vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-21 06:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,118 Commits 1,381 Branches 113 Tags
0711cb4a05f3db7fe3901e533b862391006597ce
Commit Graph

24118 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
0711cb4a05 fix(hooks): reduce registration log noise 2026-03-31 14:59:22 +01:00
Peter Steinberger
dc0e0b0f68 docs(security): mark shared-secret HTTP auth as designed 2026-03-31 22:58:09 +09:00
Jacob Tomlinson
a4d72a83f0 fix(tlon): preserve explicit empty settings during migration (#58370) 2026-03-31 14:57:03 +01:00
Peter Steinberger
c1ea0ae9c8 build: update deps and align pi sdk usage 2026-03-31 22:56:20 +09:00
Peter Steinberger
cbfeecfab4 fix(gateway): restore shared-secret HTTP tool invoke auth 2026-03-31 22:55:15 +09:00
Jacob Tomlinson
0c83754246 Exec approvals: reject shell init-file script matches (#58369) 2026-03-31 14:53:43 +01:00
Vincent Koc
0ed4f8a72b fix(media): reject oversized image inputs before decode (#58226) 
* fix(media): cap oversized image inputs

* chore(changelog): add media input guard note

* fix(media): address input guard review feedback

* fix(media): fail closed on unknown sips dimensions

* fix(media): avoid sips fallback in input guard
 2026-03-31 22:52:55 +09:00
Vincent Koc
aaf6077f27 test(telegram): skip session persistence in message-context harness 2026-03-31 22:51:25 +09:00
Vincent Koc
4ee742174f fix(nostr): verify inbound dm signatures before pairing replies (#58236) 
* fix(nostr): verify inbound dm signatures before pairing

* fix(nostr): authorize senders before rate limiting

* test(nostr): cover pending auth rate-limit starvation

* fix(nostr): rate limit oversized inbound ciphertext

* fix(nostr): dedupe blocked inbound replays

* fix(nostr): rate limit before auth work
 2026-03-31 22:51:22 +09:00
Peter Steinberger
5fc8f6ca8f test: align targeted channel batching expectation 2026-03-31 14:49:04 +01:00
Vincent Koc
29b9310319 fix(scripts): normalize bundled entry paths and planner counts 2026-03-31 22:47:12 +09:00
Vincent Koc
3be08454f4 test(telegram): narrow resolve-media retry imports 2026-03-31 22:45:39 +09:00
Vincent Koc
91115cdf61 test(telegram): stub menu sync in command harness 2026-03-31 22:31:12 +09:00
Vincent Koc
2df86cce1c refactor(telegram): narrow native command reply dispatch seam 2026-03-31 22:28:53 +09:00
Peter Steinberger
5a93344d82 fix: ship bundled runtime support packages 2026-03-31 14:25:32 +01:00
Vincent Koc
5b7443d175 perf(whatsapp): narrow reply chunking imports 2026-03-31 22:25:14 +09:00
Peter Steinberger
e7e383b7cf build: exclude @mariozechner packages from pnpm release age 2026-03-31 22:23:30 +09:00
Vincent Koc
ff36bc314d test(telegram): use shared delivery mock in registry test 2026-03-31 22:18:29 +09:00
Vincent Koc
3f2fb73cfe perf(slack): avoid module resets in outbound adapter test 2026-03-31 22:13:39 +09:00
Frank Yang
dbe6663c34 fix(qqbot): align speech schema and setup validation (#58253) 
* fix(qqbot): align speech schema and setup validation

* fix(qqbot): preserve use-env setup flow

* fix(qqbot): reject use-env on named accounts

* fix(qqbot): restore default account schema support
 2026-03-31 21:11:45 +08:00
Gustavo Madeira Santana
8dbba7d17c fix(scripts/pr): make cleanup worktree-safe 2026-03-31 09:07:42 -04:00
Gustavo Madeira Santana
27b9665871 chore: clarify test performance guardrail 2026-03-31 09:07:42 -04:00
Vincent Koc
d369c9373b perf(whatsapp): avoid module resets in poll adapter test 2026-03-31 22:06:01 +09:00
Vincent Koc
37099dae3e fix(ci): restore matrix monitor import guards and windows npm exit codes 2026-03-31 22:04:35 +09:00
Vincent Koc
35072c4751 perf(discord): avoid broad send barrel in webhook activity test 2026-03-31 22:02:01 +09:00
Vincent Koc
675b80c4a4 perf(slack): narrow send chunking imports 2026-03-31 21:58:00 +09:00
Gustavo Madeira Santana
4ea1ca4849 Sessions: parse thread suffixes by channel (#58100) 
Merged via squash.

Prepared head SHA: 2829b9c5b5
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 08:54:16 -04:00
Vincent Koc
11590eb6ce fix(ci): restore dotenv trust boundary and windows npm exit handling 2026-03-31 21:51:17 +09:00
Gustavo Madeira Santana
3ceec929df Matrix: narrow monitor runtime seam 2026-03-31 08:46:53 -04:00
Vincent Koc
7710579a82 perf(telegram): narrow native command import surface 2026-03-31 21:43:16 +09:00
Vincent Koc
b19e28a85e fix(telegram): lazy-load sticker vision model lookup 2026-03-31 21:31:05 +09:00
Vincent Koc
dba96e7507 fix(discord): gate voice ingress by allowlists (#58245) 
* fix(discord): gate voice ingress by allowlists

* fix(discord): preserve voice allowlist context

* fix(discord): fetch guild metadata for voice allowlists

* fix(discord): reuse voice speaker context

* fix(discord): preserve cached speaker context

* fix(discord): tighten voice ingress authorization
 2026-03-31 21:29:13 +09:00
Vincent Koc
25a3d37970 fix(ci): restore matrix guardrails and windows exec shim 2026-03-31 21:27:43 +09:00
Gustavo Madeira Santana
f8af407c86 build: pin axios to 1.13.6 
Pin axios through pnpm overrides and collapse the lockfile to a single
1.13.6 resolution.

This avoids accidental adoption of the compromised axios releases called
out in the ongoing supply chain attack reports while upstream guidance
settles.
 2026-03-31 08:27:00 -04:00
Vincent Koc
4d912e0451 fix(exec): block proxy-style env overrides (#58202) 
* fix(exec): block proxy-style env overrides

* fix(exec): keep trusted host proxy env inherited

* fix(exec): block git tls override env vars

* fix(skills): block dangerous env override keys
 2026-03-31 21:25:36 +09:00
Gustavo Madeira Santana
28bb8c600e Matrix: narrow thread binding runtime seam 2026-03-31 08:12:46 -04:00
Gustavo Madeira Santana
305977571d Matrix: narrow storage and routing imports 2026-03-31 08:12:46 -04:00
Vincent Koc
e6441760d2 test(telegram): normalize message-context timing inputs 2026-03-31 21:10:43 +09:00
Vincent Koc
415e7d941b test(slack): remove slash metadata polling 2026-03-31 21:02:06 +09:00
Vincent Koc
730ba40763 fix(exec): unwrap arch and xcrun dispatch wrappers (#58203) 
* fix(exec): unwrap arch and xcrun dispatch wrappers

* fix(infra): scope arch wrapper unwrapping to macos

* fix(exec): scope arch wrapper unwrapping to macos

* fix(infra): validate macos arch wrapper selectors

* test(infra): cover invalid arch name wrappers
 2026-03-31 21:00:14 +09:00
Jacob Tomlinson
2ce44ca6a1 fix(plugins): guard marketplace archive downloads (#58267) 
* Plugins: guard marketplace archive downloads

* Plugins: harden marketplace download cleanup

* Plugins: bound marketplace archive downloads

* Plugins: harden marketplace archive failures

* Plugins: reject drive-relative marketplace archives

* Plugins: stream marketplace archive downloads
 2026-03-31 12:59:42 +01:00
Mariano
607076d164 ClawFlow: add runtime substrate (#58336) 
Merged via squash.

Prepared head SHA: 6a6158179e
Reviewed-by: @mbelinky
 2026-03-31 13:58:29 +02:00
Vincent Koc
f2d4089ca2 test(discord): remove monitor polling overhead 2026-03-31 20:56:37 +09:00
Vincent Koc
334085fbe9 test(channels): inject telegram reply pipeline for dispatch tests 2026-03-31 20:54:30 +09:00
Vincent Koc
5474796735 docs(security): clarify acpx yolo mode 2026-03-31 20:54:30 +09:00
pgondhi987
d8c68c8d42 fix: migrate Telegram pairing allowFrom to default account only (#58165) 
* fix: migrate Telegram pairing allowFrom to default account only

* fix: address PR review feedback

* fix: address PR review feedback
 2026-03-31 12:51:38 +01:00
Vincent Koc
62c28c0708 test(discord): isolate ACP binding routing seam 2026-03-31 20:49:31 +09:00
Vincent Koc
b4ac69c652 docs(acp): align approval policy wording 2026-03-31 20:49:31 +09:00
Vincent Koc
cd5179314d fix(acp): use semantic approval classes 2026-03-31 20:49:31 +09:00
Gustavo Madeira Santana
d077faab1a Matrix: narrow monitor runtime imports 2026-03-31 07:29:47 -04:00