vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 09:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
31,253 Commits 1,843 Branches 149 Tags
1795a426c9ef648029d7c8bc7e347475c7bdb3fc
Commit Graph

5650 Commits

Author SHA1 Message Date
Peter Steinberger
7184200c17 fix: accept optional runway source mime type 2026-04-14 15:14:26 +01:00
Peter Steinberger
a88c6f0fe7 fix: bound live video generation smoke 2026-04-14 14:59:01 +01:00
Frank Yang
d86527d8c6 fix(whatsapp): harden Baileys media upload hotfix (#65966) 
Merged via squash.

Prepared head SHA: b5db59b8fe
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-04-14 21:34:23 +08:00
Peter Steinberger
d2240a9476 test: harden qa-lab concurrent web scenarios 2026-04-14 13:42:02 +01:00
Vincent Koc
10dbb21380 fix(models): normalize google-vertex flash-lite ids 2026-04-14 13:24:46 +01:00
Peter Steinberger
3329824eed test: harden video live provider release gate 2026-04-14 12:53:33 +01:00
Vincent Koc
6c0bff111c fix(google): strip Gemini compat base suffixes (#66445) 
* fix(google): cover Gemini image /openai base URLs

* fix(google): strip Gemini compat base suffixes

* fix(google): scope Gemini /openai normalization

* fix(google): harden base URL normalization

* fix(google): restrict Gemini auth base URLs

* Update CHANGELOG.md

* Update CHANGELOG.md
 2026-04-14 11:19:41 +01:00
Vincent Koc
3587e0ef95 fix(codex): keep auth read diagnostics off stdout (#66451) 
* fix(codex): keep auth read diagnostics off stdout

* docs(changelog): fix codex auth entry

* fix(codex): sanitize auth read diagnostics

* Update CHANGELOG.md
 2026-04-14 11:13:57 +01:00
Vincent Koc
5a5ca6d62c feat(codex): add gpt-5.4-pro forward compat (#66453) 
* feat(openai-codex): add gpt-5.4-pro forward-compat #63404

* feat(openai-codex): add gpt-5.4-pro forward-compat #63404

* openai-codex: use patch.cost when forward-compat falls back to normalizeModelCompat

* feat(codex): add gpt-5.4-pro forward compat

* fix(codex): reuse gpt-5.4 fallback for gpt-5.4-pro

---------

Co-authored-by: jepson-liu <jepsonliu@gmail.com>
 2026-04-14 11:05:24 +01:00
Vincent Koc
e58d50b7a8 fix(telegram): trust explicit proxy DNS for media downloads (#66461) 2026-04-14 10:42:33 +01:00
Vincent Koc
072e8cfe62 test(discord): avoid status fast path in allow-from fixture 2026-04-14 10:04:47 +01:00
Vincent Koc
a70fdc88e0 fix(github-copilot): enable xhigh for gpt-5.4 (#66437) 
* fix(github-copilot): enable xhigh for gpt-5.4

* Update CHANGELOG.md
 2026-04-14 09:58:19 +01:00
Vincent Koc
b90d4ea3d7 fix(codex): canonicalize the gpt-5.4-codex alias (#66438) 
* fix(codex): canonicalize the gpt-5.4-codex alias

* Update CHANGELOG.md
 2026-04-14 09:56:58 +01:00
Vincent Koc
381a8e860a fix(discord): return native status replies directly (#66434) 2026-04-14 09:55:02 +01:00
Vincent Koc
33a698fe10 fix(qa-lab): correct scenario catalog type 2026-04-14 09:39:20 +01:00
Mason Huang
7eecfa411d fix(browser): unblock loopback CDP readiness under strict SSRF defaults (#66354) 
Merged via squash.

Prepared head SHA: d9030ff2f0
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-14 16:30:43 +08:00
Vincent Koc
900681751d test(qa-lab): seed broken-turn recovery scenarios (#66416) 2026-04-14 09:03:49 +01:00
Vincent Koc
37f449d7e1 fix(memory): restore ollama embedding adapter (#66269) 
* fix(memory): restore ollama embedding adapter

* Update CHANGELOG.md
 2026-04-14 09:02:31 +01:00
VACInc
26e80cc6cc [codex] Telegram: unblock status commands behind busy turns (#66226) 
* Telegram: unblock status commands behind busy turns

* fix(telegram): keep export-session on topic lane

* Update CHANGELOG.md

---------

Co-authored-by: VACInc <3279061+VACInc@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-04-14 08:57:07 +01:00
Ayaan Zaidi
213c36cf51 fix(browser): preserve legacy strict SSRF alias 2026-04-14 12:50:02 +05:30
Ayaan Zaidi
1dabfef28d fix(browser): preserve explicit strict SSRF config 2026-04-14 12:42:59 +05:30
Ayaan Zaidi
1b76966f05 fix(browser): use loopback policy for json-new fallback 2026-04-14 12:42:59 +05:30
Ayaan Zaidi
bf1d49093a fix(browser): relax default hostname SSRF guard 2026-04-14 12:42:59 +05:30
Luke
0abe64a4ff Agents: clarify local model context preflight (#66236) 
Merged via squash.

Prepared head SHA: 11bfaf15f6
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Reviewed-by: @ImLukeF
 2026-04-14 15:38:10 +10:00
Peter Steinberger
55604a9a91 test: keep telegram cache boundary compatible 2026-04-13 20:50:11 -07:00
Peter Steinberger
df84225504 test: align post-rebase full-suite drift 2026-04-13 20:49:39 -07:00
Peter Steinberger
d4f556a052 fix: align latest main type drift 2026-04-13 20:49:39 -07:00
Peter Steinberger
1e11b36d80 test: align feishu replay helper typing 2026-04-13 20:49:39 -07:00
Peter Steinberger
c09031f15a fix: tighten inbound replay typing 2026-04-13 20:49:39 -07:00
Ayaan Zaidi
3c501d3554 test: remove timer dependency from telegram topic cache tests 2026-04-14 08:58:07 +05:30
Ayaan Zaidi
556905a3f4 fix: restore pnpm check 2026-04-14 08:48:15 +05:30
Ayaan Zaidi
c91d3d4537 fix(telegram): persist topic cache via default runtime 2026-04-14 08:32:27 +05:30
Ayaan Zaidi
4f92b1fbb0 fix(telegram): allow topic cache without session runtime 2026-04-14 08:32:27 +05:30
Ayaan Zaidi
59afcf9922 test(telegram): cover topic-name cache reload 2026-04-14 08:32:27 +05:30
Ayaan Zaidi
ad181b2361 fix(telegram): persist topic-name cache 2026-04-14 08:32:27 +05:30
Agustin Rivera
1c35795fce fix(slack): align interaction auth with allowlists (#66028) 
* fix(slack): align interaction auth with allowlists

* fix(slack): address review followups

* fix(slack): preserve explicit owners with wildcard

* chore: append Claude comments resolution worklog

* fix(slack): harden interaction auth with default-deny, mandatory actor binding, and channel type validation

- Add interactiveEvent flag to authorizeSlackSystemEventSender for stricter
  interactive control authorization
- Default-deny when no allowFrom or channel users are configured for
  interactive events (block actions, modals)
- Require expectedSenderId for all interactive event types; block actions
  pass Slack-verified userId, modals pass metadata-embedded userId
- Reject ambiguous channel types for interactive events to prevent DM
  authorization bypass via channel-type fallback
- Add comprehensive test coverage for all new behaviors

* fix(slack): scope interactive owner/allowFrom enforcement to interactive paths only

* fix(slack): preserve no-channel interactive default

* Update context-engine-maintenance test

* chore: remove USER.md worklog artifact

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* changelog: note Slack interactive auth allowlist alignment (#66028)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-13 20:38:11 -06:00
Eva H
49d99c7500 fix: include apiKey in codex provider catalog to unblock models.json loading (#66180) 
Merged via squash.

Prepared head SHA: ce61934ac9
Co-authored-by: hoyyeva <63033505+hoyyeva@users.noreply.github.com>
Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com>
Reviewed-by: @BruceMacD
 2026-04-13 19:22:09 -07:00
Vincent Koc
e63cbe831b test(qa-lab): cover GPT-style broken turns 2026-04-14 01:39:49 +01:00
ShihChi Huang
df3e65c8d3 fix(slack): isolate doctor contract API (#63192) 
* Slack: isolate doctor contract API

* chore: changelog

* fix(slack): move doctor changelog entry to Unreleased

* Plugins: lock Slack doctor sidecar metadata

* Slack: fix changelog entry placement

---------

Co-authored-by: @zimeg <zim@o526.net>
Co-authored-by: George Pickett <gpickett00@gmail.com>
 2026-04-13 17:33:49 -07:00
Agustin Rivera
a1c44d28fc Feishu: tighten allowlist target canonicalization (#66021) 
* fix(feishu): tighten allowlist id matching

* fix(feishu): address review follow-ups

* changelog: note Feishu allowlist canonicalization tightening (#66021)

* fix(feishu): collapse typed wildcard allowlist aliases to bare wildcard

Previously normalizeFeishuTarget folded chat:* / user:* / open_id:* /
dm:* / group:* / channel:* down to '*', so those entries acted as
allow-all. The new typed canonicalization was producing literal keys
(chat:*, user:*, ...) that never matched any sender, silently
flipping those configs from allow-all to deny-all. Restore the prior
behavior by collapsing a wildcard value to '*' inside
canonicalizeFeishuAllowlistKey.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-13 16:59:07 -06:00
Agustin Rivera
692438cbb2 fix(stream): tighten voice stream ingress guards (#66027) 
* fix(stream): tighten voice stream ingress guards

* fix(stream): address review follow-ups

* fix(stream): normalize trusted proxy ip matching

* changelog: note voice-call media-stream ingress guard tightening (#66027)

* fix(stream): require non-empty trusted proxy list before honoring forwarding headers

Without an explicit trusted proxy list, the prior gate treated every
remote as 'from a trusted proxy', so enabling trustForwardingHeaders
let any direct caller spoof X-Forwarded-For / X-Real-IP and rotate the
resolved IP per request to evade maxPendingConnectionsPerIp. Require
trustedProxyIPs to be non-empty AND match the remote before trusting
forwarding headers.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-13 16:51:16 -06:00
Vincent Koc
955270fb73 fix(ci): repair telegram ui and watch regressions 2026-04-13 23:49:59 +01:00
Vincent Koc
94779b4fb1 fix(ci): repair telegram topic cache typing 2026-04-13 23:33:41 +01:00
Vincent Koc
8ab89989c2 fix(ci): restore plugin-local whatsapp deps 2026-04-13 23:26:25 +01:00
Gustavo Madeira Santana
b5dcc11273 plugins: trim staged runtime cargo 2026-04-13 18:10:40 -04:00
Mariano
3d06d90e83 fix(memory): unify default root memory handling (#66141) 
* fix(memory): unify default root memory handling

* test(memory): align legacy migration expectation

* docs(changelog): tag qmd root-memory fix

* docs(changelog): append qmd root-memory entry

* docs(changelog): dedupe qmd root-memory entry

* docs(changelog): attribute qmd root-memory fix

---------

Co-authored-by: mbelinky <mbelinky@users.noreply.github.com>
 2026-04-13 23:59:57 +02:00
Vincent Koc
f3283a330b fix(ci): repair extension boundary contracts 2026-04-13 22:37:25 +01:00
Vincent Koc
ea25cf2595 fix(ci): unblock discord boundary typing 2026-04-13 22:37:24 +01:00
Tak Hoffman
f94d6778b1 fix(active-memory): Move active memory recall into the hidden prompt prefix (#66144) 
* move active memory into prompt prefix

* document active memory prompt prefix

* strip active memory prefixes from recall history

* harden active memory prompt prefix handling

* hide active memory prefix in leading history views

* strip hidden memory blocks after prompt merges

* preserve user turns in memory recall cleanup
 2026-04-13 16:05:43 -05:00
rafaelreis-r
68e0e456f3 fix: allow plugin commands on Slack when channel supports native commands (#64578) 
Merged via squash.

Prepared head SHA: 2ec97bf0b3
Co-authored-by: rafaelreis-r <57492577+rafaelreis-r@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-13 13:14:02 -07:00