vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-13 11:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,774 Commits 687 Branches 77 Tags
codex/plugin-sdk-full-parity-subpaths
Commit Graph

16774 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gustavo Madeira Santana
3dee7d0749 fix: normalize libsignal lockfile source URL 2026-03-03 21:56:29 -05:00
Gustavo Madeira Santana
669d223d35 chore: drop parity tracker doc and bump peer floors 2026-03-03 21:46:38 -05:00
Gustavo Madeira Santana
9c8410a602 test: harden whatsapp resolve-target sdk mock 2026-03-03 21:46:38 -05:00
Gustavo Madeira Santana
c30387a65b fix: tighten plugin-sdk guard scripts 2026-03-03 21:46:37 -05:00
Gustavo Madeira Santana
f729e0853b plugin-sdk: add channel subpaths and migrate bundled plugins 2026-03-03 21:46:37 -05:00
Josh Avant
1c200ca7ae follow-up: align ingress, atomic paths, and channel tests with credential semantics (#33733) 
Merged via squash.

Prepared head SHA: c290c2ab6a
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 20:29:46 -06:00
Gustavo Madeira Santana
6842877b2e build: prevent mixed static/dynamic pi-model-discovery imports 2026-03-03 21:27:14 -05:00
Gustavo Madeira Santana
b10f438221 Config: harden legacy heartbeat key migration 2026-03-03 20:42:35 -05:00
wan.xi
caa748b969 fix(config): detect top-level heartbeat as invalid config path (#30894) (#32706) 
Merged via squash.

Prepared head SHA: 1714ffe6fc
Co-authored-by: xiwan <931632+xiwan@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 20:27:04 -05:00
LiaoyuanNing
b7589b32a8 fix(feishu): support SecretRef-style env credentials in account resolver (#30903) 
Merged via squash.

Prepared head SHA: d3d0a18f17
Co-authored-by: LiaoyuanNing <259494737+LiaoyuanNing@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 19:22:50 -06:00
Gustavo Madeira Santana
21e8d88c1d build: fix ineffective dynamic imports with lazy boundaries (#33690) 
Merged via squash.

Prepared head SHA: 38b3c23d6f
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 20:14:41 -05:00
Igal Tabachnik
a4850b1b8f fix(plugins): lazily initialize runtime and split plugin-sdk startup imports (#28620) 
Merged via squash.

Prepared head SHA: 8bd7d6c13b
Co-authored-by: hmemcpy <601206+hmemcpy@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 19:58:48 -05:00
habakan
4b17d6d882 feat(gateway): add Permissions-Policy header to default security headers (#30186) 
Merged via squash.

Prepared head SHA: 0dac89283f
Co-authored-by: habakan <12531644+habakan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 16:25:39 -08:00
Gustavo Madeira Santana
0d97101665 Agents: preserve bootstrap warning dedupe across followup runs 2026-03-03 18:56:11 -05:00
liquidhorizon88-bot
d95cf256e7 Security audit: suggest valid gateway.nodes.denyCommands entries (#29713) 
Merged via squash.

Prepared head SHA: db23298f98
Co-authored-by: liquidhorizon88-bot <257047709+liquidhorizon88-bot@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:47:57 -08:00
Cui Chen
e8cb0484ce fix(security): strip partial API token from status labels (#33262) 
Merged via squash.

Prepared head SHA: 5fe81704e6
Co-authored-by: cu1ch3n <80438676+cu1ch3n@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:11:49 -08:00
Clawdoo
b1a735829d docs: fix Mintlify-incompatible links in security docs (#27698) 
Merged via squash.

Prepared head SHA: 6078cd94ba
Co-authored-by: clawdoo <65667097+clawdoo@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 14:51:28 -08:00
Mariano
2a733a8444 fix(ios): harden watch messaging activation concurrency (#33306) 
Merged via squash.

Prepared head SHA: d40f8c4afb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:38:54 +00:00
Mariano
4c6dec84a6 Telegram/device-pair: auto-arm one-shot notify on /pair qr with manual fallback (#33299) 
Merged via squash.

Prepared head SHA: 0986691fd4
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:45 +00:00
Mariano
a36ccf4156 fix(ios): start incremental speech at soft boundaries (#33305) 
Merged via squash.

Prepared head SHA: d1acf72317
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:40 +00:00
Mariano
22e33ddda9 fix(ios): guard talk TTS callbacks to active utterance (#33304) 
Merged via squash.

Prepared head SHA: dd88886e41
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:34:09 +00:00
13otKmdr
a8dd9ffea1 security: add X-Content-Type-Options nosniff header to media route (#30356) 
Merged via squash.

Prepared head SHA: b14f9ad7ca
Co-authored-by: 13otKmdr <154699144+13otKmdr@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 13:35:46 -08:00
wangchunyue
bcd58c26d3 fix(logging ): use local timezone for console log timestamps (#25970) 
Merged via squash.

Prepared head SHA: 30123265b7
Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-04 00:31:41 +03:00
Gustavo Madeira Santana
e4b4486a96 Agent: unify bootstrap truncation warning handling (#32769) 
Merged via squash.

Prepared head SHA: 5d6d4ddfa6
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 16:28:38 -05:00
Sid
3ad3a90db3 fix(gateway): include disk-scanned agent IDs in listConfiguredAgentIds (#32831) 
Merged via squash.

Prepared head SHA: 2aa58f6afd
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-03 21:19:18 +00:00
Shakker
b02a07655d fix: harden pr review artifact validation 2026-03-03 21:14:37 +00:00
joshavant
a9969e641a docs: fix secretref marker rendering in credential surface 2026-03-03 15:08:41 -06:00
scoootscooob
ff96e41c38 fix(discord): align DiscordAccountConfig.token type with SecretInput (#32490) 
Merged via squash.

Prepared head SHA: 233aa032f1
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 14:59:57 -06:00
Robin Waslander
44162e7ba5 docs(contributing): require before/after screenshots for UI PRs (#32206) 
Merged via squash.

Prepared head SHA: d7f0914873
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-03 23:45:19 +03:00
dorukardahan
2cd3be896d docs(security): document Docker UFW hardening via DOCKER-USER (#27613) 
Merged via squash.

Prepared head SHA: 31ddd43326
Co-authored-by: dorukardahan <35905596+dorukardahan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 12:28:35 -08:00
joshavant
490670128b fix(docs): avoid MDX regex markers in secretref page 2026-03-03 14:00:09 -06:00
joshavant
70c6bc8581 fix(docs): use MDX-safe secretref markers 2026-03-03 13:54:03 -06:00
Shadow
65816657c2 feat(discord): add allowBots mention gating 2026-03-03 12:47:25 -06:00
Shadow
b0bcea03db fix: drop discord opus dependency 2026-03-03 12:23:19 -06:00
Shadow
16ebbd24b5 fix(discord): reset thread sessions on archive 2026-03-03 11:32:59 -06:00
Shadow
b8b1eeb052 fix(discord): harden slash command routing 2026-03-03 11:32:05 -06:00
Shadow
0eef7a367d fix(discord): honor agent media roots in replies 2026-03-03 11:29:58 -06:00
Shadow
548b15d8e0 fix(discord): skip bot messages before debounce 2026-03-03 11:29:58 -06:00
Shadow
05446d6b6b docs: document discord ignoreOtherMentions 2026-03-03 11:26:20 -06:00
Shadow
e28ff1215c fix: discord auto presence health signal (#33277) (thanks @thewilloftheshadow) (#33277) 2026-03-03 11:20:59 -06:00
Ayaan Zaidi
3d998828b9 fix: stabilize Telegram draft boundaries and suppress NO_REPLY lead leaks (#33169) 
* fix: stabilize telegram draft stream message boundaries

* fix: suppress NO_REPLY lead-fragment leaks

* fix: keep underscore guard for non-NO_REPLY prefixes

* fix: skip assistant-start rotation only after real lane rotation

* fix: preserve finalized state when pre-rotation does not force

* fix: reset finalized preview state on message-start boundary

* fix: document Telegram draft boundary + NO_REPLY reliability updates (#33169) (thanks @obviyus)
 2026-03-03 22:49:33 +05:30
Shadow
a7a9a3d3c8 fix: allowlist Discord CDN hostnames for SSRF media (#33275) (thanks @thewilloftheshadow) (#33275) 2026-03-03 11:17:27 -06:00
Mariano
bf7061092a iOS Security Stack 4/5: TTS PCM->MP3 Fallback (#30885) (#33032) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f77e3d7644
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:33:55 +00:00
Shadow
d493861c16 fix: discord mention handling (#33224) (thanks @thewilloftheshadow) (#33224) 2026-03-03 10:32:22 -06:00
Mariano
a3112d6c5f iOS Security Stack 3/5: Runtime Security Guards (#33031) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9917165401
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:30:27 +00:00
Mariano
6df57d9633 iOS Security Stack 2/5: Concurrency Locks (#33241) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b99ad804fb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:28:27 +00:00
Shadow
3ee8528b17 test(discord): align bound-thread target kind 2026-03-03 10:22:52 -06:00
Shadow
3b3738e41e fix(discord): use fetch for voice upload slots 2026-03-03 10:22:28 -06:00
Shadow
66d06beec6 fix(discord): stop typing after silent runs 2026-03-03 10:22:27 -06:00
Shadow
5d16d45b20 fix(discord): default presence online when unconfigured 2026-03-03 10:22:27 -06:00