vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 06:20:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
42,218 Commits 1,843 Branches 149 Tags
05f117aae288af08ef60487ea00a6614e1d9fa4b
Commit Graph

42218 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
05f117aae2 test: clarify unit fast forced routing assertion 2026-05-08 07:41:09 +01:00
Peter Steinberger
6bb3678fd9 test: clarify plugin extension boundary assertions 2026-05-08 07:39:54 +01:00
Jesse Merhi
297a164536 Highlight exec command risks in Web approvals (#77153) 
Summary:
- Adds parser-derived exec approval command-span metadata through host registration, gateway validation, generated Swift models, Control UI parsing/rendering, tests, and changelog.
- Reproducibility: not applicable. this is a feature PR rather than a bug report. The before/after behavior is ... rom current main’s plain command rendering to PR-head span generation, validation, and Web rendering tests.

Automerge notes:
- PR branch already contained follow-up commit before automerge: refactor: use neutral exec command spans
- PR branch already contained follow-up commit before automerge: refactor: simplify exec command span extraction
- PR branch already contained follow-up commit before automerge: refactor: inline approval command span params
- PR branch already contained follow-up commit before automerge: fix: keep exec approval spans lazy
- PR branch already contained follow-up commit before automerge: build: refresh exec approval protocol models
- PR branch already contained follow-up commit before automerge: Highlight exec command risks in Web approvals

Validation:
- ClawSweeper review passed for head 8d9977eb53.
- Required merge gates passed before the squash merge.

Prepared head SHA: 8d9977eb53
Review: https://github.com/openclaw/openclaw/pull/77153#issuecomment-4368769228

Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
 2026-05-08 06:38:41 +00:00
Peter Steinberger
132bcebe41 fix: keep gemini config normalization acyclic 2026-05-08 07:33:51 +01:00
Peter Steinberger
b81033d7d8 fix: normalize gemini 3.1 config writes 2026-05-08 07:26:42 +01:00
Peter Steinberger
4fe12fc099 test: clarify block chunker length assertion 2026-05-08 07:16:07 +01:00
Peter Steinberger
f8e34422ea test: clarify cross-os suite filter assertion 2026-05-08 07:14:45 +01:00
Peter Steinberger
fb38bcb356 test: clarify bundled plugin prefix assertions 2026-05-08 07:12:48 +01:00
Peter Steinberger
5cf4969911 test: clarify plugin prerelease lane assertion 2026-05-08 07:11:25 +01:00
Peter Steinberger
d7f566b267 test: clarify sandbox fs bridge shell assertions 2026-05-08 07:10:03 +01:00
Peter Steinberger
151e61cadf test: clarify discord unresolved allowlist assertion 2026-05-08 07:08:03 +01:00
Peter Steinberger
eaad397981 test: clarify discord wildcard id assertion 2026-05-08 07:06:46 +01:00
Peter Steinberger
350889dd75 test: clarify ci shard plan assertions 2026-05-08 07:05:05 +01:00
Peter Steinberger
a4796c47e4 test: clarify plugin runtime path assertions 2026-05-08 07:03:27 +01:00
Peter Steinberger
d85942284c test: clarify embedding chunk limit failures 2026-05-08 07:02:27 +01:00
Peter Steinberger
c6b07d2f32 test: tighten acp session cwd assertions 2026-05-08 07:00:54 +01:00
Peter Steinberger
6e67a6374b test: dedupe model resolution assertions 2026-05-08 06:59:08 +01:00
Jesse Merhi
a9377fe667 Harden browser download output writes (#78780) 
Summary:
- The PR exports `ensureAbsoluteDirectory` through the fs-safe/SDK runtime facades and routes browser download ... through safe output directory/file helpers with focused tests, a changelog entry, and SDK API hash updates.
- Reproducibility: yes. at source level: current main creates browser download/output roots with raw recursive ... jection coverage for that path. I did not run a live browser runtime reproduction in this read-only review.

Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(browser): use fs-safe output directory helper
- PR branch already contained follow-up commit before automerge: docs(changelog): mention browser fs-safe hardening
- PR branch already contained follow-up commit before automerge: fix(browser): harden download output writes

Validation:
- ClawSweeper review passed for head a9c9570f66.
- Required merge gates passed before the squash merge.

Prepared head SHA: a9c9570f66
Review: https://github.com/openclaw/openclaw/pull/78780#issuecomment-4394146682

Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
 2026-05-08 05:57:23 +00:00
Peter Steinberger
ab192eb3f0 test: tighten helper assertion guards 2026-05-08 06:56:38 +01:00
Peter Steinberger
c9053ff208 fix(pairing): preserve narrowed token scopes on upgrade (#79206) 
* fix(pairing): preserve narrowed token scopes on upgrade

* fix(pairing): require pending scopes for approval

* fix(pairing): type approval scope merge
 2026-05-08 06:54:07 +01:00
sallyom
07e8aecb39 fix: speed up status json channel detection 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-05-08 01:51:01 -04:00
Peter Steinberger
d29201fe4f docs: clarify BlueBubbles to imsg migration 2026-05-08 06:49:37 +01:00
Peter Steinberger
fc1d238909 fix: normalize gemini 3.1 config refs 2026-05-08 06:48:36 +01:00
Peter Steinberger
e7391fc2b6 fix(gateway): ignore malformed node catalog capabilities (#79205) 2026-05-08 06:47:36 +01:00
sallyom
eebbe41da2 fix(gateway): allow no-auth backend self-pairing 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-05-08 01:42:46 -04:00
Ava Daigo
f29efde73a fix(gateway): scoped no-auth local backend bypass (#75781) 
When gateway.auth.mode is 'none', the local backend self-pairing skip was
gated on sharedAuthOk, which stays false for no-auth mode. The missing-device
handler still rejected with 1008: device identity required.

Fix: shouldSkipLocalBackendSelfPairing now bypasses sharedAuthOk entirely
when authMethod is 'none' and the connection is local (direct_local or
shared_secret_loopback_local) without browser origin. Remote and
browser-originated connections still require proper device auth.

ClawSweeper P1: Make the none-auth backend bypass reachable
ClawSweeper P2: Test the reachable none-auth connect state

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-08 01:42:46 -04:00
Peter Steinberger
fd08fd0b1f fix(ui): read exec security from tools config (#79207) 2026-05-08 06:41:02 +01:00
Peter Steinberger
089dd91d69 test: tighten remaining defined assertions 2026-05-08 06:40:27 +01:00
Peter Steinberger
bd3f09e969 fix(doctor): avoid duplicate gateway runtime warnings (#79203) 2026-05-08 06:39:44 +01:00
Peter Steinberger
0a6818bbb5 test: finish exact function assertion cleanup 2026-05-08 06:38:25 +01:00
Peter Steinberger
948ba9e7cb test: guard extension callback captures 2026-05-08 06:34:45 +01:00
Peter Steinberger
a360aa3c8c fix(gateway): require owner auth for managed image media (#79204) 2026-05-08 06:34:11 +01:00
Peter Steinberger
24f9f4455b test: invoke matrix entry hooks 2026-05-08 06:32:40 +01:00
Peter Steinberger
765ca52915 test: invoke whatsapp setup validators 2026-05-08 06:31:10 +01:00
Peter Steinberger
0f31b6424e test: tighten proxy fetch assertions 2026-05-08 06:28:56 +01:00
Peter Steinberger
6eae017dd6 fix(agents): route pi default streams through transport (#79201) 2026-05-08 06:27:46 +01:00
Peter Steinberger
03c41eac2d test: invoke auth and reply callbacks 2026-05-08 06:26:42 +01:00
Gio Della-Libera
bc735f4fde feat(workspace): oc-path addressing substrate + openclaw path CLI (md/jsonc/jsonl/yaml) (#78678) 
Implements #78051 — oc:// addressing substrate for workspace files.

New src/oc-path/ substrate (parser/formatter, per-kind parse+emit for
md/jsonc/jsonl/yaml, universal resolveOcPath/setOcPath/findOcPaths verbs,
sentinel emit guard) + openclaw path resolve|find|set|validate|emit CLI +
docs/cli/path.md reference page + CHANGELOG entry.

Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: galiniliev <5711535+galiniliev@users.noreply.github.com>
 2026-05-07 22:26:28 -07:00
Peter Steinberger
11d0c5e42a test: invoke captured test callbacks 2026-05-08 06:23:20 +01:00
Peter Steinberger
41c5990d13 fix(auto-reply): resolve scp from path for media staging (#79202) 2026-05-08 06:20:37 +01:00
Peter Steinberger
8af475d9be test: tighten function-shape assertions 2026-05-08 06:19:37 +01:00
Peter Steinberger
6a07855d5a test: type msteams monitor mocks 2026-05-08 06:18:36 +01:00
Peter Steinberger
48ff229a82 test(msteams): type lifecycle mocks 2026-05-08 06:14:53 +01:00
Peter Steinberger
87f9d5dbae test: align media temp path assertions 2026-05-08 06:10:06 +01:00
Peter Steinberger
d4eb40248a fix: normalize gemini 3 pro preview config 2026-05-08 06:08:58 +01:00
Pavan Kumar Gondhi
ff80167e5a fix(discord): gate user allowlist name resolution [AI] (#79002) 
* fix: gate discord user allowlist name resolution

* docs: add changelog entry for PR merge
 2026-05-08 10:38:39 +05:30
Pavan Kumar Gondhi
c1edfafa3e fix(msteams): gate startup user allowlist resolution [AI] (#79003) 
* fix: gate msteams user allowlist name resolution

* addressing codex review

* docs: add changelog entry for PR merge
 2026-05-08 10:38:05 +05:30
Peter Steinberger
8fc53e7937 fix: satisfy shell inline lint 2026-05-08 06:03:24 +01:00
Peter Steinberger
5ed1cfc15c docs: keep qa broker notes internal 2026-05-08 06:01:23 +01:00
Peter Steinberger
c659590d22 fix: restore external file write helper 2026-05-08 06:01:23 +01:00