vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 23:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
41,873 Commits 1,843 Branches 149 Tags
0e330c3fa0ed2deb645f3f84186061f361afb5eb
Commit Graph

26 Commits

Author SHA1 Message Date
Vincent Koc
a07d8cbf8a fix(docker): normalize plugin build args 2026-05-04 15:16:22 -07:00
Vincent Koc
7e229f0d3d fix(docker): prune external plugin dist (#77547) 2026-05-04 15:11:14 -07:00
Peter Steinberger
ed8f50f240 refactor: simplify plugin dependency handling 
Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.

Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.
 2026-05-01 21:32:22 +01:00
Sally O'Malley
e8258fd4a6 fix(docker): restore python3 in runtime image (#75417) 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-05-01 00:11:38 -04:00
Yossi Eliaz
619064b6d7 fix(docker): require single primary key before Docker apt GPG pin (#74254) 
Merged via squash.

Fixes #74234.

Prepared head SHA: c09ca96153
Reviewed-by: @sallyom
 2026-04-30 22:47:43 -04:00
Shakker
9c19335276 fix: package bundled runtime deps helper 2026-04-29 21:11:59 +01:00
Peter Steinberger
aa84b738b6 fix(docker): copy postinstall helper imports 2026-04-29 05:25:42 +01:00
Peter Steinberger
e1acb61317 refactor: expose SDK test helper subpaths 2026-04-28 03:28:17 +01:00
Peter Steinberger
18ef83c0da fix(feishu): preserve disabled group policy for explicit groups 2026-04-27 21:55:33 +01:00
Vincent Koc
727927aae0 fix(docker): repair named-volume state directory ownership 
Preserve contributor credit and land the narrowed Docker ownership fix after ProjectClownfish review/follow-up.
 2026-04-27 04:34:35 -07:00
Peter Steinberger
090063bd43 fix(ci): harden cron and Docker validation 2026-04-27 07:59:28 +01:00
Peter Steinberger
2cd23957c0 build: use slim docker runtime 2026-04-26 22:47:48 +01:00
Vincent Koc
abd5ec98ab fix(runtime): harden dependency install surfaces (#71997) 
* fix(runtime): harden dependency surfaces

* fix(runtime): harden dependency install surfaces

* fix(runtime): address dependency surface review

* fix(runtime): address dependency surface review

* fix(channels): avoid read-only plugin loader cycle

* fix(channels): allow optional read-only loader workspace

* test(commands): refresh current main checks

* test(commands): keep provider metadata mock unique

* test(commands): keep doctor security read-only mock unique
 2026-04-26 01:38:21 -07:00
Peter Steinberger
9f4b155c47 fix(docker): include patch files in runtime image 2026-04-26 06:26:37 +01:00
ly85206559
3e60eaa884 fix(docker): verify matrix-sdk-crypto native addon without hardcoded pnpm path (#65608) (#67143) 
Merged via squash.

Prepared head SHA: 325e97ead5
Co-authored-by: ly85206559 <12526624+ly85206559@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-15 11:37:14 -04:00
Peter Steinberger
17085ec1a4 fix: make qa lab docker boot resilient 2026-04-07 09:04:18 +01:00
Gustavo Madeira Santana
7155aa9c15 fix(docker): use built bundled plugins in runtime images (#62316) 
Merged via squash.

Prepared head SHA: c2bbfef188
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-07 02:18:24 -04:00
Peter Steinberger
8e0ab35b0e refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
Josh Avant
a2a9a553e1 Stabilize plugin loader and Docker extension smoke (#50058) 
* Plugins: stabilize Area 6 loader and Docker smoke

* Docker: fail fast on extension npm install errors

* Tests: stabilize loader non-native Jiti boundary CI timeout

* Tests: stabilize plugin loader Jiti source-runtime coverage

* Docker: keep extension deps on lockfile graph

* Tests: cover tsx-cache renamed package cwd fallback

* Tests: stabilize plugin-sdk export subpath assertions

* Plugins: align tsx-cache alias fallback with subpath fallback

* Tests: normalize guardrail path checks for Windows

* Plugins: restrict plugin-sdk cwd fallback to trusted roots

* Tests: exempt outbound-session from extension import guard

* Tests: tighten guardrails and cli-entry trust coverage

* Tests: guard optional loader fixture exports

* Tests: make loader fixture package exports null-safe

* Tests: make loader fixture package exports null-safe

* Tests: make loader fixture package exports null-safe

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-18 23:35:32 -05:00
Altay
deada7edd3 build: default to Node 24 and keep Node 22 compat 2026-03-12 20:07:44 +05:30
Vincent Koc
3f3f66a5f7 Docker: trim runtime image payload (#40307) 
* Docker: shrink runtime image payload

* Docker: add runtime pnpm opt-in

* Docker: collapse helper entrypoint chmod layers

* Docker: restore bundled pnpm runtime

* Update CHANGELOG.md
 2026-03-08 16:07:04 -07:00
Peter Steinberger
5759b93dda fix(ci): pin multi-arch docker base digests 2026-03-08 02:55:15 +00:00
苏敏童0668001043
b29e913efe fix(docker): correct awk quoting in Docker GPG fingerprint check (#32153) 2026-03-03 02:32:46 +00:00
edincampara
577f2fa540 fix(docker): harden /app/extensions permissions to 755 (#30191) 
* fix(docker): harden /app/extensions permissions to 755

Bundled extension directories shipped as world-writable (mode 777)
in the Docker image. The plugin security scanner blocks any world-
writable path with:

  WARN: blocked plugin candidate: world-writable path
        (/app/extensions/memory-core, mode=777)

Add chmod -R 755 /app/extensions in the final USER root RUN step so
all bundled extensions are readable but not world-writable. This runs
as root before switching back to the node user, matching the pattern
already used for chmod 755 /app/openclaw.mjs.

Fixes #30139

* fix(docker): normalize plugin and agent path permissions

* docs(changelog): add docker permissions entry for #30191

* Update CHANGELOG.md

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-01 15:45:21 -08:00
Peter Steinberger
35976da7a0 fix: harden Docker/GCP onboarding flow (#26253) (thanks @pandego) 2026-02-26 04:46:18 +00:00
Sebastian
b7cf28f407 test(docker): cover browser install build arg 2026-02-16 22:35:27 -05:00