vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,087 Commits 680 Branches 76 Tags
main
Commit Graph

18087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shadow
841f3b4af5 Switch to org-wide funding.yml file 2026-03-10 20:55:08 -05:00
Peter Steinberger
aad014c7c1 fix: harden subagent control boundaries 2026-03-11 01:44:38 +00:00
Peter Steinberger
68c674d37c refactor(security): simplify system.run approval model 2026-03-11 01:43:06 +00:00
Peter Steinberger
5716e52417 refactor: unify gateway credential planning 2026-03-11 01:37:25 +00:00
Peter Steinberger
3a39dc4e18 refactor(security): unify config write target policy 2026-03-11 01:35:04 +00:00
Peter Steinberger
7289c19f1a fix(security): bind system.run approvals to exact argv text 2026-03-11 01:25:31 +00:00
Peter Steinberger
8eac939417 fix(security): enforce target account configWrites 2026-03-11 01:24:36 +00:00
Peter Steinberger
11924a7026 fix(sandbox): pin fs-bridge staged writes 2026-03-11 01:15:47 +00:00
Peter Steinberger
702f6f3305 fix: fail closed for unresolved local gateway auth refs 2026-03-11 01:14:06 +00:00
Peter Steinberger
ecdbd8aa52 fix(security): restrict leaf subagent control scope 2026-03-11 01:12:22 +00:00
Gustavo Madeira Santana
3ba6491659 Infra: extract backup and plugin path helpers 2026-03-10 20:16:35 -04:00
Peter Steinberger
f4a4b50cd5 refactor: compile allowlist matchers 2026-03-11 00:07:47 +00:00
Peter Steinberger
fa0329c340 test: cover cron nested lane selection 2026-03-11 00:02:00 +00:00
Peter Steinberger
f604cbedf3 fix: remove stale allowlist matcher cache 2026-03-11 00:00:04 +00:00
Peter Steinberger
825a435709 fix: avoid cron embedded lane deadlock 2026-03-10 23:56:21 +00:00
Peter Steinberger
8901032007 Merge remote-tracking branch 'origin/main' 2026-03-10 23:55:30 +00:00
Josh Avant
36d2ae2a22 SecretRef: harden custom/provider secret persistence and reuse (#42554) 
* Models: gate custom provider keys by usable secret semantics

* Config: project runtime writes onto source snapshot

* Models: prevent stale apiKey preservation for marker-managed providers

* Runner: strip SecretRef marker headers from resolved models

* Secrets: scan active agent models.json path in audit

* Config: guard runtime-source projection for unrelated configs

* Extensions: fix onboarding type errors in CI

* Tests: align setup helper account-enabled expectation

* Secrets audit: harden models.json file reads

* fix: harden SecretRef custom/provider secret persistence (#42554) (thanks @joshavant)
 2026-03-10 23:55:10 +00:00
Peter Steinberger
20237358d9 refactor: clarify archive staging intent 2026-03-10 23:54:12 +00:00
Peter Steinberger
0bac47de51 refactor: split tar.bz2 extraction helpers 2026-03-10 23:53:32 +00:00
Peter Steinberger
9c64508822 refactor: rename tar archive preflight checker 2026-03-10 23:52:51 +00:00
Peter Steinberger
6565ae1857 refactor: extract archive staging helpers 2026-03-10 23:52:31 +00:00
Peter Steinberger
658cf4bd94 fix: harden archive extraction destinations 2026-03-10 23:49:35 +00:00
Josh Avant
fbc66324ee SecretRef: harden custom/provider secret persistence and reuse (#42554) 
* Models: gate custom provider keys by usable secret semantics

* Config: project runtime writes onto source snapshot

* Models: prevent stale apiKey preservation for marker-managed providers

* Runner: strip SecretRef marker headers from resolved models

* Secrets: scan active agent models.json path in audit

* Config: guard runtime-source projection for unrelated configs

* Extensions: fix onboarding type errors in CI

* Tests: align setup helper account-enabled expectation

* Secrets audit: harden models.json file reads

* fix: harden SecretRef custom/provider secret persistence (#42554) (thanks @joshavant)
 2026-03-10 18:46:47 -05:00
Peter Steinberger
201420a7ee fix: harden secret-file readers 2026-03-10 23:40:10 +00:00
Peter Steinberger
208fb1aa35 test: share runtime group policy fallback cases 2026-03-10 22:20:19 +00:00
Peter Steinberger
344b2286aa refactor: share windows command shim resolution 2026-03-10 22:18:04 +00:00
Peter Steinberger
1df78202b9 refactor: share approval gateway client setup 2026-03-10 22:18:04 +00:00
Peter Steinberger
bc1cc2e50f refactor: share telegram payload send flow 2026-03-10 22:18:04 +00:00
Peter Steinberger
a455c0cc3d refactor: share passive account lifecycle helpers 2026-03-10 22:18:04 +00:00
Peter Steinberger
50ded5052f refactor: share channel config schema fragments 2026-03-10 22:18:04 +00:00
Peter Steinberger
4a8e039a5f refactor: share channel config security scaffolding 2026-03-10 22:18:04 +00:00
Peter Steinberger
725958c66f refactor: share onboarding secret prompt flows 2026-03-10 22:18:03 +00:00
Peter Steinberger
00170f8e1a refactor: share scoped account config patching 2026-03-10 22:18:03 +00:00
David Guttman
b517dc089a feat(discord): add autoArchiveDuration config option (#35065) 
* feat(discord): add autoArchiveDuration config option

Add config option to control auto-archive duration for auto-created threads:

- autoArchiveDuration: 60 (default), 1440, 4320, or 10080
  - Sets archive duration in minutes (1hr/1day/3days/1week)
  - Accepts both string and numeric values
  - Discord's default was 60 minutes (hardcoded)

Example config:
```yaml
channels:
  discord:
    guilds:
      GUILD_ID:
        channels:
          CHANNEL_ID:
            autoThread: true
            autoArchiveDuration: 10080  # 1 week
```

* feat(discord): add autoArchiveDuration changelog entry (#35065) (thanks @davidguttman)

---------

Co-authored-by: Onur <onur@textcortex.com>
 2026-03-10 23:13:24 +01:00
Josh Avant
a76e810193 fix(gateway): harden token fallback/reconnect behavior and docs (#42507) 
* fix(gateway): harden token fallback and auth reconnect handling

* docs(gateway): clarify auth retry and token-drift recovery

* fix(gateway): tighten auth reconnect gating across clients

* fix: harden gateway token retry (#42507) (thanks @joshavant)
 2026-03-10 17:05:57 -05:00
Rodrigo Uroz
ff2e7a2945 fix(acp): strip provider auth env for child ACP processes (openclaw#42250) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-10 16:50:10 -05:00
Matt Van Horn
5ed96da990 fix(browser): surface 429 rate limit errors with actionable hints (#40491) 
Merged via squash.

Prepared head SHA: 13839c2dbd
Co-authored-by: mvanhorn <455140+mvanhorn@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 00:49:31 +03:00
Pejman Pour-Moezzi
7c76acafd6 fix(acp): scope cancellation and event routing by runId (#41331) 2026-03-10 22:37:21 +01:00
Onur
c00117aff2 docs: require codex review in contributing guide (#42503) 2026-03-10 22:15:00 +01:00
PonyX-lab
53374394fb Fix stale runtime model reuse on session reset (#41173) 
Merged via squash.

Prepared head SHA: d8a04a466a
Co-authored-by: PonyX-lab <266766228+PonyX-lab@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-10 14:02:43 -07:00
Shadow
0c17e7c225 docs: document r: spam auto-close label 2026-03-10 16:00:34 -05:00
Shadow
b16ee34c34 fix(ci): auto-close and lock r: spam items 2026-03-10 15:58:24 -05:00
David Guttman
9f5dee32f6 fix(acp): implicit streamToParent for mode=run without thread (#42404) 
* fix(acp): implicit streamToParent for mode=run without thread

When spawning ACP sessions with mode=run and no thread binding,
automatically route output to parent session instead of Discord.
This enables agent-to-agent supervision patterns where the spawning
agent wants results returned programmatically, not posted as chat.

The change makes sessions_spawn with runtime=acp and thread=false
behave like direct acpx invocation - output goes to the spawning
session, not to Discord.

Fixes the issue where mode=run without thread still posted to Discord
because hasDeliveryTarget was true when called from a Discord context.

* fix: use resolved spawnMode instead of params.mode

Move implicit streamToParent check to after resolveSpawnMode so that
both explicit mode="run" and omitted mode (which defaults to "run"
when thread is false) correctly trigger parent routing.

This fixes the issue where callers that rely on default mode selection
would not get the intended parent streaming behavior.

* fix: tighten implicit ACP parent relay gating (#42404) (thanks @davidguttman)

---------

Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
 2026-03-10 21:42:15 +01:00
Peter Steinberger
f209a9be80 test: extract sendpayload outbound contract suite 2026-03-10 20:35:03 +00:00
Peter Steinberger
158a3b49a7 test: deduplicate cli option collision fixtures 2026-03-10 20:34:54 +00:00
Peter Steinberger
283570de4d fix: normalize stale openai completions transport 2026-03-10 20:23:03 +00:00
Peter Steinberger
0976317f96 test: deduplicate diffs extension fixtures 2026-03-10 20:22:56 +00:00
Peter Steinberger
23cd997526 fix: make install smoke docker-driver safe 2026-03-10 20:02:26 +00:00
Peter Steinberger
6d4241cbd9 fix: wire modelstudio env discovery (#40634) (thanks @pomelo-nwu) 2026-03-10 19:58:43 +00:00
pomelo-nwu
95eaa08781 refactor: rename bailian to modelstudio and fix review issues 
- Rename provider ID, constants, functions, CLI flags, and types from
  "bailian" to "modelstudio" to match the official English name
  "Alibaba Cloud Model Studio".
- Fix P2 bug: global endpoint variant now always overwrites baseUrl
  instead of silently preserving a stale CN URL.
- Fix P1 bug: add modelstudio entry to PROVIDER_ENV_VARS so
  secret-input-mode=ref no longer throws.
- Move Model Studio imports to top of onboard-auth.config-core.ts.
- Remove unused BAILIAN_BASE_URL export.

Made-with: Cursor
 2026-03-10 19:58:43 +00:00