fix: enforce Telegram 100-command limit with warning (#5787)#12
Open
fix: enforce Telegram 100-command limit with warning (#5787)#12
Conversation
…nclaw#7610) * feat(slack): populate thread session with existing thread history When a new session is created for a Slack thread, fetch and inject the full thread history as context. This preserves conversation continuity so the bot knows what it previously said in the thread. - Add resolveSlackThreadHistory() to fetch all thread messages - Add ThreadHistoryBody to context payload - Use thread history instead of just thread starter for new sessions Fixes openclaw#4470 * chore: remove redundant comments * fix: use threadContextNote in queue body * fix(slack): address Greptile review feedback - P0: Use thread session key (not base session key) for new-session check This ensures thread history is injected when the thread session is new, even if the base channel session already exists. - P1: Fetch up to 200 messages and take the most recent N Slack API returns messages in chronological order (oldest first). Previously we took the first N, now we take the last N for relevant context. - P1: Batch resolve user names with Promise.all Avoid N sequential API calls when resolving user names in thread history. - P2: Include file-only messages in thread history Messages with attachments but no text are now included with a placeholder like '[attached: image.png, document.pdf]'. - P2: Add documentation about intentional 200-message fetch limit Clarifies that we intentionally don't paginate; 200 covers most threads. * style: add braces for curly lint rule * feat(slack): add thread.initialHistoryLimit config option Allow users to configure the maximum number of thread messages to fetch when starting a new thread session. Defaults to 20. Set to 0 to disable thread history fetching entirely. This addresses the optional configuration request from openclaw#2608. * chore: trigger CI * fix(slack): ensure isNewSession=true on first thread turn recordInboundSession() in prepare.ts creates the thread session entry before session.ts reads the store, causing isNewSession to be false on the very first user message in a thread. This prevented thread context (history/starter) from being injected. Add IsFirstThreadTurn flag to message context, set when readSessionUpdatedAt() returns undefined for the thread session key. session.ts uses this flag to force isNewSession=true. * style: format prepare.ts for oxfmt * fix: suppress InboundHistory/ThreadStarterBody when ThreadHistoryBody present (openclaw#13912) When ThreadHistoryBody is fetched from the Slack API (conversations.replies), it already contains pending messages and the thread starter. Passing both InboundHistory and ThreadStarterBody alongside ThreadHistoryBody caused duplicate content in the LLM context on new thread sessions. Suppress InboundHistory and ThreadStarterBody when ThreadHistoryBody is present, since it is a strict superset of both. * remove verbose comment * fix(slack): paginate thread history context fetch * fix(slack): wire session file path options after main merge --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
… to contextTokens (openclaw#15114) (openclaw#15133) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: a489669 Co-authored-by: echoVic <16428813+echoVic@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras
…14990) * Agents: allow gpt-5.3-codex-spark in fallback and thinking * Fix: model picker issue for openai-codex/gpt-5.3-codex-spark Fixed an issue in the model picker.
…openclaw#15448) Co-authored-by: Josh Lehman <josh@martian.engineering>
…to-approval (OC-02)
Two critical RCE vectors patched:
Vector 1 - Gateway HTTP /tools/invoke:
- Add DEFAULT_GATEWAY_HTTP_TOOL_DENY blocking sessions_spawn,
sessions_send, gateway, whatsapp_login from HTTP invocation
- Apply deny filter after existing policy cascade, before tool lookup
- Add gateway.tools.{allow,deny} config override in GatewayConfig
Vector 2 - ACP client auto-approval:
- Replace blind allow_once selection with danger-aware permission handler
- Dangerous tools (exec, sessions_spawn, etc.) require interactive confirmation
- Safe tools retain auto-approve behavior (backward compatible)
- Empty options array now denied (was hardcoded "allow")
- 30s timeout auto-denies to prevent hung sessions
CWE-78 | CVSS:3.1 9.8 Critical
…openclaw#11020) thanks @lailoo Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: ${pr_author_login} <${coauthor_email}> Co-authored-by: ${tak_name} <${tak_email}>
- Add mention parsing and validation logic - Handle mention entities with proper whitespace - Validate mention IDs to prevent false positives from code snippets - Use fake placeholders in tests for privacy
Clarify that User.Read.All permission is only needed for searching users not in the current conversation. Mentions work out of the box for conversation participants.
Escape regex metacharacters in display names before constructing RegExp to prevent runtime errors or unintended matches when names contain special characters like (, ), ., +, ?, [, etc. Add test coverage for names with regex metacharacters.
…mpatibility Older OpenClaw versions stored absolute sessionFile paths in sessions.json. v2026.2.12 added path traversal security that rejected these absolute paths, breaking all Telegram group handlers with 'Session file path must be within sessions directory' errors. Changes: - resolvePathWithinSessionsDir() now normalizes absolute paths that resolve within the sessions directory, converting them to relative before validation - Added 3 tests for absolute path handling (within dir, with topic, outside dir) Fixes openclaw#15283 Closes openclaw#15214, openclaw#15237, openclaw#15216, openclaw#15152, openclaw#15213
…law#15035) * feat(gateway): add auth rate-limiting & brute-force protection Add a per-IP sliding-window rate limiter to Gateway authentication endpoints (HTTP, WebSocket upgrade, and WS message-level auth). When gateway.auth.rateLimit is configured, failed auth attempts are tracked per client IP. Once the threshold is exceeded within the sliding window, further attempts are blocked with HTTP 429 + Retry-After until the lockout period expires. Loopback addresses are exempt by default so local CLI sessions are never locked out. The limiter is only created when explicitly configured (undefined otherwise), keeping the feature fully opt-in and backward-compatible. * fix(gateway): isolate auth rate-limit scopes and normalize 429 responses --------- Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>
…thanks @Glucksberg Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
) * fix(models): antigravity opus 4.6 availability follow-up * chore(format): apply updated oxfmt config to models files * fix(models): retain zai glm-5 forward-compat fallback after extraction * chore(format): apply updated oxfmt config * fix(models): fail fast on unknown auth login provider --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
… compaction bypass (openclaw#11356) thanks @shadril238 Verified: - pnpm build - pnpm check - pnpm test (ran; one unrelated existing failure in models forward-compat test) - pnpm vitest src/agents/pi-embedded-runner.history-limit-from-session-key.test.ts Co-authored-by: shadril238 <63901551+shadril238@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
…ing (openclaw#11853) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 0a723f9 Co-authored-by: BrokenFinger98 <115936166+BrokenFinger98@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
…loader (openclaw#11029) thanks @shadril238 Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: shadril238 <63901551+shadril238@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
… thanks @shadril238 Verified: - pnpm install --frozen-lockfile - pnpm build - pnpm check - pnpm test Co-authored-by: shadril238 <63901551+shadril238@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
openclaw#15847) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: dc03ce5 Co-authored-by: Spacefish <375633+Spacefish@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
…thanks @arosstale Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
…aw#12352) thanks @arosstale Verified: - pnpm build - pnpm check - pnpm test Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
… failure state (openclaw#15848) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 188a40e Co-authored-by: AI-Reviewer-QS <255312808+AI-Reviewer-QS@users.noreply.github.com> Co-authored-by: steipete <58493+steipete@users.noreply.github.com> Reviewed-by: @steipete
…penclaw#11063) thanks @ikari-pl Verified: - pnpm build - pnpm check - pnpm test (full run; transient lobster timeout rerun passed) Co-authored-by: ikari-pl <811702+ikari-pl@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
Telegram's setMyCommands API rejects requests with more than 100 commands. When skills + custom + plugin commands exceed the limit, truncate to 100 and warn the user instead of silently failing on every startup.
steipete
force-pushed
the
fix/5787-telegram-commands-limit
branch
from
546de98 to
682765e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
setMyCommandsAPI callsFixes openclaw#5787
Problem
Telegram's
setMyCommandsAPI rejects requests with more than 100 commands withBOT_COMMANDS_TOO_MUCH. OpenClaw registers all user-invocable skills as bot commands with no limit check, causing silent failures on every gateway startup for users with many skills.Fix
Added a
TELEGRAM_MAX_COMMANDS = 100limit. When exceeded, the first 100 commands are registered (preserving priority order) and a warning is logged explaining the truncation and how to reduce command count.Test plan
BOT_COMMANDS_TOO_MUCHerror when >100 commands configured🤖 Generated with Claude Code