vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 21:50:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
39,758 Commits 1,843 Branches 149 Tags
24d56492847409fa6efc160b30ef109eab510b52
Commit Graph

1128 Commits

Author SHA1 Message Date
Peter Steinberger
1771160d2c fix(web-search): restrict private network guard 2026-05-02 06:39:48 +01:00
Peter Steinberger
b66459e3c2 fix(web-search): support self-hosted Firecrawl 2026-05-02 06:34:31 +01:00
Peter Steinberger
12342ed0e8 fix(web-search): support Exa baseUrl 2026-05-02 06:06:40 +01:00
Peter Steinberger
f269423355 fix(web-search): include MiniMax in setup detection 2026-05-02 05:59:25 +01:00
Peter Steinberger
f2370b769c fix(web-search): allow MiniMax OAuth search credentials 
Co-authored-by: 周鹤0668001310 <zhou.he3@xydigit.com>
 2026-05-02 05:43:08 +01:00
Peter Steinberger
ed6df7dd8b fix(gemini): reuse google provider config for web search 2026-05-02 05:15:02 +01:00
Peter Steinberger
20333bd58d fix(gemini): pass search time filters 2026-05-02 05:00:35 +01:00
Peter Steinberger
4397be1a24 fix(web-search): support Brave llm-context date filters 2026-05-02 04:39:34 +01:00
Peter Steinberger
eee3aeae00 [codex] add Crestodian plugin management (#75869) 
Summary:
- The branch adds ClawHub plugin search and Crestodian plugin list/search/install/uninstall flows, with docs, changelog, tests, runtime injection, and regenerated config baseline hashes.
- Reproducibility: not applicable. as a bug reproduction request. The high-confidence verification path is cur ... surface search plus exact-head diff/source inspection against the PR's targeted tests and queued CI checks.

ClawSweeper fixups:
- Included follow-up commit: Repair Crestodian plugin management config schema drift

Validation:
- ClawSweeper review passed for head c29cda6005.
- Required merge gates passed before the squash merge.

Prepared head SHA: c29cda6005
Review: https://github.com/openclaw/openclaw/pull/75869#issuecomment-4362360704

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
 2026-05-02 03:12:38 +00:00
Peter Steinberger
e4c127e678 fix(web-fetch): resolve external providers 2026-05-02 04:08:59 +01:00
Peter Steinberger
b813183bfd fix(web-search): support provider base url overrides 2026-05-02 03:44:46 +01:00
Peter Steinberger
4b8641094b fix(discord): preserve slash command localizations 2026-05-02 03:33:26 +01:00
Peter Steinberger
c02605253d fix: require explicit TTS intent 2026-05-02 03:16:57 +01:00
Peter Steinberger
7ed73f5383 test: broaden plugin install update coverage 2026-05-02 02:57:23 +01:00
Peter Steinberger
01aea41c2b fix(xai): harden Grok web search timeouts 2026-05-02 02:55:38 +01:00
Peter Steinberger
8d7f4d28ce fix: load source bundled plugins from pnpm workspaces 2026-05-02 02:06:17 +01:00
Vincent Koc
5c447f53d7 docs(plugins): document clawhub clawpack installs 2026-05-01 17:35:03 -07:00
Peter Steinberger
0df90d9b8d fix: trace plugin tool factory timings (#75823) 
* fix: trace plugin tool factory timings

* docs: document plugin tool timing traces

* fix: keep plugin tools mcp stdout clean

* test: type plugin tools mcp mock

* test: complete plugin tools mcp mock

* test: preserve console helpers in mcp test

* chore: refresh generated protocol models
 2026-05-01 23:14:18 +01:00
Peter Steinberger
5e3265b09b feat: support openai tts extra body 2026-05-01 22:57:35 +01:00
Peter Steinberger
d2ae2a3fb0 fix(plugins): require declared runtime setup entries 2026-05-01 22:36:18 +01:00
Peter Steinberger
112dedd093 refactor: remove plugin dependency cleanup leftovers 2026-05-01 21:55:50 +01:00
Peter Steinberger
ed8f50f240 refactor: simplify plugin dependency handling 
Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.

Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.
 2026-05-01 21:32:22 +01:00
Peter Steinberger
7ddf28c0d4 feat: support git plugin installs 2026-05-01 10:59:10 +01:00
Peter Steinberger
250376f885 fix: simplify bundled runtime dependency repair (#75183) 
Summary:
- Merged fix: simplify bundled runtime dependency repair after ClawSweeper review.

ClawSweeper fixups:
- Included follow-up commit: fix: verify cached bundled runtime roots
- Included follow-up commit: refactor: simplify plugin runtime startup paths
- Included follow-up commit: refactor: trim plugin startup policy helpers
- Included follow-up commit: refactor: trust package manager runtime deps materialization
- Included follow-up commit: fix: narrow channel runtime deps skip policy
- Included follow-up commit: refactor: defer startup plugin runtime deps
- Ran the ClawSweeper repair loop before final review.

Validation:
- ClawSweeper review passed for head 04dc566534.
- Required merge gates passed before the squash merge.

Prepared head SHA: 04dc566534
Review: https://github.com/openclaw/openclaw/pull/75183#issuecomment-4358383786

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: clawsweeper-repair <clawsweeper-repair@users.noreply.github.com>
 2026-05-01 07:49:02 +00:00
Peter Steinberger
5d1ba08e3c fix(doctor): warn on plugin tool allowlist mismatch 2026-05-01 05:33:03 +01:00
pashpashpash
027ea5f08b Isolate Codex app-server state per agent (#74556) 
* fix(codex): isolate app-server home per agent

* fix(codex): isolate native Codex assets per agent

* fix(channels): mark inbound system events untrusted

* fix(doctor): warn on personal Codex agent skills

* test(doctor): cover personal Codex agent skills warning

* fix(codex): forward auth profiles to harness runs

* fix(codex): preserve auto auth for harness runs

* fix(codex): auto-select harness auth profiles

* test(codex): type harness auth mock

* feat(codex): select migrated skills

* fix(codex): satisfy migration selection lint

* docs: add codex isolation changelog
 2026-05-01 04:49:02 +09:00
NVIDIAN
797d574dfd fix(deepseek): expose V4 max thinking levels (#73008) 
Merged via squash.

Prepared head SHA: ef561a59de
Co-authored-by: ai-hpc <183861985+ai-hpc@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-30 23:34:05 +08:00
Peter Steinberger
0f120c09ba fix(agents): bound subagent orphan recovery 2026-04-30 14:43:18 +01:00
Vincent Koc
ad7fa6c387 docs(tools): note explicit alsoAllow needed under restrictive profiles (4aa08e9d79) 2026-04-30 05:38:28 -07:00
Otto Deng
8ca1f6d590 fix(skills): scan grouped skill directories 
* fix(skills): scan nested subdirectories for grouped skill layouts

Previously, skill discovery only checked immediate children of the
skills root for SKILL.md files. Skills organized in subdirectories
(e.g. ~/.openclaw/skills/coze/koze-retrieval/SKILL.md) were silently
ignored.

Now, when an immediate child directory does not contain a SKILL.md,
its own children are checked one level deeper. This supports grouped
skill layouts while keeping the scan depth bounded (max 2 levels) to
avoid unbounded filesystem traversal.

The existing per-source skill count limits and containment checks
still apply to nested discoveries.

Fixes #56915

* test(skills): cover nested grouped skill discovery

* fix(skills): cache contained-path checks and cap nested scans

- Reuse skillDirRealPath captured during the collection phase so the load
  loop no longer re-runs resolveContainedSkillPath on the same directory.
- Apply the per-root candidate cap (and the matching warning log) when
  descending into nested grouped skill directories, matching the outer
  scan's behavior.

Addresses Greptile P2 feedback on PR #72534.

* fix(skills): load grouped skill directories under skills roots

* fix(clownfish): address review for ghcrawl-156697-autonomous-smoke (1)

---------

Co-authored-by: Otto Deng <otto@ottodeng.com>
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: Otto Deng <ottodeng2@github.local>
 2026-04-29 23:56:19 -07:00
Peter Steinberger
30a2b3049a feat: default active steering to batched delivery 2026-04-30 01:22:43 +01:00
Peter Steinberger
4a6e10ece8 feat: default queueing to steer 2026-04-29 22:48:10 +01:00
Jeff
9b6670d5c9 fix(ssrf): allow IPv6 fake-ip SSRF opt-in 
Allow trusted fake-IP proxy stacks to opt into IPv6 unique-local SSRF resolution without opening broader private-network access.
 2026-04-29 20:31:17 +01:00
Peter Steinberger
8a06db084d fix(models): hide unauthenticated catalog entries 2026-04-29 18:05:34 +01:00
Vyctor Huggo Przozwski da Silva
df0074768c fix(exec): reject invalid host targets (#74468) 
* fix(exec): reject invalid host targets

* docs(changelog): credit exec host validation contributor

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-04-29 17:25:45 +01:00
Peter Steinberger
e6cd90e3fd fix(agents): keep OAuth auth read-through 2026-04-29 11:54:28 +01:00
Peter Steinberger
93d5cd1015 fix: honor configured xhigh thinking compat (#74273) 
* fix: honor configured xhigh thinking compat

* test: update agent command model selection mock
 2026-04-29 11:35:03 +01:00
Peter Steinberger
548c280eff fix(discord): keep exec approval fallbacks reachable 2026-04-29 06:29:44 +01:00
Peter Steinberger
2b0b614417 docs(plugins): clarify clawhub npm migration 2026-04-29 06:09:34 +01:00
Peter Steinberger
5a9c0efa54 fix(tasks): clean orphaned parent-owned acp sessions 2026-04-29 04:35:06 +01:00
nighty
6e31de5847 docs: fix custom skill naming example 
Fix the custom skill docs example so the folder and SKILL.md frontmatter use the same hyphen-case name.
 2026-04-28 20:15:36 -07:00
pashpashpash
4aa8da3756 Route sensitive group commands to the owner privately (#73872) 
* fix(commands): route sensitive group approvals privately

* fix(commands): require owner private routes

* test(commands): cover owner-derived Telegram diagnostics routing
 2026-04-29 09:27:18 +09:00
pashpashpash
43fa40a35d fix(telegram): use owners for exec approvals (#73852) 2026-04-29 08:34:46 +09:00
Patrick Erichsen
a235a487d0 docs: add clawhub rescan recovery guidance (#73414) 
* docs: add clawhub rescan recovery guidance

* docs: clarify clawhub rescan wording
 2026-04-28 16:34:00 -07:00
pashpashpash
6ce1058296 Wire diagnostics through the core chat command (#72936) 
* feat: wire codex diagnostics feedback

* fix: harden codex diagnostics hints

* fix: neutralize codex diagnostics output

* fix: tighten codex diagnostics safeguards

* fix: bound codex diagnostics feedback output

* fix: tighten codex diagnostics throttling

* fix: confirm codex diagnostics uploads

* docs: clarify codex diagnostics add-on

* fix: route diagnostics through core command

* fix: tighten diagnostics authorization

* fix: pin diagnostics to bundled codex command

* fix: limit owner status in plugin commands

* fix: scope diagnostics confirmations

* fix: scope codex diagnostics cooldowns

* fix: harden codex diagnostics ownership scopes

* fix: harden diagnostics command trust and display

* fix: keep diagnostics command trust internal

* fix: clarify diagnostics exec boundary

* fix: consume codex diagnostics confirmations atomically

* test: include codex diagnostics binding metadata

* test: use string codex binding timestamps

* fix: keep reserved command trust host-only

* fix: harden diagnostics trust and resume hints

* wire diagnostics through exec approval

* fix: keep diagnostics tests aligned with bundled root trust

* fix telegram diagnostics owner auth

* route trajectory exports through exec approval

* fix trajectory exec command encoding

* fix telegram group owner auth

* fix export trajectory approval hardening

* fix pairing command owner bootstrap

* fix telegram owner exec approvals

* fix: make diagnostics approval flow pasteable

* fix: route native sensitive command followups

* fix: invoke diagnostics exports with current cli

* fix: refresh exec approval protocol models

* fix: list codex diagnostics from thread bindings

* fix: fold codex diagnostics into exec approval

* fix: preserve diagnostics approval line breaks

* docs: clarify diagnostics codex workflow
 2026-04-29 07:40:37 +09:00
Peter Steinberger
5dfc14d49b fix(tasks): close stale terminal acp sessions 2026-04-28 21:03:55 +01:00
Peter Steinberger
0dcab4e347 fix(agents): harden bootstrap and ACP session routing 2026-04-28 20:47:34 +01:00
Gabriel Kripalani
17ef9ef895 feat(openrouter): add video generation provider (#72700) 
Adds OpenRouter video generation via video_generate, with hardened async polling/download handling, docs, and regression coverage.

Validation:
- pnpm test src/plugins/plugin-lookup-table.test.ts src/secrets/target-registry.fast-path.test.ts src/gateway/server-startup-post-attach.test.ts extensions/openrouter/video-generation-provider.test.ts src/video-generation/live-test-helpers.test.ts src/media-generation/provider-capabilities.contract.test.ts src/agents/pi-embedded-helpers/failover-matches.test.ts src/plugins/manifest-metadata-scan.test.ts src/agents/openai-transport-stream.test.ts src/media-understanding/openai-compatible-audio.test.ts src/agents/schema-normalization-runtime-contract.test.ts src/agents/provider-request-config.test.ts src/plugin-sdk/provider-stream.test.ts src/agents/pi-embedded-runner/run/attempt.spawn-workspace.websocket.test.ts -- --reporter=verbose
- OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_TEST_QUIET=0 OPENCLAW_LIVE_VIDEO_GENERATION_MODELS=openrouter/google/veo-3.1-fast pnpm test:live src/video-generation/video-generation.live.test.ts -- --runInBand

Co-authored-by: notamicrodose <gabrielkripalani@me.com>
 2026-04-28 10:57:31 +01:00
Peter Steinberger
169dba2042 fix(skills): require opt-in for coding-agent 2026-04-28 09:24:24 +01:00
Peter Steinberger
78a12706ec fix(docs): make docs formatter mintlify-safe 2026-04-28 08:13:21 +01:00