Commit Graph

619 Commits

Author SHA1 Message Date
teknium1
55622b5525 chore(release): map phil.thomas@gametime.co -> explainanalyze 2026-05-14 16:01:24 -07:00
teknium1
74e47c081f chore(release): map phil.thomas@gametime.co -> explainanalyze 2026-05-14 16:00:03 -07:00
teknium1
db82c453b9 chore(release): map agorgianitisj@hotmail.com -> johnisag 2026-05-14 15:57:59 -07:00
teknium1
34fc94d1f4 chore(release): map @luoyuctl in AUTHOR_MAP 2026-05-14 15:25:59 -07:00
Teknium
2844c888f1
fix(cli): clamp scrollback box widths + suppress status bar after resize (#25975)
When the terminal shrinks, already-printed box-drawing rules (response,
reasoning, streaming TTS, background-task Panels) reflow into multiple
narrower rows — visible as duplicated horizontal separators / ghost
lines in scrollback. Similarly, prompt_toolkit redraws a fresh status
bar on SIGWINCH on top of one the terminal just reflowed, producing
double-bar artifacts on column shrink.

Two surgical changes:

1. Decorative scrollback boxes now use a new
   `HermesCLI._scrollback_box_width()` helper that clamps to
   `max(32, min(width, 56))`. The live TUI footer is unaffected and still
   uses the full width. Covers: streaming response box (open + close),
   reasoning box (open + close, both streaming and post-stream paths),
   streaming-TTS box close, final-response Rich Panel, and the
   background-task Rich Panel.

2. `_recover_after_resize()` now also sets a new
   `_status_bar_suppressed_after_resize` flag so the dynamic status bar
   and both input separator rules stay hidden until the next user input.
   The flag is cleared in the process loop the moment the user submits
   their next prompt, restoring chrome cleanly.

Tests:
- New `test_input_rules_hide_after_resize_until_next_input` covers the
  flag's effect on rule heights.
- New `test_scrollback_box_width_caps_to_resize_safe_value` covers the
  helper at floor / cap / mid-range / overflow.
- Existing resize-recovery test extended to assert the flag flips.

Refs: #18449 #19280 #22976
Salvage of #24403.

Co-authored-by: Szymonclawd <szymonclawd@mac.home>
2026-05-14 15:22:44 -07:00
teknium1
f491b07cb2 chore(release): map @LeonSGP43 commit email in AUTHOR_MAP 2026-05-14 15:14:29 -07:00
teknium1
7bf66a07bd chore(release): map @1000Delta in AUTHOR_MAP 2026-05-14 15:11:51 -07:00
Teknium
b08f53a758
skill(comfyui): add template-integrity reference from @purzbeats (#25828)
Adds references/template-integrity.md covering safe conversion of the
official comfyui-workflow-templates package from editor format to API
format — Reroute bypass via link tracing, dotted dynamic-input keys
(values.a, resize_type.width) that must NOT be flattened, server-error
"patch don't rebuild" loop, Cloud quirks (302 redirect to signed GCS
URL, free-tier 1 concurrent job, 1920x1080 OOM on RTX 5090), and a
Discord-compatible ffmpeg stitch recipe (yuv420p + xfade/acrossfade).

SKILL.md lists the new reference so the agent loads it when starting
from an official template. purzbeats added to author list and to
scripts/release.py AUTHOR_MAP.

Co-authored-by: purzbeats <97489706+purzbeats@users.noreply.github.com>
2026-05-14 09:34:10 -07:00
wesleysimplicio
529ec85c77 chore(release): map oswaldb22 noreply email for AUTHOR_MAP
Co-Authored-By: Oswald <oswaldb22@users.noreply.github.com>
2026-05-14 08:02:25 -07:00
teknium1
d8fdec16d5 chore(release): add AUTHOR_MAP entries for second new-contributor batch
Pre-stages AUTHOR_MAP for 7 new contributors in the upcoming batch:

- HxT9          (#25760)
- evgyur        (#25651)
- AsoTora       (#25624)
- oxngon        (#25603)
- yifengingit   (#25589)
- vanthinh6886  (#25562)
- Arkmusn       (#25559)

EthanGuo-coder, wesleysimplicio, and zccyman are already in the map.
2026-05-14 07:57:06 -07:00
teknium1
26deeea830 fix(telegram): restore model-switch success path + author map
The cherry-picked PR over-indented the edit_message_text block for
the mm: (model selected → switch) success path so the confirmation
edit lived inside the preceding 'except Exception as exc' branch and
only fired when the callback raised. Dedent the try/except back to
12-space indent so it runs after the callback succeeds, restoring
the original flow that removes the inline buttons and shows the
'Switched to ...' confirmation.

Add a regression test (test_model_selected_edits_message_on_success)
that asserts edit_message_text is awaited and the result text is
routed through format_message (MARKDOWN_V2 + backtick survival).

Add phuongvm to scripts/release.py AUTHOR_MAP.
2026-05-14 07:47:52 -07:00
kshitijk4poor
0f0e20ef81 test(novita): cache pricing, add provider test coverage, AUTHOR_MAP entry
Follow-up to Alex-wuhu's NovitaAI provider commit. Adds:

- _pricing_cache hit/write in _fetch_novita_pricing (was missing — every
  pricing fetch was re-hitting the network), mirroring the
  fetch_ai_gateway_pricing pattern. force_refresh now also propagates
  from get_pricing_for_provider.
- TestNovitaProvider in tests/hermes_cli/test_api_key_providers.py
  covering profile load, alias resolution, registry auto-registration,
  model list parity between main.py and models.py, _URL_TO_PROVIDER,
  _PROVIDER_PREFIXES, context_size in _CONTEXT_LENGTH_KEYS, pricing
  unit conversion, and pricing cache behavior.
- AUTHOR_MAP entry for yanglongwei06@gmail.com → @Alex-yang00.
2026-05-13 23:51:15 -07:00
teknium1
2ff744ae2c chore(release): add AUTHOR_MAP entries for 25-PR new-contributor batch
Pre-stages AUTHOR_MAP for 12 new contributors whose PRs are being salvaged
in the upcoming batch:

- 1RB        (#25462)
- ayushere   (#25342)
- domtriola  (#25424)
- ephron-ren (#25358)
- freqyfreqy (#25423)
- fu576      (#25369)
- kfa-ai     (#25398)
- magic524   (#25361)
- PaTTeeL    (#25359)
- pearjelly  (#25388)
- raymaylee  (#25394)
- Tianyu199509 (#25421)
2026-05-13 23:04:35 -07:00
teknium1
16796acc84 chore(release): add AUTHOR_MAP entry for mrshu
Maps mr@shu.io to the mrshu GitHub handle so the release script
attributes the salvaged ACP approval bridging commit correctly.
2026-05-13 22:59:39 -07:00
teknium1
ffbc21100d chore(release): map jake@nousresearch.com → simpolism 2026-05-13 22:21:43 -07:00
snav
e90508103c chore(release): map jake@nousresearch.com and simpolism@gmail.com to @simpolism
Both addresses route to the same GitHub account (@simpolism / snav). Adding
the mappings here keeps release notes from showing two separate contributors
for what is one person's work, and unblocks subsequent PRs from this account
that would otherwise each need their own scripts/release.py noise.
2026-05-13 22:17:13 -07:00
teknium1
07349ce4df fix(memory): pin session_start + session_id on background review fork
Belt-and-suspenders complement to the cached-system-prompt inheritance:
pin session_start and session_id to the parent's so any code path that
re-renders parts of the system prompt (compression, plugin hooks)
still produces byte-identical output. The cached-prompt assignment
already short-circuits the normal rebuild path, but these pins
guarantee parity even if a future code path bypasses the cache.

Idea from simpolism's reference PR #25427 for #25322.

Co-Authored-By: simpolism <32201324+simpolism@users.noreply.github.com>
2026-05-13 22:12:47 -07:00
teknium1
95d074cdb2 chore(release): map WorldWriter for PR #17276 salvage 2026-05-13 22:12:47 -07:00
Teknium
7f08cb5941 fix(tts): align MiniMax TTS defaults with current API and add GroupId support
Follow-up on @pty819's t2a_v2 endpoint fix:

- Default model: speech-02 -> speech-02-hd (bare 'speech-02' is not in the
  supported enum; t2a_v2 rejects it with 400). Official enum: speech-01-hd,
  speech-01-turbo, speech-02-hd, speech-02-turbo, speech-2.6-hd/turbo,
  speech-2.8-hd/turbo.
- Default voice: female-shaonv -> English_expressive_narrator. The
  legacy speech-01-series short ID doesn't resolve cleanly on the
  speech-02+ models that are now the default.
- Default base URL: api.minimaxi.com -> api.minimax.io (matches the
  canonical host in the published docs; api-uw.minimax.io is the
  reduced-latency alt).
- Add GroupId support via tts.minimax.group_id config or MINIMAX_GROUP_ID
  env var. Some MiniMax accounts scope TTS requests by group; without it,
  requests 401. Only appended when not already in the user's base_url.

Tests rewritten to cover both the default t2a_v2 path (hex-encoded audio
in JSON, nested voice_setting/audio_setting) and the legacy
text_to_speech path (raw audio bytes, flat payload). Adds coverage for
GroupId config/env wiring and error surfacing.

Also adds AUTHOR_MAP entry for pty819's GitHub-noreply email.
2026-05-13 22:04:28 -07:00
teknium1
b833d85019 chore(release): map mgongzai author for PR #25183 salvage 2026-05-13 14:53:04 -07:00
littlewwwhite
6f2d1c88b7 feat(custom): prompt and persist explicit api_mode for custom providers
Adds an explicit API compatibility mode prompt to the `hermes model -> custom`
flow so Codex-compatible third-party endpoints (and any other non-default
backend whose URL doesn't match the existing heuristics in
`_detect_api_mode_for_url`) can be selected explicitly instead of silently
falling back to chat_completions.

Choices: Auto-detect / chat_completions / codex_responses / anthropic_messages.

Persists `api_mode` to:
  - `model.api_mode` (active session config)
  - the matching `custom_providers[*]` entry (so re-activating the named
    provider next time replays the same transport)

Salvaged from PR #6125 onto current main: kept the new prompt and the
`_save_custom_provider(api_mode=...)` plumbing; the named-custom flow
already extracts and applies `api_mode` from the saved entry on current
main so those changes are preserved as-is. Test fixtures updated for the
new prompt and the existing display-name prompt.

Co-authored-by: littlewwwhite <1095245867@qq.com>
2026-05-13 13:21:33 -07:00
Teknium
1979ef5802 chore(release): map iuyup author for PR #6155 salvage 2026-05-13 10:31:22 -07:00
teknium1
a9b8254e5f chore(release): map anton.kuenzi@gmail.com -> ZeterMordio
For PR #11754 salvage (zsh completion compdef registration + _arguments
syntax tests). CI release script blocks unmapped emails.
2026-05-13 09:34:15 -07:00
Teknium
413990c945 chore(release): add AUTHOR_MAP entries for JamesX88 2026-05-12 16:45:04 -07:00
Teknium
c7cfad5d96 chore(release): add AUTHOR_MAP entries for NorethSea 2026-05-12 16:44:03 -07:00
Teknium
b7bd0f77f3 chore(release): add AUTHOR_MAP entries for laoli-no1 2026-05-12 16:42:53 -07:00
Teknium
6ec89d885d chore(release): add AUTHOR_MAP entries for aqilaziz 2026-05-12 16:40:10 -07:00
Teknium
782e3f5164 chore(release): add AUTHOR_MAP entries for AllynSheep 2026-05-12 16:38:14 -07:00
Teknium
b3ca6362a8 chore(release): add AUTHOR_MAP entry for hookinglau 2026-05-12 16:36:20 -07:00
Teknium
389c707e42 chore(release): add AUTHOR_MAP entry for ryptotalent 2026-05-12 16:34:40 -07:00
teknium
76bbb94be4 chore: AUTHOR_MAP entry for AhmetArif0 (PR #24600) 2026-05-12 16:33:09 -07:00
Teknium
24e2151cd6 chore(release): add AUTHOR_MAP entries for zccyman and Osraka 2026-05-12 16:32:57 -07:00
Teknium
f63d520496 chore(camofox): document new env vars + AUTHOR_MAP entry
Follow-up to externally managed Camofox session support:
- .env.example: document CAMOFOX_URL plus the new CAMOFOX_USER_ID,
  CAMOFOX_SESSION_KEY, CAMOFOX_ADOPT_EXISTING_TAB env vars.
- scripts/release.py: AUTHOR_MAP entry for db@project-aeon.com -> db-aeon.
2026-05-12 15:14:49 -07:00
Teknium
4fa5f7b765 chore(release): add AUTHOR_MAP entry for luarss 2026-05-12 15:03:33 -07:00
Teknium
954e854ccc chore(release): map kyanam.preetham@gmail.com → pkyanam 2026-05-12 15:00:29 -07:00
Teknium1
97a0e69df0 chore(release): add AUTHOR_MAP entry for ahmedbadr3 2026-05-11 16:51:09 -07:00
kshitijk4poor
9a63b5f16c chore: add nicoechaniz to AUTHOR_MAP 2026-05-11 13:16:07 -07:00
kshitij
ce0f529cde
chore: ruff auto-fix C401, C416, C408, PLR1722 (#23940)
C401:   set(x for x in y) -> {x for x in y}      (set comprehension)
C416:   [(k,v) for k,v in d] -> list(d.items())  (unnecessary listcomp)
C408:   tuple()/dict() -> ()/{}                   (unnecessary collection call)
PLR1722: exit() -> sys.exit()                     (adds import sys where needed)

21 instances fixed, 0 remaining. 19 files, +40/-36.
2026-05-11 11:20:58 -07:00
Teknium1
8c11710314 chore(release): add AUTHOR_MAP entry for wuli666 2026-05-11 11:13:20 -07:00
Teknium1
cc9e788c14 fix(cli): defensive _slash_confirm_state access + AUTHOR_MAP
- getattr(self, '_slash_confirm_state', None) at the two read sites that
  trip object.__new__(HermesCLI) test fixtures (test_cli_external_editor,
  test_cli_skin_integration)
- _build_tui_layout_children: make slash_confirm_widget keyword-only with
  default None to avoid breaking subclassing extension hook for wrapper
  CLIs (test_cli_extension_hooks)
- AUTHOR_MAP entry for zhengyn0001

Follow-up to the salvaged commit ca1d4375a.
2026-05-11 10:02:03 -07:00
Teknium1
88a2ce4ae5 chore: AUTHOR_MAP entry for VinceZcrikl noreply (#23647) 2026-05-11 08:14:03 -07:00
kshitijk4poor
1d4a4997b1 chore: AUTHOR_MAP entries for sudo-hardening salvage contributors
- openclaw@agent.local → 29206394 (PR #22194)
- freedemon@gmail.com  → fr33d3m0n (PR #21128)
2026-05-11 06:56:30 -07:00
kshitijk4poor
7087702210 chore: add salvage contributors to AUTHOR_MAP
For PRs #23206 (Frowtek), #23252 (Sylw3ster), #23358 (dmnkhorvath),
#23659 (smwbev), and #23356 (TurgutKural) — all part of the kanban
bug-fix batch salvage.
2026-05-11 06:44:58 -07:00
teknium1
0458d99f22 chore(release): AUTHOR_MAP entry for Mibayy clawhub email 2026-05-10 22:37:42 -07:00
teknium1
482d49cf90 chore: AUTHOR_MAP entry for wilsen0 2026-05-10 22:22:25 -07:00
teknium1
5f767879e6 chore(release): AUTHOR_MAP entry for Hugo-SEQUIER 2026-05-10 22:15:04 -07:00
Muhammet Eren Karakuş
4c57a5b318 feat(skills): add api-testing optional skill (#1800)
Adds optional-skills/software-development/api-testing/SKILL.md — a single-file
runbook for systematic REST/GraphQL API debugging via Hermes tools (terminal,
execute_code, web_extract, delegate_task).

- 60-char description; gated to platforms: [linux, macos]
- Layered debug flow (connectivity → TLS → auth → format → parse → semantics)
- HTTP status playbook (401/403/404/409/422/429/5xx)
- Pagination, idempotency, contract validation, correlation IDs
- pytest smoke template, token-redaction patterns, leak checklist
- Hermes tool patterns replace generic curl/python examples

Lands in optional-skills/ (not always-active skills/) so it's installed via
hermes skills install official/software-development/api-testing.

scripts/release.py: AUTHOR_MAP entry for erenkar950@gmail.com → eren-karakus0.

Closes #1800.

Co-authored-by: Teknium <127238744+teknium1@users.noreply.github.com>
2026-05-10 22:11:31 -07:00
teknium1
6c1af45b78 chore: AUTHOR_MAP entry for kjames2001 (James Huang) 2026-05-10 22:02:56 -07:00
Teknium1
bf5b8a7d61 chore(release): map @eloklam tailnet email 2026-05-10 21:44:37 -07:00
teknium1
9e005d6779 chore: AUTHOR_MAP entry for NivOO5 2026-05-10 20:02:50 -07:00
Teknium
80bb5f2947 fix(achievements): use canonical X-Hermes-Session-Token header
Follow-up to TreyDong's fix: switch the auth header to
`X-Hermes-Session-Token` (the canonical pattern used by the rest of
the dashboard SPA — see `web/src/lib/api.ts` `fetchJSON()`). The
server still accepts both schemes, so the original `Authorization:
Bearer` form would also work; we standardize on X-header to match
every other dashboard fetch and only set the header when a token is
actually present.

Also add scripts/release.py AUTHOR_MAP entry for treydong.zh@gmail.com.
2026-05-10 19:41:45 -07:00
teknium1
666b751536 chore: AUTHOR_MAP entry for rahimsais 2026-05-10 18:09:31 -07:00
teknium1
c0bbdec850 chore: AUTHOR_MAP entry for Freeman-Consulting 2026-05-10 16:21:07 -07:00
Teknium1
59d3f24f10 chore: AUTHOR_MAP entry for konsisumer noreply (#23071) 2026-05-10 15:23:04 -07:00
teknium1
cc2a0c674a chore: AUTHOR_MAP entry for hrygo (黄飞虹) 2026-05-10 15:20:40 -07:00
Teknium
b38b100105 chore: AUTHOR_MAP entry for jelrod27 (#21398) 2026-05-10 14:27:59 -07:00
teknium1
04e18160ab chore: AUTHOR_MAP entry for HuangYuChuh 2026-05-10 14:22:59 -07:00
Teknium
6e5c49bdc4 refactor(kanban-orchestrator): drop hardcoded specialist roster, add Step-0 profile discovery
The skill enumerated 8 specialist profile names (researcher, analyst,
writer, reviewer, backend-eng, frontend-eng, ops, pm) as "the standard
roster" and told orchestrators to "assume these exist." Almost no real
Hermes setup matches that fleet — single-profile setups, Docker-worker
setups, and curated-team setups all violate it — so following the skill
literally produced cards assigned to non-existent profiles, which the
dispatcher silently failed to spawn (no autocorrect, no fallback, just
sits in `ready` forever).

Changes:

- Drop the standard-specialist-roster table.
- Add a "Profiles are user-configured — not a fixed roster" section at
  the top with a Step 0 that prescribes `hermes profile list` (or asking
  the user) before fanning out. Cache the result in working memory.
- Rewrite the worked task-graph example with placeholder names
  (<profile-A>, <profile-B>, <profile-C>) so the structure is still
  teachable but doesn't invite copy-paste of role names that may not
  exist.
- Reframe the "If no specialist fits" anti-temptation rule: don't
  invent profile names; ask the user.
- Add a "Inventing profile names that doesn't exist" entry to Pitfalls.
- Bump skill version 2.0.0 → 3.0.0 (semantic break: previous behavior
  promised a roster the skill no longer enumerates).
- Update website/docs/user-guide/features/kanban.md to drop the
  matching "(researcher, writer, analyst, backend-eng, reviewer, ops)"
  line and explain the discovery prompt instead.
- Re-run website/scripts/generate-skill-docs.py to refresh the
  auto-generated skill page + catalog.

Closes #21131 in spirit — addresses the same hardcoded-names footgun
@yehuosi flagged, with a different shape than their PR (delete the
roster rather than replace each name with placeholder, since the
roster table was the load-bearing footgun and the worked example is
salvageable with placeholder profile names).

Co-authored-by: yehuosi <yehuosi@users.noreply.github.com>
2026-05-10 12:59:11 -07:00
Teknium
a282434301
feat(gateway): per-platform admin/user split for slash commands (salvage of #4443) (#23373)
* feat(gateway): per-platform admin/user split for slash commands

Adds an opt-in two-list access control on top of the existing per-platform
`allow_from` allowlists, scoped to slash commands only:

  - allow_admin_from         — full slash command access
  - user_allowed_commands    — what non-admins may run
  - group_allow_admin_from   — same, group/channel scope
  - group_user_allowed_commands

When `allow_admin_from` is unset for a scope, gating is disabled and every
allowed user keeps full access (backward compat). Plain chat is unaffected.
`/help` and `/whoami` are always reachable so users can see what they
can run.

Gate runs at the slash command dispatch site in gateway/run.py and uses
`is_gateway_known_command()`, so it covers built-in AND plugin-registered
commands through the live registry without per-feature wiring.

Adds `/whoami` showing platform, scope, tier, and runnable commands.

Salvage of PR #4443's permission tier work, scoped down. The full tier
system, tool filtering, audit log, usage tracking, rate limiting,
`/promote` flow, and persistent SQLite stores are not included here —
those can be re-expanded later if needed.

Co-authored-by: ReqX <mike@grossmann.at>

* fix(gateway): close running-agent fast-path bypass + add coverage and central docs

The slash command access gate was only applied at the cold dispatch site
(line ~5921). When an agent was already running, the running-agent
fast-path block (line ~5574) dispatched /restart, /stop, /new, /steer,
/model, /approve, /deny, /agents, /background, /kanban, /goal, /yolo,
/verbose, /footer, /help, /commands, /profile, /update directly
without going through the gate — letting non-admins bypass gating just
because an agent happens to be busy.

Refactored the gate into _check_slash_access() and called from BOTH
paths. /status remains intentionally pre-gate so users can always see
session state.

Also added 18 more dispatch tests covering:
  - Running-agent fast-path: blocks non-admin, allows admin, /status
    always works
  - Alias canonicalization (gate uses canonical name, not user alias)
  - Unknown / unregistered commands pass through (don't false-positive)
  - DM admin scope-locked when group has its own admin list
  - Multi-platform isolation (Discord gated, Telegram unrestricted)

Docs: added Slash Command Access Control section to the central
messaging index page + /whoami row in the chat commands table.

Co-authored-by: ReqX <mike@grossmann.at>

---------

Co-authored-by: ReqX <mike@grossmann.at>
2026-05-10 12:33:54 -07:00
Teknium
d62808c373 chore: AUTHOR_MAP entry for guglielmofonda (#21505) 2026-05-10 09:13:07 -07:00
Teknium
08c5b35a73 test(kanban-dashboard): pin assignee-casing static-asset regressions + AUTHOR_MAP
Follow-up to the previous commit's casing fix.

The original PR shipped the dist edits without test coverage. The
contributor's reasoning (UI-only attributes in a pre-built JS bundle,
nothing meaningful to unit-test) is fair, but a static-asset assertion
catches the most likely regression vector — a future rebuild of the
dist bundle that loses the attributes — at near-zero cost.

Adds two regression tests in tests/plugins/test_kanban_dashboard_plugin.py:

- test_dashboard_assignee_inputs_preserve_casing — reads dist/index.js
  and asserts autoCapitalize="none", autoCorrect="off", spellCheck=false,
  and textTransform="none" each appear at least twice (one per assignee
  input — inline triage/lane create + task-edit panel).
- test_dashboard_lane_head_preserves_assignee_casing — reads dist/style.css
  and asserts the .hermes-kanban-lane-head rule body does NOT contain
  text-transform: uppercase. Locates the rule by marker so unrelated CSS
  churn nearby doesn't flake the test.

Both follow the same shape as the existing test_dashboard_requests_default_board_explicitly
static-asset guard from PR #22940's salvage.

Also adds the AUTHOR_MAP entry for princepal9120's GitHub-noreply email
so release notes credit the right account.
2026-05-10 07:35:01 -07:00
Teknium
40a4bfa719 test(kanban): cover task_age safe-int guards + AUTHOR_MAP entry
Follow-up to the previous commit's safe-int task_age fix.

The original PR shipped without test coverage. This commit adds:

- test_safe_int_accepts_int_and_int_string — sanity for the well-typed
  path so the helper itself can't quietly start swallowing valid values.
- test_safe_int_returns_none_on_corrupt_inputs — the failure modes
  (None, '%s', 'abc', '', '1.5', random objects). Covers both the
  ValueError and TypeError catch branches.
- test_task_age_handles_corrupt_created_at — the headline regression:
  a task with created_at='%s' used to raise ValueError and turn
  GET /api/plugins/kanban/board into a 500.
- test_task_age_handles_corrupt_started_and_completed — confirms the
  safe-int treatment is consistent across all three timestamp fields.
- test_task_age_well_formed_task — regression that the safe path
  doesn't change observable output for normal data.
- test_task_dict_survives_corrupt_created_at — defense in depth.
  Writes a corrupt row directly via SQL, reads it back through the
  ORM, and confirms task_age + the surrounding plugin_api guard
  degrade gracefully instead of crashing.

Also adds the AUTHOR_MAP entry for the contributor's GitHub-noreply
email so release notes credit @baocin (the commit was authored locally
as `aoi <aoi@hino.local>` — re-attributed during salvage to the
github noreply form).
2026-05-10 07:15:59 -07:00
Teknium
50f9fee988
feat(gateway): add LINE Messaging API platform plugin (#23197)
* feat(gateway): add LINE Messaging API platform plugin

Adds LINE as a bundled platform plugin under `plugins/platforms/line/`,
synthesized from the strongest pieces of seven open community PRs. The
adapter requires zero core edits — `Platform("line")` is auto-discovered
via the bundled-plugin scan in `gateway/config.py`, and all hooks
(setup, env-enablement, cron delivery, standalone send) are wired
through `register_platform()` kwargs the way IRC and Teams do it.

Highlights merged into one plugin:

- **Reply token preferred, Push fallback.** Try the free reply token
  first (single-use, ~60s TTL); fall back to metered Push when the
  token is absent, expired, or rejected. (PR #21023)
- **Slow-LLM Template Buttons postback.** When the LLM is still running
  past `LINE_SLOW_RESPONSE_THRESHOLD` (default 45s), the adapter burns
  the original reply token to send a "Get answer" button bubble. The
  user taps it to fetch the cached answer via a fresh reply token —
  also free. State machine: PENDING → READY → DELIVERED, ERROR for
  cancelled runs (orphan resolves to `LINE_INTERRUPTED_TEXT` after
  /stop). Set threshold to 0 to disable. (PR #18153)
- **Three-allowlist gating** — separate user / group / room allowlists
  with `LINE_ALLOW_ALL_USERS=true` dev-only escape hatch. (PR #18153)
- **Markdown URL preservation.** Strip bold/italic/code-fence/heading
  markers (LINE renders them literally) but keep `[label](url)` →
  `label (url)` so URLs stay tappable. (PR #18153)
- **System-message bypass** for ` Interrupting`, ` Queued`, etc. —
  busy-acks reach the user as visible bubbles instead of being
  swallowed into the postback cache. (PR #18153)
- **Media via public HTTPS URLs.** LINE doesn't accept binary uploads;
  images/audio/video must be HTTPS-reachable. The adapter serves
  registered tempfiles under `/line/media/<token>/<filename>` from the
  same aiohttp app. Allowed-roots traversal guard covers
  `tempfile.gettempdir()`, `/tmp` (→ `/private/tmp` on macOS), and
  `HERMES_HOME`. `LINE_PUBLIC_URL` overrides URL construction for
  setups behind tunnels/proxies. (PR #8398)
- **5-message-per-call batching.** LINE rejects >5 messages per
  Reply/Push; smart-chunker caps text at 4500 chars per bubble.
- **Inbound dedup** via `webhookEventId` LRU. (PR #21023)
- **Self-message filter** via `/v2/bot/info` userId lookup. (PR #21023)
- **Loading-animation indicator** wired to LINE's `chat/loading/start`
  endpoint, DM-only (LINE rejects it for groups/rooms). (PR #21023)
- **Out-of-process cron delivery** via `_standalone_send`, so
  `deliver: line` cron jobs work even when cron runs detached from
  the gateway.
- **Webhook hardening** — 1 MiB body cap, constant-time HMAC-SHA256
  signature verification, dedup, scoped lock so two profiles can't
  bind the same channel.

Validation
----------

- `scripts/run_tests.sh tests/gateway/test_line_plugin.py` →
  73 passed in 1.05s
- `scripts/run_tests.sh tests/gateway/test_line_plugin.py
  tests/gateway/test_irc_adapter.py
  tests/gateway/test_plugin_platform_interface.py
  tests/gateway/test_platform_registry.py
  tests/gateway/test_config.py` → 193 passed, 7 skipped
- E2E import + register + signature roundtrip + `Platform("line")`
  bundled-plugin discovery verified against current `origin/main`.

Closes the seven open LINE PRs (#18153, #16832, #6676, #21023, #14942,
#14988, #8398) by superseding them with a single plugin-form
implementation that takes the best idea from each.

Co-authored-by: pwlee <32443648+leepoweii@users.noreply.github.com>
Co-authored-by: Jetha Chan <jetha@google.com>
Co-authored-by: Cattia <openclaw@liyangchen.me>
Co-authored-by: perng <charles@perng.com>
Co-authored-by: Soichiro Yoshimura <soichiro0111.dev@gmail.com>
Co-authored-by: David Zhou <77736378+David-0x221Eight@users.noreply.github.com>
Co-authored-by: Yu-ga <74749461+yuga-hashimoto@users.noreply.github.com>

* docs(platforms): document platform-specific slow-LLM UX pattern

Add a 'Platform-Specific Slow-LLM UX' section to the platform-adapter
developer guide covering the _keep_typing override pattern that LINE
uses for its Template Buttons postback flow.

Three subsections:
- Pattern: subclass _keep_typing to layer mid-flight UX (with code)
- Pattern: subclass send to route through a cache instead of sending
- When this pattern is appropriate (vs. always-Push fallback)

Plus a short pointer in gateway/platforms/ADDING_A_PLATFORM.md so
tree-readers find the prose walkthrough on the docsite.

Filed because the LINE plugin (PR #23197) was the first bundled
adapter to need this pattern — every prior plugin (irc, teams,
google_chat) handles slow responses with the default typing-loop and
a regular send_text. Documenting now while the rationale is fresh.

---------

Co-authored-by: pwlee <32443648+leepoweii@users.noreply.github.com>
Co-authored-by: Jetha Chan <jetha@google.com>
Co-authored-by: Cattia <openclaw@liyangchen.me>
Co-authored-by: perng <charles@perng.com>
Co-authored-by: Soichiro Yoshimura <soichiro0111.dev@gmail.com>
Co-authored-by: David Zhou <77736378+David-0x221Eight@users.noreply.github.com>
Co-authored-by: Yu-ga <74749461+yuga-hashimoto@users.noreply.github.com>
2026-05-10 06:40:46 -07:00
Teknium
ce374bc1ba chore: AUTHOR_MAP entry for kallidean (#20568) 2026-05-10 05:58:44 -07:00
kshitij
6b5e0119b3 chore: add codex-spark salvage contributors to AUTHOR_MAP
Maps olegwn@gmail.com → nederev (PR #18286) and vesper@askclaw.dev →
askclaw-vesper (PR #19530) so the contributor attribution check passes
when their commits land via this salvage.
2026-05-09 23:17:25 -07:00
Teknium
5a70d9b6be chore: AUTHOR_MAP entry for tymrtn (#21794) 2026-05-09 22:49:29 -07:00
Teknium
e2ce89a8aa chore: AUTHOR_MAP entry for li0near gmail (#21378) 2026-05-09 22:38:01 -07:00
Teknium
eb3db231dc chore: AUTHOR_MAP entry for eloklam (#22898) 2026-05-09 19:31:14 -07:00
Teknium
da086a0154 chore: add ming1523 to AUTHOR_MAP 2026-05-09 17:55:12 -07:00
Teknium
de54618720 chore: add v1b3coder to AUTHOR_MAP 2026-05-09 17:54:58 -07:00
Teknium
f93b8c28e3 chore: add DanielLSM to AUTHOR_MAP 2026-05-09 17:54:44 -07:00
Teknium
af9df46525 chore: add kidonng to AUTHOR_MAP 2026-05-09 17:51:04 -07:00
Teknium
bfc84bdc6f chore: add Ninso112 to AUTHOR_MAP 2026-05-09 13:38:52 -07:00
Teknium
5e2eba87e6 chore: add mbac to AUTHOR_MAP 2026-05-09 13:38:38 -07:00
Teknium
b4d3092f69 chore: add CalmProton to AUTHOR_MAP 2026-05-09 13:38:25 -07:00
Teknium
5a0021146b chore: add Qwinty to AUTHOR_MAP 2026-05-09 13:35:04 -07:00
Ayman Kamal
5b32c9fc66 chore: add A-kamal to AUTHOR_MAP for PR #18678 2026-05-09 13:07:46 -07:00
kshitijk4poor
dae94fa652 fix: follow-up for salvaged PR #22263
- Restore allowed_chats gate before thread_id check so ignored_threads
  applies universally (even to guest mentions).
- Compute _message_mentions_bot once in _should_process_message to
  eliminate redundant second entity scan when guest_mode=true and the
  message does not mention the bot.
- Remove redundant _is_group_chat from _is_guest_mention (caller already
  verified the message is a group chat).
- Update _telegram_allowed_chats docstring to note guest_mode exception.
- Add test coverage: bot_command entity, text_mention entity,
  caption_entities, and ignored_threads + guest_mode interaction.
- Add nik1t7n to AUTHOR_MAP.
2026-05-09 11:54:04 -07:00
Teknium
369cee018d chore: add wali-reheman to AUTHOR_MAP 2026-05-09 11:12:03 -07:00
Teknium
78b8155ecb chore: add xieNniu to AUTHOR_MAP 2026-05-09 11:10:04 -07:00
Teknium
000ddb8a93 chore: add SiliconID to AUTHOR_MAP 2026-05-09 11:07:37 -07:00
Teknium
0d9800743c chore: add wesleysimplicio to AUTHOR_MAP 2026-05-09 11:06:21 -07:00
kshitijk4poor
f6d45e5df4 chore: add nik1t7n to AUTHOR_MAP
Nikita Nosov (nik1t7n, PR #22264) — first-time contributor email
and noreply alias.
2026-05-09 04:34:55 -07:00
kshitij
5d2a75ddf2
chore(release): add KvnGz to AUTHOR_MAP (#22458)
Maps obafemiferanmi1999@gmail.com (the commit-author email used on
PR #21473's branch) to GitHub login KvnGz (the PR/branch owner) so
contributor_audit.py recognizes the authored commit in the upcoming
salvage PR.
2026-05-09 02:47:14 -07:00
kshitij
b7d8e280e8
chore(release): add Zhekinmaksim to AUTHOR_MAP (#22449)
Maps zhekinmaksim@gmail.com to GitHub login Zhekinmaksim so
contributor_audit.py recognizes their authored commit in the
upcoming #21930 salvage PR.
2026-05-09 02:33:49 -07:00
kshitij
e3cd4e401d
chore(release): add heathley email to AUTHOR_MAP for PR #21911 salvage (#22446) 2026-05-09 02:31:34 -07:00
kshitij
4632be123d
chore(release): add uzunkuyruk to AUTHOR_MAP (#22434)
Maps egitimviscara@gmail.com to GitHub login uzunkuyruk so that
contributor_audit.py recognizes their authored commits in upcoming
salvage PRs (e.g. #21933 fix).
2026-05-09 02:18:35 -07:00
kshitij
28b5bd7e93
chore(release): add leehack to AUTHOR_MAP for PR #22053 salvage (#22409)
Adds jhin.lee@unity3d.com → leehack so contributor_audit.py strict
mode passes when the salvage of #22053 (telegram DM topic reply
fallback) lands on main.
2026-05-09 01:39:16 -07:00
kshitijk4poor
f2afa68a4a chore(release): add oferlaor to AUTHOR_MAP for PR #22356 salvage 2026-05-09 00:57:27 -07:00
Teknium
524cbabd89 chore(release): add dandacompany to AUTHOR_MAP for salvaged PR #20503 2026-05-08 17:01:12 -07:00
teknium1
d606df8126 docs(cli): call out Ctrl+Enter for Windows Terminal users
Windows Terminal captures Alt+Enter at the terminal layer (fullscreen
toggle), so documenting 'Alt+Enter or Ctrl+J' without qualification
leaves stock Windows Terminal users with no working newline key they
can discover from the docs alone.

- Main keybindings row: note Alt+Enter is intercepted on WT and direct
  users to Ctrl+Enter / Ctrl+J instead.
- Shift+Enter compatibility table: split 'stock Windows Terminal' from
  Windows Terminal Preview 1.25+ (which added Kitty protocol support
  and works with the keybinding from this PR once enabled).
- Add AUTHOR_MAP entry for ra2157218@gmail.com -> Abd0r so the salvage
  commit passes the email-mapping CI gate.
2026-05-08 16:26:51 -07:00
Teknium
cbce5e93fc codebase: add encoding='utf-8' to all bare open() calls (PLW1514)
Closes the last Python-on-Windows UTF-8 exposure by making every
text-mode open() call explicit about its encoding.

Before: on Windows, bare open(path, 'r') defaults to the system
locale encoding (cp1252 on US-locale installs).  That means reading
any config/yaml/markdown/json file with non-ASCII content either
crashes with UnicodeDecodeError or silently mis-decodes bytes.

After: all 89 affected call sites in production code now pass
encoding='utf-8' explicitly.  Works identically on every platform
and every locale, no surprise behavior.

Mechanical sweep via:
  ruff check --preview --extend-select PLW1514 --unsafe-fixes --fix     --exclude 'tests,venv,.venv,node_modules,website,optional-skills,               skills,tinker-atropos,plugins' .

All 89 fixes have the same shape: open(x) or open(x, mode) became
open(x, encoding='utf-8') or open(x, mode, encoding='utf-8').  Nothing
else changed.  Every modified file still parses and the Windows/sandbox
test suite is still green (85 passed, 14 skipped, 0 failed across
tests/tools/test_code_execution_windows_env.py +
tests/tools/test_code_execution_modes.py + tests/tools/test_env_passthrough.py +
tests/test_hermes_bootstrap.py).

Scope notes:
  - tests/ excluded: test fixtures can use locale encoding intentionally
    (exercising edge cases).  If we want to tighten tests later that's
    a separate PR.
  - plugins/ excluded: plugin-specific conventions may differ; plugin
    authors own their code.
  - optional-skills/ and skills/ excluded: skill scripts are user-authored
    and we don't want to mass-edit them.
  - website/ and tinker-atropos/ excluded: vendored / generated content.

46 files touched, 89 +/- lines (symmetric replacement).  No behavior
change on POSIX or on Windows when the file is ASCII; bug fix on
Windows when the file contains non-ASCII.
2026-05-08 14:27:40 -07:00
Teknium
d0aad4b021 fix(computer-use): harden image-rejection fallback + AUTHOR_MAP
Follow-up to #15328's vision-unsupported retry branch in run_agent.py.

_strip_images_from_messages() previously deleted any message whose content
was entirely images. That's fine for synthetic user messages injected for
attachment delivery, but it breaks providers for tool-role messages — the
paired tool_call_id on the preceding assistant message ends up unmatched,
which OpenAI-compatible APIs reject with HTTP 400.

Fix: tool-role messages whose content becomes empty are replaced with a
plaintext placeholder that preserves the tool_call_id linkage. Only
non-tool messages are dropped. Added 10 tests covering the role-alternation
invariants + image-type coverage.

Image-rejection detector: expanded phrase list (image content not
supported / multimodal input / vision input / model does not support
image) and gated on 4xx status so transient 5xx errors never get
misinterpreted as 'server said no to images'. Detection is documented as
best-effort English phrase matching.

AUTHOR_MAP: mapped 3820588+ddupont808@users.noreply.github.com to
ddupont808 so release notes attribute the salvage correctly.
2026-05-08 11:07:38 -07:00
Teknium
839cdd1b05 fix(approval): cron jobs must not be treated as gateway context
The new _is_gateway_approval_context() widened the gateway classification
to any call with HERMES_SESSION_PLATFORM bound via contextvars. But
cron/scheduler.py binds that same contextvar for delivery routing on
cron jobs that originate from a gateway platform (telegram/discord/etc.),
so those jobs were getting routed through submit_pending with no
listener — blocking indefinitely instead of honoring approvals.cron_mode.

Short-circuit on HERMES_CRON_SESSION before any gateway check. Cron is
always governed by cron_mode config, regardless of where the job was
scheduled from.

Adds regression coverage in TestCronWithGatewayOrigin and records the
contributor email mapping for scripts/release.py.
2026-05-08 07:30:14 -07:00
Teknium
83c23e8861 fix(google-workspace): cleanup for --check-live salvage
Small follow-ups on top of #19643:
- check_auth() takes quiet kwarg to suppress its AUTHENTICATED print
  when called from check_auth_live(), so the final status line reflects
  the live-call outcome only.
- Drop redundant _ensure_deps() call in check_auth_live() (check_auth()
  already calls it).
- Add AUTHOR_MAP entry for ygd58 so release attribution script works.
2026-05-08 04:50:43 -07:00
Isaac Huang
5d1bdf11b6 Add AUTHOR_MAP entry for Isaac Huang 2026-05-08 03:22:11 -07:00
Teknium
1bdacb697c chore(release): add BennetYrWang to AUTHOR_MAP 2026-05-07 17:47:22 -07:00
Teknium
307c85e5c1 fix(goals): auto-pause when judge model returns unparseable output
Weak judge models (e.g. deepseek-v4-flash) return empty strings or prose
when asked for the strict {done, reason} JSON verdict. The old code
failed-open to continue on every such turn, burning the entire turn
budget with log lines like

  judge returned empty response
  judge reply was not JSON: "Let me analyze whether the goal..."

and /goal clear could not stop it mid-loop without /stop.

After N=3 consecutive *parse* failures (transport/API errors don't
count — those are transient), the loop auto-pauses and prints:

  ⏸ Goal paused — the judge model (3 turns) isn't returning the
  required JSON verdict. Route the judge to a stricter model in
  ~/.hermes/config.yaml:
    auxiliary:
      goal_judge:
        provider: openrouter
        model: google/gemini-3-flash-preview
  Then /goal resume to continue.

The counter resets on any usable reply (both "done"/"continue" and
API errors) and persists across GoalManager reloads so cross-session
resumes carry the correct state.

Also fixes test_goal_verdict_send.py sharing a hardcoded session_id
across tests — the shared id only worked because the previous
_post_turn_goal_continuation was a never-awaited coroutine. Now that
PR #19160 made it properly awaited, the xdist test-leakage bug
surfaced. Each test gets a unique session_id via uuid suffix.
2026-05-07 17:33:09 -07:00
teknium1
7f369bfe55 chore(release): add hllqkb to AUTHOR_MAP for PR #21288 salvage 2026-05-07 15:21:34 -07:00
teknium1
2214ab1073 chore: fix AUTHOR_MAP for johnsonblake1@gmail.com → voteblake
The existing mapping pointed to the wrong GitHub user (blakejohnson, id
866695, IBM) — the email actually belongs to voteblake (id 5585957),
confirmed via search/commits?author-email. Mis-credited since 323ca7084.
2026-05-07 13:04:42 -07:00