vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-15 03:01:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
30,227 Commits 1,293 Branches 108 Tags
350299401ff0898eac4fbdf89f704442ec0aefca
Commit Graph

400 Commits

Author SHA1 Message Date
Vincent Koc
350299401f fix(cycles): continue shared seam extraction 2026-04-11 02:46:41 +01:00
Peter Steinberger
9e0d358695 refactor: simplify runtime conversions 2026-04-11 01:23:34 +01:00
Tak Hoffman
928c1c3861 test: skip helper directories in runtime guardrail scans 2026-04-10 17:42:12 -05:00
Davanum Srinivas
fbf11ebdb7 fix(sandbox): enforce CDP source-range restriction by default (#61404) 
* fix(sandbox): enforce CDP source-range restriction by default

Auto-derive CDP_SOURCE_RANGE from Docker network gateway IP when not
explicitly configured. The entrypoint script refuses to start the socat
CDP relay without a source range (fail-closed).

- readDockerNetworkGateway: use Go template println, filter <no value>
  sentinel, prefer IPv4 gateway on dual-stack networks
- Reject IPv6-only gateways for auto-derivation (relay binds IPv4)
- Remove stale browser_cdp_bridge_unrestricted audit check (runtime
  auto-derives range for all bridge-like networks)
- Bump SANDBOX_BROWSER_SECURITY_HASH_EPOCH to force container recreation

* chore(changelog): add sandbox CDP source-range entry

* fix(sandbox): gate CDP source-range derivation to bridge-style networks

Only auto-derive OPENCLAW_BROWSER_CDP_SOURCE_RANGE from the Docker
gateway IP for bridge networks (or when driver is unknown). Non-bridge
drivers (macvlan, ipvlan, overlay) may route traffic from different
source IPs, so they require explicit cdpSourceRange config.

Adds readDockerNetworkDriver helper and a regression test for macvlan.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:59:25 -06:00
Agustin Rivera
905f19230a Align external marker span mapping (#63885) 
* fix(markers): align external marker spans

* fix(browser): ssrfPolicy defaults fail-closed for unconfigured installs (GHSA-53vx-pmqw-863c)

* fix(browser): enforce strict default SSRF policy

* chore(changelog): add browser SSRF default + marker alignment entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 12:35:20 -06:00
Peter Steinberger
59925c1a74 chore: update dependencies and oxc tooling 2026-04-10 19:28:42 +01:00
Peter Steinberger
08cee3316d refactor: dedupe core trimmed readers 2026-04-08 01:36:39 +01:00
Peter Steinberger
9314bb7180 refactor: dedupe extension lowercase helpers 2026-04-07 15:12:32 +01:00
Peter Steinberger
2cd11565a6 refactor: dedupe security lowercase helpers 2026-04-07 15:12:32 +01:00
Peter Steinberger
2aabe0e8fd Tests: trim audit imports and fix reply typing 2026-04-07 13:23:59 +08:00
Peter Steinberger
60ec27bce0 Security: split permission target collection from apply 2026-04-07 12:59:00 +08:00
Peter Steinberger
5b1b7f0f80 Security: split config-only fixer tests from permission path 2026-04-07 12:39:30 +08:00
Peter Steinberger
c9c656f2cb Tests: trim Feishu and Synology audit import cost 2026-04-07 12:24:31 +08:00
Peter Steinberger
4ff82e9c4a Tests: trim slack audit import cost 2026-04-07 12:11:34 +08:00
Peter Steinberger
8c7dd66a7b refactor: dedupe string readers 2026-04-07 05:06:54 +01:00
Peter Steinberger
b59560c49a Security: inject channel config-fix plugins in tests 2026-04-07 11:50:39 +08:00
Peter Steinberger
8c1b954c1b Tests: trim discord audit import cost 2026-04-07 11:44:40 +08:00
Peter Steinberger
e336311126 refactor: dedupe non-empty string helper 2026-04-06 23:52:31 +01:00
Peter Steinberger
d08abd8ce4 refactor: dedupe security audit record helper 2026-04-06 23:36:25 +01:00
Peter Steinberger
ab0c102ed7 fix(tests): narrow bundled plugin test seams 2026-04-06 23:35:07 +01:00
Peter Steinberger
6acb43f294 fix: resolve channel typing regressions 2026-04-06 17:43:57 +01:00
Peter Steinberger
ce30557399 refactor(deadcode): remove orphaned core helpers 2026-04-06 17:26:25 +01:00
Peter Steinberger
a65f9971b7 refactor(deadcode): remove duplicate barrels and helper shims 2026-04-06 17:00:40 +01:00
Vincent Koc
9c3d9c5c18 chore(lint): drop stale repo lint comments 2026-04-06 16:01:23 +01:00
Peter Steinberger
21c82ca623 perf(test): trim security audit wrapper coverage 2026-04-06 14:13:08 +01:00
Vincent Koc
5fa166ed11 fix(check): repair status report typing drift 2026-04-06 13:34:08 +01:00
Peter Steinberger
49e3ecfe5e perf(test): isolate deep probe finding helper 2026-04-06 13:29:35 +01:00
Peter Steinberger
10554644aa perf(test): trim security gateway auth test path 2026-04-06 13:22:46 +01:00
Peter Steinberger
d4da45c202 perf(test): split remaining security audit coverage 2026-04-06 13:14:52 +01:00
Peter Steinberger
f1b6b97df3 perf(test): split security audit coverage 2026-04-06 13:05:39 +01:00
Vincent Koc
e611761809 fix(plugins): move acpx config contracts into manifests 2026-04-06 12:33:20 +01:00
Vincent Koc
4154bd707a test(contracts): route bundled contract tests through sdk facades 2026-04-06 11:35:40 +01:00
Ayaan Zaidi
03523c65d5 fix: refresh web tool and audit typing 2026-04-06 14:05:49 +05:30
Peter Steinberger
2810a4f5b6 perf(test): split audit channel security coverage 2026-04-06 08:18:40 +01:00
Peter Steinberger
bb01e49192 refactor: share gateway auth and approval helpers 2026-04-06 07:41:08 +01:00
Peter Steinberger
9d92de42cf perf(test): split security audit coverage 2026-04-06 07:32:12 +01:00
Peter Steinberger
3584d28141 refactor: harden plugin metadata and browser sdk seams 2026-04-05 23:35:02 +01:00
Peter Steinberger
471d056e2f refactor: move browser runtime seams behind plugin metadata 2026-04-05 23:13:14 +01:00
Peter Steinberger
acd78e0c2f refactor: split browser sdk seams 2026-04-05 17:17:16 +01:00
Peter Steinberger
629baf5fa7 refactor: move plugin setup and memory capabilities to registries 2026-04-05 14:53:53 +01:00
Peter Steinberger
1afa076cfa refactor: simplify plugin auto-enable structure 2026-04-05 09:34:16 +01:00
Peter Steinberger
c5c5c77ebb fix(ci): restore contract-safe core imports 2026-04-04 15:09:48 +01:00
Peter Steinberger
46cb493ac8 fix(sandbox): cover home credential bind audit 2026-04-04 20:27:10 +09:00
Peter Steinberger
a82bc7d887 fix(ci): align contract expectations 2026-04-04 12:29:11 +09:00
Vincent Koc
9e389cff3d fix(config): migrate legacy group allow aliases (#60597) 
* fix(config): migrate legacy group allow aliases

* fix(config): inline legacy streaming migration helpers

* refactor(config): rename legacy account matcher helper

* chore(agents): codify config contract boundaries

* fix(config): keep legacy allow aliases writable

* Update AGENTS.md
 2026-04-04 11:15:32 +09:00
Peter Steinberger
ab318de8b7 test(plugins): finish moving contract coverage 2026-04-04 00:11:39 +01:00
Peter Steinberger
e4b5027c5e refactor(plugins): move extension seams into extensions 2026-04-04 00:10:16 +01:00
Vincent Koc
0464435777 fix(ci): align windows builtin mock types 2026-04-04 03:57:48 +09:00
Peter Steinberger
bc23db501b test: trim more core importOriginal usage 2026-04-03 19:49:43 +01:00
Peter Steinberger
03a43fe231 refactor(plugins): genericize core channel seams 2026-04-03 19:09:21 +01:00