vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 14:20:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
42,150 Commits 1,843 Branches 149 Tags
034122bdc6d97c851f3521881c32434e7df5bfc4
Commit Graph

40 Commits

Author SHA1 Message Date
the sun gif man
d4b4660026 config: stop automatic writes and guard Nix mutators (#78047) 
Keep startup-derived plugin enablement, gateway auth tokens, control UI origins, and owner-display secrets runtime-only instead of persisting them into openclaw.json.

Refuse config writers, mutating update/plugin lifecycle commands, and doctor repair/token generation in Nix mode with agent-first nix-openclaw guidance.

Verification:
- pnpm check
- pnpm build
- pnpm test -- src/config/io.write-config.test.ts src/config/mutate.test.ts src/config/io.owner-display-secret.test.ts src/gateway/server-startup-config.recovery.test.ts src/gateway/startup-auth.test.ts src/gateway/startup-control-ui-origins.test.ts src/cli/plugins-cli.install.test.ts src/cli/plugins-cli.policy.test.ts src/cli/plugins-cli.uninstall.test.ts src/cli/plugins-cli.update.test.ts src/cli/update-cli.test.ts src/auto-reply/reply/commands-plugins.install.test.ts src/auto-reply/reply/commands-plugins.test.ts src/commands/onboarding-plugin-install.test.ts src/commands/doctor.runs-legacy-state-migrations-yes-mode-without.e2e.test.ts src/commands/doctor/shared/codex-route-warnings.test.ts src/commands/doctor/repair-sequencing.test.ts src/agents/auth-profile-runtime-contract.test.ts src/auto-reply/reply/agent-runner-execution.test.ts
- GitHub CI green on 05a2c71b90

Co-authored-by: Codex <noreply@openai.com>
 2026-05-06 14:43:32 +02:00
Peter Steinberger
2eaf8ad712 feat(plugins): support npm pack installs 2026-05-06 09:16:49 +01:00
Vincent Koc
417660b662 docs(plugins): explain catalog install trust 2026-05-04 11:31:29 -07:00
Vincent Koc
daefb5e341 fix(plugins): trust catalog package installs 2026-05-04 11:30:36 -07:00
Vincent Koc
51d3ec7395 fix(plugins): recover source-only install shadows 2026-05-04 03:26:54 -07:00
Vincent Koc
54300e5270 fix(plugins): quiet official npm install scan warnings 2026-05-04 02:40:55 -07:00
Vincent Koc
2a22eb68aa fix(plugins): require provenance for official npm trust 
Require OpenClaw-owned install provenance before granting official npm plugin scanner trust. Direct npm package names now scan normally; catalog, onboarding, and doctor paths pass explicit provenance.\n\nValidation:\n- pnpm test:serial src/plugins/install.npm-spec.test.ts src/cli/plugins-cli.install.test.ts src/commands/onboarding-plugin-install.test.ts src/commands/doctor/shared/missing-configured-plugin-install.test.ts src/channels/plugins/contracts/channel-catalog.contract.test.ts src/commands/auth-choice.apply.plugin-provider.test.ts\n- pnpm test:serial src/plugins/install.test.ts src/plugins/provider-auth-choices.test.ts src/plugins/provider-install-catalog.test.ts src/commands/channel-setup/plugin-install.test.ts\n- pnpm exec oxfmt --check --threads=1 ...\n- node scripts/run-oxlint.mjs ...\n- Crabbox cbx_6157440c9bbe / run_cbd813956eed: pnpm check:changed passed\n\nThanks @fede-kamel and @vincentkoc.
 2026-05-02 23:30:45 -07:00
Bek
411df59916 fix(plugins): resolve official plugin install aliases 
Resolve bare official external plugin IDs through the official catalog before generic npm fallback, preserving explicit npm semantics and catalog integrity through the hook-pack fallback.\n\nFixes #76373.\n\nThanks @bek91 and @vincentkoc.
 2026-05-02 22:27:13 -07:00
Vincent Koc
cf21bcf9bf fix(plugins): keep bare installs on npm for launch 2026-05-02 12:00:06 -07:00
Vincent Koc
e9e7c4325f fix(plugins): gate bare clawhub installs on readiness 2026-05-02 11:25:39 -07:00
Vincent Koc
7fae11b3b1 fix(plugins): persist clawhub artifact metadata 2026-05-02 10:17:19 -07:00
Peter Steinberger
eee3aeae00 [codex] add Crestodian plugin management (#75869) 
Summary:
- The branch adds ClawHub plugin search and Crestodian plugin list/search/install/uninstall flows, with docs, changelog, tests, runtime injection, and regenerated config baseline hashes.
- Reproducibility: not applicable. as a bug reproduction request. The high-confidence verification path is cur ... surface search plus exact-head diff/source inspection against the PR's targeted tests and queued CI checks.

ClawSweeper fixups:
- Included follow-up commit: Repair Crestodian plugin management config schema drift

Validation:
- ClawSweeper review passed for head c29cda6005.
- Required merge gates passed before the squash merge.

Prepared head SHA: c29cda6005
Review: https://github.com/openclaw/openclaw/pull/75869#issuecomment-4362360704

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
 2026-05-02 03:12:38 +00:00
Vincent Koc
0aa8022e88 refactor(plugins): rename clawhub storepack metadata to clawpack 2026-05-01 17:32:22 -07:00
Vincent Koc
20e8769d93 feat(plugins): persist clawhub storepack metadata 2026-05-01 17:05:47 -07:00
Peter Steinberger
7ddf28c0d4 feat: support git plugin installs 2026-05-01 10:59:10 +01:00
Peter Steinberger
e27fe55aa8 refactor: simplify plugin cache boundaries 2026-04-29 04:33:15 +01:00
Shakker
a48ffda7f7 chore: trace plugin lifecycle phases 2026-04-28 18:03:01 +01:00
Vincent Koc
bab403d0ee fix(plugins): avoid bundled install load path aliases 2026-04-28 01:26:21 -07:00
Peter Steinberger
6956e8406d fix: honor profile plugin install roots 2026-04-27 14:30:12 +01:00
Peter Steinberger
3af34316f2 fix: preserve clawhub install selectors 2026-04-27 10:25:21 +01:00
Peter Steinberger
cb9955dd5c fix: support npm-only plugin installs 2026-04-27 10:16:59 +01:00
Vincent Koc
caba05b94a fix(plugins): harden bundled install/uninstall sweep 
Fix bundled plugin install/uninstall sweep coverage and avoid persisting invalid placeholder config for config-gated bundled plugins.
 2026-04-27 01:57:40 -07:00
Peter Steinberger
9510906669 fix: stop hook fallback after security blocks 2026-04-27 08:55:38 +01:00
Peter Steinberger
6bc5fe6952 fix: harden plugin install and uninstall transactions 2026-04-26 10:27:23 +01:00
Gustavo Madeira Santana
a197b544fe fix(doctor): route setup doctor discovery (#69919) 
Merged via squash.

Prepared head SHA: 90c7067941
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-21 23:40:22 -04:00
Mason Huang
3d2f51c0a4 CLI/plugins: stop forced-unsafe installs from falling back to hook packs (#58909) 
Merged via squash.

Prepared head SHA: 7cf146efb6
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-15 13:23:17 +08:00
Vincent Koc
74e7b8d47b fix(cycles): bulk extract leaf type surfaces 2026-04-11 13:26:50 +01:00
Peter Steinberger
6b003a7f2b refactor(cli): reuse install safety overrides 2026-04-04 12:35:58 +09:00
Peter Steinberger
41e16a883b fix(cli): honor unsafe override for linked installs 2026-04-04 12:22:49 +09:00
Gustavo Madeira Santana
9004ef65df Plugins: add install --force overwrite flag (#60544) 
Merged via squash.

Prepared head SHA: 28ae50b615
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-03 18:09:14 -04:00
Peter Steinberger
ab96520bba refactor(plugins): move channel behavior into plugins 2026-04-03 19:09:20 +01:00
Peter Steinberger
0d7f1e2c84 feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Peter Steinberger
44b9936136 feat(plugins): add dangerous unsafe install override 2026-03-31 23:16:11 +09:00
Peter Steinberger
fd0fa97952 refactor: centralize plugin install config policy 2026-03-23 23:07:40 -07:00
Catalin Lupuleti
cbb11b3662 fix(plugins): address review feedback for Matrix recovery paths (#52899) 2026-03-23 22:16:10 -07:00
Catalin Lupuleti
489797ceaf fix(plugins): address review feedback for Matrix recovery paths (#52899) 
1. Narrow loadConfigForInstall() to catch only INVALID_CONFIG errors,
   letting real failures (fs permission, OOM) propagate.
2. Assert allow array is properly cleaned in stale-cleanup test.
3. Add comment clarifying version-resolution is already addressed via
   the shared VERSION constant.
4. Run cleanStaleMatrixPluginConfig() during install so
   persistPluginInstall() → writeConfigFile() does not fail validation
   on stale Matrix load paths.
 2026-03-23 22:16:10 -07:00
Catalin Lupuleti
3ae100a8d7 fix(plugins): make Matrix recovery paths tolerate stale plugin config (#52899) 2026-03-23 22:16:10 -07:00
Peter Steinberger
5696e24c3f refactor(cli): use typed clawhub fallback decisions 2026-03-22 12:02:52 -07:00
Peter Steinberger
145e514bb5 refactor(cli): share plugin install persistence 2026-03-22 12:02:52 -07:00
Peter Steinberger
5920ea838d refactor(cli): extract plugin install and update commands 2026-03-22 12:02:52 -07:00