vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-13 11:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,883 Commits 687 Branches 77 Tags
3e1ed0032d650ca5cad7d6dbafc890a45ffbb9e2
Commit Graph

32 Commits

Author SHA1 Message Date
Shadow
4ab946eebf Discord VC: voice channels, transcription, and TTS (#18774) 2026-02-20 16:06:07 -06:00
Peter Steinberger
c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger
1316e57403 fix: enforce inbound attachment root policy across pipelines 2026-02-19 14:15:51 +01:00
Peter Steinberger
49d0def6d1 fix(security): harden imessage remote scp/ssh handling 2026-02-19 11:08:23 +01:00
Gustavo Madeira Santana
c5698caca3 Security: default gateway auth bootstrap and explicit mode none (#20686) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: be1b73182c
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 02:35:50 -05:00
Peter Steinberger
d1c00dbb7c fix: harden include confinement edge cases (#18652) (thanks @aether-ai-agent) 2026-02-18 03:27:16 +01:00
Peter Steinberger
4c569ce246 docs(tokens): document image dimension token tradeoffs 2026-02-18 00:56:57 +01:00
Sebastian
19a8f8bbf6 test(cron): add model fallback regression coverage 2026-02-17 10:40:25 -05:00
Sebastian
5d1bcc76cc docs(zai): document tool_stream defaults 2026-02-17 09:22:55 -05:00
Peter Steinberger
076df941a3 feat: add configurable tool loop detection 2026-02-17 00:17:01 +01:00
Shadow
72e228e14b Heartbeat: allow suppressing tool warnings (#18497) 
* Heartbeat: allow suppressing tool warnings

* Changelog: note heartbeat tool-warning suppression
 2026-02-16 13:29:24 -06:00
Gustavo Madeira Santana
8a67016646 Agents: raise bootstrap total cap and warn on /context truncation (#18229) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f6620526df
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-16 12:04:53 -05:00
Advait Paliwal
bc67af6ad8 cron: separate webhook POST delivery from announce (#17901) 
* cron: split webhook delivery from announce mode

* cron: validate webhook delivery target

* cron: remove legacy webhook fallback config

* fix: finalize cron webhook delivery prep (#17901) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-16 02:36:00 -08:00
Peter Steinberger
c6c53437f7 fix(security): scope session tools and webhook secret fallback 2026-02-16 03:47:10 +01:00
Advait Paliwal
115cfb4430 gateway: add cron finished-run webhook (#14535) 
* gateway: add cron finished webhook delivery

* config: allow cron webhook in runtime schema

* cron: require notify flag for webhook posts

* ui/docs: add cron notify toggle and webhook docs

* fix: harden cron webhook auth and fill notify coverage (#14535) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-15 16:14:17 -08:00
Shadow
b6069fc68c feat: support per-channel ackReaction config (#17092) (thanks @zerone0x) 2026-02-15 11:30:25 -06:00
Shadow
9203a2fdb1 Discord: CV2! (#16364) 2026-02-15 10:24:53 -06:00
Ayaan Zaidi
a69e82765f fix(telegram): stream replies in-place without duplicate final sends 2026-02-15 20:32:51 +05:30
Peter Steinberger
f9bb748a6c fix(memory): prevent QMD scope deny bypass 2026-02-15 02:41:45 +00:00
Gustavo Madeira Santana
5b23999404 docs: document bootstrap total cap and exec log/notify behavior 2026-02-14 18:36:35 -05:00
Peter Steinberger
9abf86f7e0 docs(changelog): document Slack/Discord dmPolicy aliases 2026-02-14 21:04:27 +01:00
Peter Steinberger
53af46ffb8 docs: note WhatsApp per-account dmPolicy override 2026-02-14 19:52:39 +01:00
seheepeak
cb9a5e1cb9 feat(sandbox): separate bind mounts for browser containers (#16230) 
* feat(sandbox): add separate browser.binds config for browser containers

Allow configuring bind mounts independently for browser containers via
sandbox.browser.binds. When set, browser containers use browser-specific
binds instead of inheriting docker.binds. Falls back to docker.binds
when browser.binds is not configured for backwards compatibility.

Closes #14614

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(sandbox): honor empty browser binds override (#16230) (thanks @seheepeak)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 15:27:41 +01:00
Peter Steinberger
644bef157a docs: clarify hook transform module path constraints 2026-02-14 15:03:27 +01:00
Peter Steinberger
6a386a7886 docs(security): clarify canvas host exposure and auth 2026-02-14 14:57:19 +01:00
Peter Steinberger
a0361b8ba9 fix(security): restrict hook transform module loading 2026-02-14 13:46:09 +01:00
Peter Steinberger
fba19fe942 docs: link trusted-proxy auth from gateway docs (#16172) 2026-02-14 12:44:25 +01:00
Harald Buerbaumer
30b6eccae5 feat(gateway): add auth rate-limiting & brute-force protection (#15035) 
* feat(gateway): add auth rate-limiting & brute-force protection

Add a per-IP sliding-window rate limiter to Gateway authentication
endpoints (HTTP, WebSocket upgrade, and WS message-level auth).

When gateway.auth.rateLimit is configured, failed auth attempts are
tracked per client IP. Once the threshold is exceeded within the
sliding window, further attempts are blocked with HTTP 429 + Retry-After
until the lockout period expires. Loopback addresses are exempt by
default so local CLI sessions are never locked out.

The limiter is only created when explicitly configured (undefined
otherwise), keeping the feature fully opt-in and backward-compatible.

* fix(gateway): isolate auth rate-limit scopes and normalize 429 responses

---------

Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 15:32:38 +01:00
Peter Steinberger
ee31cd47b4 fix: close OC-02 gaps in ACP permission + gateway HTTP deny config (#15390) (thanks @aether-ai-agent) 2026-02-13 14:30:06 +01:00
Peter Steinberger
3421b2ec1e fix: harden hook session key routing defaults 2026-02-13 02:09:14 +01:00
Peter Steinberger
99f28031e5 fix: harden OpenResponses URL input fetching 2026-02-13 01:38:49 +01:00
Seb Slight
3ed06c6f36 docs: modernize gateway configuration page (Phase 1) (#14111) 
* docs(configuration): split into overview + full reference with Mintlify components

* docs(configuration): use tooltip for JSON5 format note

* docs(configuration): fix Accordion closing tags inside list contexts

* docs(configuration): expand intro to reflect full config surface

* docs(configuration): trim intro to three concise bullets

* docs(configuration-examples): revert all branch changes

* docs(configuration): improve hot-reload section with tabs and accordion

* docs(configuration): uncramp hot-reload — subheadings, bullet list, warning

* docs(configuration): restore hot-apply vs restart table

* docs(configuration): fix hot-reload table against codebase

* docs: add configuration-reference.md — full field-by-field reference

* docs(gateway): refresh runbook and align config reference

* docs: include pending docs updates and install graphic
 2026-02-11 10:44:34 -05:00