vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-13 11:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,098 Commits 687 Branches 77 Tags
16ccd5a874528ad10a697efcf060227c8a436478
Commit Graph

15098 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Shenghui
16ccd5a874 fix(gateway): add ThrottleInterval to launchd plist to prevent restart loop 2026-02-26 15:31:04 +00:00
Peter Steinberger
ed9cd846d0 chore(deps): refresh grammy and @types/node 2026-02-26 16:22:53 +01:00
Peter Steinberger
03d7641b0e feat(agents): default codex transport to websocket-first 2026-02-26 16:22:53 +01:00
SidQin-cyber
63c6080d50 fix: clean stale gateway PIDs before triggerOpenClawRestart calls launchctl/systemctl 
When the /restart command runs inside an embedded agent process (no
SIGUSR1 listener), it falls through to triggerOpenClawRestart() which
calls launchctl kickstart -k directly — bypassing the pre-restart port
cleanup added in #27013. If the gateway was started via TUI/CLI, the
orphaned process still holds the port and the new launchd instance
crash-loops.

Add synchronous stale-PID detection (lsof) and termination
(SIGTERM→SIGKILL) inside triggerOpenClawRestart() itself, so every
caller — including the embedded agent /restart path — gets port cleanup
before the service manager restart command fires.

Closes #26736

Made-with: Cursor
 2026-02-26 15:22:35 +00:00
taw0002
792ce7b5b4 fix: detect OpenClaw-managed launchd/systemd services in process respawn 
restartGatewayProcessWithFreshPid() checks SUPERVISOR_HINT_ENV_VARS to
decide whether to let the supervisor handle the restart (mode=supervised)
or to fork a detached child (mode=spawned). The existing list only had
native launchd vars (LAUNCH_JOB_LABEL, LAUNCH_JOB_NAME) and systemd vars
(INVOCATION_ID, SYSTEMD_EXEC_PID, JOURNAL_STREAM).

macOS launchd does NOT automatically inject LAUNCH_JOB_LABEL into the
child environment. OpenClaw's own plist generator (buildServiceEnvironment
in service-env.ts) sets OPENCLAW_LAUNCHD_LABEL instead. So on stock macOS
LaunchAgent installs, isLikelySupervisedProcess() returned false, causing
the gateway to fork a detached child on SIGUSR1 restart. The original
process then exits, launchd sees its child died, respawns a new instance
which finds the orphan holding the port — infinite crash loop.

Fix: add OPENCLAW_LAUNCHD_LABEL, OPENCLAW_SYSTEMD_UNIT, and
OPENCLAW_SERVICE_MARKER to the supervisor hint list. These are set by
OpenClaw's own service environment builders for both launchd and systemd
and are the reliable supervised-mode signals.

Fixes #27605
 2026-02-26 15:21:23 +00:00
Peter Steinberger
5c0255477c fix: tolerate missing pi-coding-agent backend export 2026-02-26 16:11:37 +01:00
Peter Steinberger
d8477cbb3f fix(ci): sync protocol models and acpx version 2026-02-26 16:10:03 +01:00
Peter Steinberger
fae8de9ae0 fix(browser): land PR #27617 relay reconnect resilience 2026-02-26 15:08:55 +00:00
Peter Steinberger
aa17bdbe4a docs(changelog): reorder all unreleased entries by user impact 2026-02-26 16:05:47 +01:00
Peter Steinberger
45b5c23825 docs(changelog): reorder unreleased changes by user interest 2026-02-26 16:03:29 +01:00
Peter Steinberger
0f9c602591 docs(changelog): highlight external secrets management (#26155) 2026-02-26 16:01:23 +01:00
Peter Steinberger
cc1eaf130b docs(gateway): clarify remote token local fallback semantics 2026-02-26 15:59:44 +01:00
Peter Steinberger
47fc6a0806 fix: stabilize secrets land + docs note (#26155) (thanks @joshavant) 2026-02-26 14:47:22 +00:00
Peter Steinberger
4380d74d49 docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
Peter Steinberger
820d614757 fix(secrets): harden plan target paths and ref-only auth profiles 2026-02-26 14:47:22 +00:00
joshavant
485cd0c512 fix(test): skip exec-backed audit batching assertion on windows 2026-02-26 14:47:22 +00:00
joshavant
14897e8de7 docs(secrets): clarify partial migration guidance 2026-02-26 14:47:22 +00:00
joshavant
7671c1dd10 test(secrets): cover skill migration and symlinked exec command flow 2026-02-26 14:47:22 +00:00
joshavant
d879c7c641 fix(secrets): harden apply and audit plan handling 2026-02-26 14:47:22 +00:00
joshavant
ea1ccf4896 docs(secrets): add direct 1password exec example 2026-02-26 14:47:22 +00:00
joshavant
f46b9c996f feat(secrets): allow opt-in symlink exec command paths 2026-02-26 14:47:22 +00:00
joshavant
06290b49b2 feat(secrets): finalize mode rename and validated exec docs 2026-02-26 14:47:22 +00:00
joshavant
ba2eb583c0 fix(secrets): make apply idempotent and keep audit read-only 2026-02-26 14:47:22 +00:00
joshavant
f413e314b9 feat(secrets): replace migrate flow with audit/configure/apply 2026-02-26 14:47:22 +00:00
joshavant
8944b75e16 fix(secrets): align ref contracts and non-interactive ref persistence 2026-02-26 14:47:22 +00:00
joshavant
86622ebea9 fix(secrets): enforce file provider read timeouts 2026-02-26 14:47:22 +00:00
joshavant
67e9554645 test(session): normalize parent fork parentSession path assertion 2026-02-26 14:47:22 +00:00
joshavant
060ede8aaa test(secrets): skip windows ACL-sensitive file-provider runtime tests 2026-02-26 14:47:22 +00:00
joshavant
b84d7796be test(secrets): skip strict file-permission resolver tests on windows 2026-02-26 14:47:22 +00:00
joshavant
bde9cbb058 docs(secrets): align provider model and add exec resolver coverage 2026-02-26 14:47:22 +00:00
joshavant
4e7a833a24 feat(security): add provider-based external secrets management 2026-02-26 14:47:22 +00:00
joshavant
bb60cab76d test: sops invocation assertion 
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-02-26 14:47:22 +00:00
joshavant
5e3a86fd2f feat(secrets): expand onboarding secret-ref flows and custom-provider parity 2026-02-26 14:47:22 +00:00
joshavant
e8637c79b3 fix(secrets): harden sops migration sops rule matching 2026-02-26 14:47:22 +00:00
joshavant
0e69660c41 feat(secrets): finalize external secrets runtime and migration hardening 2026-02-26 14:47:22 +00:00
joshavant
c5b89fbaea Docs: address review feedback on secrets docs 2026-02-26 14:47:22 +00:00
joshavant
9203d583f9 Docs: add secrets and CLI secrets reference pages 2026-02-26 14:47:22 +00:00
joshavant
c0a3801086 Docs: document secrets refs runtime and migration 2026-02-26 14:47:22 +00:00
joshavant
cb119874dc Onboard: require explicit mode for env secret refs 2026-02-26 14:47:22 +00:00
joshavant
4d94b05ac5 Secrets: keep read-only runtime sync in-memory 2026-02-26 14:47:22 +00:00
joshavant
13b4993289 Onboard non-interactive: avoid rewriting profile-backed keys 2026-02-26 14:47:22 +00:00
joshavant
59e5f12bf9 Onboard: move volcengine/byteplus auth from .env to profiles 2026-02-26 14:47:22 +00:00
joshavant
2ef109f00a Onboard OpenAI: explicit secret-input-mode behavior 2026-02-26 14:47:22 +00:00
joshavant
e8d1725187 Onboard auth: remove leftover merge marker 2026-02-26 14:47:22 +00:00
joshavant
fce4d76a78 Tests: narrow OpenAI default model assertion typing 2026-02-26 14:47:22 +00:00
joshavant
68b9d89ee7 Onboard: store OpenAI auth in profiles instead of .env 2026-02-26 14:47:22 +00:00
joshavant
09c7cb5d34 Tests: update onboard credential expectations for explicit ref mode 2026-02-26 14:47:22 +00:00
joshavant
b50d2ce93c Tests: align auth-choice helper expectations with secret mode 2026-02-26 14:47:22 +00:00
joshavant
04aa856fc0 Onboard: require explicit mode for env secret refs 2026-02-26 14:47:22 +00:00
joshavant
103d02f98c Auth choice tests: expect env-backed key refs 2026-02-26 14:47:22 +00:00