vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-23 18:18:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
60,572 Commits 1,843 Branches 149 Tags
0f18e829323e671bbbc6bf64a37ae42ca81a9b56
Commit Graph

4957 Commits

Author SHA1 Message Date
Vincent Koc
0f18e82932 fix(e2e): reject unsafe bounded response text lengths 
Reject unsafe decimal Content-Length values in the E2E bounded response text helper before streaming response bodies. Keep non-decimal values on the streaming byte-limit path and add regression coverage proving unsafe declared lengths cancel without starting a read.

Proof: direct patched repro rejects before reading with code ETOOBIG; origin/main comparison entered the reader first; node --check scripts/e2e/lib/bounded-response-text.mjs; git diff --check origin/main...HEAD; autoreview clean overall 0.86; exact-head release gate succeeded at https://github.com/openclaw/openclaw/actions/runs/27846197115.
 2026-06-20 04:20:02 +08:00
Vincent Koc
c2c19a883d fix(scripts): reject unsafe bounded response lengths 
Reject unsafe decimal Content-Length values in shared scripts bounded-response helpers before streaming response bodies.\n\nValidation:\n- node --check scripts/lib/bounded-response.mjs\n- direct MJS repro for unsafe Content-Length\n- git diff --check origin/main...HEAD\n- autoreview clean, overall patch correct 0.88\n- exact-head release gate https://github.com/openclaw/openclaw/actions/runs/27845767740
 2026-06-20 04:04:40 +08:00
Hannes Rudolph
4a0f497f16 improve: simplify PR context and evidence (#94676) 
* improve: simplify PR context and evidence

* improve: decouple PR context from proof labels

* fix: satisfy PR context lint
 2026-06-19 14:00:38 -06:00
Vincent Koc
bb1043b14c fix(scripts): reject unsafe package download lengths 
Reject unsafe decimal package_url Content-Length values before streaming response bodies.\n\nValidation:\n- node --check scripts/resolve-openclaw-package-candidate.mjs\n- direct injected downloadUrl repro for unsafe Content-Length\n- git diff --check origin/main...HEAD\n- autoreview clean, overall patch correct 0.9\n- exact-head release gate https://github.com/openclaw/openclaw/actions/runs/27844538401
 2026-06-20 03:36:12 +08:00
Vincent Koc
6cfb025143 fix(e2e): reject unsafe chat tools body lengths 
Reject unsafe numeric Content-Length values in the OpenAI chat tools E2E client before waiting on the response stream.

Also hardens Docker E2E heartbeat timing coverage after the exact-head release gate exposed a brittle zero-padded heartbeat assertion.

Verification: direct mock gateway repro, docker heartbeat shell proof, autoreview clean, and exact-head CI release gate https://github.com/openclaw/openclaw/actions/runs/27843455246.
 2026-06-20 03:09:51 +08:00
Vincent Koc
17e2fbfa86 fix(test): harden script probe bounds (#95060) 
Merged via squash.

Prepared head SHA: 3a51c3c2d7
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Reviewed-by: @vincentkoc
 2026-06-20 02:31:40 +08:00
Vincent Koc
2b0a72bb48 fix(release): lazy-load sigstore verification 2026-06-19 20:02:21 +02:00
Josh Lehman
d216f7c876 refactor: use canonical transcript reader identity (#89581) 
* refactor: use canonical transcript reader identity

* refactor: keep transcript reader dependency storage-neutral
 2026-06-19 10:40:18 -07:00
Vincent Koc
6ef4684b89 fix(scripts): skip generated dist in legacy store guard 2026-06-19 17:22:14 +02:00
Vincent Koc
2c3b582c04 fix(scripts): avoid pnpm in parallels smoke wrappers 2026-06-19 16:47:03 +02:00
Vincent Koc
940d33cf89 fix(scripts): clean package download temp files after stream abort 2026-06-19 15:22:55 +02:00
Andrew Stroup
378c4134f1 fix(slack): default member-info userId to inbound sender (#89236) 
Merged via squash.

Prepared head SHA: c7a39e54f7
Co-authored-by: stroupaloop <2424551+stroupaloop@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-06-19 14:03:29 +01:00
Kendrick Ha
4723602e7e feat(channels): add Zalo ClawBot external channel entry and documenta… (#89586) 
Merged via squash.

Prepared head SHA: 5ef4fe999a
Co-authored-by: ken-kuro <47441476+ken-kuro@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-06-19 13:42:38 +01:00
Vincent Koc
f7c3775140 fix(test): prefer local bundled plugins in linked Vitest worktrees 2026-06-19 14:00:32 +02:00
Peter Steinberger
5a00720de0 fix(ci): repair signing lint and test types 
Use the canonical undefined comparison and preserve the gateway predicate mock signature so full release-gate lint and test-type checks pass.
 2026-06-19 07:42:51 -04:00
joshavant
f7f415f26b fix(ios): wire share extension app group signing 2026-06-19 12:53:45 +02:00
clawsweeper[bot]
2e0dfda462 test(perf): compare saved CLI startup benchmarks (#94812) 
Summary:
- Adds saved CLI startup benchmark report comparison flags to `scripts/bench-cli-startup.ts`, plus JSON output coverage and changed-target routing expectations for the new test-helper importer.
- PR surface: Tests +77, Other +109. Total +186 across 4 files.
- Reproducibility: not applicable. as a feature/tooling PR. The prior PR defects were source-proven in review comments and the current head addresses them; I did not run local tests because this review was read-only.

Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: test(perf): compare saved CLI startup benchmarks

Validation:
- ClawSweeper review passed for head 1afa110f1b.
- Required merge gates passed before the squash merge.

Prepared head SHA: 1afa110f1b
Review: https://github.com/openclaw/openclaw/pull/94812#issuecomment-4748785428

Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: Felix Isaac Lim <38658663+FelixIsaac@users.noreply.github.com>
 2026-06-19 09:37:47 +00:00
Sash Zats
b39a932112 fix: migrate watch app to single-target app (Xcode 27+ compat) (#92477) 
* fix: migrate watch app to single-target app

* fix: build watch screenshots generically

* docs(ios): clarify watch embed invariant

* docs(ios): clarify watch embed invariant

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-06-19 11:34:34 +02:00
Vincent Koc
8480ef3f86 fix(e2e): cancel readiness probe bodies 2026-06-19 08:18:01 +02:00
Vincent Koc
fc1bdecf08 fix(e2e): cancel ClickClack fixture bodies 2026-06-19 08:14:39 +02:00
Vincent Koc
a57e761f6b fix(e2e): cancel Open WebUI HTTP probe bodies 2026-06-19 08:11:11 +02:00
Vincent Koc
257b533e85 fix(release): cancel Discord cleanup bodies 2026-06-19 08:07:00 +02:00
Vincent Koc
afd9cb0c10 fix(github): cancel maintainer membership bodies 2026-06-19 08:02:41 +02:00
Vincent Koc
2e1e4167a9 fix(release): satisfy ClawHub retry lint 2026-06-19 13:57:56 +08:00
Vincent Koc
433d8cbb2c fix(release): drain rate-limited ClawHub responses 2026-06-19 13:57:56 +08:00
Vincent Koc
37b2770071 fix(release): retry ClawHub release planning 2026-06-19 13:57:56 +08:00
Vincent Koc
8e66d7aad3 fix(release): cancel beta verifier status bodies 2026-06-19 07:57:19 +02:00
Vincent Koc
688ecb1655 fix(release): wrap bare Windows npm execpath 2026-06-19 07:55:33 +02:00
Vincent Koc
a37dd0210b fix(e2e): bound upgrade survivor probe retries 2026-06-19 07:52:44 +02:00
Vincent Koc
82ae81f3bf fix(e2e): time out package url response bodies 2026-06-19 07:45:52 +02:00
Vincent Koc
6370f2023a fix(release): cancel ClawHub probe bodies 2026-06-19 07:42:04 +02:00
Vincent Koc
2dbbef46bb fix(e2e): cancel Open WebUI probe body reads 2026-06-19 07:37:28 +02:00
Vincent Koc
089f8c7fb5 fix(e2e): cancel plugin preflight body reads 2026-06-19 07:28:00 +02:00
Vincent Koc
712e69dd74 fix(e2e): honor gateway network client deadline 2026-06-19 07:23:24 +02:00
Vincent Koc
32ee308f55 fix(e2e): cancel RPC RTT probe bodies 2026-06-19 07:21:40 +02:00
Vincent Koc
5776b9b4e6 fix(e2e): cancel kitchen probe body reads on abort 2026-06-19 07:16:35 +02:00
Vincent Koc
dc9b1d5159 fix(e2e): cancel chat-tools response reads on timeout 2026-06-19 07:11:07 +02:00
Vincent Koc
e498fc8c3b fix(tooling): cancel labeler response bodies on timeout 2026-06-19 07:08:03 +02:00
Vincent Koc
3a82bf5766 fix(tooling): cancel clawtributor avatar body reads 2026-06-19 07:02:27 +02:00
Vincent Koc
38ebc24f77 fix(github): cancel gh-read bodies on timeout 2026-06-19 06:52:19 +02:00
Vincent Koc
324ad548a8 fix(release): keep ClawHub verification bodies timed 2026-06-19 06:36:55 +02:00
Vincent Koc
a619518ebe fix(e2e): keep cross-os response reads timed 2026-06-19 06:31:32 +02:00
Vincent Koc
06b6f7055b fix(e2e): keep clickclack fixture body reads timed 2026-06-19 06:19:21 +02:00
Vincent Koc
de17d5b9ef fix(scripts): fail RPC RTT on websocket pre-open close 2026-06-19 06:16:22 +02:00
Vincent Koc
975340fbd5 fix(audit): cancel stalled advisory body reads 2026-06-19 06:09:34 +02:00
Vincent Koc
d9c66b9c6d fix(e2e): bound upgrade survivor probe body reads 2026-06-19 06:02:31 +02:00
Josh Lehman
8662b9de54 refactor: route sdk session compatibility through accessor (#89904) 2026-06-18 21:00:05 -07:00
Vincent Koc
845ad1cf71 fix(tooling): timeout transitive manifest packuments 2026-06-19 05:55:00 +02:00
Vincent Koc
36bfe77db1 fix(github): bound guard response bodies 2026-06-19 05:47:19 +02:00
Vincent Koc
d91766e5e1 fix(release): bound ClawHub trusted publisher reads 2026-06-19 05:38:59 +02:00