vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-15 20:10:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,654 Commits 744 Branches 80 Tags
05ab14708153eb9d63d64fecd337313b793bd4cc
Commit Graph

793 Commits

Author SHA1 Message Date
Dinakar Sarbada
1953b938e3 test(heartbeat): update runner tests to match current implementation 2026-02-16 23:51:05 +01:00
smartprogrammer93
6d2e3685d6 feat(tools): add URL allowlist for web_search and web_fetch 
Add optional urlAllowlist config at tools.web level that restricts which
URLs can be accessed by web tools:

- Config types (types.tools.ts): Add urlAllowlist?: string[] to tools.web
- Zod schema: Add urlAllowlist field to ToolsWebSchema
- Schema help: Add help text for the new config fields
- web_search: Filter Brave search results by allowlist (provider=brave)
- web_fetch: Block URLs not matching allowlist before fetching
- ssrf.ts: Export normalizeHostnameAllowlist and matchesHostnameAllowlist

URL matching supports:
- Exact domain match (example.com)
- Wildcard patterns (*.github.com)

When urlAllowlist is not configured, all URLs are allowed (backwards compatible).

Tests: Add web-tools.url-allowlist.test.ts with 23 tests covering:
- URL allowlist resolution from config
- Wildcard pattern matching
- web_fetch error response format
- Brave search result filtering
 2026-02-16 23:50:18 +01:00
Jean Carlos Nunez
c08e8c0359 correct format 2026-02-16 23:49:58 +01:00
Jean Carlos Nunez
a0191426dc clean code - delete message 2026-02-16 23:49:58 +01:00
Jean Carlos Nunez
f476c8b48b Fix #12767: Heartbeat strip responsePrefix before HEARTBEAT_OK suppression 2026-02-16 23:49:58 +01:00
Sk Akram
e5eb5b3e43 feat: add stuck loop detection and exponential backoff infrastructure for agent polling (#17118) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: eebabf679b
Co-authored-by: akramcodez <179671552+akramcodez@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-16 15:16:35 -05:00
Vignesh Natarajan
1f99d82712 test (heartbeat): relax brittle reply option assertions 2026-02-16 11:57:32 -08:00
Shadow
3646625dc1 Infra: skip Discord text exec approvals 2026-02-16 13:53:12 -06:00
Shadow
72e228e14b Heartbeat: allow suppressing tool warnings (#18497) 
* Heartbeat: allow suppressing tool warnings

* Changelog: note heartbeat tool-warning suppression
 2026-02-16 13:29:24 -06:00
Peter Steinberger
96eabcbe89 refactor(test): share antigravity usage endpoint fixtures 2026-02-16 18:31:31 +00:00
Peter Steinberger
9c6e879a06 refactor(test): dedupe heartbeat runner e2e scaffolding 2026-02-16 18:09:38 +00:00
Peter Steinberger
d688188864 refactor(tests): share outbound runner and delivery helpers 2026-02-16 17:22:26 +00:00
Peter Steinberger
71111c9978 refactor(tests): dedupe gateway send and threading fixtures 2026-02-16 17:22:26 +00:00
Peter Steinberger
c37f65a449 refactor(tests): share harnesses for cli and monitor fixtures 2026-02-16 17:06:40 +00:00
Mariano
44ef045614 fix(canvas): port remaining iOS branch stability fixes (#18228) 
* fix(canvas): prevent snapshot disconnects on proxied gateways

(cherry picked from commit 2a3c9f746a65f3301c0cfe58ebe6596fed06230f)

* fix(canvas): accept url alias for present and navigate

(cherry picked from commit 674ee86a0b776cbb738add1920a4031246125312)

---------

Co-authored-by: Nimrod Gutman <nimrod.g@singular.net>
 2026-02-16 16:42:28 +00:00
Peter Steinberger
04892ee230 refactor(core): dedupe shared config and runtime helpers 2026-02-16 14:59:30 +00:00
sebslight
b4fa10ae67 refactor(infra): make fetch wrapping idempotent 2026-02-16 08:24:55 -05:00
Jackten
e3e8046a93 fix(infra): avoid detached finally unhandled rejection in fetch wrapper (#18014) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4ec21c89cb
Co-authored-by: Jackten <2895479+Jackten@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-16 08:17:23 -05:00
Peter Steinberger
3fb4a7eb53 test: remove duplicate hook-wake heartbeat empty-file case 2026-02-16 09:44:16 +00:00
Peter Steinberger
7a6928712b test: remove redundant explicit telegram heartbeat target case 2026-02-16 09:43:01 +00:00
Peter Steinberger
9b351fcbd8 test: remove duplicate whatsapp group heartbeat target case 2026-02-16 09:41:50 +00:00
Peter Steinberger
f52805a783 test: reuse heartbeat suite fixtures across cases 2026-02-16 04:10:51 +00:00
Vignesh Natarajan
78277152ca test(heartbeat): cover telegram showOk suppression 2026-02-15 19:35:25 -08:00
Peter Steinberger
6754a926ee fix(pairing): support legacy telegram allowFrom migration 2026-02-16 03:26:07 +00:00
Shadow
a61c2dc4bd Discord: add component v2 UI tool support (#17419) 2026-02-15 21:19:25 -06:00
Peter Steinberger
b6305e9725 test(skills): split installer security coverage 2026-02-16 03:47:28 +01:00
Peter Steinberger
2363e1b085 fix(security): restrict skill download target paths 2026-02-16 03:47:28 +01:00
Peter Steinberger
d1de66b6cf perf: speed up gateway lock tests 2026-02-16 02:45:00 +00:00
Peter Steinberger
4d9e310dad test: strengthen ports, tool policy, and note wrapping 2026-02-16 02:45:00 +00:00
Peter Steinberger
5fe47e7be6 perf(test): fold ports + terminal note suites 2026-02-16 02:45:00 +00:00
Peter Steinberger
cb80901cf9 perf(test): fold cron system event filter into system events suite 2026-02-16 02:45:00 +00:00
Peter Steinberger
58ab60c0fc perf(test): fold tls fingerprint normalization into ssrf suite 2026-02-16 02:44:59 +00:00
Peter Steinberger
cf69907015 fix(security): redact Telegram bot tokens in errors 2026-02-16 03:30:53 +01:00
Peter Steinberger
60ad2c2e96 refactor(device-pairing): share token update context 2026-02-16 02:19:53 +00:00
Peter Steinberger
a881bd41eb refactor(outbound): dedupe plugin outbound context 2026-02-16 01:35:46 +00:00
Peter Steinberger
4aaafe5322 refactor(net): share hostname normalization 2026-02-16 01:01:22 +00:00
Peter Steinberger
d5ee766afe refactor(outbound): dedupe channel handler params 2026-02-16 00:59:42 +00:00
Peter Steinberger
00c91c3678 refactor(outbound): dedupe queued delivery param types 2026-02-16 00:57:28 +00:00
Peter Steinberger
4ab25a2889 refactor(outbound): reuse message gateway call 2026-02-16 00:56:28 +00:00
Peter Steinberger
57d5a8df86 refactor(outbound): dedupe directory list call 2026-02-16 00:54:37 +00:00
Peter Steinberger
b6871d9c0f refactor(outbound): dedupe attachment hydration 2026-02-16 00:52:27 +00:00
Peter Steinberger
dece9e8b07 refactor(update): share package.json readers 2026-02-16 00:41:28 +00:00
Peter Steinberger
fdd0e78d1b perf(test): fold exec approvals socket defaults into main suite 2026-02-16 00:18:27 +00:00
Peter Steinberger
a91bcd2cf4 fix(test): avoid fake-timers hang in gateway lock 2026-02-16 00:18:27 +00:00
Peter Steinberger
70f86e326d refactor(test): reuse shared env snapshots 2026-02-15 23:15:07 +00:00
Peter Steinberger
34b088ede6 perf(test): consolidate infra outbound suites 2026-02-15 23:14:42 +00:00
David Harmeyer
7c822d039b feat(plugins): expose llm input/output hook payloads (openclaw#16724) thanks @SecondThread 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: SecondThread <18317476+SecondThread@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-15 16:01:00 -06:00
Peter Steinberger
8cd20e220f refactor(infra): share jsonl transcript reader 2026-02-15 21:53:12 +00:00
Peter Steinberger
c92bcf24c4 refactor(infra): dedupe device pairing token updates 2026-02-15 21:51:38 +00:00
Peter Steinberger
50abdaf33b refactor(infra): dedupe openclaw root candidate scan 2026-02-15 21:48:46 +00:00