vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-06 06:41:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
26,422 Commits 1,112 Branches 96 Tags
4be01a5cd5477bda7746e4a7ccfa41fdfa9e3834
Commit Graph

135 Commits

Author SHA1 Message Date
Peter Steinberger
114496871d docs: refresh tailscale auth rate limit refs 2026-04-04 14:30:13 +01:00
Peter Steinberger
07c7c4b9ec docs: refresh tailscale http auth refs 2026-04-04 14:13:36 +01:00
Peter Steinberger
022618e887 docs: refresh browser auth refs 2026-04-04 14:04:24 +01:00
Peter Steinberger
0afd30d325 docs: refresh shared-secret auth mirrors 2026-04-04 14:02:29 +01:00
Peter Steinberger
b0025b1921 docs: refresh hook ingress security refs 2026-04-04 13:59:09 +01:00
Peter Steinberger
c63a32661a docs: refresh gateway auth overview mirrors 2026-04-04 13:54:15 +01:00
Peter Steinberger
11d17b3c38 docs: refresh control ui device identity refs 2026-04-04 13:52:23 +01:00
Peter Steinberger
4991cd66ef docs: refresh reverse proxy hardening refs 2026-04-04 13:47:59 +01:00
Peter Steinberger
62babffc40 docs: refresh security audit reference docs 2026-04-04 13:42:47 +01:00
Peter Steinberger
375bd73ce1 docs: refresh security fix refs 2026-04-04 13:35:42 +01:00
Peter Steinberger
3100984a33 docs: refresh browser origin auth refs 2026-04-04 12:34:11 +01:00
Peter Steinberger
aaa173a4a7 docs: clarify node exec approval binding 2026-04-04 12:18:32 +01:00
Peter Steinberger
7671f4f1e3 docs: clarify gateway and plugin http auth scopes 2026-04-04 09:01:05 +01:00
huntharo
c4f40c3f7d Plugins: allow unsafe-force override on update 2026-04-04 01:49:35 +09:00
Peter Steinberger
a6649201b7 docs: clarify default subagent allowlists 2026-04-03 19:45:05 +09:00
Vincent Koc
2f013b68f8 docs: add missing changelog entries and update context visibility security docs 2026-04-03 12:39:45 +09:00
Peter Steinberger
35e1605147 feat: add configurable context visibility 2026-04-03 04:34:57 +09:00
Peter Steinberger
4269f40811 docs(security): clarify exec yolo default 2026-04-02 14:52:51 +01:00
Peter Steinberger
8b2d24b62b docs(security): clarify node pairing trust boundary 2026-04-01 18:27:23 +09:00
Peter Steinberger
0d7f1e2c84 feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Peter Steinberger
44b9936136 feat(plugins): add dangerous unsafe install override 2026-03-31 23:16:11 +09:00
Peter Steinberger
cbfeecfab4 fix(gateway): restore shared-secret HTTP tool invoke auth 2026-03-31 22:55:15 +09:00
Vincent Koc
5474796735 docs(security): clarify acpx yolo mode 2026-03-31 20:54:30 +09:00
Peter Steinberger
0633406ff6 fix(gateway): restore compat HTTP operator auth 2026-03-31 16:49:30 +09:00
Vincent Koc
03a03c2dc4 fix(ci): restore skill fixtures and security doc anchors 2026-03-30 11:41:08 +09:00
Vincent Koc
66f8fb9e9b docs: fix P2 in security -- normalize Security audit checklist heading to sentence case 2026-03-30 10:19:51 +09:00
Vincent Koc
50d815579c docs: consolidate security page structure and add navigation 
- Merge 3 duplicate trust-model sections into one (Scope first + Deployment/host trust)
- Promote "What the audit checks" from h3 to h2 (standalone topic, not child of Shared inbox)
- Add "On this page" navigation links at the top for the 1200+ line page
 2026-03-30 10:19:51 +09:00
Vincent Koc
169bbc82f2 docs: fix security page P1s -- dmScope, heading style, roadmap language 
- Add missing per-peer dmScope value to isolation options
- Fix heading style: 3./4. -> 3)/4) for consistency with other numbered sections
- Add channel qualifier to 'Separate Numbers' heading (WhatsApp/Signal/Telegram)
- Remove roadmap speculation ('We may add readOnlyMode later')
 2026-03-30 09:46:57 +09:00
Vincent Koc
9355925690 docs: fix Mintlify callout syntax in security page 
Replace GitHub-flavor > [!WARNING] with Mintlify <Warning> component.
The old syntax renders as a plain blockquote in Mintlify, hiding the most
safety-critical content on the page.
 2026-03-30 09:43:33 +09:00
Radek Sienkiewicz
4680335b2a docs: fix English link audits (#57039) 
Merged via squash.

Prepared head SHA: d20a3b620f
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-30 01:21:00 +02:00
Peter Steinberger
276ccd2583 fix(exec): default implicit target to auto 2026-03-30 06:03:08 +09:00
Peter Steinberger
5d4c4bb850 fix(exec): restore runtime-aware implicit host default 2026-03-29 21:18:41 +01:00
Peter Steinberger
341e617c84 docs(plugins): refresh bundled plugin runtime docs 2026-03-29 09:10:39 +01:00
scoootscooob
5d81b64343 fix(exec): fail closed when sandbox is unavailable and harden deny followups (#56800) 
* fix(exec): fail closed when sandbox is unavailable and harden deny followups

* docs(changelog): note exec fail-closed fix
 2026-03-28 22:20:49 -07:00
Peter Steinberger
7ade3553b7 fix: gate synology chat reply name matching 2026-03-22 23:06:38 -07:00
Vincent Koc
b863e1c315 fix(docs): update remaining npm-spec references for ClawHub-first default 
- cli/plugins.md: rewrite install synopsis with ClawHub-first order
- cli/hooks.md: update hook pack install examples
- help/troubleshooting.md: <npm-spec> -> <package>
- gateway/security/index.md: drop npm-specific framing
 2026-03-22 15:43:15 -07:00
Peter Steinberger
405d808409 fix: restore repo-wide gate after exec safe-bin refactor 2026-03-22 17:28:04 +00:00
Peter Steinberger
0ac939059e refactor(exec): split safe-bin semantics 2026-03-22 10:14:46 -07:00
Peter Steinberger
a94ec3b79b fix(security): harden exec approval boundaries 2026-03-22 09:35:25 -07:00
Vincent Koc
0b11ee48f8 docs: fix 26 broken anchor links across 18 files 2026-03-19 10:33:02 -07:00
Vincent Koc
3cecbcf8b6 docs: fix curly quotes, non-breaking hyphens, and remaining apostrophes in headings 2026-03-18 01:31:38 -07:00
Vincent Koc
8ac4b09fa4 docs: fix em-dash headings and broken links across docs 
- Replace em-dashes in headings with hyphens/parens (breaks Mintlify anchors)
- Fix broken /testing link in pi-dev.md to /help/testing
- Convert absolute docs URLs to root-relative in pi-dev.md

Files: migrating.md, images.md, audio.md, media-understanding.md,
venice.md, minimax.md, AGENTS.default.md, security/index.md, pi-dev.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 23:55:46 -07:00
Peter Steinberger
6636ca87f4 docs(hooks): clarify trust model and audit guidance 2026-03-17 09:54:30 -07:00
Peter Steinberger
4d8106eece docs(security): clarify wildcard Control UI origins 2026-03-17 09:36:51 -07:00
Peter Steinberger
e5919bc524 docs(gateway): clarify URL allowlist semantics 2026-03-17 00:03:27 -07:00
Tak Hoffman
4863b651c6 docs: rename onboarding user-facing wizard copy 
Co-authored-by: Tak <contact-redacted@example.com>
 2026-03-16 19:50:31 -05:00
Vincent Koc
476d948732 !refactor(browser): remove Chrome extension path and add MCP doctor migration (#47893) 
* Browser: replace extension path with Chrome MCP

* Browser: clarify relay stub and doctor checks

* Docs: mark browser MCP migration as breaking

* Browser: reject unsupported profile drivers

* Browser: accept clawd alias on profile create

* Doctor: narrow legacy browser driver migration
 2026-03-15 23:56:08 -07:00
Peter Steinberger
5287ae3c06 docs: update setup wizard wording 2026-03-15 21:40:31 -07:00
Peter Steinberger
b14a5c6713 fix(zalouser): require ids for group allowlist auth 2026-03-13 01:31:17 +00:00
Josh Avant
0125ce1f44 Gateway: fail closed unresolved local auth SecretRefs (#42672) 
* Gateway: fail closed unresolved local auth SecretRefs

* Docs: align node-host gateway auth precedence

* CI: resolve rebase breakages in checks lanes

* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state

* Gateway: remove stale remote.enabled auth-surface semantics

* Changelog: note gateway SecretRef fail-closed fix
 2026-03-10 21:41:56 -05:00