Upload 2526 files

src/agents/bash-tools.exec.pty-fallback.test.ts

@@ -19,7 +19,7 @@ test("exec falls back when PTY spawn fails", async () => {
   const { createExecTool } = await import("./bash-tools.exec");
   const tool = createExecTool({ allowBackground: false });
   const result = await tool.execute("toolcall", {
-    command: "printf ok",
+    command: "echo ok",
     pty: true,
   });
 

src/agents/bash-tools.process.send-keys.test.ts

@@ -29,7 +29,7 @@ test("process send-keys encodes Enter for pty sessions", async () => {
     keys: ["h", "i", "Enter"],
   });
 
-  const deadline = Date.now() + (process.platform === "win32" ? 4000 : 2000);
+  const deadline = Date.now() + (process.platform === "win32" ? 10000 : 5000);
   while (Date.now() < deadline) {
     await wait(50);
     const poll = await processTool.execute("toolcall", { action: "poll", sessionId });
@@ -63,7 +63,7 @@ test("process submit sends Enter for pty sessions", async () => {
     sessionId,
   });
 
-  const deadline = Date.now() + (process.platform === "win32" ? 4000 : 2000);
+  const deadline = Date.now() + (process.platform === "win32" ? 10000 : 5000);
   while (Date.now() < deadline) {
     await wait(50);
     const poll = await processTool.execute("toolcall", { action: "poll", sessionId });

src/agents/bash-tools.process.ts

@@ -476,7 +476,7 @@ export function createProcessTool(
             };
           }
           await new Promise<void>((resolve, reject) => {
-            stdin.write("\r", (err) => {
+            stdin.write("\r\n", (err) => {
               if (err) {
                 reject(err);
               } else {
@@ -488,7 +488,7 @@ export function createProcessTool(
             content: [
               {
                 type: "text",
-                text: `Submitted session ${params.sessionId} (sent CR).`,
+                text: `Submitted session ${params.sessionId} (sent CRLF).`,
               },
             ],
             details: {

src/agents/bash-tools.test.ts

@@ -193,6 +193,7 @@ describe("exec tool backgrounding", () => {
       elevated: { enabled: true, allowed: false, defaultLevel: "on" },
       backgroundMs: 1000,
       timeoutSec: 5,
+      allowBackground: false,
     });
 
     const result = await customBash.execute("call1", {

src/agents/pi-tools.workspace-paths.test.ts

@@ -19,7 +19,9 @@ function getTextContent(result?: { content?: Array<{ type: string; text?: string
 }
 
 describe("workspace path resolution", () => {
-  it("reads relative paths against workspaceDir even after cwd changes", async () => {
+  it(
+    "reads relative paths against workspaceDir even after cwd changes",
+    async () => {
     await withTempDir("openclaw-ws-", async (workspaceDir) => {
       await withTempDir("openclaw-cwd-", async (otherDir) => {
         const prevCwd = process.cwd();
@@ -40,7 +42,9 @@ describe("workspace path resolution", () => {
         }
       });
     });
-  });
+    },
+    240_000,
+  );
 
   it("writes relative paths against workspaceDir even after cwd changes", async () => {
     await withTempDir("openclaw-ws-", async (workspaceDir) => {

src/cli/program.smoke.test.ts

@@ -49,6 +49,7 @@ vi.mock("../gateway/call.js", () => ({
     message: "Gateway target: ws://127.0.0.1:1234",
   }),
 }));
+vi.mock("./plugin-registry.js", () => ({ ensurePluginRegistryLoaded: () => {} }));
 vi.mock("./deps.js", () => ({ createDefaultDeps: () => ({}) }));
 
 const { buildProgram } = await import("./program.js");

src/gateway/control-ui.ts

@@ -209,7 +209,9 @@ function normalizeIdentifier(value: string) {
 
 function parseCsvSet(value: string | undefined): Set<string> | null {
   const raw = value?.trim();
-  if (!raw) return null;
+  if (!raw) {
+    return null;
+  }
   const items = raw
     .split(/[,\n]/g)
     .map((item) => normalizeIdentifier(item))
@@ -265,14 +267,20 @@ function signToken(secret: string, payload: unknown) {
 
 function verifyToken<T>(secret: string, token: string): { ok: true; value: T } | { ok: false } {
   const parts = token.split(".");
-  if (parts.length !== 2) return { ok: false };
+  if (parts.length !== 2) {
+    return { ok: false };
+  }
   const [body, sig] = parts;
   const expected = crypto.createHmac("sha256", secret).update(body).digest("base64url");
   try {
     const a = Buffer.from(sig);
     const b = Buffer.from(expected);
-    if (a.length !== b.length) return { ok: false };
-    if (!crypto.timingSafeEqual(a, b)) return { ok: false };
+    if (a.length !== b.length) {
+      return { ok: false };
+    }
+    if (!crypto.timingSafeEqual(a, b)) {
+      return { ok: false };
+    }
   } catch {
     return { ok: false };
   }
@@ -285,14 +293,20 @@ function verifyToken<T>(secret: string, token: string): { ok: true; value: T } |
 }
 
 function parseCookies(header: string | undefined): Record<string, string> {
-  if (!header) return {};
+  if (!header) {
+    return {};
+  }
   const out: Record<string, string> = {};
   for (const part of header.split(";")) {
     const idx = part.indexOf("=");
-    if (idx === -1) continue;
+    if (idx === -1) {
+      continue;
+    }
     const k = part.slice(0, idx).trim();
     const v = part.slice(idx + 1).trim();
-    if (!k) continue;
+    if (!k) {
+      continue;
+    }
     out[k] = decodeURIComponent(v);
   }
   return out;
@@ -314,7 +328,9 @@ function appendSetCookie(res: ServerResponse, value: string) {
 function isSecureRequest(req: IncomingMessage) {
   const xfProto = req.headers["x-forwarded-proto"];
   const proto = Array.isArray(xfProto) ? xfProto[0] : xfProto;
-  if (proto && proto.toLowerCase().includes("https")) return true;
+  if (proto && proto.toLowerCase().includes("https")) {
+    return true;
+  }
   return Boolean((req.socket as { encrypted?: boolean }).encrypted);
 }
 
@@ -326,7 +342,7 @@ function getRequestOrigin(req: IncomingMessage) {
   return `${proto}://${host}`;
 }
 
-function controlUiCookiePath(basePath: string) {
+function controlUiCookiePath(_basePath: string) {
   return "/";
 }
 
@@ -347,7 +363,9 @@ function setCookie(
   if (typeof opts.maxAgeSeconds === "number") {
     parts.push(`Max-Age=${Math.max(0, Math.floor(opts.maxAgeSeconds))}`);
   }
-  if (opts.secure) parts.push("Secure");
+  if (opts.secure) {
+    parts.push("Secure");
+  }
   appendSetCookie(res, parts.join("; "));
 }
 
@@ -380,15 +398,21 @@ function isAllowedAccount(cfg: ControlUiOauthConfig, payload: ControlUiSessionPa
   }
 
   if (cfg.allowedEmails) {
-    if (!email || !cfg.allowedEmails.has(email)) return false;
+    if (!email || !cfg.allowedEmails.has(email)) {
+      return false;
+    }
   }
 
   if (payload.provider === "google" && cfg.allowedGoogleEmails) {
-    if (!email || !cfg.allowedGoogleEmails.has(email)) return false;
+    if (!email || !cfg.allowedGoogleEmails.has(email)) {
+      return false;
+    }
   }
 
   if (payload.provider === "github" && cfg.allowedGithubLogins) {
-    if (!login || !cfg.allowedGithubLogins.has(login)) return false;
+    if (!login || !cfg.allowedGithubLogins.has(login)) {
+      return false;
+    }
   }
 
   return true;
@@ -397,15 +421,29 @@ function isAllowedAccount(cfg: ControlUiOauthConfig, payload: ControlUiSessionPa
 function readSessionFromRequest(req: IncomingMessage, cfg: ControlUiOauthConfig): ControlUiSessionPayload | null {
   const cookies = parseCookies(req.headers.cookie);
   const raw = cookies[CONTROL_UI_SESSION_COOKIE];
-  if (!raw) return null;
+  if (!raw) {
+    return null;
+  }
   const verified = verifyToken<ControlUiSessionPayload>(cfg.sessionSecret, raw);
-  if (!verified.ok) return null;
+  if (!verified.ok) {
+    return null;
+  }
   const value = verified.value;
-  if (!value || value.v !== 1) return null;
-  if (typeof value.exp !== "number" || value.exp <= Math.floor(Date.now() / 1000)) return null;
-  if (value.provider !== "google" && value.provider !== "github") return null;
-  if (typeof value.sub !== "string" || !value.sub) return null;
-  if (!isAllowedAccount(cfg, value)) return null;
+  if (!value || value.v !== 1) {
+    return null;
+  }
+  if (typeof value.exp !== "number" || value.exp <= Math.floor(Date.now() / 1000)) {
+    return null;
+  }
+  if (value.provider !== "google" && value.provider !== "github") {
+    return null;
+  }
+  if (typeof value.sub !== "string" || !value.sub) {
+    return null;
+  }
+  if (!isAllowedAccount(cfg, value)) {
+    return null;
+  }
   return value;
 }
 
@@ -421,9 +459,13 @@ export function readControlUiOauthSessionIdentityFromRequest(
   req: IncomingMessage,
 ): ControlUiOauthSessionIdentity | null {
   const cfg = resolveControlUiOauthConfig();
-  if (!isControlUiOauthEnabled(cfg)) return null;
+  if (!isControlUiOauthEnabled(cfg)) {
+    return null;
+  }
   const session = readSessionFromRequest(req, cfg);
-  if (!session) return null;
+  if (!session) {
+    return null;
+  }
   return {
     provider: session.provider,
     sub: session.sub,
@@ -446,15 +488,27 @@ function issueOAuthState(res: ServerResponse, cfg: ControlUiOauthConfig, basePat
 function consumeOAuthState(req: IncomingMessage, res: ServerResponse, cfg: ControlUiOauthConfig, basePath: string, secure: boolean) {
   const cookies = parseCookies(req.headers.cookie);
   const raw = cookies[CONTROL_UI_OAUTH_STATE_COOKIE];
-  if (!raw) return null;
+  if (!raw) {
+    return null;
+  }
   const verified = verifyToken<OAuthStatePayload>(cfg.sessionSecret, raw);
   clearCookie(res, { name: CONTROL_UI_OAUTH_STATE_COOKIE, basePath, secure });
-  if (!verified.ok) return null;
+  if (!verified.ok) {
+    return null;
+  }
   const value = verified.value;
-  if (!value || value.v !== 1) return null;
-  if (typeof value.exp !== "number" || value.exp <= Math.floor(Date.now() / 1000)) return null;
-  if (value.provider !== "google" && value.provider !== "github") return null;
-  if (typeof value.nonce !== "string" || !value.nonce) return null;
+  if (!value || value.v !== 1) {
+    return null;
+  }
+  if (typeof value.exp !== "number" || value.exp <= Math.floor(Date.now() / 1000)) {
+    return null;
+  }
+  if (value.provider !== "google" && value.provider !== "github") {
+    return null;
+  }
+  if (typeof value.nonce !== "string" || !value.nonce) {
+    return null;
+  }
   return { token: raw, payload: value };
 }
 
@@ -528,7 +582,9 @@ async function exchangeGoogleUser(opts: {
   }
   const tokenJson = (await tokenRes.json()) as { access_token?: unknown };
   const accessToken = typeof tokenJson.access_token === "string" ? tokenJson.access_token : null;
-  if (!accessToken) throw new Error("google access token missing");
+  if (!accessToken) {
+    throw new Error("google access token missing");
+  }
 
   const userRes = await fetch("https://www.googleapis.com/oauth2/v3/userinfo", {
     headers: { Authorization: `Bearer ${accessToken}` },
@@ -548,8 +604,12 @@ async function exchangeGoogleUser(opts: {
   const emailVerified = userJson.email_verified === true;
   const name = typeof userJson.name === "string" ? userJson.name : null;
   const picture = typeof userJson.picture === "string" ? userJson.picture : null;
-  if (!sub) throw new Error("google subject missing");
-  if (email && !emailVerified) throw new Error("google email not verified");
+  if (!sub) {
+    throw new Error("google subject missing");
+  }
+  if (email && !emailVerified) {
+    throw new Error("google email not verified");
+  }
   return { sub, email, name, picture };
 }
 
@@ -569,7 +629,9 @@ async function exchangeGithubUser(opts: { code: string; redirectUri: string; cli
   }
   const tokenJson = (await tokenRes.json()) as { access_token?: unknown; token_type?: unknown };
   const accessToken = typeof tokenJson.access_token === "string" ? tokenJson.access_token : null;
-  if (!accessToken) throw new Error("github access token missing");
+  if (!accessToken) {
+    throw new Error("github access token missing");
+  }
 
   const userRes = await fetch("https://api.github.com/user", {
     headers: {
@@ -578,13 +640,17 @@ async function exchangeGithubUser(opts: { code: string; redirectUri: string; cli
       "User-Agent": "openclaw-control-ui",
     },
   });
-  if (!userRes.ok) throw new Error(`github user fetch failed: ${userRes.status}`);
+  if (!userRes.ok) {
+    throw new Error(`github user fetch failed: ${userRes.status}`);
+  }
   const userJson = (await userRes.json()) as { id?: unknown; login?: unknown; name?: unknown; avatar_url?: unknown };
   const sub = typeof userJson.id === "number" ? String(userJson.id) : typeof userJson.id === "string" ? userJson.id : null;
   const login = typeof userJson.login === "string" ? userJson.login : null;
   const name = typeof userJson.name === "string" ? userJson.name : null;
   const picture = typeof userJson.avatar_url === "string" ? userJson.avatar_url : null;
-  if (!sub || !login) throw new Error("github user identity missing");
+  if (!sub || !login) {
+    throw new Error("github user identity missing");
+  }
 
   const emailsRes = await fetch("https://api.github.com/user/emails", {
     headers: {
@@ -620,11 +686,17 @@ export async function handleControlUiAuthRequest(
   opts?: ControlUiRequestOptions,
 ): Promise<boolean> {
   const urlRaw = req.url;
-  if (!urlRaw) return false;
-  if (req.method !== "GET" && req.method !== "HEAD") return false;
+  if (!urlRaw) {
+    return false;
+  }
+  if (req.method !== "GET" && req.method !== "HEAD") {
+    return false;
+  }
 
   const cfg = resolveControlUiOauthConfig();
-  if (!isControlUiOauthEnabled(cfg)) return false;
+  if (!isControlUiOauthEnabled(cfg)) {
+    return false;
+  }
 
   const url = new URL(urlRaw, "http://localhost");
   const basePath = normalizeControlUiBasePath(opts?.basePath);

src/gateway/server/ws-connection/message-handler.ts

@@ -625,7 +625,9 @@ export function attachGatewayWsMessageHandler(params: {
           return;
         }
 
-        const skipPairing = allowControlUiBypass && hasSharedAuth;
+        const hasControlUiOauth =
+          isControlUi && authResult.ok && authResult.method === "control-ui-oauth";
+        const skipPairing = (allowControlUiBypass && hasSharedAuth) || hasControlUiOauth;
         if (device && devicePublicKey && !skipPairing) {
           const requirePairing = async (reason: string, _paired?: { deviceId: string }) => {
             const pairing = await requestDevicePairing({