vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
37,521 Commits 1,843 Branches 149 Tags
1278f0bcc0041caa002da9aefd4a8b6ddf29c413
Commit Graph

841 Commits

Author SHA1 Message Date
Vincent Koc
1278f0bcc0 fix(codeql): tune Android pinning profile 
Remove noisy missing-certificate-pinning query from the critical Android CodeQL profile; gateway TLS uses custom certificate fingerprint pinning.
 2026-04-27 23:04:16 -07:00
Peter Steinberger
ee75a8ec2c ci: document clawsweeper dispatch trigger 2026-04-28 06:50:33 +01:00
Peter Steinberger
6f3674c8d0 ci: harden ClawSweeper dispatcher credentials 2026-04-28 06:48:38 +01:00
Peter Steinberger
ba17db96a4 ci: skip clawsweeper without app credentials 2026-04-28 06:48:29 +01:00
Peter Steinberger
0fc1cdec45 ci: fix ClawSweeper dispatcher payload 2026-04-28 06:44:26 +01:00
Peter Steinberger
23818600bb ci: add ClawSweeper event dispatcher 2026-04-28 06:43:38 +01:00
Peter Steinberger
017b8db616 ci: speed up release validation shards 2026-04-28 06:14:23 +01:00
Vincent Koc
2bce63cb65 fix(android): harden canvas webview bridge (#73240) 
* fix(android): harden canvas webview bridge

* fix(android): make canvas content access hardening explicit

* fix(android): keep webview hardening inline for CodeQL

* fix(android): avoid webview getter false positive
 2026-04-27 21:41:01 -07:00
Peter Steinberger
000d52be37 ci: pin Google live gateway profile models 2026-04-28 05:19:33 +01:00
Peter Steinberger
d9a6dd0c36 ci: pin OpenAI live gateway profile model 2026-04-28 04:57:48 +01:00
Vincent Koc
42de56cc22 fix(ci): trust live docker harness scripts 2026-04-27 20:52:37 -07:00
Peter Steinberger
0bdc1d0375 ci: hydrate provider env for testbox commands 2026-04-28 04:34:21 +01:00
Peter Steinberger
68561a8c94 ci: use trusted codex live harness 2026-04-28 04:29:35 +01:00
Peter Steinberger
e7495e2d92 ci: pass provider secrets to testbox 2026-04-28 04:24:15 +01:00
Peter Steinberger
4db4d8976d ci: run release validation with trusted harness 2026-04-28 04:14:09 +01:00
Peter Steinberger
e5452a9c57 ci: speed up release validation 2026-04-28 03:52:05 +01:00
Peter Steinberger
fdd2ff02c6 ci: stabilize release validation lanes 2026-04-28 01:31:00 +01:00
Peter Steinberger
0294aebe6f feat(providers): add DeepInfra provider plugin (#73038) 
* feat(providers): add DeepInfra provider plugin

* feat(deepinfra): add media provider surfaces

* fix(deepinfra): satisfy provider boundary checks

* docs: add gitcrawl maintainer skill

* test: include deepinfra in live media sweeps

* fix: remove stale tts contract import
 2026-04-28 01:12:54 +01:00
Peter Steinberger
47f40788cf ci: install ffmpeg for live audio media shard 2026-04-28 00:57:43 +01:00
Peter Steinberger
b90f29d313 ci: split native live release shards 2026-04-28 00:49:10 +01:00
Peter Steinberger
f1edd601bc ci: split release qa parity lanes 2026-04-28 00:05:33 +01:00
Vincent Koc
cc80a40d86 fix(ci): preserve mixed macOS CodeQL SARIF findings 
Conservatively filter macOS CodeQL SARIF by dropping only findings where every location is SwiftPM build output. Verified with workflow sanity, local jq filtering, PR CI, and a failed-job rerun for an unrelated stalled Vitest shard.
 2026-04-27 15:43:53 -07:00
Peter Steinberger
39e3d8d31d ci: shard release validation reruns 2026-04-27 23:38:13 +01:00
Vincent Koc
6e77c10c6c fix(ci): harden macOS CodeQL SARIF filtering 
Harden the macOS CodeQL SARIF filter to drop only findings whose primary location is SwiftPM build output. Verified with workflow sanity, local jq filtering, full PR CI, and profile=macos-security branch proof in 18m44s.
 2026-04-27 15:25:38 -07:00
Vincent Koc
2c2a240344 fix(ci): filter macOS CodeQL dependency SARIF 
Filter SwiftPM dependency build results from the manual macOS CodeQL shard before upload. Verified with workflow sanity, local jq filtering, and profile=macos-security branch proof in 15m54s. PR CI has the same unrelated extensions/memory-core timeout failure currently present on main.
 2026-04-27 14:37:29 -07:00
Peter Steinberger
fb4d9fc4fb ci: harden npm telegram artifact upload 2026-04-27 22:13:21 +01:00
Peter Steinberger
295d63c331 ci: record package proof in release evidence 2026-04-27 22:00:03 +01:00
Vincent Koc
bd51f82efa fix(security): harden CodeQL secret ref validation 
Remediate current-profile CodeQL findings for file SecretRef id validation and release workflow job permissions. Includes changelog credit. Thanks @vincentkoc.
 2026-04-27 13:53:27 -07:00
Vincent Koc
36b5e34fc0 fix(ci): add macOS CodeQL security shard 
Add a manual macOS CodeQL security shard scoped to app sources. Verified with profile=macos-security on Blacksmith in 16m55s.
 2026-04-27 13:40:34 -07:00
Peter Steinberger
cdf88bcad4 test: harden release qa live gates 2026-04-27 21:16:48 +01:00
Vincent Koc
74eccd42d8 fix(ci): add android CodeQL security shard 
Add a manual Android CodeQL security shard scoped to app production sources. Verified with profile=android-security on Blacksmith in 4m22s.
 2026-04-27 12:32:55 -07:00
Peter Steinberger
54e13d4910 ci: split release validation slow shards 2026-04-27 20:30:17 +01:00
dependabot[bot]
48f433479d chore(deps): bump github/codeql-action 
Bump github/codeql-action from b25d0ebf40e5b63ee81e1bd6e5d2a12b7c2aeb61 to 95e58e9a2cdfd71adc6e0353d5c52f41a045d225.
 2026-04-27 12:01:27 -07:00
Vincent Koc
282af9c50a fix(ci): run CodeQL on small Blacksmith runners (#72988) 2026-04-27 11:56:48 -07:00
Vincent Koc
e864fd39cc fix(ci): narrow CodeQL critical scan (#72982) 2026-04-27 11:42:42 -07:00
Peter Steinberger
c41126dbbb ci: capture dispatched full validation runs 2026-04-27 15:51:03 +01:00
Peter Steinberger
2243a68a1d ci: shard release live validation 2026-04-27 14:24:10 +01:00
Peter Steinberger
9ca4049861 ci: match package Telegram harness to release ref 2026-04-27 14:06:05 +01:00
Peter Steinberger
1b1916053f ci: inline Docker release planning for old refs 2026-04-27 14:03:17 +01:00
Peter Steinberger
fd4b59a906 ci: keep release checks compatible with stable refs 2026-04-27 13:59:49 +01:00
Peter Steinberger
0931a1f11e ci: fix release validation dispatch and protocol drift 2026-04-27 13:32:03 +01:00
Peter Steinberger
98b441edb1 ci: split release docker integration chunks 2026-04-27 13:24:30 +01:00
Peter Steinberger
cff1bdb491 ci: trim duplicate release package lanes 2026-04-27 13:15:10 +01:00
Peter Steinberger
e9986aa787 fix(ci): make full validation rerun-aware 2026-04-27 13:00:09 +01:00
Peter Steinberger
c4fe72b8d6 ci: pin full release validation child refs 2026-04-27 11:16:16 +01:00
Peter Steinberger
5757d1bb69 ci: harden live release validation lane 2026-04-27 10:59:25 +01:00
Peter Steinberger
1b581b4c71 fix(ci): stabilize live release validation 2026-04-27 10:56:35 +01:00
Vincent Koc
600df95c8c feat(migrate): add Claude importer 
Add a bundled Claude migration provider for Claude Code and Claude Desktop imports.\n\nIncludes source discovery, preview/apply behavior for instructions, MCP servers, skills and command prompts, archive/manual handling for unsafe Claude state, docs, labeler, and tests.
 2026-04-27 02:35:44 -07:00
Peter Steinberger
4de235f908 feat(providers): add cerebras plugin 2026-04-27 10:22:20 +01:00
Peter Steinberger
57092a1794 ci: harden cross-os release harness on Windows 2026-04-27 10:03:38 +01:00