Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix Gateway RPC: add SDK-facing artifacts APIs [2 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#74706Fetched 2026-04-30 06:20:57
View on GitHub
Comments
1
Participants
2
Timeline
6
Reactions
2
Author
BunsDevBunsDev
Participants
BunsDevBunsDevclawsweeper[bot]clawsweeper[bot]
Timeline (top)
cross-referenced ×3commented ×1mentioned ×1subscribed ×1

PR fix notes

PR #74769: feat(gateway): add artifact RPCs

Description (problem / solution / changelog)

Summary

Describe the problem and fix in 2–5 bullets:

  • Problem: Gateway clients have no supported artifact RPC surface, so SDK/app clients must scrape chat history and infer downloadable media themselves.
  • Why it matters: External app clients need stable artifact discovery and download semantics for generated or attached media without depending on transcript internals.
  • What changed: Added artifacts.list, artifacts.get, and artifacts.download gateway RPCs over session transcript artifact blocks, with protocol schemas, method discovery, read-scope authorization, and typed unsupported/not-found errors.
  • What did NOT change (scope boundary): This does not add a new artifact store or expose arbitrary local file paths; unsupported artifact sources return explicit unsupported errors.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #74706
  • Related #74704
  • This PR fixes a bug or regression

Root Cause (if applicable)

  • Root cause: Artifacts existed only as transcript content blocks, with no supported gateway RPC projection for SDK/app clients.
  • Missing detection / guardrail: There was no focused gateway test asserting artifact list/get/download behavior or typed missing/unsupported errors.
  • Contributing context (if known): The SDK happy path needs artifact access without requiring clients to parse chat history payload details.

Regression Test Plan (if applicable)

  • Coverage level that should have caught this:
    • Unit test
    • Seam / integration test
    • End-to-end test
    • Existing coverage already sufficient
  • Target test or file: src/gateway/server-methods/artifacts.test.ts
  • Scenario the test should lock in: Session transcript media blocks are listed as stable artifact summaries, can be fetched by ID, can be downloaded as base64 bytes, and missing/unsupported query paths return typed errors.
  • Why this is the smallest reliable guardrail: The new behavior is a gateway RPC projection over existing transcript state, so handler-level tests cover the API contract directly.
  • Existing test that already covers this (if any): N/A
  • If no new test is added, why not: N/A

User-visible / Behavior Changes

SDK and app clients can call artifacts.list, artifacts.get, and artifacts.download with sessionKey, runId, or taskId query context. Inline transcript artifacts download as base64 bytes; URL-backed artifacts return a URL; unsupported sources return a typed error.

Diagram (if applicable)

Before:
SDK client -> chat.history -> parse transcript media internals

After:
SDK client -> artifacts.list/get/download -> normalized artifact contract

Security Impact (required)

  • New permissions/capabilities? (No)
  • Secrets/tokens handling changed? (No)
  • New/changed network calls? (No)
  • Command/tool execution surface changed? (No)
  • Data access scope changed? (Yes)
  • If any Yes, explain risk + mitigation: Artifact RPCs expose only artifacts already present in authorized chat/session transcript data and are gated by existing operator.read scope. They do not read arbitrary local file paths.

Repro + Verification

Environment

  • OS: Linux
  • Runtime/container: Node 22.14.0, pnpm
  • Model/provider: N/A
  • Integration/channel (if any): Gateway RPC
  • Relevant config (redacted): Default test config

Steps

  1. Seed a session transcript message with an image/file content block.
  2. Call artifacts.list with the session key.
  3. Call artifacts.get and artifacts.download with the returned artifact ID.
  4. Call with missing/unknown artifact context.

Expected

  • Artifact summaries are stable and omit raw bytes.
  • artifacts.download returns base64 bytes or URL depending on source.
  • Missing/unsupported cases return typed errors.

Actual

  • Matches expected after this PR.

Evidence

Attach at least one:

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

  • Verified scenarios: artifacts.list, artifacts.get, artifacts.download, runId-to-session lookup, missing query scope, missing artifact ID, protocol schema compilation, method-scope discovery.
  • Edge cases checked: Inline base64 artifact bytes are omitted from summaries and returned only from download.
  • What you did not verify: A live SDK/OpenMeow client against a running gateway.

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

  • Backward compatible? (Yes)
  • Config/env changes? (No)
  • Migration needed? (No)
  • If yes, exact upgrade steps: N/A

Risks and Mitigations

  • Risk: The first artifact source is intentionally conservative and may return artifact_download_unsupported for transcript blocks that reference local-only paths.
    • Mitigation: This avoids exposing arbitrary local filesystem paths while establishing the stable RPC contract for inline and URL-backed artifacts.

Changed files

  • src/gateway/method-scopes.ts (modified, +3/-0)
  • src/gateway/protocol/index.ts (modified, +24/-0)
  • src/gateway/protocol/schema.ts (modified, +1/-0)
  • src/gateway/protocol/schema/artifacts.ts (added, +73/-0)
  • src/gateway/protocol/schema/protocol-schemas.ts (modified, +16/-0)
  • src/gateway/protocol/schema/types.ts (modified, +7/-0)
  • src/gateway/server-methods-list.ts (modified, +3/-0)
  • src/gateway/server-methods.ts (modified, +2/-0)
  • src/gateway/server-methods/artifacts.test.ts (added, +180/-0)
  • src/gateway/server-methods/artifacts.ts (added, +375/-0)

PR #74847: feat(gateway): add SDK task ledger RPCs

Description (problem / solution / changelog)

Summary

  • Problem: @openclaw/sdk exposed oc.tasks.*, but list, get, and cancel still threw unsupported errors because Gateway had no SDK-facing task ledger RPCs.
  • Why it matters: OpenMeow and other app clients need stable task visibility for detached/background work without reading internal logs or CLI-only surfaces.
  • What changed: Added tasks.list, tasks.get, and tasks.cancel Gateway RPCs, SDK methods/types, protocol schemas, scopes, docs, and regression coverage.
  • What did NOT change (scope boundary): This does not add tool invocation, artifact APIs, environment provisioning, or new task runtime semantics.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

Root Cause (if applicable)

  • Root cause: Gateway already had a durable task registry, but no public RPC contract or SDK bridge exposed it to external app clients.
  • Missing detection / guardrail: SDK coverage only locked in unsupported task errors instead of the app-client task ledger contract.
  • Contributing context (if known): The OpenMeow gap map calls out tasks.list, tasks.get, and tasks.cancel as missing basics.

Regression Test Plan (if applicable)

  • Coverage level that should have caught this: Unit test and seam / integration test.
  • Target test or file: src/gateway/server-methods/tasks.test.ts, src/gateway/protocol/index.test.ts, packages/sdk/src/index.test.ts, packages/sdk/src/index.e2e.test.ts.
  • Scenario the test should lock in: SDK task methods route to Gateway RPCs, task statuses are app-facing and stable, filters work, scopes are classified, and cancel returns a clear result contract.
  • Why this is the smallest reliable guardrail: It exercises the protocol and SDK seams without requiring a live detached task runtime.
  • Existing test that already covers this (if any): Existing task registry tests cover the underlying task lifecycle.
  • If no new test is added, why not: N/A.

User-visible / Behavior Changes

oc.tasks.list(), oc.tasks.get(taskId), and oc.tasks.cancel(taskId) now call Gateway task ledger RPCs instead of throwing unsupported errors.

Diagram (if applicable)

Before:
[external app] -> [@openclaw/sdk oc.tasks.*] -> [unsupported error]

After:
[external app] -> [@openclaw/sdk oc.tasks.*] -> [Gateway tasks.* RPC] -> [durable task registry]

Security Impact (required)

  • New permissions/capabilities? (Yes/No) Yes
  • Secrets/tokens handling changed? (Yes/No) No
  • New/changed network calls? (Yes/No) No
  • Command/tool execution surface changed? (Yes/No) No
  • Data access scope changed? (Yes/No) Yes
  • If any Yes, explain risk + mitigation: tasks.list and tasks.get require operator.read; tasks.cancel requires operator.write. The RPCs expose task metadata from the existing durable task registry and do not expose secrets.

Repro + Verification

Environment

  • OS: Ubuntu/Linux local workspace
  • Runtime/container: Node 22.22.0 via nvm, pnpm 10.33.2
  • Model/provider: N/A
  • Integration/channel (if any): Gateway WebSocket RPC / @openclaw/sdk
  • Relevant config (redacted): N/A

Steps

  1. On current main, call oc.tasks.list(), oc.tasks.get("task-id"), or oc.tasks.cancel("task-id").
  2. Observe the SDK unsupported error.
  3. Apply this PR.
  4. Call the same SDK methods against a Gateway with task records.

Expected

  • SDK task methods route to Gateway task ledger RPCs and return stable task summaries or cancel results.

Actual

  • Before this PR, SDK task methods throw unsupported errors.

Evidence

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Lint evidence:

  • git diff --check HEAD~1 HEAD
  • targeted oxlint on changed TS files
  • markdownlint-cli2 docs/concepts/openclaw-sdk.md

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

  • Backward compatible? (Yes/No) Yes
  • Config/env changes? (Yes/No) No
  • Migration needed? (Yes/No) No
  • If yes, exact upgrade steps: N/A

Risks and Mitigations

  • Risk: SDK-facing task statuses intentionally differ from internal registry statuses.
  • Mitigation: Tests lock in the public mapping, including succeeded to completed and lost to failed.

Changed files

  • apps/macos/Sources/OpenClawProtocol/GatewayModels.swift (modified, +214/-0)
  • apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift (modified, +214/-0)
  • docs/concepts/openclaw-sdk.md (modified, +12/-5)
  • packages/sdk/src/client.ts (modified, +13/-9)
  • packages/sdk/src/index.e2e.test.ts (modified, +54/-0)
  • packages/sdk/src/index.test.ts (modified, +64/-9)
  • packages/sdk/src/index.ts (modified, +6/-0)
  • packages/sdk/src/types.ts (modified, +50/-0)
  • src/gateway/method-scopes.test.ts (modified, +3/-0)
  • src/gateway/method-scopes.ts (modified, +3/-0)
  • src/gateway/protocol/index.test.ts (modified, +21/-0)
  • src/gateway/protocol/index.ts (modified, +31/-0)
  • src/gateway/protocol/schema.ts (modified, +1/-0)
  • src/gateway/protocol/schema/protocol-schemas.ts (modified, +16/-0)
  • src/gateway/protocol/schema/tasks.ts (added, +91/-0)
  • src/gateway/protocol/schema/types.ts (modified, +7/-0)
  • src/gateway/server-methods-list.ts (modified, +3/-0)
  • src/gateway/server-methods.ts (modified, +2/-0)
  • src/gateway/server-methods/tasks.test.ts (added, +167/-0)
  • src/gateway/server-methods/tasks.ts (added, +205/-0)
  • src/tasks/detached-task-runtime-contract.ts (modified, +1/-0)
  • src/tasks/task-registry.ts (modified, +5/-2)
RAW_BUFFERClick to expand / collapse

Goal

Add SDK-facing artifact RPCs so external apps can discover and render rich outputs.

OpenMeow and other app clients will need stable access to generated files, diffs, screenshots, logs, media, trajectories, and PR links without parsing runtime internals.

Proposed methods

  • artifacts.list
  • artifacts.get
  • artifacts.download

Acceptance criteria

  • Artifacts can be queried by runId, sessionKey, or taskId.
  • Artifact summaries include stable type/title/mime/size metadata.
  • Download supports URL or bytes depending on transport constraints.
  • SDK can expose artifacts without clients knowing runtime-specific storage details.
  • Unsupported/missing artifacts return typed errors.

References

extent analysis

TL;DR

Implement the proposed artifacts.list, artifacts.get, and artifacts.download RPC methods to provide stable access to generated files and other artifacts for external apps.

Guidance

  • Review the proposed RPC methods and acceptance criteria to ensure they meet the requirements for external apps to discover and render rich outputs.
  • Implement artifact querying by runId, sessionKey, or taskId to provide flexible access to artifacts.
  • Design artifact summaries to include stable type, title, mime, and size metadata to support various client needs.
  • Consider transport constraints when implementing download support for URLs or bytes.

Example

No code snippet is provided as the issue focuses on proposing RPC methods and acceptance criteria rather than implementing specific code.

Notes

The implementation details of the proposed RPC methods are not specified, and the issue lacks information on the current state of the codebase and any potential technical debt or constraints.

Recommendation

Apply workaround by implementing the proposed RPC methods and acceptance criteria to provide stable access to artifacts for external apps, as this approach is specifically designed to address the goal of adding SDK-facing artifact RPCs.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#environment setup#docker error#permission error#memory optimization#batch processing

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix Gateway RPC: add SDK-facing artifacts APIs [2 pull requests, 1 comments, 2 participants]