vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-04 22:01:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,201 Commits 1,084 Branches 95 Tags
3ec143254f38bf66db7c50dc63daf8cb068df98a
Commit Graph

15459 Commits

Author SHA1 Message Date
Vincent Koc
7cd0ff2d88 refactor(tasks): add owner-key task access boundaries (#58516) 
* refactor(tasks): add owner-key task access boundaries

* test(acp): update task owner-key assertion

* fix(tasks): align owner key checks and migration scope
 2026-04-01 03:12:33 +09:00
Nimrod Gutman
69fe999373 fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman) 
* fix(pairing): restore qr bootstrap onboarding handoff

* fix(pairing): tighten bootstrap handoff follow-ups

* fix(pairing): migrate legacy gateway device auth

* fix(pairing): narrow qr bootstrap handoff scope

* fix(pairing): clear ios tls trust on onboarding reset

* fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman)
 2026-03-31 21:11:35 +03:00
Peter Steinberger
693d17c4a2 fix: support edit tool edits[] payloads 2026-03-31 19:05:44 +01:00
Peter Steinberger
ae730d9a86 fix: cover Azure disabled reasoning omission (#58208) (thanks @jalehman) 2026-04-01 02:47:29 +09:00
Josh Lehman
a1cb2bdc57 OpenAI: omit disabled reasoning payloads 
Strip `reasoning.effort: "none"` from OpenAI-compatible payloads so GPT-5 models do not receive the unsupported value when thinking is off. Cover both the shared payload wrapper path and the websocket `response.create` builder with regression tests.

Regeneration-Prompt: |
  Fix the OpenAI request-building bug where thinking set to off still forwards
  a reasoning payload with effort "none". GPT-5 mini rejects that value with a
  400, so disabled reasoning must be represented by omitting the reasoning
  parameter entirely. Keep the change additive: sanitize OpenAI-compatible
  payloads in OpenClaw’s wrapper layer, make the websocket request builder stop
  emitting a reasoning block for "none", and add focused regression tests for
  both code paths.
 2026-04-01 02:47:29 +09:00
Peter Steinberger
62e13bbf21 style: format sandbox and helper files 2026-03-31 18:44:39 +01:00
Peter Steinberger
b4433a1bfe fix: normalize raw MCP schemas for OpenAI Responses (#58299) (thanks @yelog) 2026-04-01 02:30:45 +09:00
yelog
dd3796aef3 fix: normalize MCP tool schemas missing properties field for OpenAI Responses API 
Tools with no parameters produce { type: "object" } schemas without a
properties field. The OpenAI Responses API rejects these, silently
crashing entire sessions.

Add properties: {} injection in normalizeToolParameters() and
convertTools() to ensure all object-type schemas include a properties
field.

Closes #58246
 2026-04-01 02:30:45 +09:00
Vincent Koc
fcb802e826 refactor(plugins): remove before_install hook 2026-04-01 02:28:06 +09:00
Vincent Koc
1a313caff3 refactor(tasks): remove flow registry layer 2026-04-01 02:25:13 +09:00
Peter Steinberger
9e8129907e test(tasks): fix relative mocks in task runtime tests 2026-03-31 17:42:52 +01:00
Peter Steinberger
8bf8baef87 Revert "refactor: move tasks into bundled plugin" 
This reverts commit c75f4695b7.
 2026-04-01 01:30:22 +09:00
Peter Steinberger
759d37635d Revert "refactor: move tasks behind plugin-sdk seam" 
This reverts commit da6e9bb76f.
 2026-04-01 01:30:22 +09:00
Jacob Tomlinson
6c679e5f04 Gateway: reject mixed trusted-proxy token config (#58371) 
* Gateway: reject mixed trusted-proxy token config

Co-authored-by: boy-hack <w8ay@qq.com>

* Gateway: fail closed for loopback trusted-proxy auth

---------

Co-authored-by: boy-hack <w8ay@qq.com>
 2026-03-31 17:05:03 +01:00
Peter Steinberger
aab7335236 fix(media): restore whatsapp outbound compatibility 2026-04-01 01:00:27 +09:00
Jacob Tomlinson
78e74d4a64 Plugins: preserve prompt build system prompt precedence (#58375) 2026-03-31 16:52:09 +01:00
Peter Steinberger
a842e34f15 test: require Claude 4.6 for Anthropic live selection 2026-03-31 16:41:50 +01:00
Peter Steinberger
43ef8a5a86 refactor(media): centralize outbound access plumbing 2026-04-01 00:32:53 +09:00
Peter Steinberger
015ab98591 fix: restore ci status fast path and whatsapp tests 2026-03-31 16:21:55 +01:00
Vincent Koc
2a1db0c0f1 fix(gateway): narrow plugin route runtime scopes (#58167) 
* wip(gateway): preserve plugin route scope progress

* test(gateway): cover plugin route runtime scopes

* test(gateway): finish plugin route scope rebase

* fix(gateway): drop scopes from plugin-auth routes
 2026-04-01 00:20:49 +09:00
Peter Steinberger
85611f0021 fix: tighten gateway startup plugin loading 2026-04-01 00:20:06 +09:00
Vincent Koc
1ca12ec8bf fix(hooks): rebind hook agent session keys to the target agent (#58225) 
* fix(hooks): rebind hook agent session keys

* fix(hooks): preserve scoped hook session keys

* fix(hooks): validate normalized dispatch keys
 2026-04-01 00:16:39 +09:00
Peter Steinberger
fc5a2f9293 fix(media): add host media read helper 2026-04-01 00:08:20 +09:00
Peter Steinberger
3bb02d3338 fix(media): align outbound sends with fs read capability 2026-04-01 00:07:50 +09:00
openperf
56b5ba0dcb fix: address security and review feedback 
- Fix CWE-209: use static safe message instead of raw provider error text
- Fix CWE-117: sanitize provider/model in logs via sanitizeForLog
- Hide CLI hints from external channels via shouldSurfaceToControlUi
- Move overload cap check before advanceAuthProfile to save setup latency
- Export MAX_LIVE_SWITCH_RETRIES as module-level constant
- Use exact toBe() assertions in tests
- Correct failover decision label to fallback_model
 2026-03-31 20:25:09 +05:30
openperf
1fcd179d8c fix(gateway): prevent session death loop on overloaded fallback 
- Add MAX_LIVE_SWITCH_RETRIES=2 guard in agent-runner-execution.ts
- Add MAX_OVERLOAD_PROFILE_ROTATIONS=1 cap in run.ts for overloaded errors
- Return kind:final with user-visible error on retry exhaustion
- Escalate to cross-provider fallback instead of exhausting same-provider profiles

Fixes #58348
 2026-03-31 20:25:09 +05:30
Peter Steinberger
bf96c67fd1 fix: align skill install security gate 2026-03-31 15:53:29 +01:00
Peter Steinberger
192484ed0a fix: log malformed tool parameters on failure 2026-03-31 15:50:14 +01:00
Peter Steinberger
a1e2d2bf42 test: repair stale task and image mocks 2026-03-31 15:48:00 +01:00
Peter Steinberger
c425ef3e74 build: bump version to 2026.3.31 2026-03-31 15:48:00 +01:00
Peter Steinberger
5e30da3cad fix(exec): restore strict inline-eval allow-always reuse 2026-03-31 23:45:22 +09:00
Peter Steinberger
ac6f025c43 refactor(approvals): share telegram account binding 2026-03-31 15:39:59 +01:00
Peter Steinberger
461a3a4052 refactor(approvals): share request filter matching 2026-03-31 15:32:49 +01:00
Peter Steinberger
177687ae29 fix: adapt pi model registry calls to constructor API 2026-03-31 15:28:29 +01:00
Peter Steinberger
0d7f1e2c84 feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Vincent Koc
98c0c38186 fix(ci): rebalance telegram channel tails 2026-03-31 23:24:16 +09:00
Peter Steinberger
da6e9bb76f refactor: move tasks behind plugin-sdk seam 2026-03-31 15:22:09 +01:00
Peter Steinberger
e1da91791a build: externalize bundled plugin runtime deps 2026-03-31 15:22:08 +01:00
Peter Steinberger
9537094841 test: refresh plugin sdk baseline 2026-03-31 15:22:08 +01:00
Peter Steinberger
c75f4695b7 refactor: move tasks into bundled plugin 2026-03-31 15:22:08 +01:00
Peter Steinberger
584db0aff2 fix(approvals): centralize native request binding 2026-03-31 15:20:47 +01:00
Peter Steinberger
0ed7f1fd22 refactor: remove core WhatsApp runtime channel seam 2026-03-31 15:17:13 +01:00
Peter Steinberger
e8cb0b3659 fix: tighten live gateway empty-response skips and outbound harness typing 2026-03-31 15:17:13 +01:00
Peter Steinberger
44b9936136 feat(plugins): add dangerous unsafe install override 2026-03-31 23:16:11 +09:00
Peter Steinberger
4fb373466e refactor: simplify memory recovery and test setup 2026-03-31 15:02:11 +01:00
Peter Steinberger
0711cb4a05 fix(hooks): reduce registration log noise 2026-03-31 14:59:22 +01:00
Peter Steinberger
dc0e0b0f68 docs(security): mark shared-secret HTTP auth as designed 2026-03-31 22:58:09 +09:00
Peter Steinberger
c1ea0ae9c8 build: update deps and align pi sdk usage 2026-03-31 22:56:20 +09:00
Peter Steinberger
cbfeecfab4 fix(gateway): restore shared-secret HTTP tool invoke auth 2026-03-31 22:55:15 +09:00
Jacob Tomlinson
0c83754246 Exec approvals: reject shell init-file script matches (#58369) 2026-03-31 14:53:43 +01:00