vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 17:51:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,489 Commits 1,241 Branches 104 Tags
2dfd2ee7a74eb8bdf5261570524db2e471265f70
Commit Graph

29489 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mariano Belinky
2dfd2ee7a7 Dreaming: add changelog attribution 2026-04-09 21:11:03 +02:00
Mariano Belinky
d564037c0d Dreaming: move changelog entry into unreleased fixes 2026-04-09 21:09:59 +02:00
Mariano Belinky
2aac14d039 Dreaming: move changelog entry to section end 2026-04-09 21:09:04 +02:00
Mariano Belinky
897b6d7110 Dreaming: add PR number to changelog 2026-04-09 21:08:22 +02:00
Mariano Belinky
caa3ccfdfa Dreaming: add changelog for admin persistence 2026-04-09 20:07:23 +02:00
Mariano Belinky
133ac35552 Dreaming: require admin for gateway persistence 2026-04-09 20:02:55 +02:00
Tak Hoffman
b83726d13e Feat: Add Active Memory recall plugin (#63286) 
* Refine plugin debug plumbing

* Tighten plugin debug handling

* Reduce active memory overhead

* Abort active memory sidecar on timeout

* Rename active memory blocking subagent wording

* Fix active memory cache and recall selection

* Preserve active memory session scope

* Sanitize recalled context before retrieval

* Add active memory changelog entry

* Harden active memory debug and transcript handling

* Add active memory policy config

* Raise active memory timeout default

* Keep usage footer on primary reply

* Clear stale active memory status lines

* Match legacy active memory status prefixes

* Preserve numeric active memory bullets

* Reuse canonical session keys for active memory

* Let active memory subagent decide relevance

* Refine active memory plugin summary flow

* Fix active memory main-session DM detection

* Trim active memory summaries at word boundaries

* Add active memory prompt styles

* Fix active memory stale status cleanup

* Rename active memory subagent wording

* Add active memory prompt and thinking overrides

* Remove active memory legacy status compat

* Resolve active memory session id status

* Add active memory session toggle

* Add active memory global toggle

* Fix active memory toggle state handling

* Harden active memory transcript persistence

* Fix active memory chat type gating

* Scope active memory transcripts by agent

* Show plugin debug before replies
 2026-04-09 11:27:37 -05:00
Mason
164287f056 docs-i18n: avoid ambiguous body-only wrapper unwrap (#63808) 
* docs-i18n: avoid ambiguous body-only wrapper unwrap

* docs: clarify targeted testing tip

* changelog: include docs-i18n follow-up thanks
 2026-04-10 00:01:17 +08:00
Mason
2954c7235b test+ui: fix persistent main CI regressions (#63825) 2026-04-10 00:00:57 +08:00
Mason
06dea262c4 docs-i18n: chunk raw doc translation (#62969) 
Merged via squash.

Prepared head SHA: 6a16d66486
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-09 23:22:16 +08:00
Pavan Kumar Gondhi
635bb35b68 fix(agents): guard nodes tool outPath against workspace boundary [AI-assisted] (#63551) 
* fix: address issue

* fix: address review feedback

* fix: finalize issue changes

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-09 20:42:49 +05:30
zsx
1fede43b94 fix: exclude workspace shadows from channel setup catalog lookups 2026-04-09 22:46:39 +08:00
Sliverp
65b781f9ae fix(qqbot): add stream config (#63746) 2026-04-09 21:23:33 +08:00
Pavan Kumar Gondhi
604777e441 fix(qqbot): enforce media storage boundary for all outbound local file paths [AI] (#63271) 
* fix: address issue

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-09 17:56:37 +05:30
Gustavo Madeira Santana
414b7b5ac4 Matrix: drop dead legacy crypto wrapper 2026-04-09 08:10:42 -04:00
Neerav Makwana
2645ed154b fix: provider-qualified session context limits (#62493) (thanks @neeravmakwana) 
* fix(sessions): provider-qualified context limits (#62472)

* fix(sessions): honor agent context cap in memory-flush gate

* refactor(sessions): unify context token resolution

* fix: keep followup snapshot freshness on the active provider (#62493) (thanks @neeravmakwana)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-09 17:25:34 +05:30
Ayaan Zaidi
1ee4a1606e fix: exclude DM participant lists from iMessage self-chat check 2026-04-09 17:23:22 +05:30
Ayaan Zaidi
b8af4d6739 fix: start tailscale exposure before sidecars 2026-04-09 17:21:56 +05:30
Neerav Makwana
7f714609f7 fix: allow CLI task cancel for stuck background tasks (#62506) (thanks @neeravmakwana) 
* Tasks: allow openclaw tasks cancel for CLI runtime (#62419)

Made-with: Cursor

* Tasks: address review — changelog order, CLI cancel without session, lock terminal status

Made-with: Cursor

* fix: freeze terminal task listener updates

* fix: clean changelog block for CLI task cancel (#62506) (thanks @neeravmakwana)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-09 17:16:07 +05:30
Neerav Makwana
9267c3f8f2 fix: preserve iMessage self-chat aliases (#61619) (thanks @neeravmakwana) 
* fix(imessage): avoid DM self-chat false positives

* fix(imessage): treat blank destination caller id as missing

* fix(imessage): preserve alias self-chat

* fix: preserve iMessage self-chat aliases (#61619) (thanks @neeravmakwana)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-09 17:13:22 +05:30
Neerav Makwana
5577e2d441 fix: keep gateway RPC up during startup (#63480) 
Thanks @neeravmakwana.
 2026-04-09 17:09:18 +05:30
Neerav Makwana
12544e24d7 fix: stable auth profile resolution for isolated cron jobs (#62797) (thanks @neeravmakwana) 
* Cron: stable auth profile resolution for isolated jobs (#62783)

* Tests: clearer assertion for isolated cron auth profile spy (#62797)
 2026-04-09 16:48:05 +05:30
Mulualem Eshetu
4977c4ab82 fix(control-ui): preserve configured model metadata in picker (#61382) 
Merged via squash.

Prepared head SHA: c738f6f146
Co-authored-by: Mule-ME <83214007+Mule-ME@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-04-09 16:28:43 +05:30
Frank Yang
46b1ecd6ed docs: add changelog entry for FirePass Kimi fix 2026-04-09 17:27:02 +08:00
Peter Steinberger
828c64e6b5 style: format web fetch ssrf test 2026-04-09 10:18:32 +01:00
Peter Steinberger
8be3a4466c fix(feishu): read webhook bodies through pre-auth guard 2026-04-09 10:18:07 +01:00
Aftab
fa2fab7060 fix(plugins): prevent schema load from re-activating plugin registry (#54971) 
Merged via squash.

Prepared head SHA: dd1ed1d519
Co-authored-by: Aftabbs <112916888+Aftabbs@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-04-09 10:17:26 +01:00
Peter Steinberger
fbbb4f02d1 test: allow slower CLI metadata help rendering 2026-04-09 10:13:20 +01:00
Peter Steinberger
7497abc124 test: stabilize gateway background tests 2026-04-09 10:13:20 +01:00
Justin Song
1b24560392 fix(status): show configured fallback models in /status output (#33111) 
Merged via squash.

Prepared head SHA: 5e590aa68c
Co-authored-by: AnCoSONG <32268203+AnCoSONG@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-04-09 10:13:09 +01:00
WarrenJones
905e56d191 fix: treat zero nextRunAtMs as invalid (#63507) (thanks @WarrenJones) 
* fix(cron): repair nextRunAtMs=0 on non-schedule edits

Treat nextRunAtMs <= 0 as invalid during non-schedule updates so editing
a description or other metadata field recomputes the next run time instead
of silently keeping the corrupt value.

Made-with: Cursor

* fix(cron): treat zero nextRunAtMs as invalid

* fix: treat zero nextRunAtMs as invalid (#63507) (thanks @WarrenJones)

---------

Co-authored-by: WarrenJones <8704779+WarrenJones@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-09 14:39:53 +05:30
Frank Yang
3e062acbcb fix(fireworks): disable FirePass Kimi reasoning leak (#63607) 
* fix: disable FirePass Kimi reasoning leak

* fix: preserve Fireworks wrapper fallbacks

* fix: harden Fireworks Kimi model matching

* fix: restore Fireworks payload sanitization
 2026-04-09 17:09:17 +08:00
WarrenJones
40c5edb5b1 fix: preserve safe gateway env vars on reinstall (#63136) (thanks @WarrenJones) 
* fix(daemon): preserve safe env vars on gateway reinstall

Pass the existing service environment into gateway reinstall planning so safe custom variables survive LaunchAgent rewrites and existing PATH entries are merged instead of being silently dropped.

Made-with: Cursor

* fix(daemon): track managed env keys on reinstall

* fix: preserve safe gateway env vars on reinstall (#63136) (thanks @WarrenJones)

* fix: validate preserved PATH entries on reinstall (#63136) (thanks @WarrenJones)

---------

Co-authored-by: WarrenJones <8704779+WarrenJones@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-09 14:29:54 +05:30
Davanum Srinivas
08ae021d1f fix(qqbot): guard image-size probe against SSRF (#63495) 
* fix(qqbot): replace raw fetch in image-size probe with SSRF-guarded fetchRemoteMedia

Replace the bare fetch() in getImageSizeFromUrl() with fetchRemoteMedia()
from the plugin SDK, closing the blind SSRF via markdown image dimension
probing (GHSA-2767-2q9v-9326).

fetchRemoteMedia options: maxBytes 65536, maxRedirects 0, generic
public-network-only SSRF policy (no hostname allowlist, blocks
private/reserved/loopback/link-local/metadata IPs after DNS resolution).

Also fixes the repo-root resolution in scripts/lib/ts-guard-utils.mjs
which caused lint:tmp:no-raw-channel-fetch to miss extension files
entirely. The guard now walks up to .git instead of hardcoding two parent
traversals, and the allowlist is refreshed with all pre-existing raw
fetch callsites that became visible.

* fix(qqbot): guard image-size probe against SSRF (#63495) (thanks @dims)

---------

Co-authored-by: sliverp <870080352@qq.com>
 2026-04-09 16:48:04 +08:00
HollyChou
ab49afcd27 fix: surface specific sub-issue for config validation union errors (#40841) 
Merged via squash.

Prepared head SHA: 6d7da51629
Co-authored-by: Hollychou924 <128659251+Hollychou924@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-04-09 09:40:22 +01:00
Vincent Koc
89acb92011 test(boundary): guard src imports from bundled plugin paths 2026-04-09 09:30:45 +01:00
Vincent Koc
38100a098e fix(qa): route cli registration through facade 2026-04-09 09:27:55 +01:00
Vincent Koc
3f7e6c7c64 fix(feishu): remove runtime api type cycle 2026-04-09 09:23:52 +01:00
Vincent Koc
60a3733f12 fix(bluebubbles): remove status type barrel cycle 2026-04-09 09:22:11 +01:00
Vincent Koc
2a372577d4 fix(memory-core): route bundled helpers through facade 2026-04-09 09:21:33 +01:00
Ayaan Zaidi
68781bf2c2 fix: add web_fetch RFC2544 SSRF opt-in (#61830) (thanks @xing-xing-coder) 2026-04-09 13:50:18 +05:30
Ayaan Zaidi
ac3999ac8c refactor(web-fetch): distill rfc2544 policy handling 2026-04-09 13:50:18 +05:30
xing-xing-coder
9ed448088b fix(web-fetch): finalize RFC2544 SSRF policy support 2026-04-09 13:50:18 +05:30
Vincent Koc
ce32697250 fix(openshell): split fs bridge backend types 2026-04-09 09:17:29 +01:00
Vincent Koc
62eca3770f test(boundary): guard sdk and package imports from bundled plugin paths 2026-04-09 09:10:05 +01:00
Vincent Koc
c87994bc9a fix(plugins): split registry type surface 2026-04-09 09:05:11 +01:00
Vincent Koc
7d6af7e154 fix(agents): split sandbox backend handle types 2026-04-09 08:52:14 +01:00
Vincent Koc
f374fff3bd fix(browser): move browser sdk helper seams into core 2026-04-09 08:48:49 +01:00
Vincent Koc
77e0e3bac5 fix(memory): split embedding provider types 2026-04-09 08:32:32 +01:00
Vincent Koc
c1969ebf2a fix(agents): split sandbox fs bridge types 2026-04-09 08:26:41 +01:00