vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 09:30:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
37,598 Commits 1,843 Branches 149 Tags
2a1e47ffcb2e967bf51bf1da05243aaa4e280cf2
Commit Graph

37598 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vincent Koc
2bce63cb65 fix(android): harden canvas webview bridge (#73240) 
* fix(android): harden canvas webview bridge

* fix(android): make canvas content access hardening explicit

* fix(android): keep webview hardening inline for CodeQL

* fix(android): avoid webview getter false positive
 2026-04-27 21:41:01 -07:00
Peter Steinberger
52daf5fbd3 fix(acpx): stage Claude ACP adapter runtime dependency 2026-04-28 05:38:15 +01:00
Peter Steinberger
59bd7e47e8 docs: avoid mdx lists inside callouts 2026-04-28 05:34:44 +01:00
Peter Steinberger
b8c44bfc82 fix: restore main ci and speed tests 2026-04-28 05:34:28 +01:00
Brian Newman
055127425f fix(export): fix broken template placeholders in session export HTML (#41861) 
* fix(export): fix broken template placeholders in session export HTML

The {{MARKED_JS}}, {{HIGHLIGHT_JS}}, and {{JS}} placeholders in the
export HTML template were split across multiple lines by a code
formatter, turning them into JS block statements instead of template
tokens. The generateHtml() function uses .replace('{{MARKED_JS}}', ...)
which requires contiguous strings, so the vendor JS and app code were
never injected — producing a 2MB HTML file that opens with styles and
session data but renders blank (no JS to parse/display the data).

Fix: collapse placeholders to single-line {{TOKEN}} format and add
prettier-ignore comments to prevent re-formatting.

Introduced in 9d403fd.

* fix(export): use function replacers for vendor JS injection

String.replace() interprets $ sequences ($&, $$, $', etc.) in
replacement strings. The minified vendor libraries (highlight.min.js,
marked.min.js) and the template JS contain literal $ characters that
get mutated during injection — e.g. $& becomes the matched placeholder
text, $$ becomes a single $.

Fix: use arrow function replacers for JS content so replacement text
is injected verbatim without $ interpretation. CSS and session data
use string replacers since they don't contain problematic $ patterns.

Flagged by Codex review (P2).

* ci: retrigger checks

* fix(export-session): restore inline export scripts

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
 2026-04-27 21:34:20 -07:00
Peter Steinberger
5826774076 fix(diagnostics-otel): handle liveness warnings 2026-04-28 05:32:40 +01:00
Peter Steinberger
b60eb1711a refactor(plugin-sdk): add managed task flow runtime 2026-04-28 05:32:40 +01:00
Peter Steinberger
d987e153fe docs: fix plugin architecture mdx 2026-04-28 05:32:19 +01:00
Peter Steinberger
03e0f17069 docs(changelog): consolidate 2026.4.27 notes 2026-04-28 05:31:19 +01:00
Shakker
c77aead063 docs: refresh plugin sdk api baseline 2026-04-28 05:30:04 +01:00
Shakker
31e01eb286 fix: narrow stepfun manifest provider keys 2026-04-28 05:30:04 +01:00
Shakker
d76540ff30 docs: update manifest catalog migration note 2026-04-28 05:30:04 +01:00
Shakker
c242f0c35f feat: declare stepfun model catalogs 2026-04-28 05:30:04 +01:00
Shakker
b3dce79af1 feat: declare tencent tokenhub model catalog 2026-04-28 05:30:04 +01:00
Shakker
fd484cf472 refactor: build deepseek catalog from manifest 2026-04-28 05:30:04 +01:00
Shakker
a4eb89c809 refactor: build moonshot catalog from manifest 2026-04-28 05:30:04 +01:00
Shakker
68a1dfb7e3 docs: document manifest provider catalog sdk helper 2026-04-28 05:30:04 +01:00
Shakker
a3ad2723cc fix: fail on dropped manifest catalog rows 2026-04-28 05:30:04 +01:00
Shakker
4168575b88 docs: note manifest provider catalog helper 2026-04-28 05:30:04 +01:00
Shakker
2d8ee0452e fix: normalize raw manifest provider catalogs 2026-04-28 05:30:04 +01:00
Shakker
a047144660 fix: narrow manifest catalog runtime inputs 2026-04-28 05:30:04 +01:00
Shakker
a36aeac072 fix: reject incomplete manifest provider catalogs 2026-04-28 05:30:04 +01:00
Shakker
129d5be507 refactor: build cerebras and mistral catalogs from manifests 2026-04-28 05:30:04 +01:00
Shakker
1f883f3dff refactor: build nvidia catalog from manifest 2026-04-28 05:30:04 +01:00
Shakker
833dcccddf refactor: build qianfan and xiaomi catalogs from manifests 2026-04-28 05:30:04 +01:00
Shakker
5cba55e520 feat: add manifest provider catalog helper 2026-04-28 05:30:04 +01:00
Peter Steinberger
1267a14326 docs: fix plugin architecture mdx 2026-04-28 05:29:26 +01:00
Peter Steinberger
cb1bca1a16 fix(diagnostics): export liveness warning telemetry 2026-04-28 05:28:04 +01:00
Peter Steinberger
001bf47727 chore(release): open 2026.4.27 development 2026-04-28 05:28:04 +01:00
Peter Steinberger
548f946ffd test(macos): remove conflict marker 2026-04-28 05:28:04 +01:00
Peter Steinberger
5dec95f35c test(macos): stabilize gateway control test 2026-04-28 05:28:04 +01:00
Peter Steinberger
35c9dd06b2 fix(cli): respect replace mode in model picker 2026-04-28 05:26:25 +01:00
Peter Steinberger
1a2f60c0a1 chore(browser): remove old security mock path 2026-04-28 05:21:58 +01:00
Peter Steinberger
af7f651db3 refactor(plugin-sdk): retire reserved helper exports 2026-04-28 05:21:57 +01:00
Peter Steinberger
870d993eb8 fix(ui): request configured model list 2026-04-28 05:21:08 +01:00
Peter Steinberger
000d52be37 ci: pin Google live gateway profile models 2026-04-28 05:19:33 +01:00
Vincent Koc
e8b4e39a97 fix(gateway): clear fallback context on close 
Fixes gateway fallback request context cleanup on close/startup failure and shards the full gateway Vitest lane to avoid the observed memory hang.\n\nValidation:\n- Testbox: OPENCLAW_TESTBOX=1 pnpm check:changed\n- Testbox: env OPENCLAW_VITEST_MAX_WORKERS=1 /usr/bin/time -v pnpm test:gateway (254 files, 2950 tests, max RSS 4144692 KB)
 2026-04-27 21:19:21 -07:00
Peter Steinberger
738f5f7508 fix: prevent channel login exec wedges 2026-04-28 05:16:43 +01:00
Peter Steinberger
ed98762832 fix: seed docs i18n codex auth 2026-04-28 05:15:38 +01:00
Peter Steinberger
843980e173 test: route more fast specs through unit-fast 2026-04-28 05:14:15 +01:00
Peter Steinberger
ab95812d65 fix: record model fallback steps in trajectories 2026-04-28 05:08:34 +01:00
Peter Steinberger
714f3b59cc fix: preserve unknown compaction failure detail 2026-04-28 05:08:34 +01:00
Shakker
34a0a9fd06 chore: benchmark startup-lazy plugins 2026-04-28 05:08:14 +01:00
Omar Shahine
4b760be1dd fix(gateway): strip SecretRef secret inputs from messages.tts.providers before talk.config hands them to speech providers (#73111) 
Closes the gap left by #72496 on the parallel `messages.tts.providers.<id>` site. After #72496 landed, `talk.config` still threw `unresolved SecretRef` whenever an operator pinned a TTS apiKey or token as a SecretRef on the messages.tts side — same user-facing symptom (iOS / macOS / Control UI Talk overlays falling back to local AVSpeechSynthesizer).

Adds `stripUnresolvedSecretInputsFromBaseTtsProviders` in `src/gateway/server-methods/talk.ts` that walks each entry in `messages.tts.providers` and strips any unresolved SecretRef wrappers from the configured secret-input keys (`apiKey`, `token`) before handing the base TTS config down to `speechProvider.resolveTalkConfig`. Mirrors the `talk.providers` strip pattern from #72496.

Hardening: rebuilds the providers map with `Object.create(null)` instead of `{}` so an operator-config payload carrying `messages.tts.providers.__proto__` (or `constructor`/`prototype`) cannot mutate Object.prototype via the dynamic `cleaned[providerId] = ...` assignment. Caught by Aisle security review.

Adds three regression tests covering: SecretRef apiKey on messages.tts (the original bug), SecretRef token on messages.tts (Peter's generalization), and `__proto__`-keyed providers (Aisle hardening). All pass; full CI green (57/57) on the rebased branch.

Fixes #73109. Refs #72496.

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-27 21:06:28 -07:00
Peter Steinberger
97f3e6d3c2 fix: keep docs i18n codex home out of tmp 2026-04-28 05:05:06 +01:00
Peter Steinberger
1e3ce10e27 refactor(plugin-sdk): remove unused reserved helper exports 2026-04-28 05:00:53 +01:00
Peter Steinberger
4d69f81a4e fix: isolate docs i18n codex home 2026-04-28 04:58:51 +01:00
Peter Steinberger
da773cf074 test: fix startup recovery model fixture types 2026-04-28 04:57:57 +01:00
Peter Steinberger
d9a6dd0c36 ci: pin OpenAI live gateway profile model 2026-04-28 04:57:48 +01:00
Vincent Koc
9a19d8b8ea fix(bonjour): classify ciao IPv4 changed assertion 
Classify ciao's IPv4 address changed assertion spelling in the Bonjour plugin and cover the exact upstream message.
 2026-04-27 20:56:43 -07:00