chore: update Craig fork to latest upstream OpenClaw#5
Merged
Conversation
Move commitment changelog entry to unreleased.
* fix: changed explicit-path handling regression * fix: preserve unicode adc fallback paths --------- Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com> Co-authored-by: Shakker <shakkerdroid@gmail.com>
Tighten Google Vertex ADC manifest evidence to canonical project env vars and canonical ADC fallback paths only. Local proof: - OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test src/agents/model-auth.profiles.test.ts src/plugins/manifest-registry.test.ts src/secrets/provider-env-vars.dynamic.test.ts - pnpm exec oxfmt --check --threads=1 docs/plugins/manifest.md extensions/google/openclaw.plugin.json src/agents/model-auth-env.ts src/agents/model-auth.profiles.test.ts src/plugins/manifest.ts - git diff --check origin/main...HEAD CI note: checks-node-core-support-boundary was red on an unrelated tooling assertion in test/scripts/test-projects.test.ts for packages/sdk/src/index.test.ts routing; that file and scripts/test-projects.mjs are unchanged from origin/main.
…emote address (openclaw#74453) * fix(voice-call): close in-flight limiter fail-open on empty remote address The webhook in-flight limiter (createWebhookInFlightLimiter in src/plugin-sdk/webhook-request-guards.ts) returns true unconditionally when tryAcquire is called with an empty key — that is its by-contract fail-open path used to mean 'caller is opting out of the limiter'. The voice-call webhook handler reached that path silently: it computed 'req.socket.remoteAddress ?? ""' and passed the empty string straight into tryAcquire. Whenever req.socket.remoteAddress was absent (closed socket, edge proxy quirk), the limiter became a no-op and the request proceeded directly to readBody without any concurrency cap. Fix: when remoteAddress is missing, log a warning and fall back to a constant non-empty key ('__voice_call_no_remote__') so all such requests share one in-flight bucket instead of bypassing the limiter entirely. The bucket size stays maxInFlightPerKey (default 8), which is the right defense-in-depth posture against slow-body attacks arriving with stripped IP info. Scoped to voice-call only. Other consumers of the SDK helper (bluebubbles via openclaw/plugin-sdk/webhook-ingress) are not changed to avoid drive-by edits to plugins this PR does not own. The shared SDK contract (empty key = bypass) is left as-is and documented implicitly by the fix's comment block. The existing 8-concurrent test in webhook.test.ts continues to assert the limiter engages on the happy path; no new test added since the private handleRequest path is not unit-test exposed and the change is two-line auditable from the diff alone. * test(voice-call): cover missing webhook remote address limiter * test: align changed package sdk routing --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
… inline entries (openclaw#74451) (openclaw#74655) * fix(models): block stale openai-codex/gpt-5.4-mini inline entries via unconditional suppression (openclaw#74451) Suppress explicitly user-configured openai-codex/gpt-5.4-mini inline entries so a stale models config written by `openclaw doctor --fix` cannot bypass the manifest capability block and cause repeated assistant-turn failures when the runtime switches to that model on ChatGPT-backed Codex accounts. Adds `unconditionalOnly` flag to `buildManifestBuiltInModelSuppressionResolver` and a `shouldUnconditionallySuppress` helper. Inside `resolveExplicitModelWithRegistry`, inline matches are now gated on unconditional suppressions (no `when` clause) before returning. Conditional suppressions such as the qwen Coding Plan endpoint guard remain bypassable by explicit user configuration, preserving the existing `resolves explicitly configured qwen3.6-plus before Coding Plan built-in suppression` behaviour. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(changelog): add missing reporter attribution for openclaw#74451 models suppression fix * docs: credit codex mini suppression contributors --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Shakker <shakkerdroid@gmail.com>
Fixes openclaw#74137.\n\nThanks @yelog.
Preserve the existing wrapped OpenAI Codex stream so PI OAuth bearer injection reaches ChatGPT/Codex Responses, and scope native Codex payload sanitization to the ChatGPT backend.\n\nThanks @keshavbotagent.
…claw#74472) * fix(gateway): keep native approvals off stale pairing baselines * fix(gateway): keep native approvals off stale pairing baselines * docs: defer maintainer-only changelog credit * docs: keep gateway approval changelog entry --------- Co-authored-by: clawsweeper-repair <clawsweeper-repair@users.noreply.github.com>
* fix(codex): isolate app-server home per agent * fix(codex): isolate native Codex assets per agent * fix(channels): mark inbound system events untrusted * fix(doctor): warn on personal Codex agent skills * test(doctor): cover personal Codex agent skills warning * fix(codex): forward auth profiles to harness runs * fix(codex): preserve auto auth for harness runs * fix(codex): auto-select harness auth profiles * test(codex): type harness auth mock * feat(codex): select migrated skills * fix(codex): satisfy migration selection lint * docs: add codex isolation changelog
* refactor(auth): make external CLI discovery explicit * test(auth): update external cli discovery mocks * test(auth): cover scoped external cli auth mocks * [codex] Make external CLI credential discovery explicit --------- Co-authored-by: clawsweeper-repair <clawsweeper-repair@users.noreply.github.com>
* fix(gateway): show config recovery validation details * fix(cli): let gateway recovery run before proxy bootstrap
…-2026-04-30-merge # Conflicts: # extensions/discord/src/guild-emoji-cache.ts # extensions/discord/src/send.reactions.ts # src/auto-reply/reply/agent-runner-memory.ts
sragss
force-pushed
the
craig/bump-upstream-2026-04-30
branch
from
9b326af to
6783ea8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates the Merit OpenClaw fork to the latest upstream
openclaw/openclawmain commit (e311ffdcb9) and reapplies the Craig-specific runtime patches on top.Changes
9ff335a06) to upstreame311ffdcb9extensions/discordruntime layoutTest Plan
pnpm install --frozen-lockfilepnpm exec vitest run --config test/vitest/vitest.extension-discord.config.ts extensions/discord/src/send.sends-basic-channel-messages.test.tspnpm exec vitest run --config test/vitest/vitest.auto-reply-core.config.ts src/auto-reply/reply/agent-runner-memory.test.tspnpm buildOPENCLAW_CONFIG_PATH=/Users/samragsdale/Documents/Code/merit-systems/CraigClaw/deploy/openclaw.json node dist/index.js config validate --jsonAfter this merges, CraigClaw can bump
deploy/openclaw-pinto the merged fork commit in a separate PR.