vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-14 03:20:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,050 Commits 707 Branches 77 Tags
04aa856fc02f7c8b82ee8ad17829fe4e94a46d64
Commit Graph

15050 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
joshavant
04aa856fc0 Onboard: require explicit mode for env secret refs 2026-02-26 14:47:22 +00:00
joshavant
103d02f98c Auth choice tests: expect env-backed key refs 2026-02-26 14:47:22 +00:00
joshavant
56f73ae080 Auth choice tests: assert env-backed keyRef persistence 2026-02-26 14:47:22 +00:00
joshavant
58590087de Onboard auth: use shared secret-ref helpers 2026-02-26 14:47:22 +00:00
joshavant
7e1557b8c9 Onboard: persist env-backed API keys as secret refs 2026-02-26 14:47:22 +00:00
joshavant
363334253b Secrets migrate: split plan/apply/backup modules 2026-02-26 14:47:22 +00:00
joshavant
4807e40cbd Agents: restore auth.json static scrub during pi auth discovery 2026-02-26 14:47:22 +00:00
joshavant
8e439e2d81 Secrets migrate: ensure unique backup ids per write 2026-02-26 14:47:22 +00:00
joshavant
a74067d00b Secrets migrate: share helpers and narrow env scrub scope 2026-02-26 14:47:22 +00:00
joshavant
f6a854bd37 Secrets: add migrate rollback and skill ref support 2026-02-26 14:47:22 +00:00
joshavant
2e53033f22 Gateway: serialize secrets activation across reload paths 2026-02-26 14:47:22 +00:00
joshavant
fe56700026 Gateway: add manual secrets reload command 2026-02-26 14:47:22 +00:00
joshavant
301fe18909 Agents: inject pi auth storage from runtime profiles 2026-02-26 14:47:22 +00:00
joshavant
6a251d8d74 Auth profiles: resolve keyRef/tokenRef outside gateway 2026-02-26 14:47:22 +00:00
joshavant
5ae367aadd Tests: stub discoverAuthStorage in model catalog mocks 2026-02-26 14:47:22 +00:00
joshavant
cec404225d Auth labels: handle token refs and share Pi credential conversion 2026-02-26 14:47:22 +00:00
joshavant
e1301c31e7 Auth profiles: never persist plaintext when refs are present 2026-02-26 14:47:22 +00:00
joshavant
4c5a2c3c6d Agents: inject pi auth storage from runtime profiles 2026-02-26 14:47:22 +00:00
joshavant
45ec5aaf2b Secrets: keep read-only runtime sync in-memory 2026-02-26 14:47:22 +00:00
joshavant
8e33ebe471 Secrets: make runtime activation auth loads read-only 2026-02-26 14:47:22 +00:00
joshavant
3dbb6be270 Gateway tests: handle async restart callback path 2026-02-26 14:47:22 +00:00
joshavant
1560f02561 Gateway: mark restart callback promise as intentionally detached 2026-02-26 14:47:22 +00:00
joshavant
eb855f75ce Gateway: emit one-shot operator events for secrets degraded/recovered 2026-02-26 14:47:22 +00:00
joshavant
e45729a430 Secrets runtime: include sourceConfig in prepared snapshot type 2026-02-26 14:47:22 +00:00
joshavant
e4915cb107 Secrets: preserve runtime snapshot source refs on write 2026-02-26 14:47:22 +00:00
joshavant
b1533bc80c Gateway: avoid double secrets activation at startup 2026-02-26 14:47:22 +00:00
joshavant
b50c4c2c44 Gateway: add eager secrets runtime snapshot activation 2026-02-26 14:47:22 +00:00
joshavant
2f3b919b94 Config: remove unused extension path helper 2026-02-26 14:47:22 +00:00
joshavant
d00ed73026 Config: enforce source-specific SecretRef id validation 2026-02-26 14:47:22 +00:00
joshavant
c3a4251a60 Config: add secret ref schema and redaction foundations 2026-02-26 14:47:22 +00:00
Vincent Koc
6daf40d3f4 Gemini OAuth: resolve npm global shim install layouts (#27585) 
* Changelog: credit session path fixes

* test(gemini-oauth): cover npm global shim credential discovery

* fix(gemini-oauth): resolve npm global shim install roots
 2026-02-26 09:43:05 -05:00
Peter Steinberger
79659b2b14 fix(browser): land PR #11880 decodeURIComponent guardrails 
Guard malformed percent-encoding in relay target routes and browser dispatcher params, add regression tests, and update changelog.
Landed from contributor @Yida-Dev (PR #11880).

Co-authored-by: Yida-Dev <reyifeijun@gmail.com>
 2026-02-26 14:37:48 +00:00
Harold Hunt
62a248eb99 core(protocol): pnpm protocol:check 2026-02-26 20:03:25 +05:30
Ayaan Zaidi
22b0f36350 fix: add changelog entry for telegram webhook updates (#25732) (thanks @huntharo) 2026-02-26 20:01:50 +05:30
Harold Hunt
dbfdf60a42 fix(telegram): Allow ephemeral webhookPort 2026-02-26 20:01:50 +05:30
Harold Hunt
296210636d fix(telegram): Log bound port if ephemeral (0) is configured 2026-02-26 20:01:50 +05:30
Harold Hunt
840b768d97 Telegram: improve webhook config guidance and startup fallback 2026-02-26 20:01:50 +05:30
Peter Steinberger
5416cabdf8 fix(browser): land PR #21277 dedupe concurrent relay init 
Add shared per-port relay initialization dedupe so concurrent callers await a single startup lifecycle, with regression coverage and changelog entry.
Landed from contributor @HOYALIM (PR #21277).

Co-authored-by: Ho Lim <subhoya@gmail.com>
 2026-02-26 14:30:46 +00:00
Peter Steinberger
65d5a91242 fix(browser): land PR #22571 with safe extension handshake handling 
Bind relay WS message handling before onopen and add non-blocking connect.challenge response support without forcing handshake waits on current relay protocol.
Landed from contributor @pandego (PR #22571).

Co-authored-by: pandego <7780875+pandego@users.noreply.github.com>
 2026-02-26 14:26:14 +00:00
Peter Steinberger
ce833cd6de fix(browser): land PR #24142 flush relay pending timers on stop 
Flush pending extension request timers/rejections during relay shutdown and document in changelog.
Landed from contributor @kevinWangSheng (PR #24142).

Co-authored-by: Shawn <118158941+kevinWangSheng@users.noreply.github.com>
 2026-02-26 14:20:43 +00:00
Peter Steinberger
42cf32c386 fix(browser): land PR #26015 query-token auth for /json relay routes 
Align relay HTTP /json auth with websocket auth by accepting query-param tokens, add regression coverage, and update changelog.
Landed from contributor @Sid-Qin (PR #26015).

Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
 2026-02-26 14:17:41 +00:00
张哲芳
77a3930b72 fix(gateway): allow cron commands to use gateway.remote.token (#27286) 
* fix(gateway): allow cron commands to use gateway.remote.token

* fix(gateway): make local remote-token fallback effective

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-26 14:17:30 +00:00
Peter Steinberger
4c75eca580 fix(browser): land PR #23962 extension relay CORS fix 
Reworks browser relay CORS handling for extension-origin preflight and JSON responses, adds regression tests, and updates changelog.
Landed from contributor @miloudbelarebia (PR #23962).

Co-authored-by: Miloud Belarebia <miloudbelarebia@users.noreply.github.com>
 2026-02-26 14:14:30 +00:00
Peter Steinberger
081b1aa1ed refactor(gateway): unify v3 auth payload builders and vectors 2026-02-26 15:08:50 +01:00
Peter Steinberger
8315c58675 refactor(auth-profiles): unify coercion and add rejected-entry diagnostics 2026-02-26 14:42:11 +01:00
Peter Steinberger
96aad965ab fix: land NO_REPLY announce suppression and auth scope assertions 
Landed follow-up for #27535 and aligned shared-auth gateway expectations after #27498.

Co-authored-by: kevinWangSheng <118158941+kevinWangSheng@users.noreply.github.com>
 2026-02-26 13:40:58 +00:00
SidQin-cyber
eb9a968336 fix(slack): suppress NO_REPLY before Slack API call 
Guard sendMessageSlack against NO_REPLY tokens reaching the Slack API,
which caused truncated push notifications before the reply filter could
intercept them.

Made-with: Cursor
(cherry picked from commit fab9b52039)
 2026-02-26 13:40:58 +00:00
Kevin Shenghui
9c142993b8 fix: preserve operator scopes for shared auth connections 
When connecting via shared gateway token (no device identity),
the operator scopes were being cleared, causing API operations
to fail with 'missing scope' errors.

This fix preserves scopes when sharedAuthOk is true, allowing
headless/API operator clients to retain their requested scopes.

Fixes #27494

(cherry picked from commit c71c8948bd)
 2026-02-26 13:40:58 +00:00
Ubuntu
0ab5f4c43b fix: enable store=true for Azure OpenAI Responses API 
Azure OpenAI endpoints were not recognized by shouldForceResponsesStore(),
causing store=false to be sent with all Azure Responses API requests.
This broke multi-turn conversations because previous_response_id referenced
responses that Azure never stored.

Add "azure-openai-responses" to the provider whitelist and
*.openai.azure.com to the URL check in isDirectOpenAIBaseUrl().

Fixes #27497

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
(cherry picked from commit 185f3814e9)
 2026-02-26 13:40:58 +00:00
SidQin-cyber
71e45ceecc fix(sessions): add fix-missing cleanup path for orphaned store entries 
Introduce a sessions cleanup flag to prune entries whose transcript files are missing and surface the exact remediation command from doctor to resolve missing-transcript deadlocks.

Made-with: Cursor
(cherry picked from commit 690d3d596b)
 2026-02-26 13:40:58 +00:00