openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 23:40:45 +00:00

Author	SHA1	Message	Date
Peter Steinberger	78a1644a8a	fix(msteams): enforce sender allowlists with route allowlists	2026-03-09 10:58:03 -07:00
Peter Steinberger	4b694d565d	refactor: harden browser runtime profile handling	2026-03-09 10:58:02 -07:00
Peter Steinberger	8d7778d1d6	refactor: dedupe plugin runtime stores	2026-03-08 23:38:24 +00:00
Vincent Koc	6035677545	Teams: use scoped plugin SDK allowlist imports	2026-03-07 16:26:59 -08:00
Vincent Koc	6b2adf663e	Teams: use scoped plugin SDK channel imports	2026-03-07 16:26:59 -08:00
Peter Steinberger	2b54070526	refactor: share allowlist provider warning resolution	2026-03-08 00:05:24 +00:00
Peter Steinberger	f319ec2dac	refactor: share onboarding allowlist entry parsing	2026-03-08 00:05:24 +00:00
Peter Steinberger	c9128e1f3f	refactor: share trimmed list normalization in provider helpers	2026-03-07 23:27:51 +00:00
Peter Steinberger	8c15b8600c	refactor: share sender group policy evaluation	2026-03-07 23:27:51 +00:00
Peter Steinberger	feac26c3b7	refactor: share allowFrom formatter scaffolding	2026-03-07 23:27:51 +00:00
Peter Steinberger	5bbca5be91	refactor: share sender-scoped group policy derivation	2026-03-07 23:27:51 +00:00
Peter Steinberger	b7d03ea1f5	refactor: centralize open group-policy warning flow collectors	2026-03-07 23:27:51 +00:00
Peter Steinberger	7230b96cc7	refactor: unify extension allowlist resolver and directory scaffolding	2026-03-07 23:27:51 +00:00
Peter Steinberger	8e0e76697a	refactor: unify channel open-group-policy warning builders	2026-03-07 23:27:51 +00:00
Peter Steinberger	27dad962fe	refactor: normalize runtime group sender gating decisions	2026-03-07 23:27:51 +00:00
Peter Steinberger	6b1c82c4f1	refactor: unify onboarding dm/group policy scaffolding	2026-03-07 23:27:51 +00:00
Vincent Koc	e4d80ed556	CI: restore main detect-secrets scan (#38438 ) * Tests: stabilize detect-secrets fixtures * Tests: fix rebased detect-secrets false positives * Docs: keep snippets valid under detect-secrets * Tests: finalize detect-secrets false-positive fixes * Tests: reduce detect-secrets false positives * Tests: keep detect-secrets pragmas inline * Tests: remediate next detect-secrets batch * Tests: tighten detect-secrets allowlists * Tests: stabilize detect-secrets formatter drift	2026-03-07 10:06:35 -08:00
Peter Steinberger	1aa77e4603	refactor(extensions): reuse shared helper primitives	2026-03-07 10:41:05 +00:00
Gustavo Madeira Santana	adb400f9b1	Plugins/msteams: migrate to scoped plugin-sdk imports	2026-03-04 02:35:12 -05:00
Gustavo Madeira Santana	10bd6ae3c8	Extensions: migrate msteams plugin-sdk imports	2026-03-04 01:21:30 -05:00
Josh Avant	646817dd80	fix(outbound): unify resolved cfg threading across send paths (#33987 )	2026-03-04 00:20:44 -06:00
Josh Avant	1c200ca7ae	follow-up: align ingress, atomic paths, and channel tests with credential semantics (#33733 ) Merged via squash. Prepared head SHA: `c290c2ab6a` Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant	2026-03-03 20:29:46 -06:00
Josh Avant	806803b7ef	feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580 ) * feat(secrets): expand secret target coverage and gateway tooling * docs(secrets): align gateway and CLI secret docs * chore(protocol): regenerate swift gateway models for secrets methods * fix(config): restore talk apiKey fallback and stabilize runner test * ci(windows): reduce test worker count for shard stability * ci(windows): raise node heap for test shard stability * test(feishu): make proxy env precedence assertion windows-safe * fix(gateway): resolve auth password SecretInput refs for clients * fix(gateway): resolve remote SecretInput credentials for clients * fix(secrets): skip inactive refs in command snapshot assignments * fix(secrets): scope gateway.remote refs to effective auth surfaces * fix(secrets): ignore memory defaults when enabled agents disable search * fix(secrets): honor Google Chat serviceAccountRef inheritance * fix(secrets): address tsgo errors in command and gateway collectors * fix(secrets): avoid auth-store load in providers-only configure * fix(gateway): defer local password ref resolution by precedence * fix(secrets): gate telegram webhook secret refs by webhook mode * fix(secrets): gate slack signing secret refs to http mode * fix(secrets): skip telegram botToken refs when tokenFile is set * fix(secrets): gate discord pluralkit refs by enabled flag * fix(secrets): gate discord voice tts refs by voice enabled * test(secrets): make runtime fixture modes explicit * fix(cli): resolve local qr password secret refs * fix(cli): fail when gateway leaves command refs unresolved * fix(gateway): fail when local password SecretRef is unresolved * fix(gateway): fail when required remote SecretRefs are unresolved * fix(gateway): resolve local password refs only when password can win * fix(cli): skip local password SecretRef resolution on qr token override * test(gateway): cast SecretRef fixtures to OpenClawConfig * test(secrets): activate mode-gated targets in runtime coverage fixture * fix(cron): support SecretInput webhook tokens safely * fix(bluebubbles): support SecretInput passwords across config paths * fix(msteams): make appPassword SecretInput-safe in onboarding/token paths * fix(bluebubbles): align SecretInput schema helper typing * fix(cli): clarify secrets.resolve version-skew errors * refactor(secrets): return structured inactive paths from secrets.resolve * refactor(gateway): type onboarding secret writes as SecretInput * chore(protocol): regenerate swift models for secrets.resolve * feat(secrets): expand extension credential secretref support * fix(secrets): gate web-search refs by active provider * fix(onboarding): detect SecretRef credentials in extension status * fix(onboarding): allow keeping existing ref in secret prompt * fix(onboarding): resolve gateway password SecretRefs for probe and tui * fix(onboarding): honor secret-input-mode for local gateway auth * fix(acp): resolve gateway SecretInput credentials * fix(secrets): gate gateway.remote refs to remote surfaces * test(secrets): cover pattern matching and inactive array refs * docs(secrets): clarify secrets.resolve and remote active surfaces * fix(bluebubbles): keep existing SecretRef during onboarding * fix(tests): resolve CI type errors in new SecretRef coverage * fix(extensions): replace raw fetch with SSRF-guarded fetch * test(secrets): mark gateway remote targets active in runtime coverage * test(infra): normalize home-prefix expectation across platforms * fix(cli): only resolve local qr password refs in password mode * test(cli): cover local qr token mode with unresolved password ref * docs(cli): clarify local qr password ref resolution behavior * refactor(extensions): reuse sdk SecretInput helpers * fix(wizard): resolve onboarding env-template secrets before plaintext * fix(cli): surface secrets.resolve diagnostics in memory and qr * test(secrets): repair post-rebase runtime and fixtures * fix(gateway): skip remote password ref resolution when token wins * fix(secrets): treat tailscale remote gateway refs as active * fix(gateway): allow remote password fallback when token ref is unresolved * fix(gateway): ignore stale local password refs for none and trusted-proxy * fix(gateway): skip remote secret ref resolution on local call paths * test(cli): cover qr remote tailscale secret ref resolution * fix(secrets): align gateway password active-surface with auth inference * fix(cli): resolve inferred local gateway password refs in qr * fix(gateway): prefer resolvable remote password over token ref pre-resolution * test(gateway): cover none and trusted-proxy stale password refs * docs(secrets): sync qr and gateway active-surface behavior * fix: restore stability blockers from pre-release audit * Secrets: fix collector/runtime precedence contradictions * docs: align secrets and web credential docs * fix(rebase): resolve integration regressions after main rebase * fix(node-host): resolve gateway secret refs for auth * fix(secrets): harden secretinput runtime readers * gateway: skip inactive auth secretref resolution * cli: avoid gateway preflight for inactive secret refs * extensions: allow unresolved refs in onboarding status * tests: fix qr-cli module mock hoist ordering * Security: align audit checks with SecretInput resolution * Gateway: resolve local-mode remote fallback secret refs * Node host: avoid resolving inactive password secret refs * Secrets runtime: mark Slack appToken inactive for HTTP mode * secrets: keep inactive gateway remote refs non-blocking * cli: include agent memory secret targets in runtime resolution * docs(secrets): sync docs with active-surface and web search behavior * fix(secrets): keep telegram top-level token refs active for blank account tokens * fix(daemon): resolve gateway password secret refs for probe auth * fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled * fix(secrets): align token inheritance and exec timeout defaults * docs(secrets): clarify active-surface notes in cli docs * cli: require secrets.resolve gateway capability * gateway: log auth secret surface diagnostics * secrets: remove dead provider resolver module * fix(secrets): restore gateway auth precedence and fallback resolution * fix(tests): align plugin runtime mock typings --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-03-03 02:58:20 +00:00
Peter Steinberger	0750fc2de1	test: consolidate extension runtime mocks and split bluebubbles webhook auth suite	2026-03-03 02:37:23 +00:00
Peter Steinberger	866bd91c65	refactor: harden msteams lifecycle and attachment flows	2026-03-02 21:19:23 +00:00
Peter Steinberger	089a8785b9	fix: harden msteams revoked-context fallback delivery (#27224 ) (thanks @openperf)	2026-03-02 20:49:03 +00:00
root	e0b91067e3	fix(msteams): add proactive fallback for revoked turn context Fixes #27189 When an inbound message is debounced, the Bot Framework turn context is revoked before the debouncer flushes and the reply is dispatched. Any attempt to use the revoked context proxy throws a TypeError, causing the reply to fail silently. This commit fixes the issue by adding a fallback to proactive messaging when the turn context is revoked: - `isRevokedProxyError()`: New error utility to reliably detect when a proxy has been revoked. - `reply-dispatcher.ts`: `sendTypingIndicator` now catches revoked proxy errors and falls back to sending the typing indicator via `adapter.continueConversation`. - `messenger.ts`: `sendMSTeamsMessages` now catches revoked proxy errors when `replyStyle` is `thread` and falls back to proactive messaging. This ensures that replies are delivered reliably even when the inbound message was debounced, resolving the core issue where the bot appeared to ignore messages.	2026-03-02 20:49:03 +00:00
bmendonca3	4a414c5e53	fix(msteams): scope auth across media redirects	2026-03-02 20:45:09 +00:00
bmendonca3	da22a9113c	test(msteams): cover auth stripping on graph redirect hops	2026-03-02 20:45:09 +00:00
bmendonca3	8937c10f1f	fix(msteams): scope graph auth redirects	2026-03-02 20:45:09 +00:00
bmendonca3	c582a54554	fix(msteams): preserve guarded dispatcher redirects	2026-03-02 20:37:47 +00:00
bmendonca3	cceecc8bd4	msteams: enforce guarded redirect ownership in safeFetch	2026-03-02 20:37:47 +00:00
bmendonca3	6945ba189d	msteams: harden webhook ingress timeouts	2026-03-02 20:34:05 +00:00
chilu18	15677133c1	test(msteams): remove tuple-unsafe spread in lifecycle mocks	2026-03-02 20:31:26 +00:00
chilu18	c9d0e345cb	fix(msteams): keep monitor alive until shutdown	2026-03-02 20:31:26 +00:00
Peter Steinberger	c0bf42f2a8	refactor: centralize delivery/path/media/version lifecycle	2026-03-02 04:04:36 +00:00
Peter Steinberger	8e48520d74	fix(channels): align command-body parsing sources	2026-03-01 23:11:48 +00:00
Peter Steinberger	c53b11dccd	test: fix pairing/daemon assertion drift	2026-02-26 21:24:50 +00:00
Peter Steinberger	a0c5e28f3b	refactor(extensions): use scoped pairing helper	2026-02-26 21:57:52 +01:00
Peter Steinberger	64de4b6d6a	fix: enforce explicit group auth boundaries across channels	2026-02-26 18:49:16 +01:00
Peter Steinberger	cd80c7e7ff	refactor: unify dm policy store reads and reason codes	2026-02-26 17:47:57 +01:00
Peter Steinberger	273973d374	refactor: unify typing dispatch lifecycle and policy boundaries	2026-02-26 17:36:16 +01:00
Peter Steinberger	37a138c554	fix: harden typing lifecycle and cross-channel suppression	2026-02-26 17:01:09 +01:00
Peter Steinberger	57334cd7d8	refactor: unify channel/plugin ssrf fetch policy and auth fallback	2026-02-26 16:44:13 +01:00
Peter Steinberger	2e97d0dd95	fix: finalize teams file-consent timeout landing (#27641 ) (thanks @scz2011)	2026-02-26 15:42:08 +00:00
AI Assistant	773ab319ef	fix(msteams): Fix code formatting Remove trailing whitespace to pass oxfmt format check.	2026-02-26 15:42:08 +00:00
AI Assistant	ecbb3bcc1a	fix(msteams): Fix test timing for async file upload handling Update tests to properly wait for async file upload operations: - Use vi.waitFor() to wait for async upload completion in success case - Use vi.waitFor() to wait for error message in cross-conversation case - Add setTimeout delay for decline case to ensure async handler completes - Adjust assertion order to match new execution flow (invokeResponse first) The tests were failing because the file upload now happens asynchronously after sending the invokeResponse, so we need to explicitly wait for the async operations to complete before making assertions.	2026-02-26 15:42:08 +00:00
AI Assistant	09f4abdd61	fix(msteams): Send invokeResponse immediately to prevent Teams timeout (#27632 ) Fix file upload 'Something went wrong' error by sending the invoke acknowledgement before performing the file upload, rather than after. Changes: - Move invokeResponse to fire immediately upon receiving fileConsent/invoke - Handle file upload asynchronously without blocking the response - Update test to wait for async upload completion using vi.waitFor This prevents Teams from timing out while waiting for the HTTP 200 acknowledgement during slow file uploads to OneDrive. Fixes #27632	2026-02-26 15:42:08 +00:00
Peter Steinberger	051fdcc428	fix(security): centralize dm/group allowlist auth composition	2026-02-26 16:35:33 +01:00
Peter Steinberger	892a9c24b0	refactor(security): centralize channel allowlist auth policy	2026-02-26 13:06:33 +01:00

1 2 3 4

156 Commits