test

Remove explicit tuple type annotations on mock.calls.filter() callbacks
that conflicted with vitest's mock call types.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test(telegram): cover topic auth rejection routing

* changelog: note telegram native group command auth fix

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 16:47:57 -08:00
Vincent Koc
240b143bde test(telegram): cover sender-only groupAllowFrom normalization 2026-03-07 16:34:42 -08:00
Vincent Koc
13ed6afe60 telegram: restore sender-only allowFrom validation 2026-03-07 16:34:21 -08:00
Martin-Max
a7f6e0a921 fix(telegram): support negative IDs in groupAllowFrom (#36753) (#37134) 
* fix(telegram): support negative IDs in groupAllowFrom for group/channel whitelist (#36753)

When configuring Telegram group restrictions with groupAllowFrom,
negative group/channel IDs (e.g., -1001234567890) are rejected with
'authorization requires numeric Telegram sender IDs only' error,
even though the field name suggests it should accept group IDs.

Root cause:
- normalizeAllowFrom() uses regex /^\d+$/ to validate IDs
- Telegram group/channel IDs are negative integers
- Regex only matches positive integers, rejecting all group IDs

Impact:
- Users cannot whitelist specific groups using groupAllowFrom
- Workaround requires groupPolicy: "open" (security risk)
- Field name is misleading (suggests group IDs, but only accepts user IDs)

Fix:
- Change regex from /^\d+$/ to /^-?\d+$/ (support optional minus sign)
- Apply to both invalidEntries filter and ids filter
- Add comment explaining negative ID support for groups/channels

Testing:
- Positive user IDs (745123456) →  still work
- Negative group IDs (-1001234567890) →  now accepted
- Invalid entries (@username) → ⚠️  still warned

Fixes #36753

* test(telegram): add signed ID runtime regression

---------

Co-authored-by: Martin Qiu <qiuyuemartin@gmail.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 19:27:25 -05:00
Peter Steinberger
566a821e5d refactor: share missing-sender matched allowlist evaluation 2026-03-08 00:05:24 +00:00
Peter Steinberger
1aaca517e3 fix(media): harden unknown mime handling from #39199 (thanks @nicolasgrasset) 
Co-authored-by: Nicolas Grasset <nicolas.grasset@gmail.com>
 2026-03-07 23:30:32 +00:00
Peter Steinberger
7ab49a7fb7 test(regression): cover recent landed fix paths 2026-03-07 23:07:16 +00:00
Peter Steinberger
99de6515a0 fix(telegram): surface fallback on dispatch failures (#39209, thanks @riftzen-bit) 
Co-authored-by: riftzen-bit <binb53339@gmail.com>
 2026-03-07 22:41:09 +00:00
Peter Steinberger
42bf4998d3 fix(telegram): reset webhook cleanup latch after polling 409 conflicts (#39205, thanks @amittell) 
Co-authored-by: amittell <mittell@me.com>
 2026-03-07 22:08:41 +00:00
Peter Steinberger
be9ea991de fix(discord): avoid native plugin command collisions 2026-03-07 21:59:44 +00:00
Peter Steinberger
a3db68f9ab fix(telegram): guard null persisted update id normalization 2026-03-07 21:10:58 +00:00
Peter Steinberger
330579ef96 fix(telegram): resolve status SecretRefs with provider-safe env checks 
Landed from #39130 by @neocody.

Co-authored-by: Cody <25426121+neocody@users.noreply.github.com>
 2026-03-07 20:50:07 +00:00
Peter Steinberger
2015ab3194 fix(telegram): harden persisted offset confirmation and stall recovery 
Landed from #39111 by @MumuTW.

Co-authored-by: MumuTW <clothl47364@gmail.com>
 2026-03-07 20:47:33 +00:00
Peter Steinberger
30d091b2fb refactor: share thread binding id parser 2026-03-07 20:33:50 +00:00
Peter Steinberger
2bcd56cfac refactor: unify DM pairing challenge flows 2026-03-07 20:33:50 +00:00
Tars
dab0e97c22 fix(models): support minimax-portal coding plan vlm routing for image tool (openclaw#33953) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: tars90percent <252094836+tars90percent@users.noreply.github.com>
 2026-03-07 14:30:53 -06:00
Josh Avant
8e20dd22d8 Secrets: harden SecretRef-safe models.json persistence (#38955) 2026-03-07 11:28:39 -06:00
Peter Steinberger
4575bbbb69 refactor(telegram): dedupe topic agent routing tests 2026-03-07 17:05:23 +00:00
Peter Steinberger
c1eb973e32 refactor(telegram): dedupe native command session-meta fixtures 2026-03-07 17:05:23 +00:00
Peter Steinberger
d02ef9efc2 refactor(telegram): share account config helpers 2026-03-07 17:05:23 +00:00
Muhammed Mukhthar CM
4f08dcccfd Mattermost: add interactive model picker (#38767) 
Merged via squash.

Prepared head SHA: 0883654e887b1176fc9299370b4ef5a351f5ac9d
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-07 21:45:29 +05:30
Ayaan Zaidi
9e1de97a69 fix(telegram): route native topic commands to the active session (#38871) 
* fix(telegram): resolve session entry for /stop in forum topics

Fixes #38675

- Export normalizeStoreSessionKey from store.ts for reuse
- Use it in resolveSessionEntryForKey so topic session keys (lowercase
  in store) are found when handling /stop
- Add test for forum topic session key lookup

* fix(telegram): share native topic routing with inbound messages

* fix: land telegram topic routing follow-up (#38871)

---------

Co-authored-by: xialonglee <li.xialong@xydigit.com>
 2026-03-07 19:01:16 +05:30
Ayaan Zaidi
bfc36cc86d test: cover telegram ACP slash session namespace (#38680) 2026-03-07 18:15:30 +05:30
john
e8f419c4e0 fix(telegram): namespace slash SessionKey by agent 
Fixes openclaw/openclaw#38648
 2026-03-07 18:15:30 +05:30
Ayaan Zaidi
f9d86b9256 chore: prep #38056 for landing (thanks @0xlin2023) 2026-03-06 22:19:16 +05:30
Ayaan Zaidi
59895f9c5a fix: narrow Telegram failed-after retry match 2026-03-06 22:19:16 +05:30
0xlin2023
e6bf69b366 fix: Telegram API requests fail with Network request failed after 
Fixes #28835
 2026-03-06 22:19:16 +05:30
Vincent Koc
9c1786bdd6 Telegram/Discord: honor outbound mediaMaxMb uploads (#38065) 
* Telegram: default media cap to 100MB

* Telegram: honor outbound mediaMaxMb

* Discord: add shared media upload cap

* Discord: pass mediaMaxMb to outbound sends

* Telegram: cover outbound media cap sends

* Discord: cover media upload cap config

* Docs: update Telegram media cap guide

* Docs: update Telegram config reference

* Changelog: note media upload cap fix

* Docs: note Discord upload cap behavior
 2026-03-06 10:53:06 -05:00
Ayaan Zaidi
8c2633a46f fix: clear Telegram DM draft after materialize (#36746) (thanks @joelnishanth) 2026-03-06 11:16:01 +05:30
Josh Avant
0e4245063f CLI: make read-only SecretRef status flows degrade safely (#37023) 
* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics
 2026-03-05 23:07:13 -06:00
Harold Hunt
d58dafae88 feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683) 
* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-06 02:17:50 +01:00
Gustavo Madeira Santana
6dfd39c32f Harden Telegram poll gating and schema consistency (#36547) 
Merged via squash.

Prepared head SHA: f77824419e3d166f727474a9953a063a2b4547f2
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 19:24:43 -05:00
Bob
6a705a37f2 ACP: add persistent Discord channel and Telegram topic bindings (#34873) 
* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-05 09:38:12 +01:00
Harold Hunt
4bd3469324 refactor(telegram): remove unused webhook callback helper (#27816) 2026-03-05 10:10:09 +05:30