vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-14 03:20:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,761 Commits 707 Branches 77 Tags
1a42ea3abfa2a9124e113edefbb5965d128e37bf
Commit Graph

113 Commits

Author SHA1 Message Date
Peter Steinberger
bce643a0bd refactor(security): enforce account-scoped pairing APIs 2026-02-26 21:57:52 +01:00
Peter Steinberger
d6eefe2e75 style: format auth boundary updates 2026-02-26 18:50:47 +01:00
Peter Steinberger
64de4b6d6a fix: enforce explicit group auth boundaries across channels 2026-02-26 18:49:16 +01:00
Peter Steinberger
cd80c7e7ff refactor: unify dm policy store reads and reason codes 2026-02-26 17:47:57 +01:00
Peter Steinberger
039713c3e7 fix: suppress reasoning payload leakage in whatsapp replies 2026-02-25 01:36:37 +00:00
Mark Musson
e22a2d77ba fix(whatsapp): stop retry loop on non-retryable 440 close 2026-02-24 23:52:49 +00:00
damaozi
c6bb7b0c04 fix(whatsapp): groupAllowFrom sender filter bypassed when groupPolicy is allowlist (#24670) 
(cherry picked from commit af06ebd9a6)
 2026-02-24 04:20:30 +00:00
Peter Steinberger
ebde897bb8 fix: add dmScope route guard regression tests (#24949) (thanks @kevinWangSheng) 2026-02-24 03:55:29 +00:00
shenghui kevin
57783680ad fix(whatsapp): guard updateLastRoute when dmScope isolates DM sessions 
When session.dmScope is set to 'per-channel-peer', WhatsApp DMs correctly
resolve isolated session keys, but updateLastRouteInBackground unconditionally
wrote lastTo to the main session key. This caused reply routing corruption
and privacy violations.

Only update main session's lastRoute when the DM session actually IS
the main session (sessionKey === mainSessionKey).

Fixes #24912
 2026-02-24 03:55:29 +00:00
Peter Steinberger
b5881d9ef4 fix: avoid WhatsApp silent turns with final-only delivery (#24962) (thanks @SidQin-cyber) 2026-02-24 03:47:20 +00:00
SidQin-cyber
3d22af692c fix(whatsapp): suppress reasoning/thinking content from WhatsApp delivery 
The deliver callback in process-message.ts was forwarding all payload
kinds (tool, block, final) to WhatsApp. Block payloads contain the
model's reasoning/thinking content, which should only be visible in
the internal web UI. This caused chain-of-thought to leak to end users
as separate WhatsApp messages.

Add an early return for non-final payloads so only the actual response
is delivered to the WhatsApp channel, matching how Telegram already
filters by info.kind === "final".

Fixes #24954
Fixes #24605

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-24 03:47:20 +00:00
Coy Geek
aef45b2abb fix(logging): redact phone numbers and message content from WhatsApp logs 
Apply redactIdentifier() (SHA-256 hashing) to all recipient JIDs and
phone numbers logged by sendMessageWhatsApp, sendReactionWhatsApp,
sendPollWhatsApp, and runWebHeartbeatOnce. Remove poll question text
and message preview content from log entries, replacing with character
counts where useful for debugging.

The existing redactIdentifier() utility in src/logging/redact-identifier.ts
was already implemented but not wired into any WhatsApp logging path.
This commit connects it to all affected call sites while leaving
functional parameters (actual send calls, event emitters) untouched.

Closes #24957
 2026-02-24 03:36:29 +00:00
Peter Steinberger
0bdcca2f35 test(whatsapp): add log redaction coverage 2026-02-24 03:34:31 +00:00
Peter Steinberger
b534dfa3e0 fix(slack,web): harden thread hints and monitor tuning 2026-02-22 22:06:01 +00:00
Peter Steinberger
d116bcfb14 refactor(runtime): consolidate followup, gateway, and provider dedupe paths 2026-02-22 14:08:51 +00:00
Frank Yang
1051f42f96 fix(stability): patch regex retries and timeout abort handling 2026-02-22 10:59:34 +01:00
Peter Steinberger
4f7032fbd9 test(utils): share temp-dir helper across cli and web tests 2026-02-22 07:44:57 +00:00
Peter Steinberger
4a2ff03f49 test: dedupe channel/web cases and tighten gateway e2e waits 2026-02-21 23:02:44 +00:00
Peter Steinberger
0bd9f0d4ac fix: enforce strict allowlist across pairing stores (#23017) 2026-02-22 00:00:23 +01:00
Peter Steinberger
42e181dd4b test(web): dedupe inbound cfg fixtures and cover reply/from formatting 2026-02-21 21:40:39 +00:00
Peter Steinberger
dc7ec65c8f test(web): dedupe mention assertions and cover diagnostics helpers 2026-02-21 21:40:39 +00:00
Peter Steinberger
626d8e9f62 test(web): dedupe temp dir setup in web auto-reply utils tests 2026-02-21 21:40:38 +00:00
Peter Steinberger
a1cb700a05 test: dedupe and optimize test suites 2026-02-19 15:19:38 +00:00
Peter Steinberger
1d71c21aac test(web): dedupe media-failure setup in deliver reply tests 2026-02-19 07:27:47 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
97c8f4999e chore: Fix types in tests 27/N. 2026-02-17 14:31:55 +09:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
262b7a157a chore: chore: Fix types in tests 12/N. 2026-02-17 11:22:49 +09:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger
a177f7b9fe refactor(tests): dedupe slack telegram and web monitor setup 2026-02-16 17:06:40 +00:00
Peter Steinberger
93ca0ed54f refactor(channels): dedupe transport and gateway test scaffolds 2026-02-16 14:59:31 +00:00
Peter Steinberger
52ddaed795 test: remove redundant elide exact-limit case 2026-02-16 08:03:02 +00:00
Vignesh Natarajan
6957354d48 fix (telegram/whatsapp): use account-scoped pairing allowlists 2026-02-15 19:10:06 -08:00
Peter Steinberger
74294a4653 perf(test): consolidate web auto-reply suites 2026-02-15 23:14:42 +00:00
Mr. Guy
e927fd1e35 fix: allow agent workspace directories in media local roots (#17136) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7545ef1e19
Co-authored-by: MisterGuy420 <255743668+MisterGuy420@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-15 10:53:45 -05:00
Peter Steinberger
10e6d926bc refactor(web): dedupe group gating history capture 2026-02-15 05:36:39 +00:00
Peter Steinberger
12c37a9a3a test(web): cover deliver reply media kinds 2026-02-15 05:35:12 +00:00
Peter Steinberger
4295ff785f refactor(web): dedupe heartbeat ok sender 2026-02-15 05:33:59 +00:00
Peter Steinberger
1b8dd2e504 perf(web): consolidate heartbeat runner tests 2026-02-15 05:31:58 +00:00
Peter Steinberger
c2deba3b56 test(web): extend crypto error util coverage 2026-02-15 05:29:12 +00:00
Peter Steinberger
164c1a3b5c test(web): cover heartbeat runner branches 2026-02-15 05:28:06 +00:00
Peter Steinberger
758fbc2fcc test(web): consolidate deliver reply retry coverage 2026-02-15 05:04:22 +00:00
Peter Steinberger
21082f7e3a test(web): cover web reply delivery 2026-02-15 05:01:46 +00:00
Peter Steinberger
6c38ffc277 test(web): cover auto-reply util 2026-02-15 04:44:59 +00:00
Peter Steinberger
511ba938fb refactor(heartbeat): share reply payload picker 2026-02-15 04:37:52 +00:00
Peter Steinberger
9eb749b0a6 test(web): stabilize processMessage inbound contract cleanup 2026-02-15 00:26:41 +00:00
Peter Steinberger
a6fda4ae8e test(web): stabilize processMessage inbound contract cleanup 2026-02-15 00:26:41 +00:00
Peter Steinberger
a2b6a064f7 test: fix processMessage contract test lint 2026-02-14 23:16:37 +00:00