Track per-tool execution time statistics in session metadata. When a tool
call exceeds its adaptive threshold (2x historical max, min 120s default),
send a direct outbound notification to the user.
- ToolTimingMap: parse/serialize/record/threshold from session metadata
- StartSlowTimer: fires once per tool call, auto-cancels on completion
- Team config: slow_tool toggle (default on, always direct, never leader)
- UI: toggle in team settings with i18n (en/vi/zh)
- Store: add GetSessionMetadata to session store interface
Go can serialize empty slices as null in JSON. The events page
accessed p.changes.length without null checking, causing a crash
when viewing team.updated or agent_link.updated events with null
changes arrays.
Fixes#192
Co-authored-by: Luvu182 <208665161+Luvu182@users.noreply.github.com>
* feat(ui): show required API scopes for Feishu/Lark channels
Add a collapsible info panel listing the required Lark/Feishu API
permissions (scopes) on the channel create/edit dialog and config
detail tab. Includes reminder about Contact Range and app publishing.
* fix(feishu): annotate DM messages with sender name
Feishu DMs were missing the [From: ...] annotation, so the agent
couldn't identify who was messaging. Group messages already had this.
Align with Telegram channel which annotates both DM and group messages.
---------
Co-authored-by: Luvu182 <208665161+Luvu182@users.noreply.github.com>
- Replace timezone text input with Select dropdown using shared IANA_TIMEZONES
- Extract IANA_TIMEZONES to constants.ts (reused by cron-section)
- Shrink interval input width (w-24 → w-[4.5rem]) for 3-digit fit
- Fix schedule section layout: flex-based with fixed-width time inputs
- Default isolatedSession to false
* fix(tts): config save + Edge provider registration + dark mode chat bubbles
- Wrap TTS config payload in `raw` field for config.patch RPC (#229)
- Always register Edge TTS provider (free, no API key) instead of gating on `enabled` flag
- Fix low-contrast user message bubbles in dark mode chat
* fix(tts): skip duplicate media dispatch when temp file already delivered
When both the agent loop and the message tool dispatch the same TTS
temp file, the first dispatch succeeds and cleanup deletes it. Filter
out missing temp media files before sending to prevent "file not found"
errors and spurious error notifications on Telegram/Slack/Discord.
* feat(tts): include edge-tts in Docker image when Python enabled
Edge TTS is free (no API key) and serves as a universal TTS fallback.
Install it alongside Python in both ENABLE_PYTHON and ENABLE_FULL_SKILLS builds.
* chore(docker): expose build args from .env for compose builds
Pass ENABLE_OTEL, ENABLE_PYTHON, ENABLE_FULL_SKILLS as env-driven
build args so .env can control Docker build features without editing
docker-compose.yml directly.
* fix(tts): hot-reload TTS config on settings change via pub/sub
TTS providers were only registered at startup, so changing provider/API
key via the Web UI had no effect until container restart. Add a
tts-config-reload bus subscriber that rebuilds the TTS manager on
config changes, matching the pattern used by quota, cron, and web_fetch.
Always create a TtsTool at startup (even without providers) so the
reload subscriber can populate it when settings are first configured.
* fix(tts): protect TtsTool.UpdateManager with RWMutex to prevent data race
UpdateManager() can be called from the config reload goroutine while
Execute() reads t.manager concurrently from agent goroutines. Add
sync.RWMutex following the same pattern as WebFetchTool.UpdatePolicy().
Also update setupTTS doc comment which incorrectly stated it could
return nil — Edge TTS is now always registered.
---------
Co-authored-by: viettranx <viettranx@gmail.com>
- Add ProviderModelSelect to heartbeat config dialog (allowEmpty, verify button)
- Backend: accept providerName in HEARTBEAT.SET, resolve to UUID via GetProviderByName
- Add ModelOverride to RunRequest, used by Loop when set (cheaper model for heartbeat)
- Ticker passes heartbeat model override to agent RunRequest
- Fix: InvalidateCache after UpdateState so ListDue picks up new next_run_at immediately
- i18n: add sectionModel/modelHint keys (en/vi/zh)
Backend — WSClient protocol fixes (larkws.go):
- Parse service_id from WS URL query params instead of hardcoding 0
- Update all 4 server config values from pong payload (PingInterval,
ReconnectCount, ReconnectInterval, ReconnectNonce)
- Use server-configured reconnect params instead of hardcoded 120s wait
- Return HTTP 500 in ACK when event handler fails (enables Lark retry)
- Filter data frames by type header — only process "event" frames
- Report actual processing time in biz_rt header (was hardcoded "0")
Backend — event adapter (feishu.go):
- Return parse error from HandleEvent so ACK reflects failure status
UI — fix incorrect Feishu channel form labels:
- Remove "webhook only" from Lark Global domain label (WebSocket works
on both Lark Global and Feishu China)
- Remove "Feishu only" from WebSocket option label
- Change default connection_mode from "webhook" to "websocket" (matches
backend default)
- Add showWhen conditional field support to ChannelFields component
- Hide webhook_port, webhook_path, encrypt_key, verification_token when
WebSocket mode is selected
- Update i18n labels in all 3 locales (en, vi, zh)
Co-authored-by: Luvu182 <208665161+Luvu182@users.noreply.github.com>
- Wait 2s after toggle/update before refreshing config for accurate countdown
- Checklist textarea: min-h-[200px] mobile, min-h-[400px] desktop, resizable
Wait 2s after toggle/update before refreshing config from backend to
ensure nextRunAt is computed and persisted. Prevents stale countdown
in header heartbeat button.
* fix(ui): use color-scheme dark for select dropdowns in dark mode
Language and timezone selects rendered with white native dropdown in
dark mode because browser ignores CSS bg-transparent on <option>.
Adding dark:scheme-dark tells the browser to render the native select
dropdown using dark color scheme in dark mode.
* fix(ui): replace native select with Radix UI Select for dark mode fix
Native <select> dropdown ignores CSS styling — browser always renders
the popup with its default (light) color scheme, causing white box in
dark mode. Replace language and timezone selectors with Radix UI Select
which renders custom HTML/CSS dropdowns that fully respect dark mode.
- Use bg-popover/text-popover-foreground from ui/select.tsx (dark-aware)
- Remove unused handleLanguageChange handler
- Use Tailwind v4 canonical **:data-radix-select-icon:hidden to hide chevron
Bootstrap nudge messages (role=user, [System] prefix) are internal
prompts for the model, not meant for end users. Filter them from
chat-thread render and recognize both [System] and [System Message]
prefixes in session detail page.
Allow users to be entered with commas or newlines in the channel
config textarea field. Previously only newlines were supported,
but the Enter key was not working in some browsers.
💘 Generated with Crush
Assisted-by: MiniMax-M2.5 via Crush <crush@charm.land>
- Read existing IDENTITY.md before overwriting to preserve emoji field
- Config tab: merge existing other_config to prevent wiping emoji on save
- Emoji input: validate single emoji only with extractSingleEmoji()
- Select-all on focus for easy emoji replacement
- Replace full-list-reload on WS events with delta patching
- Progress events: local patch with 1s debounce (no network call)
- Delete events: local remove (no network call)
- Created/status changes: debounced fetch-one per task_id (300ms)
- Add channel field to TeamTaskData type for scope-aware filtering
- Clear stale progress patches when fetch-one fires (race prevention)
The delegation system this depended on was previously removed,
leaving internal/hooks/ as dead code with zero imports. Remove
the entire hook engine, UI config section, protocol types, i18n
keys, and all documentation references.
Use existing usePagination hook (default 20/page) with Pagination
component. Select-all checkbox applies to current page only; selections
persist across pages.
Add checkbox column to task list view for selecting terminal-status
tasks (completed/failed/cancelled). Header checkbox supports select-all
with indeterminate state. Bulk action bar appears on selection with
delete button that opens ConfirmDeleteDialog requiring user to type
"delete" to confirm.
Backend: new teams.tasks.delete-bulk RPC method with DeleteTasks batch
SQL (DELETE ... WHERE id = ANY($1) RETURNING id). Broadcasts delete
event per task for real-time UI sync.
i18n: added bulk action keys for en/vi/zh.
Clear progress_percent in DB on all terminal transitions (complete,
cancel, fail, approve, reject). Also hide progress bar in UI for
terminal statuses as a safety net (kanban, list, detail dialog).
- Fix progress event payload missing TaskNumber, Subject, OwnerAgentKey,
ProgressPercent, ProgressStep — notifications were rendering empty
- Fix progress notification format to include task name (consistent with
dispatched/failed) and guard empty ProgressStep
- Change percent tool schema from number to integer for clarity
- Add pre-run member task reminder injecting task context before LLM loop
- Add mid-loop progress nudge every 10 iterations with suggested percent
based on iteration ratio (handles maxIter=0 unlimited case)
- Enhance leader cross-session reminder to show progress % when available
- Strengthen TEAM.md member guidance: focus, result quality, progress rules
- Add progress bar to task list table view (matches kanban card pattern)
- Add ErrorBoundary wrapping routes (outer) and Outlet (inner with key reset)
- Replace lazy() with lazyWithRetry() to retry failed chunk loads + auto-reload
- Invalidate all queries on WS reconnect to prevent stale/empty data renders
- skill_manage builtin tool default Enabled: true (available in registry)
- When skill_evolve=false: filter skill_manage from both tool definitions
(API params) and system prompt tooling section — agent has zero awareness
- When skill_evolve=true: tool visible + system prompt guidance + nudges
- Update UI hints to reflect tool is available by default
- Move Self-Evolution + Skill Learning sections before LLM Config (right after Identity)
- Strip managed keys (emoji, self_evolve, description, skill_evolve, skill_nudge_interval)
from Other Config raw JSON editor so they don't leak as editable JSON
- Fix info text: remove hardcoded "5+ tool calls" — nudge threshold is configurable
- Fix scope dropdown: cache scopes from initial "all" load so dropdown
stays stable when filtering by chatID
- Derive scopes from file chat_id when task scopes are empty
- Remove dead files: team-workspace-tab.tsx, team-tasks-tab.tsx
(replaced by board view and workspace dialog)
- Kanban: reorder columns (blocked after pending), show blocked-by info
on cards, clickable blocker links in task detail, framer-motion card
animation between columns
- Dialogs: standardize scroll pattern across all modals — header fixed,
scrollbar flush with outer edge via negative margin trick
- Remove delegation page, types, events, i18n, routes, and all references
- Fix activity_logs NULL jsonb scan error (COALESCE)
- Board header: show text labels on action buttons (desktop)
- Move task dispatch from mid-turn to post-turn to prevent dependent
tasks from completing before the current agent's run finishes
- Add team create lock to serialize list→create flows across concurrent
group chat sessions, preventing duplicate task creation
- Require list-before-create gate: agents must call team_tasks(list)
before creating tasks
- Make assignee required on task creation
- Add pagination (50 per page) to task list with offset support
- Slim task list/get/search responses with dedicated structs to reduce
context token usage
- Add task board snapshot in announce messages to leader
- Workspace: allow subdirectory paths in read/delete, show directories
in list output
- UI: reduce kanban card title font size for better visual balance
- Add created_at display to trace summary and span detail
- Add PreviewBlock component with copy button (top-right) and JSON
syntax highlighting via highlight.js
- Show span start/end time inline with timezone support
- Use Badge for span duration and created_at on summary row
- StatusBadge: icon-only on mobile, text on desktop
- Double verbose trace preview limit from 100K to 200K chars
- Double preview content height on desktop (20vh → 40vh)
- formatDate() now accepts timezone param from useUiStore
- Show seconds in all timestamp displays
- Add i18n keys for all 3 locales (en, vi, zh)
- Workspace binary files: use HTTP /v1/files/ endpoint for blob fetch
and download instead of WS text content (fixes corruption). Skip WS
readFile for non-text files, set metadata only for ImageViewer.
- Workspace scope filter: prefix chatID as top-level folder in unscoped
listing so scope switching shows correct tree structure.
- Workspace WS ops: strip chatID prefix from file_name before WS calls
(backend already scopes by chat_id param, was causing doubled path).
- Storage depth: record dirs beyond maxDepth with hasChildren flag before
SkipDir so they appear in tree with lazy-load indicator.
- Remove unused team_workspace_files UNION from ListTaskScopes query.
* fix(channels): start outbound dispatcher before channel check
StartAll() returned early when no channels existed at boot,
skipping the dispatchOutbound goroutine. Channels loaded later
via Reload() assumed the dispatcher was running, causing outbound
messages (agent responses) to never reach Telegram.
Move dispatcher startup before the empty-channel early return so
dynamically loaded channels always have a running consumer.
* feat(ui): add LLM provider warning on overview page and ignore plans dir
Show alert when no providers configured or all disabled, linking to provider settings. Add plans/ to .gitignore.
* feat(onboard): add provider connectivity verification and placeholder seeding
- Add onboard_verify.go: verify API keys via POST to chat/completions
endpoint (401/403 = fatal, 400/422 = key valid, 5xx = warn)
- Verify all configured providers before seeding in auto-onboard
- Seed disabled placeholder providers (OpenRouter, Synthetic, AliCloud
API/Sub) for UI discoverability after managed data seeding
* fix: use model ID as display name in OpenAI-compatible provider list
The `owned_by` field (e.g. "system") was incorrectly used as the model
display name, causing all models to show as "system" in the UI dropdown
for providers like AliCloud DashScope.
* fix(chat): show all active agents in chat dropdown
Chat agent selector showed "No agents available" because:
- WS agents.list only returned in-memory router cache (empty in managed mode)
- useEffect had stale [ws] dep that never re-fired after connect
Frontend: switch agent-selector from WS to HTTP /v1/agents API with
proper access control (ListAccessible). Backend: add store-backed
agents.list for WS consumers + Router.IsRunning() helper.
* feat: channel-isolated workspace, resolvePath fix, create_image workspace, summoner Expertise section, bus Topic constants
- Fix resolvePath for nested non-existent dirs (use resolveThroughExistingAncestors)
- Channel-isolated workspace: user_agent_profiles.workspace stores channel prefix,
used as source of truth with backward compat for existing users
- Loop caches workspace per-user with CacheKindUserWorkspace invalidation via pubsub
- ContractHome/ExpandHome for portable ~-based paths in DB
- create_image saves to workspace/generated/YYYY-MM-DD/ instead of OS temp dir
- SOUL.md template: add ## Expertise section for domain knowledge
- Summoner buildEditPrompt: section guide, complete file output, frontmatter update
- Bus: Topic* constants for Subscribe/Broadcast keys, CacheKind* for payload kinds
- Teams, delegates, sessions, agent links: various enhancements
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(telegram): port forum topic features from TS — per-topic config, DM threads, thread fallback, createForumTopic tool, Web UI
Port 4 missing Telegram forum/topic features from TypeScript OpenClaw:
1. Thread-not-found fallback: retry sends without message_thread_id when
a topic is deleted (sendHTML, sendPhoto, sendVideo, sendAudio,
sendDocument, stream flush).
2. Per-topic config: hierarchical config resolution (global → wildcard
group "*" → specific group → specific topic) for groupPolicy,
requireMention, allowFrom, enabled, skills, systemPrompt.
New TelegramGroupConfig/TelegramTopicConfig structs, resolveTopicConfig()
with 10 unit tests.
3. DM topic support: preserve message_thread_id in private chats for
session isolation. New BuildDMThreadSessionKey, parseRawChatID handles
🧵 suffix.
4. createForumTopic agent tool: ForumTopicCreator interface decoupled
from telego, lazy bot resolution via channel manager.
5. Web UI: structured group/topic config form with tri-state booleans
(Inherit/Yes/No), nested collapsible group and topic entries.
Also fix: forum group pairing reply and approval notification now
correctly set MessageThreadID so messages land in the right topic.
Send() extracts threadID from localKey suffix as fallback for cases
where metadata is absent (e.g. pairing approval via SendToChannel).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Propagate local key for subagent, delegation, and team messages to enable topic/thread-specific routing and context.
* feat: add a hint to bot reply bodies indicating full content is in session history for LLM context.
* fix(store): handle NULL JSONB columns in MCP server scan (#40)
* fix(store): handle NULL JSONB columns in MCP server scan
Scan JSONB nullable columns (args, headers, env, settings) into *[]byte
instead of directly into json.RawMessage to prevent silent scan failures
when database values are SQL NULL. Also initialize result slices with
make() to return empty JSON arrays instead of null.
* fix(store): keep settings scanning direct since column is NOT NULL
* feat(security): enforce group file writer restrictions + harden exec against env/config leaks
Group writer enforcement (managed mode):
- GroupWriterCache with 5min TTL wrapping AgentStore.ListGroupFileWriters
- Tool-level blocking: write_file, edit, read_file (SOUL.md/AGENTS.md), cron mutations
- System prompt injection: non-writers get refusal instructions + filtered context files
- Cache invalidation via bus events on add/remove writer
- Wired through resolver, loop, gateway_managed, gateway_callbacks
Exec security hardening:
- Block /proc/PID/environ and /proc/self/environ reads (env var exfiltration)
- Block strings on /proc files (binary env dump)
- DenyPaths() on ExecTool: block data dir, .goclaw/, config file from exec commands
- Scrub VIRTUAL_* env vars from tool output
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Refine tool policies with updated groups and aliases, and enhance credential scrubbing by dynamically detecting and redacting server IPs.
* feat: Add tool allow list configuration and enforcement for Telegram channels, allowing per-group/topic tool restrictions.
* feat: Add support for sending and receiving media attachments in the Feishu channel.
* feat: Add Feishu channel configuration options for topic session mode, message limits, and group allowlist, refine existing field descriptions, and create a staging tarball.
* feat(skills): per-agent skill filtering with grant-based access control (#45)
* fix(store): expand tilde in skills storage directory path
The default skillsDir (~/.goclaw/skills-store) was not expanded,
causing os.MkdirAll to fail when creating skill upload directories.
* feat(skills): per-agent skill filtering with grant-based access control (#42)
Wire skill_agent_grants into the agent resolver so each agent only sees
skills explicitly granted to it. Add Skills tab to the web UI for
managing per-agent skill grants with toggle switches.
- Add SkillAccessStore interface to avoid import cycles
- Filter skills in resolver via ListAccessible + filesystem union
- Add GET /v1/agents/:id/skills endpoint with grant status
- Invoke onGrantChange callback to invalidate agent caches on grant/revoke
- Add agent-skills-tab React component with Switch toggles
- Allow read_file access to managed skills-store directory
- Fix rows.Err() propagation in ListAccessible/ListWithGrantStatus
Closes#42
* feat: centralize agent skill access filtering within the skill search tool and implement optimistic UI updates for skill grants
* feat: Mount channel webhook handlers directly on the main gateway.
* feat: restrict /reset command to file writers in Telegram group chats.
* fix: improve spawn tool team_task_id validation and orphan detection
When LLMs call team_tasks create + spawn in parallel, the spawn
tool receives a hallucinated task_id that fails uuid.Parse, causing
a misleading error and bypassing orphan detection.
- Include pending task IDs in spawn error message so LLM can retry
with the correct UUID
- Move spawn counting to post-execution so failed spawns don't
increment teamTaskSpawns, allowing orphan detection to fire
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(feishu): group pairing uses group-level ID instead of per-user
Changed Lark group pairing to use "group:<chatID>" as sender_id
(matching Telegram pattern) so one approval covers the entire group.
Added approvedGroups in-memory cache to avoid DB queries per message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(feishu): mention detection fallback when botOpenID is empty
If probeBotInfo fails (missing bot:read permission), botOpenID is empty
and mention detection always returns false — causing all group messages
to be silently recorded to history instead of processed.
Now treats any mention as bot mention when botOpenID is unknown.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(channels): introduce Zalo Personal channel integration (#32)
* feat(channels): implement Zalo Personal Chat (ZCA) protocol layer
Implement complete Zalo Personal Chat integration including:
- Message protocol layer (request/response/event types)
- Connection management with auth flow
- Message sending/receiving with text and media support
- User/group management and sync
- Telegram-style contact and conversation handling
- Comprehensive unit tests with 85%+ coverage
Architecture follows existing channel patterns (Telegram, Feishu) with
raw API calls for session management and message delivery. Includes
error handling, rate limiting awareness, and logging.
* feat(channels): add Zalo Personal channel integration layer
Wire protocol package to GoClaw's channel system:
- channel.go: Channel struct, Start/Stop/Send, listenLoop, message handlers
- auth.go: credential resolution (preloaded > file > QR), persistence
- policy.go: DM/group policy, @mention gating, pairing with debounce
- factory.go: managed mode factory (requires credentials, no QR)
- cmd/gateway.go: register standalone + managed factory
* feat(ui): add Zalo Personal channel type to web dashboard
Add zalo_personal to channel type dropdown, credential fields
(IMEI, cookie, userAgent), and config schema (DM/group policy,
require_mention, allow_from).
* feat(channels): add WebSocket QR login for Zalo Personal channel
Add real-time QR code login flow for zalo_personal channel instances
in managed mode. Users create an instance without credentials, then
trigger QR login from the web dashboard.
Backend:
- New RPC method zalo.personal.qr.start with per-instance mutex
- QR PNG pushed via client-scoped WS events (not broadcast)
- Credentials encrypted and saved to DB on successful scan
- Cache invalidation triggers automatic channel reload/start
- Factory returns nil,nil for missing credentials (skip, not error)
- Instance loader handles nil-channel gracefully
Frontend:
- ZaloPersonalQRDialog with auto-start, retry, and auto-close
- QR button in channel instances table for zalo_personal type
- Credential fields no longer required (auto-populated via QR)
* fix(channels): skip redundant LoginWithCredentials after QR login
QR flow already validates session via qrCheckSession + qrGetUserInfo.
Calling LoginWithCredentials again conflicts with the active QR session
state, causing "empty response" errors. Credentials are validated when
the channel starts instead. Also rename log prefix from "zca" to
"Zalo Personal".
* fix(channels): fix Zalo Personal cookie domain for login API
BuildCookieJar only set cookies for chat.zalo.me but the login API
uses wpa.chat.zalo.me. Cookies weren't sent to the subdomain, causing
"empty response" on channel startup. Now sets cookies for both hosts.
* fix(channels): move UTF-8 check after gzip decompression in Zalo listener
The UTF-8 validity check in decryptAESGCMPayload ran on raw decrypted
bytes before gzip decompression, causing all encType=2 (AES-GCM+gzip)
messages to fail with "decrypted payload is not valid UTF-8".
Move the check to decryptEventData so it runs after all processing
(decryption + decompression) is complete.
* feat(channels): add QR-only onboarding and contacts picker for Zalo Personal
- Remove credential text fields for zalo_personal, show QR auth info banner
- Add has_credentials boolean to HTTP and WS mask functions
- Implement FetchFriends/FetchGroups protocol (encrypted Zalo API)
- Add zalo.personal.contacts WS RPC method with parallel fetch
- Create ZaloContactsPicker component with search, selection, manual entry
- Integrate picker in channel instance edit dialog for allow_from config
* refactor(channels): rename zca error prefix to zalo_personal across protocol package
* fix(channels): unwrap inner response envelope in Zalo contacts decryption
The Zalo API returns double-wrapped responses: outer envelope contains
encrypted base64 data, which when decrypted yields another Response
envelope with error_code and data fields. The decryptDataField helper
was returning the raw decrypted bytes without unwrapping the inner
envelope, causing json unmarshal failures when parsing friends/groups.
* fix(channels): pass version 0 for group details to get full data
The Zalo group info endpoint uses a version-based caching mechanism.
Passing the actual version from step 1 causes the server to return
the group in "unchangedsGroup" with empty "gridInfoMap". By passing
version 0 for all groups, we force the server to return full group
info including name, avatar, and member count.
* fix(ui): auto-load contacts on modal reopen to resolve display names
When the edit modal is reopened with already-selected contact IDs,
contacts are now auto-fetched so badges show display names instead
of raw numeric IDs.
* fix(channels): handle gzip-compressed response in Zalo SendMessage
SendMessage used io.ReadAll + json.Unmarshal directly but the response
is gzip-compressed (Accept-Encoding: gzip header). Use readJSON() which
handles gzip decompression, fixing "invalid character '\x1f'" errors.
* fix(channels): decrypt encrypted send response in Zalo SendMessage
The Zalo send message API response is encrypted like all other endpoints.
Parse outer envelope, decrypt the data field, then extract msgId from
the decrypted inner response.
* feat(channels): improve Zalo listener reliability and UI channel wizard
- Migrate WebSocket client from gorilla to coder/websocket, eliminating
unsafe/reflect hacks for RSV1 decompression and buffer inspection
- Add channel-level restart with exponential backoff (2s→60s cap, max 10)
so channels auto-recover instead of stopping permanently
- Reset listener retry counters after 60s stable connection to prevent
long-lived connections from exhausting retry budget
- Add code 3000 (duplicate session) recovery with 60s initial delay
- Detect silent disconnects via read deadline (2.5x ping interval)
- Fix Stop() to always cancel context, preventing reconnect timer leaks
- Refactor UI channel form into wizard-based flow with registry pattern
- Auto-refresh channel status after create/update dialog closes
* refactor(channels): move Zalo RPC methods to zalomethods package
Move Zalo personal channel RPC handlers from internal/gateway/methods to
internal/channels/zalo/personal/zalomethods, improving code organization
and removing prefix redundancy. Rename types: ZaloPersonalQRMethods →
QRMethods, ZaloPersonalContactsMethods → ContactsMethods.
- Move zalo_personal_qr.go → zalomethods/qr.go
- Move zalo_personal_contacts.go → zalomethods/contacts.go
- Update imports in cmd/gateway.go (2 call sites)
- Update internal/channels/zalo/personal imports
* feat(channels): add typing indicator to Zalo Personal channel
Show "typing..." in Zalo while the LLM processes messages, matching
the Telegram/Discord pattern. Uses the shared typing.Controller with
4s keepalive (Zalo typing expires ~5s) and 60s TTL safety net.
* feat(channels): handle image attachments in Zalo Personal channel
- Add Raw field to Content struct to preserve non-string JSON payloads
- Add Attachment struct with IsImage() detection (ext + Zalo CDN paths)
- Add AttachmentText() for human-readable placeholders (image/file/other)
- Download image attachments to temp files for agent vision pipeline
- Non-image files get text placeholder only (no download)
- Fix URL query param stripping in file extension detection
* fix(channels): switch Zalo WS client to gorilla/websocket with cookie jar fix
coder/websocket did not propagate session cookies for wss:// URLs,
causing Zalo backend to reject connections with "zpw_sek not found".
Switch to gorilla/websocket which handles wss→https scheme conversion
natively. Add wsJar safety wrapper and fix Close() mutex consistency.
Also update Makefile `up` target to use --no-cache builds.
* fix(channels): inject cookies manually for Zalo WS connection
Replace wsJar wrapper with direct cookie injection from chat.zalo.me
base domain. Fixes host-only cookies (zpw_sek) not matching WS
subdomains (ws*-msg.chat.zalo.me) due to Go cookiejar limitations.
* fix(channels): harden Zalo Personal channel security and concurrency
- Add SSRF protection to downloadFile using CheckSSRF (URL validation,
private IP blocking, DNS pinning) with context and 30s timeout
- Protect c.sess/c.listener with sync.RWMutex to eliminate data races
during restart; add thread-safe session()/getListener() accessors
- Add stopped flag + reconnTimer to Listener to prevent zombie reconnects
after Stop(); timer cancelled on Stop(), checked before Start()
- Fix QR flow using context.Background() detached from WS client; now
derives from parent ctx so flow cancels on client disconnect
- Set initial 30s read deadline for cipher key handshake to prevent
indefinite blocking before ping loop starts
- Use defer in WSClient.Close() to prevent connection leak on panic
- Document ReadMessage ctx limitation and two-layer reconnect design
* chore: remove unused gobwas/ws dependency from go.mod
gobwas/ws was a leftover from the previous coder/websocket usage,
no longer imported by any Go source files.
* fix(channels): align Zalo Personal policy defaults across UI and backend
Policy defaults were inconsistent across three layers causing group/DM
allowlist enforcement to silently fail. New() applied "allowlist" default
to local vars but never wrote back to config; checkGroupPolicy() then
read empty string and defaulted to "open", bypassing the allowlist.
UI Select components displayed schema defaults visually without
persisting them to configValues, so DB config never stored the policy.
* feat: Resolve Feishu message mentions by stripping bot mentions and replacing user mentions with names.
* fix(zalo_personal): data races in policy, directory perms, Makefile --no-cache
- Fix 2 data races in policy.go: sendPairingReply and checkGroupPolicy
accessed c.sess without the read lock — use c.session() accessor
- Fix credentials directory permissions: 0755 → 0700 to prevent other
users from listing contents
- Revert Makefile --no-cache (debugging leftover that disables Docker
layer caching)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: mid-loop context compaction + team task user scoping
Add mid-loop compaction to prevent context overflow during long-running
delegated agent runs (e.g. 225K+ tokens causing DashScope timeouts).
Uses same threshold as maybeSummarize (contextWindow * historyShare)
with actual PromptTokens from LLM response. Only compacts the in-memory
messages slice; pendingMsgs preserves full history for session flush.
Add user_id/channel columns to team_tasks so end users only see their
own tasks. Delegate/system channels bypass the filter to see all tasks.
Group chats use the group-scoped UserID (group:channel:chatID) so all
members share visibility.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: bump RequiredSchemaVersion to 8 for team_tasks user_id migration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: Handle bot commands before enriching content to prevent parsing issues with reply/forward context.
* fix(web_fetch): replace regex HTML parsing with DOM-based extraction
Regex-based htmlToMarkdown/htmlToText leaked CSS, JS, and non-content
elements. Replaced with golang.org/x/net/html DOM parser that extracts
<body> only and skips 16 non-content element types (script, style,
noscript, svg, template, iframe, form, nav, footer, etc.).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(delegation): add pending tasks hint when team_task_id not found
LLM models often hallucinate UUIDs when delegating, passing a wrong
team_task_id that doesn't exist. Previously the error was bare
("task not found") with no guidance, causing the model to get stuck.
Now the error includes a list of pending tasks so the model can
self-correct. Also refactored prepareDelegation to resolve team once
instead of 3 separate GetTeamForAgent calls, and extracted
pendingTasksHint() to deduplicate hint-building logic.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(web_fetch): increase read limit and add empty content detection
- Read limit: maxChars*4 → max(maxChars*10, 512KB) to handle pages with
large <head> sections (WordPress sites often have 30-50KB+ heads)
- Add warning message when HTML extraction returns empty despite non-empty
response body (bot protection, JS-only pages)
- Enable HTTP/2 via ForceAttemptHTTP2 on custom Transport
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(delegation): notify user on failure before retry + pending tasks hint
Two improvements to delegation UX:
1. When a delegation fails, the announce now instructs the coordinator
to send a brief friendly message to the user before retrying, so
users aren't left waiting in silence for minutes.
2. When spawn is called with a wrong team_task_id (LLM hallucinated
UUID), the error now includes a list of pending tasks so the model
can self-correct. Also refactored prepareDelegation to resolve team
once instead of 3 separate GetTeamForAgent calls.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(delegation): clear senderID in sync delegation context
Sync delegations inherited the caller's senderID, causing the delegate
agent to check group writer permissions against its own (empty) writer
list instead of bypassing like async delegations do. This resulted in
"permission denied: only file writers can modify files" errors when
delegate agents tried to write files.
Fix: clear senderID from the sync delegation context so it behaves
consistently with async delegations (context.Background has no
senderID). All 4 downstream usages of SenderIDFromContext are
group-writer-related and correctly bypass when senderID is empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: overhaul documentation for v0.2–v0.5 features
Add new docs for agent teams (11) and extended thinking (12).
Major rewrite of channels/messaging (05) with Telegram forum topics,
Feishu streaming cards, Zalo Personal. Update providers (02), tools (03),
bootstrap/skills (07), security (09), architecture (00), scheduling (08),
and tracing (10) with current implementation details.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Update README
* fix(teams): scope ListTasks by userID to prevent cross-group task leaking
Tasks from one Telegram group were being injected into another group's
session because the pending-task hint and /tasks command queried all
tasks team-wide without filtering by the group-scoped userID.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(telegram): add draft streaming infrastructure + split dm/group stream config
- Add sendMessageDraft transport (disabled pending Telegram client fix for
"reply to deleted message" artifact — tdesktop#10315, bugs.telegram.org/c/561)
- Split stream_mode into dm_stream/group_stream boolean flags (both default false)
- DM messages no longer set reply_to_message_id (cleaner UX, matching TS)
- Progressive placeholder editing for DMs: "Thinking..." → stream chunks → final
- Update web UI with separate DM/Group streaming toggles
fix(agent): prevent false MEDIA: detection in tool output
parseMediaResult() used strings.Index to find "MEDIA:" anywhere in tool output,
causing false positives when external content (e.g. GitHub releases page)
contained commit messages like "return MEDIA: path from screenshot".
Changed to strings.HasPrefix to only match at start of output.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(delegation): inject dependency results + guard completed task reuse
- Add injectDependencyResults() to auto-inject blocked_by task results
into delegation context, so delegatees receive prior results without
needing to search for them (orchestrator-worker pattern)
- Guard against spawning with completed/cancelled team_task_id to
enforce one-task-per-delegation rule
- Add cross-user scope guard in prepareDelegation() to prevent
cross-group task leak (delegate/system channels bypass by design)
- Track CompletedTaskIDs in DelegateArtifacts and include them in
announce messages so lead agent knows not to reuse completed IDs
- UI: reduce trace detail preview heights for better readability
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: Prioritize timeout error handling and renumber error classification.
* fix(chat): show all active agents in chat dropdown (#48)
* fix(channels): start outbound dispatcher before channel check
StartAll() returned early when no channels existed at boot,
skipping the dispatchOutbound goroutine. Channels loaded later
via Reload() assumed the dispatcher was running, causing outbound
messages (agent responses) to never reach Telegram.
Move dispatcher startup before the empty-channel early return so
dynamically loaded channels always have a running consumer.
* feat(ui): add LLM provider warning on overview page and ignore plans dir
Show alert when no providers configured or all disabled, linking to provider settings. Add plans/ to .gitignore.
* feat(onboard): add provider connectivity verification and placeholder seeding
- Add onboard_verify.go: verify API keys via POST to chat/completions
endpoint (401/403 = fatal, 400/422 = key valid, 5xx = warn)
- Verify all configured providers before seeding in auto-onboard
- Seed disabled placeholder providers (OpenRouter, Synthetic, AliCloud
API/Sub) for UI discoverability after managed data seeding
* fix: use model ID as display name in OpenAI-compatible provider list
The `owned_by` field (e.g. "system") was incorrectly used as the model
display name, causing all models to show as "system" in the UI dropdown
for providers like AliCloud DashScope.
* fix(chat): show all active agents in chat dropdown
Chat agent selector showed "No agents available" because:
- WS agents.list only returned in-memory router cache (empty in managed mode)
- useEffect had stale [ws] dep that never re-fired after connect
Frontend: switch agent-selector from WS to HTTP /v1/agents API with
proper access control (ListAccessible). Backend: add store-backed
agents.list for WS consumers + Router.IsRunning() helper.
* fix(security): prevent agent list leaking on empty userID or store error
- Return error instead of falling through to unfiltered router cache
when userID is empty or DB query fails in managed mode
- Add empty-string guard to isOwnerUser to prevent false owner match
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: ntduc <ntduc@cpp.ai.vn>
Co-authored-by: viettranx <viettranx@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: correct cron job delivery to Discord channels (#47)
- Override LLM-provided channel ID with context value to prevent
misrouted deliveries (LLM was confusing guild ID with channel ID)
- Send cron reminder message directly instead of agent response
so reminders appear as bot notifications in Discord
* fix(teams): filter empty chat_id scopes to prevent Select crash
Radix UI Select.Item requires non-empty value prop. Scope entries
with empty chat_id caused uncaught error on team detail page.
---------
Co-authored-by: ntduc <ntduc@cpp.ai.vn>
Co-authored-by: viettranx <viettranx@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Thieu Nguyen <79964592+thieung@users.noreply.github.com>
Co-authored-by: Duc Nguyen <me@vanducng.dev>
Co-authored-by: Winter279 <103654924+Winter279@users.noreply.github.com>
- Backend: DeleteTask RPC handler with terminal-status guard (completed/failed/cancelled)
- Frontend: delete button in kanban cards (top-right, hover), task list, and detail dialog
- Show agent emoji from members lookup next to owner name in all task views
- Replace priority colored dot with P-0/P-1/P-2/P-3 labels with hover tooltips
- Auto-reload board on TEAM_TASK_DELETED WebSocket event
- i18n: add delete task strings for en/vi/zh
Show the emoji from other_config.emoji instead of the default Bot icon
in agent-card (grid), agent-list-row (list), and agent-detail-page (header).
Falls back to Bot icon when no emoji is set.
- Add card/list view toggle on teams page (matching agents page pattern)
- Card view: member chips with emoji/Bot icon, frontmatter, crown for lead
- List view: comma-separated member names with frontmatter tooltip on hover
- Show version badge from team settings in both views
- Enrich ListTeams API to bulk-fetch members with emoji from other_config
- Add agent emoji field (other_config.emoji) to create/update forms
- Show emoji in team members dialog instead of Bot icon when available
- Force restrict_to_workspace=true system-wide, remove UI toggle
- Add i18n keys for all 3 locales (en/vi/zh)
Major refactoring of the team system with multiple improvements:
## Removed legacy delegation tools
- Delete `delegate.go`, `delegate_async.go`, `delegate_sync.go`, `delegate_events.go`,
`delegate_policy.go`, `delegate_prep.go`, `delegate_state.go`, `delegate_search_tool.go`
- Delete `evaluate_loop_tool.go`, `handoff_tool.go`
- Remove all references and registrations from tool manager and policy
- Clean up TEAM_PLAYBOOK_IDEAS.md and TEAM_SYSTEM.md (moved to docs)
## Rename await_reply → ask_user
- Rename action `await_reply` → `ask_user`, `clear_followup` → `clear_ask_user`
- Rename functions `executeAwaitReply` → `executeAskUser`, `executeClearFollowup` → `executeClearAskUser`
- Update system prompt with stronger wording to prevent model misuse
- Model was confusing "await_reply" with general waiting; "ask_user" is unambiguous
## Fix auto-followup false positives
- Add `HasActiveMemberTasks(ctx, teamID, excludeAgentID)` store method
- Guard `autoSetFollowup()` in consumer: skip when lead has active member tasks
- Prevents auto-followup when lead is orchestrating teammates (not waiting for user)
## Task identifier zero-padding
- Change format from `T-1-xxxx` → `T-001-xxxx` (3-digit minimum)
## Refactor workspace WS handlers to filesystem-only
- Rewrite `teams.workspace.list/read/delete` to use pure filesystem (os.ReadDir/ReadFile/Remove)
- Remove DB dependency from workspace WS handlers
- Consistent with storage handler and workspace tools
- Simplify TeamWorkspaceFile type and frontend hook
## Add team events listing API
- New WS method `teams.events.list` with team_id, limit, offset params
- New HTTP endpoint `GET /v1/teams/{id}/events` with bearer auth
- New `ListTeamEvents(ctx, teamID, limit, offset)` store method
- JOIN with team_tasks for team-wide event filtering
## Extract team access policy
- New `team_access_policy.go` — centralized team tool access control
## Migration 000019: team_id columns
- Add team_id foreign key columns to relevant tables
## Other improvements
- Add team_id propagation through agent loop, tracing, sessions
- Update i18n locale files (en/vi/zh) for new tool labels
- Update frontend builtin-tools page and require-setup component
- Bump RequiredSchemaVersion for migration 000019
viettranx