Skip to content

chore(deps): update automation apps#319

Merged
hobroker merged 1 commit into
masterfrom
renovate/automation
Jun 4, 2026
Merged

chore(deps): update automation apps#319
hobroker merged 1 commit into
masterfrom
renovate/automation

Conversation

@renovate

@renovate renovate Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Update Change
app-template major 4.6.25.0.1
app-template patch 5.0.05.0.1
chromedp/headless-shell major 148.0.7778.97149.0.7808.0
ghcr.io/openclaw/openclaw (source) minor 2026.5.122026.6.1
n8nio/n8n (source) minor 2.20.02.25.3

Release Notes

bjw-s-labs/helm-charts (app-template)

v5.0.1

Compare Source

Changelog:
Changed

v5.0.0

Compare Source

Changelog:
Changed
openclaw/openclaw (ghcr.io/openclaw/openclaw)

v2026.6.1

Compare Source

Highlights
Changes
  • Docs: add a dedicated Skill Workshop guide covering governed skill creation, reviewable proposals, CLI, Gateway, agent tool behavior, approval policy, support files, and recovery; refresh ClawHub cards; and add ClawHub CLI, iMessage SSH-wrapper TCC, Android helper, diff-language, and host-local media-send guidance. (#​79658, #​88734, #​88758, #​88865, #​89297) Thanks @​simplyclever914, @​shakkernerd, @​vyctorbrzezowski, @​TurboTheTurtle, @​RomneyDa, and @​Wang-Yeah623.
  • Skills: let the skill_workshop agent tool apply, reject, and quarantine explicit proposals through the guarded review flow. Thanks @​shakkernerd.
  • Skills: let proposals carry approved support files under standard skill folders, with scanner, hash, and rollback safeguards. Thanks @​shakkernerd.
  • Skills: let pending proposals be revised in place with versioned, dated proposal frontmatter before approval. Thanks @​shakkernerd.
  • Skills: add Skill Workshop with pending proposals, CLI/Gateway review actions, rollback metadata, and the skill_workshop agent tool. Thanks @​shakkernerd.
  • Skill Workshop: add the Control UI navigation, styled dashboard, proposal today view, revision dialog, file preview modal, searchable preview files, reusable session handoff, and localized strings.
  • Plugins: externalize Tokenjuice as the official @openclaw/tokenjuice plugin with npm and ClawHub publish metadata.
  • Plugins: externalize the GitHub Copilot agent runtime as the official @openclaw/copilot plugin with npm and ClawHub publish metadata.
  • iOS: add hosted push relay defaults, realtime Talk playback, and a guarded WebSocket ping path for more reliable mobile sessions. (#​88096, #​88105, #​88231)
  • iOS: support native iPad display layouts.
  • Android: add installed-app inspection commands, notification picker helpers, and updated-system-app classification.
  • Workboard: add orchestration primitives and agent coordination tools for multi-agent planning and run tracking. (#​87469)
  • Workboard: wire task-backed board runs and show task comments in the edit modal.
  • Code mode: add internal namespaces for scoped agent/global sessions and exact namespace tool dispatch. (#​88043)
  • Code mode: add MCP API files and docs for code-mode integrations.
  • Gateway: support Tailscale Serve service names for local service routing.
  • Control UI: add a Dreaming-tab agent selector and propagate the selected agent through Dreaming status, diary, and diary actions. (#​78748) Thanks @​stevenepalmer.
  • Control UI: add calmer chat composer controls, local draft typing state, and first-output latency instrumentation for active chat entry. (#​88772, #​88998) Thanks @​vincentkoc.
  • Plugins: add a SecretRef provider integration manifest contract and extract shared LLM core packages for provider/plugin reuse. (#​82326, #​88117)
  • Plugin SDK: add typed presentation command actions and the bounded resolve_exec_env hook for plugin-provided exec environment contributions. (#​88721)
  • Plugins: persist the plugin install index in SQLite so installed package lookup survives reloads with less filesystem scanning. (#​88794)
  • Providers: add MiniMax M3 model support. (#​88860)
  • Tools/media: allow validated host-local text document media sends while keeping unsafe plain-text media sends blocked. (#​79658) Thanks @​simplyclever914.
  • Doctor: add disk space health checks and stabilize post-upgrade JSON probes.
  • Channels: store inbound queues in SQLite and migrate iMessage monitor state to SQLite-backed tracking. (#​88797)
  • Skills: add the core skills index and centralize skills runtime loading, status, filtering, and prompt formatting.
Fixes
  • Release/CI/E2E: fail early when Crabbox sparse-sync full checkouts do not have enough local disk, with guidance for moving the sync root.
  • Build: render independent CLI startup metadata help snapshots concurrently to cut cold build-all metadata time.
  • Plugins: stop timed-out package-boundary prep steps by process group so descendant TypeScript/helper processes do not survive local check cleanup.
  • Control UI: serve static assets asynchronously after safe-open checks so large UI files do not block Gateway request handling.
  • Scripts/UI: forward direct wrapper SIGHUP shutdown to child processes so terminal hangups do not leave wrapped dev commands running.
  • Gateway: return the post-expiration pending-work revision from node drains so reconnecting nodes do not observe stale queue revisions after expired items are pruned.
  • Release/CI/E2E: keep temporary full-sync checkouts alive while slow Crabbox leases boot, so sparse worktree runs do not lose their sync source before file-list generation.
  • Release/CI/E2E: normalize inherited Linux C.UTF-8 locale settings before raw AWS macOS Crabbox bootstrap commands, avoiding macOS locale warnings during package-manager hydration.
  • Release/CI/E2E: keep gateway watch regression checks from copying large static plugin assets inside the measured idle window.
  • Update: keep core updates nonblocking when missing external plugin repair downloads or soft plugin repair warnings would otherwise stall, pin post-core plugin compatibility to the downgraded core version, and still block installed active plugin payload smoke failures. (#​84431, #​87914, #​87952) Thanks @​TurboTheTurtle, @​Niriakot, and @​MukundaKatta.
  • Agents/providers: keep streaming tool-call argument parsing record-shaped when providers emit valid non-object JSON such as null or arrays.
  • Release/CI/E2E: reset incremental log readers when watched log files rotate without shrinking, so same-size replacements do not hide new readiness or RPC lines.
  • Talk: preserve explicit null payloads on controller-created turn and output-audio lifecycle events.
  • Agents/TUI: keep local custom provider runs from loading plugin runtime and auth alias metadata when plugins are disabled.
  • Agents/TUI: restore in-flight TUI run switch-back behavior, keep no-policy native hook fallback available, guard vanished workspaces, and keep lightweight isolated subagents lightweight.
  • Agents/media: keep async image, music, and video generation starts from ending the Codex turn, avoid duplicate generated-media fallbacks, and let mixed requests continue with summaries or other work while media renders in the background. (#​89220) Thanks @​omarshahine.
  • Agents/Codex: keep public OpenAI API-key profiles from being treated as native Codex app-server auth while preserving persisted Codex OAuth sessions.
  • Agents/Codex: stream Codex app-server final-answer partials to live reply previews, preserve ACP metadata in SQLite, prefer real tool results over synthetic repair output, prevent aborted app-server turn handles from lingering, migrate legacy OpenAI Codex lastGood auth state, and preserve workspace/session metadata through ACP runtime refactors. (#​88405, #​88724, #​88730) Thanks @​vincentkoc.
  • Control UI: keep collapsed tool cards labeled with the tool name and action instead of generic output text. Thanks @​shakkernerd.
  • Agents/Codex: surface Skill Workshop guidance in Codex app-server prompts when skill_workshop is available. Thanks @​shakkernerd.
  • Skill Workshop: restore and localize the Control UI board/today view switcher so review workflows keep their intended layout toggle across locales. Thanks @​shakkernerd.
  • Agents/auth: write auth profiles atomically, dispatch auth failures by type, add force re-login and exhausted-failover recovery, clear legacy auto fallback pins, preserve workspaces during state-only uninstall, and compact before oversized turns so recovery paths avoid partial state. (#​85798, #​87484, #​89181) Thanks @​RomneyDa and @​neeravmakwana.
  • Skills: skip disabled skill env overrides from stale persisted snapshots so disabled skill apiKey SecretRefs cannot abort embedded or channel turns. (#​79072, #​79173) Thanks @​zeus1959.
  • Skill Workshop: render the Control UI tab from filtered navigation state and keep filtered fallback routing stable.
  • CLI: avoid live catalog validation during openclaw agents add, so adding a secondary agent no longer depends on provider catalog availability. (#​76284, #​88314) Thanks @​zhangguiping-xydt.
  • CLI: harden CLI and plugin edge cases, and keep plugins list --json on the snapshot-only path so plugin sweeps avoid loading the full runtime status graph. (#​88896)
  • CLI/desktop: bridge WSL clipboard operations through the shell, recognize manual-update launchd jobs, and keep machine-readable startup output parseable during progress setup. (#​88764, #​88689) Thanks @​alexzhu0.
  • Plugins: make PixVerse external-plugin ClawHub metadata explicit and keep it out of bundled dist builds.
  • Plugins: clarify plugin loader failure guidance and treat soft plugin repair warnings as nonfatal so missing or incompatible plugin packages point operators at the right repair path without blocking unrelated work. (#​84431) Thanks @​TurboTheTurtle.
  • Plugins: preserve npm plugin roots after blocked installs, skip plugin-local openclaw peer symlinks during rollback snapshots, relink those peers after restore, isolate cached tool runtime siblings, isolate provider catalog projections and web-provider factory failures, and keep private LLM-core declarations bundled so one bad plugin does not poison sibling runtime paths. (#​77237, #​88767, #​88807, #​89336) Thanks @​vincentkoc and @​RomneyDa.
  • Cron: keep SQLite cron migrations compatible with legacy run-log tables, archived job stores, diagnostic cron names, single-job run-history names, startup cron retries, and legacy one-shot delete-after-run behavior. (#​88285, #​88294, #​89075) Thanks @​kip-claw.
  • Cron: keep update delivery validation scoped, harden restart state, and retire MCP runtimes on isolated cron cleanup.
  • Auto-reply: guard dispatcher failure-count probes so missing optional counters do not break SDK-typed recovery paths. (#​89318) Thanks @​Alix-007 and @​takhoffman.
  • Memory: serialize QMD update/embed writes per store, reduce Linux watcher fan-out, avoid noisy gateway watcher warnings, retry transient FileProvider-backed reads, preserve phase signals on read errors, harden envelope metadata sanitization, reattach Linux native watchers when directories are recreated, and rewrite generated transcript paths on rollover so memory/search state survives concurrent gateway and CLI activity. (#​66339, #​85931, #​89185, #​89188, #​89246, #​85351) Thanks @​openperf, @​amittell, @​RomneyDa, and @​NianJiuZst.
  • Memory: keep vector-disabled FTS indexes from resolving embedding providers during sync and search.
  • Providers: bound generated media downloads from OpenAI, Runway, xAI, MiniMax, BytePlus, DashScope-compatible, FAL, OpenRouter, Google, Vydra, and Comfy providers.
  • Providers: resolve Google defaults to google-generative-ai, register Vertex static catalog rows and gemini-3.1-flash-lite, align Foundry reasoning metadata, skip DeepSeek V4 thinking params on Foundry fallback, use MiniMax account OAuth endpoints, preserve Copilot Claude 1M capabilities, suppress disabled Ollama reasoning output, forward Gemini stop sequences, switch direct Gemini reasoning to native mode, strip provider self-prefixes and Kimi-incompatible Anthropic cache markers, keep OpenAI stop-finished tool calls, and avoid replay ids when the Responses store is disabled. (#​88480, #​88512, #​88781, #​89343, #​89379, #​89400, #​76612) Thanks @​coder999999999, @​BryanTegomoh, @​vliuyt, @​charles-openclaw, @​zz327455573, @​849261680, and @​XuZehan-iCenter.
  • Providers: cap GitHub Copilot OAuth request timeouts before creating abort signals.
  • Cron: retry recurring jobs after transient model rate limits before waiting for the next scheduled slot.
  • Agents/Codex: keep live session locks during cleanup, recover interrupted CLI tool transcripts, preserve Codex auth and compaction session identity, clear orphan tool state, cap app-server idle timers, and keep media completion delivery retryable. (#​88129, #​88136, #​88141, #​88162, #​88182)
  • Chat/UI: show Gateway chat failures as visible assistant messages in the Control UI instead of only setting an invisible error state.
  • Channels: cap Telegram, Discord, WhatsApp, Signal, Feishu, Google Chat, Microsoft Teams, QQBot, Nostr, Zalo, Zalouser, and Nextcloud-style request/retry timers; preserve SMS approval reply routes; keep iMessage typing active during tool work; allow RFC2544 benchmark ranges for QQBot token fetches; and retry WhatsApp QR login 408 timeouts. (#​88183, #​88948, #​88984, #​89015) Thanks @​omarshahine, @​Jensenwgd, and @​sliverp.
  • Security/config parsing: reject unsafe OAuth/token lifetimes, retry-after delays, inbound timestamps, response body sizes, command timeout config, sandbox observer token TTLs, corrupt shell snapshots, untrusted workspace setup-only channel loads, remote media reference overreads, trajectory export leaks, hooks-token auth reuse, and gateway WebSocket calls after close. (#​86953, #​87376, #​88974, #​89354, #​89701) Thanks @​hxy91819, @​coygeek, @​pgondhi987, and @​RomneyDa.
  • Providers/media: cap local service, model, usage, queue, generated media, TTS, music, workflow polling, and provider OAuth request timers across hosted and local providers.
  • Release/CI/E2E: bound release candidate reads, beta smoke REST calls, plugin npm verification commands, changelog restore, cross-OS process groups, kitchen-sink and bundled plugin readiness probes, secret-provider probes, Telegram credential timeouts, Control UI i18n and CLI startup metadata generation, Vitest routing, dependency guard admin approvals, child workflow failure detection, quiet Node test shard stalls, dist cache restores, Docker base-image/package cleanup, and mainline test flakes. (#​84988, #​88127, #​88137, #​88155, #​88160, #​88966, #​89169) Thanks @​LibraHo and @​RomneyDa.
  • Release/CI/E2E: keep Kitchen Sink live plugin MCP probes resolving source-checkout workspace packages and align the live gauntlet with current Kitchen Sink diagnostics.
  • Backup: accept root-relative hardlink targets during backup verification. (#​89328) Thanks @​abnershang.
  • Release/CI/E2E: run the secret-provider integration proof through the repo pnpm runner so native macOS and Windows validation use the hydrated package-manager shim.
  • Release/CI/E2E: run the Telegram desktop proof gateway through the repo pnpm runner so native macOS proof uses the hydrated package-manager shim.
  • Docs/CI: run Mintlify anchor checks through the repo pnpm runner so docs link validation works when pnpm is only available through the hydrated package-manager shim.
  • Agents: keep configured fallback model metadata typed so provider params, context-token caps, and media input limits do not break changed-gate typechecks.
  • Agents: accept hidden sessions_send body aliases before validation while keeping the model-facing message schema canonical. (#​88229) Thanks @​zhangguiping-xydt.
  • Chat/UI: preserve startup chat sends during history loading, unblock the initial Control UI chat send, stream chat deltas incrementally, skip markdown parsing while streaming, keep drafts local while typing, guard composer rerenders, cache chat transcript renders, record pending-send paint timing, show the Communication Notifications tab, honor Chromium executable overrides, and detect system Chromium for E2E. (#​74715, #​88952, #​88960, #​88998) Thanks @​VladyslavLevchuk and @​vincentkoc.
  • Channels: stop schema-padded poll modifiers from turning normal send actions into invalid poll sends. (#​89601) Thanks @​codezz and @​takhoffman.
  • Channels: preserve long Feishu streaming replies, recover failed progress draft starts, send visible fallbacks when accepted Feishu turns produce no final reply, preserve external sessions_send routes, persist Discord thread bindings in SQLite, tolerate iMessage self-chat timestamp skew, preserve colon-prefixed slash commands in mention parsing, decode Nostr npub allowlists correctly, and suppress raw provider errors during channel delivery. (#​87896, #​88749, #​88803, #​88866) Thanks @​MonkeyLeeT.
  • Config/status/doctor: skip unresolved shell references in state-dir dotenv files, resolve gateway auth secrets during deep status audits, surface disabled Codex plugin routes in doctor lint, respect explicit PI runtime policy, report runtime tool-schema and gateway health credential errors, clear recovered embedded-run activity, migrate voice-call call logs through doctor, and keep post-upgrade JSON stable. (#​88731, #​88761, #​88820, #​88288, #​89731) Thanks @​brokemac79, @​openperf, and @​RomneyDa.
  • Gateway/session state: list commands from the Gateway plugin registry, harden MCP loopback tool schemas, hide phantom agent-store rows from sessions.list, make task persistence failures explicit, support Tailscale Serve service names, guard Browser/Chrome pending attach aborts, and carry session UUIDs on interactive dispatch events. (#​88305) Thanks @​rohitjavvadi.
  • Gateway/plugins: narrow plugin lookup memoization to the stable plugin/runtime inputs, avoiding repeated lookup work without mixing disabled or filtered plugin state.
  • OpenAI/TTS: handle speed directives for OpenAI TTS voices. (#​74089)
  • CI/Crabbox: keep default runner capacity on the Azure credit-backed on-demand D4 lane with the Azure SSH port and a Git-independent full check job, so broad validation avoids low-priority spot quota stalls, hydrate port mismatches, non-Git hydrated workspaces, and stale AWS region hints.
  • CI/Crabbox: route Crabbox wrapper and Testbox workflow edits to their regression tests so changed-test gates do not silently run zero specs.
  • CI/workflows: route workflow sanity helper edits to their guard tests and cover composite-action input interpolation checks.
  • CI/tooling: route CI scope, dependency, changelog, and docs helper edits to their owner tests instead of silently skipping changed-test coverage.
  • CI/tooling: route package, release, and install helper edits to their owner tests so changed-test gates cover publish and installer script changes.
  • CI/tooling: route shared script library edits through their owner tests so lock, process, safety, and scan helpers do not skip changed-test coverage.
  • CI/tooling: skip expensive import-graph scans once a changed diff already requires broad fallback, keeping local changed-test planning fast while still collecting explicit owner tests.
  • CI/tooling: route script edits through conventional owner tests when matching test/scripts or src/scripts coverage already exists.
  • CI/tooling: honor option terminators in the memory FD repro script so follow-on arguments are not reparsed.
  • Release/CI/E2E: assert plugin lifecycle runtime inspect output instead of only capturing it.
  • Release/CI/E2E: make gateway-network prove the advertised health RPC and retry early WebSocket closes without burning full open timeouts.
  • Release/CI/E2E: honor option terminators across release, Parallels smoke, plugin gauntlet, and extension-memory scripts.
  • Release/CI/E2E: fail plugin gateway gauntlet QA chunks when the requested suite summary is missing or invalid.
  • Performance: prebuild QA runtime probes with generated plugin assets but without CLI startup metadata.
  • Performance: skip declaration bundling for runtime-only CLI startup and gateway watch build profiles.
  • Performance: reuse prepared provider handles, strict tool schemas, gateway runtime metadata, session maintenance config, plugin metadata, bundled skill allowlists, package-local plugin artifacts, single-entry store writes, and validated/serialized session prompt blobs.

v2026.5.28

Compare Source

Highlights
  • Agent and Codex runtime recovery is steadier: subagents keep cwd/workspace separation, hook context stays prompt-local, session locks release on timeout abort while live OpenClaw locks survive cleanup, stale restart continuations are avoided, and Codex app-server/helper failures no longer tear down shared runtime state. (#​87218, #​86875, #​87409, #​87399, #​87375, #​88129)
  • Channel delivery and session identity got safer across outbound plugin hooks, Matrix room ids, iMessage reactions/approvals, Slack final replies, Discord recovered tool warnings, runtime-config message actions, WhatsApp profile auth roots, Telegram polling, and Microsoft Teams service URL trust checks. (#​73706, #​75670, #​87366, #​87451, #​87334, #​84535, #​82492, #​83304, #​87160)
  • Mobile and chat surfaces got a broader refresh: the iOS Pro UI, hosted push relay default, realtime Talk tab playback, Gateway chat transport, onboarding, Talk permissions, WebChat reconnect delivery, and session picker behavior now preserve more state across reconnects and empty searches. (#​87367, #​87531, #​87682, #​88096, #​88105) Thanks @​ngutman and @​BunsDev.
  • Browser, channel, and automation inputs are stricter: Browser tool timeouts, viewport/tab indices, Gateway ports, cron retry handling, Discord component ids, schema array refs, Telegram callback pages, and channel progress callbacks now reject malformed values earlier and preserve the intended delivery context. (#​82887)
  • Provider, media, and document coverage expands with Claude Opus 4.8, Fal Krea image schemas, NVIDIA featured models, MiniMax streaming music responses, encrypted PDF extraction, voice model catalogs, GitHub Copilot agent runtime support, and a Codex Supervisor plugin path for delegated Codex workflows. (#​87845, #​87890, #​80775, #​84764, #​87751, #​87794)
  • CLI, auth, doctor, and provider paths fail faster and recover more clearly: malformed numeric/version options are rejected, workspace dotenv provider credentials are ignored, heartbeat defaults, OAuth/token lifetimes, and local service startup requests are bounded, agent auth health labels are clearer, legacy api_key auth profiles migrate to canonical form, and restart guidance is actionable. (#​87398, #​86281, #​87361, #​88133, #​83655, #​87559, #​88088, #​85924) Thanks @​vincentkoc and @​giodl73-repo.
  • Plugin and Gateway hot paths do less repeated work while preserving cache correctness for install records, config JSON parsing, tool search catalogs, session stores, manifest model rows, auto-enabled plugin config, browser tokens, viewer assets, and release-split external plugin packages. (#​86699)
  • Release, QA, and E2E validation now bound more log, artifact, harness, and cross-OS waits so failing lanes produce proof instead of hanging or false-greening.
Changes
  • Status: show active subagent details in status output.
  • Diffs: split the default language pack and expand default Diffs language coverage while keeping the host floor aligned. (#​87370, #​87372) Thanks @​RomneyDa.
  • ClawHub: add plugin display names plus skill verification and trust surfaces. (#​87354, #​86699) Thanks @​thewilloftheshadow and @​Patrick-Erichsen.
  • iOS: refresh the dev app with Pro Command, Chat, Agents, Settings, hosted push relay defaults, and realtime Talk playback wired to gateway sessions, diagnostics, chat, and realtime Talk. (#​87367, #​88096, #​88105) Thanks @​Solvely-Colin and @​ngutman.
  • Docs: clarify Codex computer-use setup, paste-token stdin auth setup, macOS gateway sleep troubleshooting, native Codex hook relay recovery, container model auth, install deployment cards, device-token admin gating, CLI setup flow compatibility, Notte cloud browser CDP setup, and backport targets. (#​87313, #​63050, #​87685) Thanks @​bdjben, @​liaoandi, and @​thewilloftheshadow.
  • PDF/tools: use ClawPDF for PDF extraction, support encrypted PDF extraction, and surface MCP structured content in agent tool results. (#​87670, #​87751)
  • Providers: add Claude Opus 4.8 support, Fal Krea image model schemas, NVIDIA featured model catalogs, MiniMax streaming music responses, and provider-backed voice model catalogs. (#​87845, #​87890, #​80775, #​84764, #​87794) Thanks @​eleqtrizit and @​vincentkoc.
  • Codex/GitHub: add the GitHub Copilot agent runtime and the Codex Supervisor plugin package.
  • Plugins: externalize GitHub Copilot and Tokenjuice as official install-on-demand plugins with npm and ClawHub publish metadata.
  • Workboard: add agent coordination tools for tracking and handing off active agent work.
  • Discord: show commentary in progress drafts so live Discord runs expose useful in-progress context. (#​85200)
  • Plugin SDK: add a reply payload sending hook for plugins that need to deliver channel-owned replies and flatten package types for SDK declarations. (#​82823, #​87165) Thanks @​piersonr and @​RomneyDa.
  • Policy: add policy comparison, ingress-channel conformance, and sandbox-posture conformance checks. (#​85572, #​85744, #​86768)
Fixes
  • Agents: fall back to local config pruning when the optional agents delete Gateway probe cannot authenticate, so offline installs can still delete agents without removing shared workspaces.
  • Tighten phone-control mutation authorization [AI]. (#​87150) Thanks @​pgondhi987.
  • Clarify directive persistence authorization policy [AI]. (#​86369) Thanks @​pgondhi987.
  • Agents/Codex: keep spawned agent cwd/workspace state separated, forward ACP spawn attachments, keep hook context prompt-local, release session locks on timeout abort and runtime teardown without deleting live OpenClaw-owned locks during cleanup, avoid session event queue self-wait, clean up exec abort listeners, stream assistant deltas incrementally, recover raw missing-thread compaction failures, preserve rotated compaction session identity, keep compaction-timeout snapshots continuable, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts and prune stale bridge files, close native hook relay replacement races, keep Claude live tool progress visible for watchdog recovery, suppress abandoned requester completion handoff, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format skills command output, bind node auto-review to prepared plans, retry Claude CLI transcript probes, and bound compaction/steering retries. (#​87218, #​86875, #​86123, #​88129, #​87399, #​87375, #​72574, #​87383, #​87400, #​83022, #​87671, #​87738, #​87747, #​87706, #​87546, #​87541, #​81048) Thanks @​mbelinky, @​Alix-007, @​luoyanglang, @​yetval, @​sjf, @​joshavant, @​benjamin1492, @​c19354837, @​fuller-stack-dev, @​pfrederiksen, and @​dodge1218.
  • Codex Supervisor: keep real-home app-server MCP session listing on the loaded state path, bound stored history scans, and close WebSocket probes cleanly.
  • Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, resolve Gateway message actions against the active runtime config, preserve Telegram SecretRef prompt config and polling keepalives, preserve WhatsApp profile auth roots, QR display, document filenames, and plugin hook config, suppress Discord recovered tool warnings, preserve the Discord voice outbound helper, cap Discord/Signal/Zalo channel request and container timeouts, and block untrusted Teams service URLs while keeping TeamsSDK patterns aligned. (#​73706, #​75670, #​87366, #​87451, #​87465, #​87334, #​84535, #​76262, #​83304, #​82492, #​87581, #​77114, #​86426, #​85529, #​87160) Thanks @​zeroaltitude, @​lukeboyett, @​jarvis-mns1, @​xiaotian, @​funmerlin, @​joshavant, @​eleqtrizit, @​heyitsaamir, @​amittell, @​lidge-jun, @​liorb-mountapps, @​masatohoshino, @​bladin, and @​giodl73-repo.
  • CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, ignore workspace dotenv provider credentials, wait for respawn child shutdown, bound heartbeat defaults plus Codex, GitHub Copilot, OpenAI, Anthropic, Google, Feishu, LM Studio, MiniMax, Xiaomi TTS, and local-provider OAuth/token/model requests, harden Codex auth probes, label auth health by agent, preserve explicit agentRuntime pins during Codex model migration, warm provider auth off the main thread, honor Codex response timeouts, stop migrating current Claude Haiku 4.5 profiles to Sonnet, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical api_key auth profiles, and make doctor restart follow-ups actionable. (#​87398, [#​86281](https://redirect.github.com

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/automation branch 4 times, most recently from 4dcaac8 to fffebb3 Compare June 3, 2026 17:56
@renovate renovate Bot force-pushed the renovate/automation branch from fffebb3 to 6369b13 Compare June 4, 2026 16:46
@hobroker hobroker changed the title chore(deps): update automation chore(deps): update automation apps Jun 4, 2026
@hobroker hobroker merged commit 7e43f29 into master Jun 4, 2026
6 checks passed
@hobroker hobroker deleted the renovate/automation branch June 4, 2026 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@hobroker hobroker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hobroker