vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-14 11:30:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,664 Commits 714 Branches 79 Tags
dependabot/github_actions/actions/setup-python-6
Commit Graph

17664 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gustavo Madeira Santana
21e8d88c1d build: fix ineffective dynamic imports with lazy boundaries (#33690) 
Merged via squash.

Prepared head SHA: 38b3c23d6f
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 20:14:41 -05:00
Igal Tabachnik
a4850b1b8f fix(plugins): lazily initialize runtime and split plugin-sdk startup imports (#28620) 
Merged via squash.

Prepared head SHA: 8bd7d6c13b
Co-authored-by: hmemcpy <601206+hmemcpy@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 19:58:48 -05:00
habakan
4b17d6d882 feat(gateway): add Permissions-Policy header to default security headers (#30186) 
Merged via squash.

Prepared head SHA: 0dac89283f
Co-authored-by: habakan <12531644+habakan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 16:25:39 -08:00
Gustavo Madeira Santana
0d97101665 Agents: preserve bootstrap warning dedupe across followup runs 2026-03-03 18:56:11 -05:00
liquidhorizon88-bot
d95cf256e7 Security audit: suggest valid gateway.nodes.denyCommands entries (#29713) 
Merged via squash.

Prepared head SHA: db23298f98
Co-authored-by: liquidhorizon88-bot <257047709+liquidhorizon88-bot@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:47:57 -08:00
Cui Chen
e8cb0484ce fix(security): strip partial API token from status labels (#33262) 
Merged via squash.

Prepared head SHA: 5fe81704e6
Co-authored-by: cu1ch3n <80438676+cu1ch3n@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:11:49 -08:00
Clawdoo
b1a735829d docs: fix Mintlify-incompatible links in security docs (#27698) 
Merged via squash.

Prepared head SHA: 6078cd94ba
Co-authored-by: clawdoo <65667097+clawdoo@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 14:51:28 -08:00
Mariano
2a733a8444 fix(ios): harden watch messaging activation concurrency (#33306) 
Merged via squash.

Prepared head SHA: d40f8c4afb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:38:54 +00:00
Mariano
4c6dec84a6 Telegram/device-pair: auto-arm one-shot notify on /pair qr with manual fallback (#33299) 
Merged via squash.

Prepared head SHA: 0986691fd4
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:45 +00:00
Mariano
a36ccf4156 fix(ios): start incremental speech at soft boundaries (#33305) 
Merged via squash.

Prepared head SHA: d1acf72317
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:40 +00:00
Mariano
22e33ddda9 fix(ios): guard talk TTS callbacks to active utterance (#33304) 
Merged via squash.

Prepared head SHA: dd88886e41
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:34:09 +00:00
13otKmdr
a8dd9ffea1 security: add X-Content-Type-Options nosniff header to media route (#30356) 
Merged via squash.

Prepared head SHA: b14f9ad7ca
Co-authored-by: 13otKmdr <154699144+13otKmdr@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 13:35:46 -08:00
wangchunyue
bcd58c26d3 fix(logging ): use local timezone for console log timestamps (#25970) 
Merged via squash.

Prepared head SHA: 30123265b7
Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-04 00:31:41 +03:00
Gustavo Madeira Santana
e4b4486a96 Agent: unify bootstrap truncation warning handling (#32769) 
Merged via squash.

Prepared head SHA: 5d6d4ddfa6
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 16:28:38 -05:00
Sid
3ad3a90db3 fix(gateway): include disk-scanned agent IDs in listConfiguredAgentIds (#32831) 
Merged via squash.

Prepared head SHA: 2aa58f6afd
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-03 21:19:18 +00:00
Shakker
b02a07655d fix: harden pr review artifact validation 2026-03-03 21:14:37 +00:00
joshavant
a9969e641a docs: fix secretref marker rendering in credential surface 2026-03-03 15:08:41 -06:00
scoootscooob
ff96e41c38 fix(discord): align DiscordAccountConfig.token type with SecretInput (#32490) 
Merged via squash.

Prepared head SHA: 233aa032f1
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 14:59:57 -06:00
Robin Waslander
44162e7ba5 docs(contributing): require before/after screenshots for UI PRs (#32206) 
Merged via squash.

Prepared head SHA: d7f0914873
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-03 23:45:19 +03:00
dorukardahan
2cd3be896d docs(security): document Docker UFW hardening via DOCKER-USER (#27613) 
Merged via squash.

Prepared head SHA: 31ddd43326
Co-authored-by: dorukardahan <35905596+dorukardahan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 12:28:35 -08:00
joshavant
490670128b fix(docs): avoid MDX regex markers in secretref page 2026-03-03 14:00:09 -06:00
joshavant
70c6bc8581 fix(docs): use MDX-safe secretref markers 2026-03-03 13:54:03 -06:00
Shadow
65816657c2 feat(discord): add allowBots mention gating 2026-03-03 12:47:25 -06:00
Shadow
b0bcea03db fix: drop discord opus dependency 2026-03-03 12:23:19 -06:00
Shadow
16ebbd24b5 fix(discord): reset thread sessions on archive 2026-03-03 11:32:59 -06:00
Shadow
b8b1eeb052 fix(discord): harden slash command routing 2026-03-03 11:32:05 -06:00
Shadow
0eef7a367d fix(discord): honor agent media roots in replies 2026-03-03 11:29:58 -06:00
Shadow
548b15d8e0 fix(discord): skip bot messages before debounce 2026-03-03 11:29:58 -06:00
Shadow
05446d6b6b docs: document discord ignoreOtherMentions 2026-03-03 11:26:20 -06:00
Shadow
e28ff1215c fix: discord auto presence health signal (#33277) (thanks @thewilloftheshadow) (#33277) 2026-03-03 11:20:59 -06:00
Ayaan Zaidi
3d998828b9 fix: stabilize Telegram draft boundaries and suppress NO_REPLY lead leaks (#33169) 
* fix: stabilize telegram draft stream message boundaries

* fix: suppress NO_REPLY lead-fragment leaks

* fix: keep underscore guard for non-NO_REPLY prefixes

* fix: skip assistant-start rotation only after real lane rotation

* fix: preserve finalized state when pre-rotation does not force

* fix: reset finalized preview state on message-start boundary

* fix: document Telegram draft boundary + NO_REPLY reliability updates (#33169) (thanks @obviyus)
 2026-03-03 22:49:33 +05:30
Shadow
a7a9a3d3c8 fix: allowlist Discord CDN hostnames for SSRF media (#33275) (thanks @thewilloftheshadow) (#33275) 2026-03-03 11:17:27 -06:00
Mariano
bf7061092a iOS Security Stack 4/5: TTS PCM->MP3 Fallback (#30885) (#33032) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f77e3d7644
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:33:55 +00:00
Shadow
d493861c16 fix: discord mention handling (#33224) (thanks @thewilloftheshadow) (#33224) 2026-03-03 10:32:22 -06:00
Mariano
a3112d6c5f iOS Security Stack 3/5: Runtime Security Guards (#33031) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9917165401
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:30:27 +00:00
Mariano
6df57d9633 iOS Security Stack 2/5: Concurrency Locks (#33241) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b99ad804fb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:28:27 +00:00
Shadow
3ee8528b17 test(discord): align bound-thread target kind 2026-03-03 10:22:52 -06:00
Shadow
3b3738e41e fix(discord): use fetch for voice upload slots 2026-03-03 10:22:28 -06:00
Shadow
66d06beec6 fix(discord): stop typing after silent runs 2026-03-03 10:22:27 -06:00
Shadow
5d16d45b20 fix(discord): default presence online when unconfigured 2026-03-03 10:22:27 -06:00
Shadow
6593a57607 fix: improve discord chunk delivery (#33226) (thanks @thewilloftheshadow) (#33226) 2026-03-03 10:17:33 -06:00
Mariano
ec0eb9f8c3 iOS Security Stack 1/5: Keychain Migrations + Tests (#33029) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: da2f8f6141
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:15:20 +00:00
Jason L. West, Sr.
606cd0d591 feat(tool-truncation): use head+tail strategy to preserve errors during truncation (#20076) 
Merged via squash.

Prepared head SHA: 6edebf22b1
Co-authored-by: jlwestsr <52389+jlwestsr@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-03 08:11:14 -08:00
Mylszd
d89e1e40f9 docs(loop-detection): fix config keys to match schema (#33182) 
Merged via squash.

Prepared head SHA: 612ecc00d3
Co-authored-by: Mylszd <23611557+Mylszd@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 11:02:30 -05:00
Shadow
ca307c3fdf fix: harden Discord channel resolution (#33142) (thanks @thewilloftheshadow) (#33142) 2026-03-03 09:31:26 -06:00
Shadow
4abf398a17 fix: Discord acp inline actions + bound-thread filter (#33136) (thanks @thewilloftheshadow) (#33136) 2026-03-03 09:30:21 -06:00
Shadow
8e2e4b2ed5 fix: ignore discord wildcard audit keys (#33125) (thanks @thewilloftheshadow) (#33125) 2026-03-03 09:28:30 -06:00
Rodrigo Uroz
c8b45a4c5c Compaction/Safeguard: preserve recent turns verbatim (#25554) 
Merged via squash.

Prepared head SHA: 7fb33c411c
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-03 07:00:49 -08:00
Shadow
171f305c3d chore: note about pagination 2026-03-03 08:35:29 -06:00
chengzhichao-xydt
53727c72f4 fix: substitute YYYY-MM-DD at session startup and post-compaction (#32363) (#32381) 
Merged via squash.

Prepared head SHA: aee998a2c1
Co-authored-by: chengzhichao-xydt <264300353+chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-03 06:21:26 -08:00