vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:50:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
41,577 Commits 1,843 Branches 149 Tags
main
Commit Graph

179 Commits

Author SHA1 Message Date
Vincent Koc
736f627fb5 docs: typography hygiene across 4 large pages 
Replaced 152 typography characters (curly quotes, apostrophes, em/en
dashes, non-breaking hyphens) with ASCII equivalents so grep,
copy-paste, and Mintlify search hit clean tokens. Per docs/CLAUDE.md
heading and content hygiene rules.

- docs/gateway/security/index.md: 59 chars
- docs/plugins/hooks.md: 34 chars
- docs/reference/session-management-compaction.md: 30 chars
- docs/tools/clawhub.md: 29 chars
 2026-05-05 19:19:15 -07:00
Peter Steinberger
538605ff44 [codex] Extract filesystem safety primitives (#77918) 
* refactor: extract filesystem safety primitives

* refactor: use fs-safe for file access helpers

* refactor: reuse fs-safe for media reads

* refactor: use fs-safe for image reads

* refactor: reuse fs-safe in qqbot media opener

* refactor: reuse fs-safe for local media checks

* refactor: consume cleaner fs-safe api

* refactor: align fs-safe json option names

* fix: preserve fs-safe migration contracts

* refactor: use fs-safe primitive subpaths

* refactor: use grouped fs-safe subpaths

* refactor: align fs-safe api usage

* refactor: adapt private state store api

* chore: refresh proof gate

* refactor: follow fs-safe json api split

* refactor: follow reduced fs-safe surface

* build: default fs-safe python helper off

* fix: preserve fs-safe plugin sdk aliases

* refactor: consolidate fs-safe usage

* refactor: unify fs-safe store usage

* refactor: trim fs-safe temp workspace usage

* refactor: hide low-level fs-safe primitives

* build: use published fs-safe package

* fix: preserve outbound recovery durability after rebase

* chore: refresh pr checks
 2026-05-06 02:15:17 +01:00
Peter Steinberger
ee6052a169 fix(bonjour): default LAN discovery on macOS only 
Summary:
- add manifest-backed platform-specific default enablement for bundled plugins
- auto-start Bonjour LAN discovery on macOS hosts only
- keep Linux, Windows, and containerized Gateway deployments opt-in while preserving explicit enablement

Verification:
- pnpm test extensions/bonjour/src/advertiser.test.ts src/plugins/bundled-plugin-metadata.test.ts src/plugins/manifest-registry.test.ts src/plugins/channel-plugin-ids.test.ts
- pnpm exec oxfmt --check --threads=1 CHANGELOG.md docs/gateway/bonjour.md docs/gateway/configuration-reference.md docs/gateway/discovery.md docs/gateway/security/index.md docs/plugins/manifest.md extensions/bonjour/openclaw.plugin.json src/plugin-sdk/facade-activation-check.runtime.ts src/plugins/bundled-manifest-contract-plugins.ts src/plugins/bundled-plugin-metadata.test.ts src/plugins/channel-presence-policy.ts src/plugins/default-enablement.ts src/plugins/gateway-startup-plugin-ids.ts src/plugins/installed-plugin-index-record-builder.ts src/plugins/installed-plugin-index-store.ts src/plugins/installed-plugin-index-types.ts src/plugins/installed-plugin-index.ts src/plugins/loader.ts src/plugins/manifest-contract-eligibility.ts src/plugins/manifest-owner-policy.ts src/plugins/manifest-registry-installed.ts src/plugins/manifest-registry.test.ts src/plugins/manifest-registry.ts src/plugins/manifest.ts src/plugins/providers.ts
- git diff --check
- Testbox: pnpm check:changed via Blacksmith Testbox tbx_01kqqf3f8rbrt8afjtcg0ck7qs

Refs #74209
 2026-05-03 19:07:27 +01:00
Peter Steinberger
e8f13c625e fix(cli): request admin scope for admin device approvals 2026-05-03 01:38:24 +01:00
Ayaan Zaidi
47de32ac21 chore(security): remove stale secret baseline 2026-05-02 15:10:45 +05:30
Peter Steinberger
257a3c068d refactor: simplify plugin dependency loading 2026-05-01 21:56:40 +01:00
pashpashpash
027ea5f08b Isolate Codex app-server state per agent (#74556) 
* fix(codex): isolate app-server home per agent

* fix(codex): isolate native Codex assets per agent

* fix(channels): mark inbound system events untrusted

* fix(doctor): warn on personal Codex agent skills

* test(doctor): cover personal Codex agent skills warning

* fix(codex): forward auth profiles to harness runs

* fix(codex): preserve auto auth for harness runs

* fix(codex): auto-select harness auth profiles

* test(codex): type harness auth mock

* feat(codex): select migrated skills

* fix(codex): satisfy migration selection lint

* docs: add codex isolation changelog
 2026-05-01 04:49:02 +09:00
Vincent Koc
98f5fd12df docs(gateway/security): list system-reminder and previous_response in outbound stripping 
For c2d31a5e59: docs/gateway/security/index.md "External content
special-token sanitization" section already mentions the outbound
sanitizer with `<tool_call>` and `<function_calls>` examples, but it
predates the new internal-runtime-scaffolding stripping that targets
`<system-reminder>` and `<previous_response>` tags. Adds those two tags
as explicit examples and notes the final channel delivery boundary so
operators reading the security page see the same coverage exposed by
the c2d31a5e59 sanitizer.
 2026-04-28 12:39:15 -07:00
Peter Steinberger
78a12706ec fix(docs): make docs formatter mintlify-safe 2026-04-28 08:13:21 +01:00
Vincent Koc
7b18bd03bb fix(gateway): allow explicit loopback trusted proxy auth 
Fixes #59167.

Supersedes #63379.
 2026-04-27 22:01:06 -07:00
Vincent Koc
6c49039a23 docs(gateway): batch convert callouts and fix JSON5 smart quotes 
- security/index: 3 prose callouts (Note/Warning) for remote credential rules, sandbox scope, elevated mode
- tailscale: loopback Note component
- pairing: bulleted Important warning to Warning component
- openshell: host-edit warning to Warning component
- local-models: replace 13 smart quotes inside the LM Studio JSON5 example so it parses
 2026-04-26 21:56:59 -07:00
Vincent Koc
406ae72fd2 fix(logging): redact persisted transcript text 2026-04-26 12:12:44 -07:00
Shakker
56f4264f1b fix: keep plugin audit check ids stable 2026-04-26 01:03:12 +01:00
Shakker
37ce39b5c5 docs: describe plugin install index store 2026-04-26 01:03:12 +01:00
Peter Steinberger
e640c0a95f fix(gateway): decouple backend RPC from CLI pairing 2026-04-25 23:23:52 +01:00
Peter Steinberger
bd796d1c85 docs(plugins): clarify local dependency installs 2026-04-25 22:59:09 +01:00
Peter Steinberger
f44759073b feat(gateway): auto-approve trusted CIDR node pairing (#61004) (thanks @sahilsatralkar) 2026-04-25 06:40:25 +01:00
Peter Steinberger
67a2b187b7 docs: fix gateway security accordion 2026-04-24 18:42:07 +01:00
Peter Steinberger
b2352c3e24 docs: improve 2026.4.23 release docs 2026-04-24 17:55:03 +01:00
Peter Steinberger
b7fba2100f docs: clarify private ws node setup 2026-04-24 07:32:29 +01:00
Vincent Koc
4a2cd533ac docs: remove duplicate H1 where frontmatter title already sets it 2026-04-23 13:11:14 -07:00
Vincent Koc
b0efa8d43d docs(gateway): security — sentence-case headings, remove manual TOC and H1, drop custom anchors, tuck triage notes into Accordion 2026-04-23 11:09:33 -07:00
Vincent Koc
b7506521e6 docs: restructure gateway security page and extract audit checks reference 2026-04-23 01:01:12 -07:00
Vincent Koc
daaedf37b7 docs: prune recent additions for readability 2026-04-23 00:23:18 -07:00
Peter Steinberger
dd17dea761 docs: align pairing metadata upgrade approval 2026-04-23 07:56:16 +01:00
Vincent Koc
c8aec6b951 docs: Control UI identity + gateway pairing hardening + release verification 2026-04-22 23:52:37 -07:00
Vincent Koc
30a5c441f3 docs(channels): cover WhatsApp replyToMode, Discord inheritParent, Slack HTTP/ACP/downloadFile, Telegram webhook+picker auth, Mattermost reasoning suppression, workspace .env block for channel endpoints 2026-04-22 23:39:38 -07:00
Peter Steinberger
46fba1d814 docs(config): clarify symlinked config support 2026-04-22 23:45:03 +01:00
Vincent Koc
475e6ff1d1 docs(gateway): replace user-facing 'extension' references with 'plugin' per terminology rules 2026-04-21 14:39:10 -07:00
Vincent Koc
9702f0bf21 docs: tool-progress preview streaming, Control UI avatar auth, exec heredoc and external-content token sanitization 2026-04-21 13:39:55 -07:00
Vincent Koc
b4a59be9b6 docs: document stdio env filter, enforceOwnerForCommands, OPENCLAW_* .env blocking 2026-04-21 13:21:34 -07:00
Peter Steinberger
2514746b32 fix: sanitize LLM special tokens in external content 2026-04-21 20:29:02 +01:00
Peter Steinberger
a292cbf46f docs: clarify optional Docker sandboxing 2026-04-20 19:27:45 +01:00
Tak Hoffman
c37e49f275 Add /trace toggle and fix Active Memory diagnostics 2026-04-12 13:20:22 -05:00
Peter Steinberger
972ed139a7 fix: make docs anchor audit use Mintlify CLI 2026-04-10 21:39:52 +01:00
Agustin Rivera
905f19230a Align external marker span mapping (#63885) 
* fix(markers): align external marker spans

* fix(browser): ssrfPolicy defaults fail-closed for unconfigured installs (GHSA-53vx-pmqw-863c)

* fix(browser): enforce strict default SSRF policy

* chore(changelog): add browser SSRF default + marker alignment entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 12:35:20 -06:00
Peter Steinberger
4f9804ec24 docs: refresh config schema and gateway tool mirrors 2026-04-04 21:43:09 +01:00
Peter Steinberger
1ae356c40c docs: refresh sandbox bind security refs 2026-04-04 20:57:37 +01:00
Peter Steinberger
976bc47458 docs: refresh gateway rpc safe-flow mirrors 2026-04-04 20:32:28 +01:00
Peter Steinberger
b1279b0db3 docs: refresh untrusted file wrapper refs 2026-04-04 19:39:09 +01:00
Peter Steinberger
0c3ec064f1 docs: refresh OpenResponses file input refs 2026-04-04 19:13:44 +01:00
Peter Steinberger
4db910698a docs: refresh sandbox and security elevated refs 2026-04-04 18:39:12 +01:00
Peter Steinberger
89535f9313 docs: refresh pairing locality refs 2026-04-04 16:13:04 +01:00
Peter Steinberger
9ac9edff43 docs: refresh gateway operator scope refs 2026-04-04 15:25:57 +01:00
Peter Steinberger
114496871d docs: refresh tailscale auth rate limit refs 2026-04-04 14:30:13 +01:00
Peter Steinberger
07c7c4b9ec docs: refresh tailscale http auth refs 2026-04-04 14:13:36 +01:00
Peter Steinberger
022618e887 docs: refresh browser auth refs 2026-04-04 14:04:24 +01:00
Peter Steinberger
0afd30d325 docs: refresh shared-secret auth mirrors 2026-04-04 14:02:29 +01:00
Peter Steinberger
b0025b1921 docs: refresh hook ingress security refs 2026-04-04 13:59:09 +01:00
Peter Steinberger
c63a32661a docs: refresh gateway auth overview mirrors 2026-04-04 13:54:15 +01:00