vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 15:30:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,058 Commits 682 Branches 76 Tags
3e6dd9a2ffde99dd02b2aa705c51168c2bb12c13
Commit Graph

18058 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gustavo Madeira Santana
3e6dd9a2ff poll and profile fixes 2026-03-11 22:32:09 +00:00
Gustavo Madeira Santana
6407cc9d2d Matrix: tighten verification trust and expose profile updates 2026-03-11 22:32:09 +00:00
Gustavo Madeira Santana
e5fbedf012 Matrix: improve migration startup warnings 2026-03-11 22:32:09 +00:00
Gustavo Madeira Santana
b57488d1ff Docs: clarify Matrix migration update flow 2026-03-11 22:32:09 +00:00
Gustavo Madeira Santana
3e7d92fbc8 Matrix: keep default account device fields scoped 2026-03-11 22:32:09 +00:00
Gustavo Madeira Santana
dc99958e60 Matrix: replace legacy plugin with new implementation 2026-03-11 22:32:09 +00:00
Gustavo Madeira Santana
04d92f6257 Create matrix-supersession-migration.md 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
8e2383ea5f matrix-js: simplify storage paths 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
b95c5e7401 Update subagents.md 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
d415a1ce87 matrix-js: require explicit thread-bound spawn config 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
0e9bd6ed1d matrix-js: add account-aware bindings and ACP routing 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
ce971c9406 matrix-js: add startup verification policy 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
31b17771e8 matrix-js: format thread helpers 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
e4d041757d matrix-js: improve thread context and auto-threading 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
149729f56b matrix-js: harden reaction handling 2026-03-11 22:31:08 +00:00
Gustavo Madeira Santana
2dbc4108a4 move matrix-js helpers to be locally scoped 2026-03-11 22:31:00 +00:00
Gustavo Madeira Santana
a4324c45a3 make matrix-js atomic and add poll voting support 2026-03-11 22:31:00 +00:00
Gustavo Madeira Santana
eff8c7e15f Tests: restore matrix-js bind integration coverage 2026-03-11 22:31:00 +00:00
Gustavo Madeira Santana
f48f066599 Matrix-js: sync with main plugin-loading standards 2026-03-11 22:31:00 +00:00
Gustavo Madeira Santana
d79ca52960 Memory: add multimodal image and audio indexing (#43460) 
Merged via squash.

Prepared head SHA: a994c07190
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-11 22:28:34 +00:00
Harold Hunt
20d097ac2f Gateway/Dashboard: surface config validation issues (#42664) 
Merged via squash.

Prepared head SHA: 43f66cdcf0
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
 2026-03-11 17:32:41 -04:00
Altay
4eccea9f7f test(gateway): widen before tool hook mock typing (#43476) 
* test(gateway): widen before tool hook mock typing

* chore: update pnpm.lock
 2026-03-12 00:17:03 +03:00
Peter Steinberger
8cc0c9baf2 fix(gateway): run before_tool_call for HTTP tools 2026-03-11 20:18:24 +00:00
Peter Steinberger
c8dd06cba2 fix(ws): preserve payload overrides 2026-03-11 20:11:51 +00:00
Peter Steinberger
bdd9ed238a test: align pi-ai oauth mocks 2026-03-11 20:11:51 +00:00
Peter Steinberger
5e324cf785 docs(ollama): align onboarding guidance with code 2026-03-11 20:11:51 +00:00
Peter Steinberger
e65011dc29 fix(onboard): default custom Ollama URL to native API 2026-03-11 20:11:51 +00:00
Peter Steinberger
620bae4ec7 fix(ollama): share model context discovery 2026-03-11 20:11:51 +00:00
Peter Steinberger
9329a0ab24 test(agents): cover openai responses phase replay 2026-03-11 20:10:55 +00:00
Peter Steinberger
9c81c31232 chore: refresh dependencies except carbon 2026-03-11 20:10:33 +00:00
Tak Hoffman
4133edb395 fix: restore web tools to coding profile (#43436) 
* fix: restore web tools to coding profile

* fix: tighten tool catalog regression assertion
 2026-03-11 15:07:17 -05:00
Squabble9
128e5bc317 fix: recognize Venice 402 billing errors for model fallback (#43205) 
Merged via squash.

Prepared head SHA: 1f6b10b9d9
Co-authored-by: Squabble9 <194720422+Squabble9@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 22:15:32 +03:00
Gustavo Madeira Santana
01ffc5db24 memory: normalize Gemini embeddings (#43409) 
Merged via squash.

Prepared head SHA: 70613e0225
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-11 15:06:21 -04:00
ingyukoh
2a18cbb110 fix(agents): prevent false billing error replacing valid response text (#40616) 
Merged via squash.

Prepared head SHA: 05179362b4
Co-authored-by: ingyukoh <6015960+ingyukoh@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 22:00:11 +03:00
ingyukoh
78b9384aa7 fix(discord): add missing autoThread to DiscordGuildChannelConfig type (#35608) 
Merged via squash.

Prepared head SHA: e62b88bb01
Co-authored-by: ingyukoh <6015960+ingyukoh@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 21:54:49 +03:00
VibhorGautam
4473242b4f fix: use unknown instead of rate_limit as default cooldown reason (#42911) 
Merged via squash.

Prepared head SHA: bebf6704d7
Co-authored-by: VibhorGautam <55019395+VibhorGautam@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 21:34:14 +03:00
Bill Chirico
60aed95346 feat(memory): add gemini-embedding-2-preview support (#42501) 
Merged via squash.

Prepared head SHA: c57b1f8ba2
Co-authored-by: BillChirico <13951316+BillChirico@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-11 14:28:53 -04:00
ademczuk
58634c9c65 fix(agents): check billing errors before context overflow heuristics (#40409) 
Merged via squash.

Prepared head SHA: c88f89c462
Co-authored-by: ademczuk <5212682+ademczuk@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 21:08:55 +03:00
ingyukoh
f417d78eef fix(config): add missing editMessage and createForumTopic to Telegram actions schema (#35498) 
Merged via squash.

Prepared head SHA: 631fc14832
Co-authored-by: ingyukoh <6015960+ingyukoh@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 20:59:27 +03:00
ingyukoh
a84bcf734c fix(signal): add missing accountUuid to Zod config schema (#35578) 
Merged via squash.

Prepared head SHA: 39e8e9ad62
Co-authored-by: ingyukoh <6015960+ingyukoh@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-11 20:57:07 +03:00
ademczuk
8618a711ff fix(voice-call): add speed and instructions to OpenAI TTS config schema (#39226) 
Merged via squash.

Prepared head SHA: 775e3063b5
Co-authored-by: ademczuk <5212682+ademczuk@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-03-11 23:15:48 +05:30
Ayaan Zaidi
daf8afc954 fix(telegram): clear stale retain before transient final fallback (#41763) 
Merged via squash.

Prepared head SHA: c0940838bc
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-03-11 21:36:43 +05:30
Tak Hoffman
87876a3e36 Fix env proxy bootstrap for model traffic (#43248) 
* Fix env proxy bootstrap for model traffic

* Address proxy dispatcher review followups

* Fix proxy env precedence for empty lowercase vars
 2026-03-11 10:21:35 -05:00
Peter Steinberger
1435fce2de fix: tighten Ollama onboarding cloud handling (#41529) (thanks @BruceMacD) 2026-03-11 14:52:55 +00:00
Bruce MacDonald
d6108a6f72 Onboard: add Ollama auth flow and improve model defaults 
Add Ollama as a auth provider in onboarding with Cloud + Local mode
selection, browser-based sign-in via /api/me, smart model suggestions
per mode, and graceful fallback when the default model is unavailable.

- Extract shared ollama-models.ts
- Auto-pull missing models during onboarding
- Non-interactive mode support for CI/automation

Closes #8239
Closes #3494

Co-Authored-By: Jeffrey Morgan <jmorganca@gmail.com>
 2026-03-11 14:52:55 +00:00
Robin Waslander
62d5df28dc fix(agents): add nodes to owner-only tool policy fallbacks 
The nodes tool was missing from OWNER_ONLY_TOOL_NAME_FALLBACKS in
tool-policy.ts. applyOwnerOnlyToolPolicy() correctly removed gateway
and cron for non-owners but kept nodes, which internally issues
privileged gateway calls: node.pair.approve (operator.pairing) and
node.invoke (operator.write).

A non-owner sender could approve pending node pairings and invoke
arbitrary node commands, extending to system.run on paired nodes.

Add nodes to the fallback owner-only set. Non-owners no longer receive
the nodes tool after policy application; owners retain it.

Fixes GHSA-r26r-9hxr-r792
 2026-03-11 14:17:03 +01:00
Robin Waslander
a1520d70ff fix(gateway): propagate real gateway client into plugin subagent runtime 
Plugin subagent dispatch used a hardcoded synthetic client carrying
operator.admin, operator.approvals, and operator.pairing for all
runtime.subagent.* calls. Plugin HTTP routes with auth:"plugin" require
no gateway auth by design, so an unauthenticated external request could
drive admin-only gateway methods (sessions.delete, agent.run) through
the subagent runtime.

Propagate the real gateway client into the plugin runtime request scope
when one is available. Plugin HTTP routes now run inside a scoped
runtime client: auth:"plugin" routes receive a non-admin synthetic
operator.write client; gateway-authenticated routes retain admin-capable
scopes. The security boundary is enforced at the HTTP handler level.

Fixes GHSA-xw77-45gv-p728
 2026-03-11 14:17:01 +01:00
Robin Waslander
dafd61b5c1 fix(gateway): enforce caller-scope subsetting in device.token.rotate 
device.token.rotate accepted attacker-controlled scopes and forwarded
them to rotateDeviceToken without verifying the caller held those
scopes. A pairing-scoped token could rotate up to operator.admin on
any already-paired device whose approvedScopes included admin.

Add a caller-scope subsetting check before rotateDeviceToken: the
requested scopes must be a subset of client.connect.scopes via the
existing roleScopesAllow helper. Reject with missing scope: <scope>
if not.

Also add server.device-token-rotate-authz.test.ts covering both the
priv-esc path and the admin-to-node-invoke chain.

Fixes GHSA-4jpw-hj22-2xmc
 2026-03-11 14:16:59 +01:00
Vincent Koc
04e103d10e fix(terminal): stabilize skills table width across Terminal.app and iTerm (#42849) 
* Terminal: measure grapheme display width

* Tests: cover grapheme terminal width

* Terminal: wrap table cells by grapheme width

* Tests: cover emoji table alignment

* Terminal: refine table wrapping and width handling

* Terminal: stop shrinking CLI tables by one column

* Skills: use Terminal-safe emoji in list output

* Changelog: note terminal skills table fixes

* Skills: normalize emoji presentation across outputs

* Terminal: consume unsupported escape bytes in tables
 2026-03-11 09:13:10 -04:00
Andyliu
10e6e27451 fix(models): guard optional model input capabilities (#42096) 
Merged via squash.

Prepared head SHA: d398fa0222
Co-authored-by: andyliu <2377291+andyliu@users.noreply.github.com>
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com>
Reviewed-by: @hydro13
 2026-03-11 13:43:59 +01:00