vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-26 09:21:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,520 Commits 899 Branches 88 Tags
dependabot/github_actions/actions/create-github-app-token-3
Commit Graph

4975 Commits

Author SHA1 Message Date
Peter Steinberger
94a01c9789 fix: keep gaxios compat off the package root (#47914) (thanks @pdd-cli) 2026-03-16 08:22:39 +00:00
Tak Hoffman
3c6a49b27e feishu: harden media support and align capability docs (#47968) 
* feishu: harden media support and action surface

* feishu: format media action changes

* feishu: fix review follow-ups

* fix: scope Feishu target aliases to Feishu (#47968) (thanks @Takhoffman)
 2026-03-16 02:02:48 -05:00
Vincent Koc
476d948732 !refactor(browser): remove Chrome extension path and add MCP doctor migration (#47893) 
* Browser: replace extension path with Chrome MCP

* Browser: clarify relay stub and doctor checks

* Docs: mark browser MCP migration as breaking

* Browser: reject unsupported profile drivers

* Browser: accept clawd alias on profile create

* Doctor: narrow legacy browser driver migration
 2026-03-15 23:56:08 -07:00
Peter Steinberger
fb47777d38 fix: address bot nit on session route preservation (#47797) (thanks @brokemac79) 2026-03-15 23:37:59 -07:00
Tak Hoffman
fa62231afc feishu: add structured card actions and interactive approval flows (#47873) 
* feishu: add structured card actions and interactive approval flows

* feishu: address review fixes and test-gate regressions

* feishu: hold inflight card dedup until completion

* feishu: restore fire-and-forget bot menu handling

* feishu: format card interaction helpers

* Feishu: add changelog entry for card interactions

* Feishu: add changelog entry for ACP session binding
 2026-03-16 01:07:09 -05:00
Peter Steinberger
680eff63fb fix: land SIGUSR1 orphan recovery regressions (#47719) (thanks @joeykrug) 2026-03-15 22:32:36 -07:00
Peter Steinberger
abe7ea4373 fix: accept schtasks Last Result key on Windows (#47844) (thanks @MoerAI) 2026-03-15 22:20:34 -07:00
Peter Steinberger
d937b61fb3 fix: follow up shared interactive regressions (#47715) 2026-03-16 05:03:46 +00:00
Peter Steinberger
a69f6190ab fix(gateway): pin plugin webhook route registry (#47902) 2026-03-15 21:53:05 -07:00
Peter Steinberger
b8bb8510a2 feat: move ssh sandboxing into core 2026-03-15 21:35:30 -07:00
Peter Steinberger
aa28d1c711 feat: add firecrawl onboarding search plugin 2026-03-16 03:38:58 +00:00
Peter Steinberger
ae7f18e503 feat: add remote openshell sandbox mode 2026-03-15 20:28:19 -07:00
Peter Steinberger
d8b927ee6a feat: add openshell sandbox backend 2026-03-15 20:03:22 -07:00
Josh Avant
a2cb81199e secrets: harden read-only SecretRef command paths and diagnostics (#47794) 
* secrets: harden read-only SecretRef resolution for status and audit

* CLI: add SecretRef degrade-safe regression coverage

* Docs: align SecretRef status and daemon probe semantics

* Security audit: close SecretRef review gaps

* Security audit: preserve source auth SecretRef configuredness

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-15 21:55:24 -05:00
Ayaan Zaidi
c08796b039 fix: add Telegram topic-edit action (#47798) 2026-03-16 08:03:22 +05:30
Peter Steinberger
47a9c1a893 refactor: merge minimax bundled plugins 2026-03-16 02:26:45 +00:00
Vincent Koc
963237a18f Changelog: note plugin agent integrations 2026-03-15 16:10:59 -07:00
Peter Steinberger
dd40741e18 feat(plugins): add compatible bundle support 2026-03-15 16:08:50 -07:00
Peter Steinberger
4a0f72866b feat(plugins): move provider runtimes into bundled plugins 2026-03-15 15:18:32 -07:00
Vincent Koc
5a7aba94a2 CLI: support package-manager installs from GitHub main (#47630) 
* CLI: resolve package-manager main install specs

* CLI: skip registry resolution for raw package specs

* CLI: support main package target updates

* CLI: document package update specs in help

* Tests: cover package install spec resolution

* Tests: cover npm main-package updates

* Tests: cover update --tag main

* Installer: support main package targets

* Installer: support main package targets on Windows

* Docs: document package-manager main updates

* Docs: document installer main targets

* Docs: document npm and pnpm main installs

* Docs: document update --tag main

* Changelog: note package-manager main installs

* Update src/infra/update-global.test.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-15 14:18:12 -07:00
Nimrod Gutman
47fd8558cd fix(plugins): fix bundled plugin roots and skill assets (#47601) 
* fix(acpx): resolve bundled plugin root correctly

* fix(plugins): copy bundled plugin skill assets

* fix(plugins): tolerate missing bundled skill paths
 2026-03-15 23:00:30 +02:00
Vincent Koc
7931f06c00 Plugins: harden context engine ownership 2026-03-15 13:51:15 -07:00
Gustavo Madeira Santana
4fb0160309 Gateway: sync runtime post-build artifacts 2026-03-15 20:44:15 +00:00
Gustavo Madeira Santana
594920f8cc Scripts: rebuild on extension and tsdown config changes (#47571) 
Merged via squash.

Prepared head SHA: edd8ed8254
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-15 16:19:27 -04:00
Tomáš Dinh
4a7fbe090a docs(zalo): document current Marketplace bot behavior (openclaw#47552) 
Verified:
- pnpm check:docs

Co-authored-by: Tomáš Dinh <82420070+No898@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-15 14:40:35 -05:00
Nimrod Gutman
e2dac5d5cb fix(plugins): load bundled extensions from dist (#47560) 2026-03-15 21:16:27 +02:00
xiaoyi
bbb0c3e5d7 CLI/completion: fix generator OOM and harden plugin registries (#45537) 
* fix: avoid OOM during completion script generation

* CLI/completion: fix PowerShell nested command paths

* CLI/completion: cover generated shell scripts

* Changelog: note completion generator follow-up

* Plugins: reserve shared registry names

---------

Co-authored-by: Xiaoyi <xiaoyi@example.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-15 12:14:30 -07:00
Vincent Koc
dd2eb29038 Commands: split static onboard auth choice help (#47545) 
* Commands: split static onboard auth choice help

* Tests: cover static onboard auth choice help

* Changelog: note static onboard auth choice help
 2026-03-15 12:11:55 -07:00
Vincent Koc
630958749c Changelog: note CLI OOM startup fixes (#47525) 2026-03-15 10:54:21 -07:00
Vincent Koc
fc2d29ea92 Gateway: tighten forwarded client and pairing guards (#46800) 
* Gateway: tighten forwarded client and pairing guards

* Gateway: make device approval scope checks atomic

* Gateway: preserve device approval baseDir compatibility
 2026-03-15 10:50:49 -07:00
Nimrod Gutman
d88da9f5f8 fix(config): avoid failing startup on implicit memory slot (#47494) 
* fix(config): avoid failing on implicit memory slot

* fix(config): satisfy build for memory slot guard

* docs(changelog): note implicit memory slot startup fix (#47494)
 2026-03-15 19:28:50 +02:00
Vincent Koc
f0202264d0 Gateway: scrub credentials from endpoint snapshots (#46799) 
* Gateway: scrub credentials from endpoint snapshots

* Gateway: scrub raw endpoint credentials in snapshots

* Gateway: preserve config redaction round-trips

* Gateway: restore redacted endpoint URLs on apply
 2026-03-15 10:28:15 -07:00
Sally O'Malley
d37e3d582f Scope Control UI sessions per gateway (#47453) 
* Scope Control UI sessions per gateway

Signed-off-by: sallyom <somalley@redhat.com>

* Add changelog for Control UI session scoping

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
 2026-03-15 13:08:37 -04:00
Vincent Koc
8e97b752d0 Tools: revalidate workspace-only patch targets (#46803) 
* Tools: revalidate workspace-only patch targets

* Tests: narrow apply-patch delete-path assertion
 2026-03-15 09:45:58 -07:00
Vincent Koc
5e78c8bc95 Webhooks: tighten pre-auth body handling (#46802) 
* Webhooks: tighten pre-auth body handling

* Webhooks: clean up request body guards
 2026-03-15 09:45:18 -07:00
Vincent Koc
7679eb3752 Subagents: restrict follow-up messaging scope (#46801) 
* Subagents: restrict follow-up messaging scope

* Subagents: cover foreign-session follow-up sends

* Update CHANGELOG.md
 2026-03-15 09:44:51 -07:00
Vincent Koc
9e2eed211c Changelog: add more unreleased PR numbers 2026-03-15 09:36:53 -07:00
Vincent Koc
a493f01a90 Changelog: add missing PR credits 2026-03-15 09:33:47 -07:00
Vincent Koc
a47722de7e Integrations: tighten inbound callback and allowlist checks (#46787) 
* Integrations: harden inbound callback and allowlist handling

* Integrations: address review follow-ups

* Update CHANGELOG.md

* Mattermost: avoid command-gating open button callbacks
 2026-03-15 09:24:24 -07:00
Vincent Koc
8d44b16b7c Plugins: preserve scoped ids and reserve bundled duplicates (#47413) 
* Plugins: preserve scoped ids and reserve bundled duplicates

* Changelog: add plugin scoped id note

* Plugins: harden scoped install ids

* Plugins: reserve scoped install dirs

* Plugins: migrate legacy scoped update ids
 2026-03-15 09:07:10 -07:00
Peter Steinberger
7c0a849ed7 fix: harden device token rotation denial paths 2026-03-15 09:05:45 -07:00
Vincent Koc
ec2c6d83b9 Nodes: recheck queued actions before delivery (#46815) 
* Nodes: recheck queued actions before delivery

* Nodes tests: cover pull-time policy recheck

* Nodes tests: type node policy mocks explicitly
 2026-03-15 08:47:17 -07:00
Peter Steinberger
ff61343d76 fix: harden mention pattern regex compilation 2026-03-15 08:44:12 -07:00
Vincent Koc
e4c61723cd ACP: fail closed on conflicting tool identity hints (#46817) 
* ACP: fail closed on conflicting tool identity hints

* ACP: restore rawInput fallback for safe tool resolution

* ACP tests: cover rawInput-only safe tool approval
 2026-03-15 08:39:49 -07:00
Peter Steinberger
a472f988d8 fix: harden remote cdp probes 2026-03-15 08:23:01 -07:00
Ayaan Zaidi
c4265a5f16 fix: preserve Telegram word boundaries when rechunking HTML (#47274) 
* fix: preserve Telegram chunk word boundaries

* fix: address Telegram chunking review feedback

* fix: preserve Telegram retry separators

* fix: preserve Telegram chunking boundaries (#47274)
 2026-03-15 18:10:49 +05:30
助爪
5c5c64b612 Deduplicate repeated tool call IDs for OpenAI-compatible APIs (#40996) 
Merged via squash.

Prepared head SHA: 38d8048359
Co-authored-by: xaeon2026 <264572156+xaeon2026@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-15 19:46:07 +08:00
Jason
9d3e653ec9 fix(web): handle 515 Stream Error during WhatsApp QR pairing (#27910) 
* fix(web): handle 515 Stream Error during WhatsApp QR pairing

getStatusCode() never unwrapped the lastDisconnect wrapper object,
so login.errorStatus was always undefined and the 515 restart path
in restartLoginSocket was dead code.

- Add err.error?.output?.statusCode fallback to getStatusCode()
- Export waitForCredsSaveQueue() so callers can await pending creds
- Await creds flush in restartLoginSocket before creating new socket

Fixes #3942

* test: update session mock for getStatusCode unwrap + waitForCredsSaveQueue

Mirror the getStatusCode fix (err.error?.output?.statusCode fallback)
in the test mock and export waitForCredsSaveQueue so restartLoginSocket
tests work correctly.

* fix(web): scope creds save queue per-authDir to avoid cross-account blocking

The credential save queue was a single global promise chain shared by all
WhatsApp accounts. In multi-account setups, a slow save on one account
blocked credential writes and 515 restart recovery for unrelated accounts.

Replace the global queue with a per-authDir Map so each account's creds
serialize independently. waitForCredsSaveQueue() now accepts an optional
authDir to wait on a single account's queue, or waits on all when omitted.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test: use real Baileys v7 error shape in 515 restart test

The test was using { output: { statusCode: 515 } } which was already
handled before the fix. Updated to use the actual Baileys v7 shape
{ error: { output: { statusCode: 515 } } } to cover the new fallback
path in getStatusCode.

Co-Authored-By: Claude Code (Opus 4.6) <noreply@anthropic.com>

* fix(web): bound credential-queue wait during 515 restart

Prevents restartLoginSocket from blocking indefinitely if a queued
saveCreds() promise stalls (e.g. hung filesystem write).

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: clear flush timeout handle and assert creds queue in test

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: evict settled credsSaveQueues entries to prevent unbounded growth

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: share WhatsApp 515 creds flush handling (#27910) (thanks @asyncjason)

---------

Co-authored-by: Jason Separovic <jason@wilma.dog>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-15 17:00:07 +05:30
Ted Li
843e3c1efb fix(whatsapp): restore append recency filter lost in extensions refactor, handle Long timestamps (#42588) 
Merged via squash.

Prepared head SHA: 8ce59bb715
Co-authored-by: MonkeyLeeT <6754057+MonkeyLeeT@users.noreply.github.com>
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Reviewed-by: @scoootscooob
 2026-03-15 03:03:31 -07:00
Ace Lee
d7ac16788e fix(android): support android node calllog.search (#44073) 
* fix(android): support android node  `calllog.search`

* fix(android): support android node calllog.search

* fix(android): wire callLog through shared surfaces

* fix: land Android callLog support (#44073) (thanks @lxk7280)

---------

Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-15 14:54:32 +05:30