vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-24 11:29:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
58,229 Commits 1,843 Branches 149 Tags
479e2aaae3d2f7dad4bf4fef43bb09d13aed9365
Commit Graph

2980 Commits

Author SHA1 Message Date
Pavan Kumar Gondhi
86bab9699d fix: block git protocol env controls [AI] (#91619) 
* fix: block git protocol env controls

* fix: preserve restrictive git protocol env

* fix: preserve restrictive git allowlists

* fix: filter inherited git protocol allowlists

* test: cover restrictive git allowlists

* test: avoid opengrep fixture false positives

* test: type env fixture helper narrowly

* fix: preserve zero git protocol booleans

* fix: preserve invalid git protocol booleans

* fix: force git protocol from user off

* fix: share git inherited env sanitization
 2026-06-09 21:09:14 +05:30
Pavan Kumar Gondhi
7cdec28706 fix: block rustup toolchain env overrides [AI] (#91615) 
* fix: block rustup toolchain env overrides [AI]

* test: cover inherited rustup env stripping [AI]

* fix: preserve inherited rustup env [AI]

* fix: filter ignored opengrep changed paths [AI]

* fix: honor opengrep ignored directory globs [AI]

* fix: match ignored opengrep descendants [AI]

* fix: cover rustup mirror overrides [AI]

* fix: preserve opengrep directory-only ignores [AI]

* chore: drop opengrep cleanup from rustup fix [AI]
 2026-06-09 20:03:32 +05:30
Pavan Kumar Gondhi
9f413acc18 fix: expand unsafe host env denylist (#91618) 
* fix: expand unsafe host env denylist

* test: annotate host env security fixtures

* test: align opengrep fixture suppressions

* test: keep opengrep suppressions inline

* test: avoid opengrep fixture call patterns
 2026-06-09 19:44:54 +05:30
Josh Avant
9f48254f09 Fix config.patch explicit array replacement (#91551) 
* fix config patch explicit array replacement

* fix generated config patch protocol model

* fix config patch test helper typing

* fix shared auth patch replacement tests

* update config patch prompt snapshots

* harden qa lab config patch replace paths
 2026-06-08 21:48:46 -05:00
dependabot[bot]
646bc0d274 build(deps): bump the android-deps group in /apps/android with 3 updates (#91365) 
* build(deps): bump the android-deps group in /apps/android with 3 updates

Bumps the android-deps group in /apps/android with 3 updates: androidx.core:core-ktx, [org.jetbrains.kotlin.plugin.compose](https://github.com/JetBrains/kotlin) and [org.jetbrains.kotlin.plugin.serialization](https://github.com/JetBrains/kotlin).


Updates `androidx.core:core-ktx` from 1.18.0 to 1.19.0

Updates `org.jetbrains.kotlin.plugin.compose` from 2.3.21 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.3.21...v2.4.0)

Updates `org.jetbrains.kotlin.plugin.serialization` from 2.3.21 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.3.21...v2.4.0)

Updates `org.jetbrains.kotlin.plugin.serialization` from 2.3.21 to 2.4.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.3.21...v2.4.0)

---
updated-dependencies:
- dependency-name: androidx.core:core-ktx
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: android-deps
- dependency-name: org.jetbrains.kotlin.plugin.compose
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: android-deps
- dependency-name: org.jetbrains.kotlin.plugin.serialization
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: android-deps
- dependency-name: org.jetbrains.kotlin.plugin.serialization
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: android-deps
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(android): support compile SDK 37

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-06-08 15:34:28 -07:00
dependabot[bot]
b875c812f7 build(deps): bump github.com/steipete/peekaboo (#91364) 
Bumps the swift-deps group in /apps/macos with 1 update: [github.com/steipete/peekaboo](https://github.com/steipete/Peekaboo).


Updates `github.com/steipete/peekaboo` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/steipete/Peekaboo/releases)
- [Commits](https://github.com/steipete/Peekaboo/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: github.com/steipete/peekaboo
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swift-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-08 14:54:44 -07:00
openperf
2ffbea20d2 fix(agents): drop stale exec approval followups after session rebind 
Exec approval followups were dispatched by sessionKey only. When /new or
/reset rotates the sessionId under that key while an approval is pending,
the resolved followup landed in the new session, surfacing stale approval
output (or 'Exec denied' / continuation text) in a fresh conversation.

Capture the session UUID active when the approval is requested and drop the
followup once the key has been rebound to a different sessionId:
- agent-run followups: carry the expected id on the agent request and drop it
  at the gateway as an early preflight, before the handler touches the rebound
  session (session-store write, chat/agent run + active-run registration,
  dedupe, accepted ack) — not just before model dispatch. Covers elevated and
  non-elevated.
- denied / direct fallback followups: resolve the key's current sessionId from
  the session store and drop before the channel send.

Fixes #59349.
 2026-06-08 17:29:15 +01:00
Ayaan Zaidi
6d7eb9bb84 fix(android): use connected device foreground service 2026-06-08 19:53:25 +05:30
Dave Lutz
7d357a75fd fix(android): avoid data sync fgs for node service 2026-06-08 19:53:25 +05:30
joshavant
5c5391836b fix(android): remove inert appearance palette preview 2026-06-07 17:43:21 -05:00
Voscko
3c73ff7689 feat(android): add theme mode selection (#90752) 
* feat(android): add theme mode selection

* refine Android theme mode handling

---------

Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-06-07 17:24:57 -05:00
Nimrod Gutman
47dbc675e9 feat(ios): clarify talk realtime fallback (#91201) 
Merged via squash.

Prepared head SHA: b6fd32ed6e

Local prep note: pnpm build passed. pnpm check hit the npm shrinkwrap guard because @anthropic-ai/sdk@0.100.1 is no longer resolvable before 2026-05-24T20:18:43Z; the same shrinkwrap guard failure reproduces on current origin/main at 66b91d78fe, and this PR does not touch dependency manifests or lockfiles.

Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-06-07 20:21:34 +03:00
Chunyue Wang
afcbdd7416 fix(infra/agents): session-routing guard for coalesced gateway restart continuations (#86742) (#87323) 
* fix(infra/agents): session-routing guard for coalesced gateway restart continuations (#86742)

When two sessions issue gateway.restart with continuationMessage close
together, the scheduler Path B updatePendingRestartEmitHooks
unconditionally overwrote the existing pending hooks, silently dropping
the first sessions continuation and potentially routing the second
sessions continuation back to the first session (CWE-200 finding
flagged by aisle-research-bot on prior attempt #74443).

Add a session-routing guard: scheduleGatewaySigusr1Restart now accepts
an optional sessionKey and tracks the pending restarts owning session.
Coalesced callers from a different session are rejected at the hook-
update step and the new ScheduledRestart.emitHooksQueued: false field
surfaces the drop to the caller. The gateway tool propagates this as
continuationQueued: false in the tool response, matching #83370 narrow
report-only surface.

Same-session debounce/replace and legacy hookless callers behave the
same as before.

Refs #86742

* fix(infra): preserve queued restart continuation on forced bypass

* fix(infra): make forced restart hook preservation explicit

* fix(infra): guard restart continuation ownership before reschedule

* fix(infra): report hookless coalesced restarts accurately

* fix(infra): trust runtime session for restart sentinel routing

* fix(infra): preserve earlier restart reschedule semantics

* fix(agents): trust runtime session for update continuations

* fix(infra): preserve hookless forced restart continuations

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-06-07 03:38:58 -07:00
Peter Steinberger
f08ee9eb54 fix(protocol): refresh generated send params 2026-06-07 03:21:26 -07:00
Nimrod Gutman
59ed6413d9 [codex] Add iOS Apple Review demo mode (#90919) 
Merged via squash.

Prepared head SHA: e7f7db3cb5
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-06-06 17:43:48 +03:00
joshavant
f4a5e5762e feat(android): brand onboarding welcome screen 2026-06-06 05:03:37 -05:00
joshavant
1098063783 fix(android): clarify nearby gateway discovery state 2026-06-06 05:03:37 -05:00
joshavant
b80893f30d chore(android): simplify onboarding entry actions 2026-06-06 05:03:37 -05:00
joshavant
72b387ad48 fix(android): show configured provider readiness 2026-06-06 05:03:37 -05:00
joshavant
44a72cde58 chore(android): remove provider setup footer 2026-06-06 05:03:37 -05:00
joshavant
81312e7aa3 chore(android): remove model catalog section 2026-06-06 05:03:37 -05:00
joshavant
53e50ec127 fix(android): reconnect saved gateway after disconnect 2026-06-06 05:03:37 -05:00
joshavant
485446af8c fix(android): keep sent chat messages in history 2026-06-06 05:03:37 -05:00
joshavant
81f4fe6c11 fix(android): pause gateway pairing retries 2026-06-06 05:03:37 -05:00
joshavant
a2455fcc09 fix(android): keep gateway pairing off main thread 2026-06-06 05:03:37 -05:00
joshavant
e4583b4f57 fix(android): show flavor channel in about 2026-06-06 05:03:37 -05:00
joshavant
9413a5aba5 fix(android): defer runtime startup after first draw 2026-06-06 05:03:36 -05:00
joshavant
b7cafb56fa fix(android): surface voice provider attention 2026-06-06 05:03:36 -05:00
joshavant
efea9ca0f5 chore(android): fix ktlint formatting 2026-06-06 05:03:36 -05:00
joshavant
32b0b58868 style(ios): use app logo on onboarding intro 2026-06-06 04:41:33 -05:00
joshavant
9942428df0 fix(ios): disable chat composer while offline 2026-06-06 04:41:33 -05:00
joshavant
f40680c826 style(ios): align command section header padding 2026-06-06 04:41:33 -05:00
joshavant
a6582f787c fix(ios): remove extra root tab bottom insets 2026-06-06 04:41:33 -05:00
joshavant
a9a2c34293 fix(ios): stop marking scheduled agents busy 2026-06-06 04:41:33 -05:00
joshavant
2ef0d274fa fix(ios): hide agent sessions from recent sessions 2026-06-06 04:41:33 -05:00
joshavant
dc5c24fbe6 fix(ios): keep chat messages above composer 2026-06-06 04:41:33 -05:00
joshavant
0b87990328 fix(ios): remove command live activity section 2026-06-06 04:41:33 -05:00
joshavant
14f018e794 fix(ios): move approvals to settings 2026-06-06 04:41:33 -05:00
joshavant
81d099f0e9 fix(ios): remove command start work button 2026-06-06 04:41:33 -05:00
joshavant
e8c0d92015 fix(ios): clarify agent chat session 2026-06-06 04:41:32 -05:00
joshavant
67dc71983c fix(ios): show focused session agent 2026-06-06 04:41:32 -05:00
joshavant
be537060ce fix(ios): show recent sessions preview 2026-06-06 04:41:32 -05:00
joshavant
ea7e214bd4 Fix chat history races across agent switches 2026-06-06 04:41:32 -05:00
joshavant
7478e6e485 Fix chat session sync ownership 2026-06-06 04:41:32 -05:00
joshavant
83a6bce835 Fix iOS chat background presentation 2026-06-06 04:41:32 -05:00
joshavant
5c07f7ccf0 Fix iOS selected agent chat routing 2026-06-06 04:41:32 -05:00
joshavant
af50a5959d fix ios onboarding success screen 2026-06-06 04:41:32 -05:00
joshavant
472a30bd3f fix ios skill editor toggle hit target 2026-06-06 04:41:32 -05:00
joshavant
8f6f18b6e7 fix ios operator recovery live activity 2026-06-06 04:41:32 -05:00
joshavant
1746319db5 fix ios operator scope upgrade state 2026-06-06 04:41:32 -05:00