vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-23 07:51:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,142 Commits 841 Branches 80 Tags
32e4558e4ff68667a9bb1681870dd74de4b9562e
Commit Graph

10231 Commits

Author SHA1 Message Date
liuxiaopai-ai
32e4558e4f Config: newline-join sandbox setupCommand arrays 2026-03-02 18:10:31 +00:00
bmendonca3
8b27582509 fix(cli): apply --profile before dotenv bootstrap in runCli (#31950) 
Co-authored-by: bmendonca3 <bmendonca3@users.noreply.github.com>
 2026-03-02 18:09:45 +00:00
bmendonca3
a6489ab5e9 fix(agents): cap openai-completions tool call ids to provider-safe format (#31947) 
Co-authored-by: bmendonca3 <bmendonca3@users.noreply.github.com>
 2026-03-02 18:08:20 +00:00
Peter Steinberger
83c8406f01 refactor(security): split gateway auth suites and share safe write path checks 2026-03-02 18:07:03 +00:00
Peter Steinberger
602f6439bd test(memory): stabilize windows qmd spawn expectation 2026-03-02 18:06:12 +00:00
Peter Steinberger
1c9deeda97 refactor: split webhook ingress and policy guards 2026-03-02 18:02:21 +00:00
Peter Steinberger
fc0d374390 test(perf): drop duplicate gateway config patch validation case 2026-03-02 18:00:11 +00:00
Peter Steinberger
0ebe0480fa test(perf): replace relay fixed sleeps with condition waits 2026-03-02 17:55:47 +00:00
Peter Steinberger
8ae8056622 test(perf): trim telegram webhook artificial delay windows 2026-03-02 17:48:36 +00:00
Peter Steinberger
d7ae61c412 test(gateway): fix trusted-proxy control-ui auth test origin config 2026-03-02 17:45:45 +00:00
Peter Steinberger
26b8e6d510 test(perf): avoid cron min-refire delay in auto-run coverage 2026-03-02 17:41:51 +00:00
Peter Steinberger
7dac9b05dd fix(security): harden zip write race handling 2026-03-02 17:38:11 +00:00
Peter Steinberger
b9e820b7ed test(perf): cut exec approval metadata test timeout 2026-03-02 17:33:06 +00:00
Peter Steinberger
aee27d0e38 refactor(security): table-drive wrapper approval pinning tests 2026-03-02 17:30:48 +00:00
Peter Steinberger
34ff873a7e test(perf): trim fixed waits in relay and startup tests 2026-03-02 17:30:33 +00:00
Peter Steinberger
d4bf07d075 refactor(security): unify hardened install and fs write flows 2026-03-02 17:23:29 +00:00
Peter Steinberger
d3e8b17aa6 fix: harden webhook auth-before-body handling 2026-03-02 17:21:09 +00:00
Peter Steinberger
dded569626 fix(security): preserve system.run wrapper approval semantics 2026-03-02 17:20:52 +00:00
Peter Steinberger
104d32bb64 fix(security): unify root-bound write hardening 2026-03-02 17:12:33 +00:00
Peter Steinberger
be3a62c5e0 test(perf): defer delivery queue fixture cleanup to suite end 2026-03-02 17:10:55 +00:00
Peter Steinberger
07b16d5ad0 fix(security): harden workspace bootstrap boundary reads 2026-03-02 17:07:36 +00:00
Peter Steinberger
11562c452a test(perf): avoid unused heartbeat fixture file writes 2026-03-02 17:01:40 +00:00
Peter Steinberger
db7a8a6982 test(perf): reuse delivery queue suite temp root 2026-03-02 16:55:18 +00:00
Peter Steinberger
4a80311628 refactor(security): split sandbox media staging and stream safe copies 2026-03-02 16:53:14 +00:00
Peter Steinberger
7a7eee920a refactor(gateway): harden plugin http route contracts 2026-03-02 16:48:00 +00:00
Peter Steinberger
33e76db12a refactor(gateway): scope ws origin fallback metrics to runtime 2026-03-02 16:47:00 +00:00
Peter Steinberger
9a68590385 refactor(logging): extract bounded regex redaction util 2026-03-02 16:47:00 +00:00
Peter Steinberger
031bf0c6c0 refactor(security): split safe-regex parse and bounded matching 2026-03-02 16:47:00 +00:00
Peter Steinberger
8611fd67b5 test(perf): remove duplicate bundled memory slot loader case 2026-03-02 16:46:17 +00:00
Artale
1b462ed174 fix(test): use NTFS junctions and platform guards for symlink tests on Windows (openclaw#28747) thanks @arosstale 
Verified:
- pnpm install --frozen-lockfile
- pnpm test src/agents/apply-patch.test.ts src/agents/sandbox/fs-bridge.test.ts src/agents/sandbox/validate-sandbox-security.test.ts src/infra/archive.test.ts

Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 10:45:19 -06:00
Peter Steinberger
18f8393b6c fix: harden sandbox writes and centralize atomic file writes 2026-03-02 16:45:12 +00:00
Peter Steinberger
b1592457fa perf(security): bound regex input in filters and redaction 2026-03-02 16:37:45 +00:00
Peter Steinberger
31c7637e0f fix(security): block quantified ambiguous alternation regex 2026-03-02 16:37:45 +00:00
Peter Steinberger
d5ae4b8337 fix(gateway): require local client for loopback origin fallback 2026-03-02 16:37:45 +00:00
Peter Steinberger
0dbb92dd2b fix(security): harden tar archive extraction parity 2026-03-02 16:36:56 +00:00
Peter Steinberger
17ede52a4b fix(security): harden sandbox media staging destination writes 2026-03-02 16:35:08 +00:00
zwffff
8828418111 test(subagent-announce): fix flaky Windows-only test failure (#31298) (openclaw#31370) thanks @zwffff 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check (fails on main baseline issues in extensions/googlechat and extensions/phone-control)
- pnpm test:e2e src/agents/subagent-announce.format.e2e.test.ts

Co-authored-by: zwffff <5809959+zwffff@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 10:33:07 -06:00
Peter Steinberger
4dd6c7a509 test(perf): avoid redundant root mkdir in hooks install tests 2026-03-02 16:33:00 +00:00
bboyyan
d94de5c4a1 fix(cron): normalize topic-qualified target.to in messaging tool suppress check (#29480) 
* fix(cron): pass job.delivery.accountId through to delivery target resolution

* fix(cron): normalize topic-qualified target.to in messaging tool suppress check

When a cron job targets a Telegram forum topic (e.g. delivery.to =
"-1003597428309:topic:462"), delivery.to is stripped to the chatId
only by resolveOutboundTarget. However, the agent's message tool may
pass the full topic-qualified address as its target, causing
matchesMessagingToolDeliveryTarget to fail the equality check and not
suppress the tool send.

Strip the :topic:NNN suffix from target.to before comparing so the
suppress check works correctly for topic-bound cron deliveries.
Without this, the agent's message tool fires separately using the
announce session's accountId (often "default"), hitting 403 when
default bot is not in the multi-account target group.

* fix(cron): remove duplicate accountId keys after rebase

---------

Co-authored-by: jaxpkm <jaxpkm@jaxpkmdeMac-mini.local>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 10:32:06 -06:00
Glucksberg
09f49cd921 fix(cron): accept delivery mode "none" for sessionTarget="main" (#27431) (#28871) 2026-03-02 10:32:00 -06:00
Peter Steinberger
d74bc257d8 fix(line): mark webhook route as plugin-authenticated 2026-03-02 16:27:47 +00:00
Ayaan Zaidi
6edb512efa feat(telegram): use sendMessageDraft for private chat streaming (#31824) 
* feat(telegram): use sendMessageDraft for private stream previews

* test(telegram): cover DM draft id rotation race

* fix(telegram): keep DM reasoning updates in draft preview

* fix(telegram): split DM reasoning preview transport

* fix(telegram): harden DM draft preview fallback paths

* style(telegram): normalize draft preview formatting
 2026-03-02 21:56:59 +05:30
Peter Steinberger
c973b053a5 refactor(net): unify proxy env checks and guarded fetch modes 2026-03-02 16:24:26 +00:00
Peter Steinberger
2fd8264ab0 refactor(gateway): hard-break plugin wildcard http handlers 2026-03-02 16:24:06 +00:00
Peter Steinberger
b13d48987c refactor(gateway): unify control-ui and plugin webhook routing 2026-03-02 16:18:12 +00:00
Tak Hoffman
21708f58ce fix(exec): resolve PATH key case-insensitively for Windows pathPrepend (#25399) (#31879) 
Co-authored-by: Glucksberg <markuscontasul@gmail.com>
 2026-03-02 10:14:38 -06:00
Tak Hoffman
1ea42ebe98 fix(tsgo): unblock baseline type errors (#31873) 2026-03-02 10:09:49 -06:00
Peter Steinberger
3e5762c288 fix(security): harden sms.send dangerous-node defaults 2026-03-02 16:06:52 +00:00
SidQin-cyber
c4711a9b69 fix(gateway): let POST requests pass through root-mounted Control UI to plugin handlers 
The Control UI handler checked HTTP method before path routing, causing
all POST requests (including plugin webhook endpoints like /bluebubbles-webhook)
to receive 405 Method Not Allowed.  Move the method check after path-based
exclusions so non-GET/HEAD requests reach plugin HTTP handlers.

Closes #31344

Made-with: Cursor
 2026-03-02 16:06:48 +00:00
Peter Steinberger
ea204e65a0 fix(browser): fail closed navigation guard with env proxy 2026-03-02 16:06:31 +00:00