vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 09:41:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,234 Commits 1,233 Branches 104 Tags
2d97eae53e212ae26f3aebcd6a50ffc6877f770d
Commit Graph

29234 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pavan Kumar Gondhi
2d97eae53e fix(plugins): prevent untrusted workspace plugins from hijacking bundled provider auth choices [AI] (#62368) 
* fix: address issue

* fix: address review feedback

* docs(changelog): add onboarding auth-choice guard entry

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-08 23:08:14 +05:30
Peter Steinberger
2d0e25c23a fix: pass system prompt to codex cli 2026-04-08 18:15:10 +01:00
Peter Steinberger
1979a28803 fix: patch hono security advisories 2026-04-08 18:02:54 +01:00
Peter Steinberger
bae64bb188 test: isolate volcengine byteplus auth resolver imports 2026-04-08 17:44:57 +01:00
Peter Steinberger
c945ae7be5 test: stabilize ci test isolation 2026-04-08 17:35:54 +01:00
Frank Yang
5d46e4dc4f fix(gateway): clear auto-fallback model override on session reset (#63155) 
* fix(gateway): clear auto-fallback model override on session reset

When `persistFallbackCandidateSelection()` writes a fallback provider
override with `authProfileOverrideSource: "auto"`, the override was
incorrectly preserved across `/reset` and `/new` commands. This caused
sessions to keep using the fallback provider even after the user changed
the agent config primary provider, because the session store override
takes precedence over the config default.

Now the override fields (`providerOverride`, `modelOverride`,
`authProfileOverride`, `authProfileOverrideSource`,
`authProfileOverrideCompactionCount`) are only carried forward when
`authProfileOverrideSource === "user"` (i.e. explicit `/model` command).
System-driven overrides are dropped on reset so the session picks up the
current config default.

Introduced in cb0a752156 ("fix: preserve reset session behavior config")

* fix(gateway): preserve explicit reset model selection

* fix(gateway): track reset model override source

* fix(gateway): preserve legacy reset model overrides

* docs(changelog): add session reset merge note

---------

Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net>
 2026-04-09 00:31:05 +08:00
Frank Yang
153e3add68 fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak (#63068) 
* fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak

* fix(auto-reply): preserve substantive NO_REPLY leading text

* fix(agents): preserve ACP silent-prefix cumulative deltas

* fix(auto-reply): harden silent-token streaming paths

* fix(auto-reply): normalize glued silent tokens consistently

---------

Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net>
 2026-04-09 00:30:13 +08:00
Ayaan Zaidi
21d0f7c5f1 fix: restore android qr pairing flow (#63199) 2026-04-08 21:58:56 +05:30
Ayaan Zaidi
dcf821cfb6 fix(android): prefer stored device auth after pairing 2026-04-08 21:58:56 +05:30
Ayaan Zaidi
1f899f8442 fix(android): tighten pairing retry behavior 2026-04-08 21:58:56 +05:30
Ayaan Zaidi
6090afa0e5 fix(android): reset auth on new setup codes 2026-04-08 21:58:56 +05:30
Ayaan Zaidi
11bd40fe8a fix(android): prefer bootstrap auth on qr pairing 2026-04-08 21:58:56 +05:30
Ayaan Zaidi
911f9a104c fix(android): auto-resume pairing approval 2026-04-08 21:58:56 +05:30
Peter Steinberger
253ecd2a5d test: keep media runtime tests on same-directory provider mocks 2026-04-08 17:15:56 +01:00
Peter Steinberger
8f67f156ee test: keep pi fs workspace tests on fs tool factories 2026-04-08 17:06:23 +01:00
Peter Steinberger
4a51a1031d feat: add character eval model options 2026-04-08 17:05:30 +01:00
Peter Steinberger
4bbf78e566 test: make character eval scenario natural 2026-04-08 17:05:30 +01:00
Mariano
b77db8c0b6 Reply: surface OAuth reauth failures (#63217) 
Merged via squash.

Prepared head SHA: 68b7ffd59e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-04-08 18:03:03 +02:00
Peter Steinberger
45195e3645 test: explain gateway exec fixture trust 2026-04-08 16:54:31 +01:00
Peter Steinberger
7f5d129a37 fix: keep runtime task test harness behind task seams 2026-04-08 16:53:46 +01:00
Peter Steinberger
b5c597cc66 test: trust gateway exec fixture node path 2026-04-08 16:48:39 +01:00
Ayaan Zaidi
17e6ef4076 fix(build): keep tsdown prune best-effort 2026-04-08 21:16:49 +05:30
Peter Steinberger
654ad0a1fb test: keep bundled web-search owner checks on public artifacts 2026-04-08 16:46:29 +01:00
Peter Steinberger
ca09c954da docs: reorder changelog entries 2026-04-08 16:41:03 +01:00
Peter Steinberger
035bd94a76 fix(plugin-sdk): export channel plugin base 2026-04-08 16:39:18 +01:00
Peter Steinberger
1e274f8695 test: keep chutes implicit provider tests on provider catalog 2026-04-08 16:33:39 +01:00
Ayaan Zaidi
f4ec59c431 fix(build): honor postinstall disable flag 2026-04-08 21:01:53 +05:30
Ayaan Zaidi
66ec8909bd fix(build): address bundled plugin prune review 2026-04-08 21:01:53 +05:30
Ayaan Zaidi
b28fe1b92f fix(build): prune stale bundled plugin node_modules 2026-04-08 21:01:53 +05:30
Peter Steinberger
e4c7ee5856 test: keep kimi implicit provider tests on provider catalog 2026-04-08 16:30:56 +01:00
Peter Steinberger
f27d382873 fix: default OpenAI reasoning effort to high 2026-04-08 16:29:46 +01:00
Peter Steinberger
dfa22f5826 test: keep model reasoning override coverage on merge helpers 2026-04-08 16:23:58 +01:00
Peter Steinberger
41770be999 test: keep pdf and update-plan registration tests pure 2026-04-08 16:15:28 +01:00
Peter Steinberger
e8d5837eea fix: keep minimax provider mocks package-local 2026-04-08 16:13:37 +01:00
Peter Steinberger
17bd5f1dd2 refactor: share html entity tool call decoding 2026-04-08 15:58:47 +01:00
Peter Steinberger
b358db1775 refactor: dedupe embedding provider test fixtures 2026-04-08 15:58:47 +01:00
Peter Steinberger
27560b7b68 refactor: dedupe agent command test fixtures 2026-04-08 15:58:47 +01:00
Peter Steinberger
1bd3e9296c refactor: dedupe doctor codex oauth tests 2026-04-08 15:58:47 +01:00
Peter Steinberger
54e5741357 refactor: dedupe telegram exec approval tests 2026-04-08 15:58:47 +01:00
Peter Steinberger
4da74a4d9a refactor: dedupe matrix exec approval tests 2026-04-08 15:58:47 +01:00
Peter Steinberger
b0c0df3484 refactor: dedupe approval runtime tests 2026-04-08 15:58:46 +01:00
Peter Steinberger
b61f00169a refactor: dedupe exec defaults tests 2026-04-08 15:58:46 +01:00
Peter Steinberger
82a958dc79 refactor: dedupe firecrawl and directive helpers 2026-04-08 15:58:46 +01:00
Peter Steinberger
34f73abfd3 refactor: dedupe plugin metadata test helpers 2026-04-08 15:58:46 +01:00
Peter Steinberger
76ccbbf12f refactor: dedupe media runtime test mocks 2026-04-08 15:58:45 +01:00
Peter Steinberger
e98dc17866 refactor: dedupe plugin test harnesses 2026-04-08 15:58:45 +01:00
Peter Steinberger
3dd19a1705 refactor: dedupe test helpers and script warning filter 2026-04-08 15:58:45 +01:00
Peter Steinberger
6276530dc2 refactor: dedupe config and subagent tests 2026-04-08 15:58:45 +01:00
Peter Steinberger
a5737f83af refactor: dedupe browser navigation guard tests 2026-04-08 15:58:45 +01:00
Peter Steinberger
49f3ede504 refactor: dedupe shared helper branches 2026-04-08 15:58:45 +01:00