chore(deps): bump the node-deps group across 1 directory with 5 updates

[dependabot]

Bumps the node-deps group with 5 updates in the / directory:

Package	From	To
@agnt-rcpt/sdk-ts	0.9.0	0.10.0
@types/node	25.9.0	25.9.1
@vitest/coverage-v8	4.1.6	4.1.7
openclaw	2026.5.18	2026.5.27
vitest	4.1.6	4.1.7

Updates @agnt-rcpt/sdk-ts from 0.9.0 to 0.10.0

Release notes

Sourced from @​agnt-rcpt/sdk-ts's releases.

daemon v0.10.0

What's Changed

• feat(mcp-proxy): emit to daemon; drop own receipts.db by @​ojongerius in agent-receipts/ar#421
• feat(cli): implement agent-receipts list command by @​ojongerius in agent-receipts/ar#420
• chore: add security checklist to PR template by @​ojongerius in agent-receipts/ar#424
• chore: separate tag from release in release tooling by @​ojongerius in agent-receipts/ar#425
• feat(daemon): add --parameter-disclosure opt-in flag by @​ojongerius in agent-receipts/ar#427
• docs(site): document --parameter-disclosure flag in daemon setup guide by @​ojongerius in agent-receipts/ar#429
• feat(daemon): apply redaction to receipt pipeline fields by @​ojongerius in agent-receipts/ar#426
• feat(store): DESC ordering and remove silent 10k limit cap by @​ojongerius in agent-receipts/ar#428
• chore(deps): bump github.com/agent-receipts/ar/sdk/go from 0.6.0 to 0.9.0 in /cross-sdk-tests in the go group by @​dependabot[bot] in agent-receipts/ar#430
• chore(deps): bump the go group in /mcp-proxy with 3 updates by @​dependabot[bot] in agent-receipts/ar#432
• chore(deps): bump ruff from 0.15.12 to 0.15.13 in /sdk/py in the uv group by @​dependabot[bot] in agent-receipts/ar#433
• chore(deps-dev): bump the npm_and_yarn group in /sdk/ts with 3 updates by @​dependabot[bot] in agent-receipts/ar#434
• chore(deps): bump the npm_and_yarn group in /site with 2 updates by @​dependabot[bot] in agent-receipts/ar#435

Full Changelog: agent-receipts/ar@daemon/v0.9.1...daemon/v0.10.0

hook v0.10.0

What's Changed

• chore(deps): bump sdk/go to v0.9.0 in hook and daemon by @​ojongerius in agent-receipts/ar#419

Full Changelog: agent-receipts/ar@sdk/go/v0.9.0...hook/v0.10.0

mcp-proxy v0.10.0

What's Changed

• docs(adr-0012): pin disclosure envelope canonical shape (accepted: HPKE) by @​ojongerius in agent-receipts/ar#459
• chore(deps): bump sdk/go to v0.10.0 in mcp-proxy and daemon by @​ojongerius in agent-receipts/ar#464

Full Changelog: agent-receipts/ar@sdk/go/v0.10.0...mcp-proxy/v0.10.0

sdk-go v0.10.0

What's Changed

• docs(adr): Accept ADRs 0007, 0012–0016; document implementation status by @​ojongerius in agent-receipts/ar#455
• fix(daemon): honour MCP isError flag in outcome.status by @​ojongerius in agent-receipts/ar#460
• feat: issuer/operator metadata on receipts (host autodetect + flag overrides) by @​ojongerius in agent-receipts/ar#461
• docs(adr-0007): pin did:key v0.7 wire format and test vectors by @​ojongerius in agent-receipts/ar#457
• chore(release): CHANGELOG for sdk/go v0.10.0, mcp-proxy v0.10.0, daemon v0.11.0 by @​ojongerius in agent-receipts/ar#463

Full Changelog: agent-receipts/ar@mcp-proxy/v0.9.0...sdk/go/v0.10.0

sdk-py 0.10.0

What's Changed

• chore(sdk/ts): release v0.10.0 by @​ojongerius in agent-receipts/ar#587
• chore(sdk/py): release v0.10.0 by @​ojongerius in agent-receipts/ar#588

... (truncated)

Changelog

Sourced from @​agnt-rcpt/sdk-ts's changelog.

[0.10.0] - 2026-05-24

Implements spec v0.4.0 (action.idempotency_key), the ADR-0020 emitter interface redesign (WAL, HTTP, composite, in-memory), and aligns peer_credential uid/gid types with the Go SDK. Two breaking changes.

Breaking Changes

• Emitter class renamed to DaemonEmitter (#548). The existing Emitter class (Unix-socket fire-and-forget emitter) is now exported as DaemonEmitter. The name Emitter is now the new interface (see Added). Update all import sites: import { DaemonEmitter } from "@agnt-rcpt/sdk-ts".
• peer_credential.uid and peer_credential.gid are now number | undefined (#580). Previously typed as number, they are now optional to align with the Go SDK's *uint32 — UID=0 (root) is a valid identity and must be distinguishable from "no UID concept on this platform". Code that assumed these fields are always present must add a presence check.

Added

• Emitter interface (#548) — new top-level interface accepted by all emitter consumers. Takes a signed AgentReceipt and returns Promise<void>. Implement it to supply custom delivery backends.
• HttpEmitter (#548) — posts receipts to an HTTP endpoint. Implements Emitter.
• CompositeEmitter (#548) — fans out to multiple Emitter instances sequentially; always attempts every child and collects failures. Implements Emitter.
• BufferingEmitter (#548) — accumulates receipts and flushes in configurable batches. Implements Emitter.
• InMemoryEmitter (#548) — holds receipts in memory; useful for testing. Implements Emitter.
• WalEmitter (#567) — wraps any Emitter and records each receipt in a write-ahead log before delivery, providing at-least-once delivery guarantees. Supports file-backed (durable) and in-memory backends (ADR-0020).
• Action.idempotency_key (#565) — optional string field for deduplication. Chain verifiers surface duplicate values as non-fatal warnings. Part of spec v0.4.0.

Changed

• VERSION constant bumped to "0.4.0" (#565) — receipts emitted via createReceipt() now stamp the v0.4.0 schema label.
• defaultSocketPath() macOS default is now HOME-based (#545). macOS resolves to $XDG_DATA_HOME/agent-receipts/events.sock (defaulting to ~/.local/share/agent-receipts/events.sock) instead of $TMPDIR/agentreceipts/events.sock. TMPDIR is not inherited by GUI-spawned Node processes (e.g., MCP servers launched by Claude Desktop), which broke the daemon ↔ emitter handshake silently. The Go and Python SDKs ship the same resolution so every emitter and the daemon agree on a single path per user. AGENTRECEIPTS_SOCKET continues to take precedence; users who relied on TMPDIR redirection should switch to it.

Commits

• See full diff in compare view

Updates @types/node from 25.9.0 to 25.9.1

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.6 to 4.1.7

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Updates openclaw from 2026.5.18 to 2026.5.27

Release notes

Sourced from openclaw's releases.

openclaw 2026.5.27

Highlights

• Stronger security and content boundaries: group prompt text is kept out of the system prompt, repeated-dot hostnames are normalized, side-effecting command wrappers and unsafe Node runtime env overrides are blocked, no-auth Tailscale exposure is rejected, and node/device-role approvals now require admin authority. (#87144, #87305, #87292, #87308, #87146) Thanks @​eleqtrizit and @​pgondhi987.
• More reliable Codex app-server runs: Codex runtime models resolve first, workspace memory is routed through tools, shared app-server clients survive startup and spawned-helper failures, native hook relay generations survive restarts and rotate on fresh fallbacks, and false runtime live switches are avoided. (#87383, #87403, #87375, #72574, #87428) Thanks @​yetval.
• Faster Gateway and reply paths: session reads, plugin metadata fingerprints, auth env snapshots, auto-enabled plugin config, tool-search catalogs, and stable metadata caches do less hot-path rediscovery while visible replies no longer inherit hidden cleanup timeouts. (#86439, #87044) Thanks @​keshavbotagent.
• Better provider and model coverage: OpenAI-compatible embedding providers are core, DeepInfra catalog browsing loads the full credential-aware model set, Pixverse adds video generation and API region selection, VLLM thinking params are wired, Claude CLI OAuth overlays load for PI auth profiles, and bare direct Anthropic model ids work. (#85269, #84549, #87167) Thanks @​dutifulbob, @​ats3v, and @​joshavant.
• Channel delivery is steadier: Telegram sendMessage actions use durable outbound delivery, iMessage suppresses duplicate native exec approval prompts and sends, Slack keeps delivered final replies during late cleanup, Matrix mention previews/finals are stricter, QQBot fallback approval buttons honor slash-command auth, Discord guild requester checks are tighter, recovered Discord tool-warning artifacts stay out of successful replies, and Google Chat stops thread sends in DMs. (#87261, #87154) Thanks @​mbelinky and @​eleqtrizit.
• Release, package, and CI proof paths are harder to wedge: npm/package inventory honors dist exclusions, shrinkwrap override pins merge correctly, Docker runtime workspace templates are packaged and smoked, release postpublish checks are stricter, beta smoke rejects empty runs, and E2E log/probe waits are bounded.

Changes

• Memory: add a core OpenAI-compatible embedding provider for local and hosted OpenAI-style endpoints, with config, doctor, and docs support. (#85269) Thanks @​dutifulbob.
• Plugin SDK: mark memory-specific embedding provider registration as deprecated compatibility and surface non-bundled usage in plugin compatibility diagnostics. (#85072) Thanks @​mbelinky.
• Providers: add the Pixverse video generation provider, API region selection, docs, and external plugin packaging support.
• DeepInfra: load the full model catalog when users browse models during onboarding, preserve configured API-key catalogs, refresh media/video defaults, and keep pricing/default model metadata aligned. (#84549) Thanks @​ats3v.
• Plugin SDK: expose plugin approval action metadata and stop exporting Vitest test helpers from the public SDK surface. (#87120) Thanks @​RomneyDa.
• Channel SDK: move channel message compatibility into core, remove old channel turn runtime aliases, and preserve runtime catalog markdown metadata for plugins.
• ClawHub: add plugin display metadata so catalog/package listings use cleaner names. (#87354) Thanks @​thewilloftheshadow.
• Agents: split the heartbeat runtime template out of docs assets and add compatibility repair for legacy heartbeat template content. (#85416) Thanks @​hxy91819.

Fixes

• Security/content boundaries: route untrusted group prompt metadata outside system prompts, normalize repeated trailing hostname dots, block side-effecting command wrappers, reject unsafe Node runtime env overrides, reject no-auth Tailscale exposure, block untrusted Microsoft Teams service URLs, enforce /allowlist configWrites origin policy, gate QQBot fallback approval buttons, and require admin for node/device-role approvals. (#87144, #87305, #87292, #87308, #87146, #87154, #87334) Thanks @​eleqtrizit and @​pgondhi987.
• Codex: resolve Codex runtime models before generic routing, route workspace memory through tools, preserve shared app-server clients after startup and spawned-helper failures, preserve native hook relay generations across restarts and fresh fallbacks, keep raw reasoning/source-reply guards intact, report quarantined dynamic tools, keep the attempt watchdog armed for queued terminal turns, and route Codex OAuth compaction through OpenAI-Codex. (#87383, #87403, #87375, #72574, #87428) Thanks @​yetval.
• Agents/runtime: avoid session event queue self-waits, bound compaction wake and steering retries, preserve grace for pending error diagnostics, avoid false Codex runtime live switches, avoid stale restart continuation reuse, preserve session fallback errors, suppress duplicate Claude CLI skill prompts, keep runtime context before active user turns, strip stale Anthropic thinking, quarantine unsupported tool schemas, recover completed write timeouts safely, release retained session write locks on timeout abort, and validate forced plugin harness support before pinning. (#86123, #55424, #86855, #74341, #87278) Thanks @​luoyanglang, @​cathrynlavery, and @​openperf.
• Reply/session delivery: keep visible turn admission unbounded, keep visible fallback delivery on latest targets, preserve bridge hook context, classify direct fallback targets by channel grammar, report approval resolutions in bridge mode, and avoid stale source-reply artifacts. (#87044) Thanks @​keshavbotagent.
• Channels: make Telegram sendMessage action replies durable and preserve SecretRef prompt config, suppress duplicate iMessage native exec approval prompts and sends, keep iMessage approval polling alive after denied reactions, keep Slack delivered final replies during late cleanup, keep Matrix mention previews/finals mention-inert and normally delivered, ignore filename-embedded Matrix IDs, suppress recovered Discord tool-warning artifacts from successful replies, suppress Google Chat thread sends in DMs, and harden Discord guild requester checks. (#87261, #87452) Thanks @​mbelinky.
• Memory: salvage QMD search JSON after nonzero exits and keep workspace memory routing through the Codex tool path where possible. (#87225, #87383, #87403) Thanks @​osolmaz.
• Providers/models: forward cached token usage in OpenAI-compatible chat completions, load Claude CLI OAuth overlays for PI auth profiles, send bare direct Anthropic model ids, wire configured VLLM thinking params, honor OpenAI-compatible cache retention, normalize OpenAI Responses replay tool ids, resolve OpenAI gpt-5.5 without a cached catalog, preserve retry-after fallback handling, bound GitHub Copilot auth requests, and load DeepInfra custom/live catalogs consistently. (#82062, #87167, #84549) Thanks @​caz0075, @​joshavant, and @​ats3v.
• Gateway/performance: borrow read-only session metadata and active session working stores, cache current/stable plugin metadata fingerprints, cache auto-enabled plugin config, slim metadata identity caches, trust current metadata lifecycle caches, stabilize isolated cron prompt-cache affinity, persist model auth profile suffixes, drain probe client closes, expire browser tokens after auth rotation, and keep default status fast paths bounded. Thanks @​ferminquant.
• CLI/help/config: reject loose or malformed numeric options for gateway timeouts, model limits, directory limits, message options, webhooks, and partial values; respect subcommand version options; route generated/root/plugin help targets correctly; keep skills JSON output flushing naturally; and keep plugin descriptor loading quiet in root help. (#87398) Thanks @​Patrick-Erichsen.
• Plugin state/tool search: evict the current namespace when plugin rows hit caps, reuse unchanged tool-search catalogs, align the release catalog reuse wrapper, and keep fallback tool warnings mention-inert.
• Install/package/release: match npm globstar exclusions, honor dist package exclusions in inventory, omit unpacked test helpers, skip Homebrew until macOS packages need it, package Docker runtime workspace templates, smoke Docker runtime templates during full validation, merge nested shrinkwrap override pins, preserve forked shrinkwrap pins, pin aged lru-cache, harden postpublish verification, accept main full-validation proof, and reject empty beta smoke runs.
• E2E/QA/Crabbox: bound Telegram, Open WebUI, ClawHub, Matrix, Tool Search, MCP, gateway network, bundled runtime, kitchen-sink, codex media, config reload, and agent-turn assertion waits; prefer Azure for Windows targets; reinitialize invalid changed-gate git dirs; full-sync sparse container runs; and fail empty explicit test requests. (#87186)

Release verification

• npm package: https://www.npmjs.com/package/openclaw/v/2026.5.27
• registry tarball: https://registry.npmjs.org/openclaw/-/openclaw-2026.5.27.tgz
• integrity: sha512-2N93zhdAo88KAbHt6T7KvYXf4s7XIkYXBgv1npYpn7e1Y9FvrtgtpsA38my9rtFW+70uXEojRPX5/OqnuDqJPw==
• full release CI report: https://github.com/openclaw/releases/blob/main/evidence/2026.5.27/release-evidence.md
• release publish: https://github.com/openclaw/openclaw/actions/runs/26571393853
• npm preflight: https://github.com/openclaw/openclaw/actions/runs/26569630056
• full release validation: https://github.com/openclaw/openclaw/actions/runs/26569544553
• release checks: https://github.com/openclaw/openclaw/actions/runs/26569853272
• product performance: https://github.com/openclaw/openclaw/actions/runs/26569541556
• plugin npm publish: https://github.com/openclaw/openclaw/actions/runs/26571646739
• plugin ClawHub publish: https://github.com/openclaw/openclaw/actions/runs/26571650967

... (truncated)

Commits

• 27ae826 fix(release): accept openclaw qa runtime alias
• 6cdc963 chore(release): prepare 2026.5.27 stable
• a03cd48 fix(whatsapp): strip control characters from outbound document fileName (#77114)
• 5ba6a59 fix(media): drain ignored download responses
• 9de88d4 fix(media): cancel ignored input fetch bodies
• b317664 fix(media): cancel oversized fetch responses
• 66a5748 fix(telegram): lower polling keepalive delay (#83304)
• 6aea967 fix(parallels): guard release target harness mismatch
• 0b92a8e fix(release): accept openclaw runtime alias
• 1e5ff65 docs(skills): refine beta release announcement guidance
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates vitest from 4.1.6 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions