res.sendFile can emit NotFoundError from the send module in certain
path resolution scenarios, causing 500s on company-scoped SPA routes.
Cache index.html at startup and serve it directly, which is both
more reliable and faster.
Fixes#233
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, agents were only woken when the assignee changed. Now
also wakes the assigned agent when an issue transitions out of
backlog status (e.g. backlog -> todo).
Fixes#167
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Run logs defaulted to process.cwd()/data/run-logs, placing logs in
unexpected locations when launched from non-home directories. Now
defaults to ~/.paperclip/instances/<id>/data/run-logs/.
Fixes#89
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 400 response for /issues without companyId, tag issue.updated
activity with source:comment when triggered by a comment, and mark
comment activities with updated:true when field changes accompany them.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract attachErrorContext helper to DRY up the error handler, attach the
original Error object to res.err so pino can serialize stack traces, and
rename the log context key from err to errorContext so it doesn't clash
with pino's built-in err serializer.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add catch-all handler after API router to return a proper 404 JSON
response instead of falling through to the SPA handler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update cwd test to expect an error for missing directories (matches
createIfMissing: false accepted from review)
- Add warn-level check for non-ProviderModelNotFoundError failures
during best-effort model discovery when no model is configured
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ensure unique URL-safe shortnames by appending numeric suffixes when
collisions occur. Applied during project creation, update, and company
import flows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New adapter type for invoking OpenClaw agents via the gateway protocol.
Registers in server, CLI, and UI adapter registries. Adds onboarding
wizard support with gateway URL field and e2e smoke test script.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a company has "require board approval for new agents" enabled,
hiring an agent creates a pending approval that requires the user
(as a board member) to approve before the agent can start working.
However, the sidebar inbox badge did not include pending approvals
in its count, so there was no visual indicator that action was needed.
Users had no way of knowing an approval was waiting unless they
happened to open the Inbox page manually.
The root cause: the sidebar-badges service correctly included
approvals in the inbox total, but the route handler overwrites
badges.inbox to add alertsCount and staleIssueCount — and in
doing so dropped badges.approvals from the sum.
Add badges.approvals to the inbox count recalculation so that
pending and revision-requested approvals surface in the sidebar
notification badge alongside failed runs, alerts, stale work,
and join requests.
Affected files:
- server/src/routes/sidebar-badges.ts
Accept x-openclaw-token as the preferred auth header for OpenClaw
invite/join flows, falling back to x-openclaw-auth for backwards
compatibility. Update diagnostics messages accordingly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add OpenClawEndpointKind type to distinguish between /hooks/wake,
/hooks/agent, open_responses, and generic endpoints. Build appropriate
payloads per endpoint kind with optional sessionKey inclusion.
Refactor webhook execution to use endpoint-aware payload construction.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Agents were being woken immediately when an issue was created or
reassigned with status "backlog", defeating the purpose of backlog
as "not ready to work on yet" (issue #96).
Added `&& issue.status !== "backlog"` guard to both the CREATE and
PATCH wakeup paths, mirroring the existing done/cancelled suppression
pattern already present in the file.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add skill URL note to onboarding text document and strengthen callback
reachability test language in company settings invite snippet.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* public-gh/master:
fix(auth): apply effective trusted origins and honor allowed hostnames in public mode
fix(onboard): preserve env-derived secrets defaults and report ignored exposure env in local_trusted mode
fix: parseBooleanFromEnv silently treats common truthy values as false
set `PAPERCLIP_PUBLIC_URL` in compose files
centralize URLs into single canonical URL var
When approving an agent join request with a shortname already in use,
append a numeric suffix (e.g. "openclaw-2") instead of returning an error.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The sidebar badge count was missing join requests from its inbox total,
and the live updates provider had no handler for join_request entity
type, so new join requests wouldn't appear until manual page refresh.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
