vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-05 22:32:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
26,422 Commits 1,106 Branches 95 Tags
4be01a5cd5477bda7746e4a7ccfa41fdfa9e3834
Commit Graph

100 Commits

Author SHA1 Message Date
Peter Steinberger
5fa60e6535 docs: refresh channel overview mirrors 2026-04-04 15:07:32 +01:00
Peter Steinberger
8ca5a9174a docs: refresh gateway auth precedence refs 2026-04-04 14:36:52 +01:00
Peter Steinberger
114496871d docs: refresh tailscale auth rate limit refs 2026-04-04 14:30:13 +01:00
Peter Steinberger
f502b023d9 docs: refresh device token scope mirrors 2026-04-04 14:25:47 +01:00
Peter Steinberger
2ecb8ca352 docs: refresh control ui auth ux refs 2026-04-04 14:14:54 +01:00
Peter Steinberger
07c7c4b9ec docs: refresh tailscale http auth refs 2026-04-04 14:13:36 +01:00
Peter Steinberger
11b8a025a4 docs: refresh gateway auth overview refs 2026-04-04 14:12:38 +01:00
Peter Steinberger
0afd30d325 docs: refresh shared-secret auth mirrors 2026-04-04 14:02:29 +01:00
Peter Steinberger
c63a32661a docs: refresh gateway auth overview mirrors 2026-04-04 13:54:15 +01:00
Peter Steinberger
11d17b3c38 docs: refresh control ui device identity refs 2026-04-04 13:52:23 +01:00
Peter Steinberger
8f473023e4 docs: refresh web surface auth mirrors 2026-04-04 13:50:47 +01:00
Peter Steinberger
545ecc63bd docs: refresh docs search and tui refs 2026-04-04 08:34:43 +01:00
Vincent Koc
00a49fe8b4 docs: add gateway.webchat.chatHistoryMaxChars config reference 2026-04-01 19:25:17 +09:00
Vincent Koc
9f0845137a docs: add Related sections to plugin and web interface pages 
- building-plugins.md, manifest.md: link to architecture, SDK, channel/provider plugins
- control-ui.md, tui.md: link to sibling web interfaces and CLI
 2026-03-31 14:34:56 +09:00
Josh Avant
81b777c768 fix(config): harden SecretRef round-trip handling in Control UI and RPC writes (#58044) 
* Config: harden SecretRef round-trip handling

* Gateway: test SecretRef preflight on config writes

* Agents: align skill loader with upstream Skill type

* Docs: align SecretRef write semantics with Control UI and RPC behavior

* Config: add UI and gateway regression evidence for SecretRef hardening

* Config: add token SecretRef restore regression and skill sourceInfo compat

* UI: scope structured-value lockout to SecretRef fields

* Agents: remove out-of-scope skill loader compat edits

* UI: reduce app-render churn to rawAvailable-only changes

* Gateway: scope SecretRef preflight to submitted config

* Docs: clarify config write SecretRef preflight scope

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-30 23:55:03 -05:00
Radek Sienkiewicz
4680335b2a docs: fix English link audits (#57039) 
Merged via squash.

Prepared head SHA: d20a3b620f
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-30 01:21:00 +02:00
Tak Hoffman
9c7823350b feat: add /tools runtime availability view (#54088) 
* test(memory): lock qmd status counts regression

* feat: make /tools show what the agent can use right now

* fix: sync web ui slash commands with the shared registry

* feat: add profile and unavailable counts to /tools

* refine: keep /tools focused on available tools

* fix: resolve /tools review regressions

* fix: honor model compat in /tools inventory

* fix: sync generated protocol models for /tools

* fix: restore canonical slash command names

* fix: avoid ci lint drift in google helper exports

* perf: stop computing unused /tools unavailable counts

* docs: clarify /tools runtime behavior
 2026-03-24 21:09:51 -05:00
Josh Avant
8e132aed6e Hardening: refresh stale device pairing requests and pending metadata (#50695) 
* Docs: clarify device pairing supersede behavior

* Device pairing: supersede pending requests on auth changes
 2026-03-19 18:26:06 -05:00
Vincent Koc
3cecbcf8b6 docs: fix curly quotes, non-breaking hyphens, and remaining apostrophes in headings 2026-03-18 01:31:38 -07:00
Val Alexander
56066dccb0 docs(ui): harden legacy query token guidance (#49053) 2026-03-17 22:18:42 -05:00
Peter Steinberger
4d8106eece docs(security): clarify wildcard Control UI origins 2026-03-17 09:36:51 -07:00
stim64045-spec
6101c023bb fix(ui): restore control-ui query token compatibility (#43979) 
* fix(ui): restore control-ui query token imports

* chore(changelog): add entry for openclaw#43979 thanks @stim64045-spec

---------

Co-authored-by: 大禹 <dayu@dayudeMac-mini.local>
Co-authored-by: Val Alexander <bunsthedev@gmail.com>
Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
 2026-03-17 04:03:35 -05:00
Tak Hoffman
4863b651c6 docs: rename onboarding user-facing wizard copy 
Co-authored-by: Tak <contact-redacted@example.com>
 2026-03-16 19:50:31 -05:00
Peter Steinberger
5287ae3c06 docs: update setup wizard wording 2026-03-15 21:40:31 -07:00
Peter Steinberger
d5bffcdeab feat: add fast mode toggle for OpenAI models 2026-03-12 23:31:31 +00:00
Josh Avant
a76e810193 fix(gateway): harden token fallback/reconnect behavior and docs (#42507) 
* fix(gateway): harden token fallback and auth reconnect handling

* docs(gateway): clarify auth retry and token-drift recovery

* fix(gateway): tighten auth reconnect gating across clients

* fix: harden gateway token retry (#42507) (thanks @joshavant)
 2026-03-10 17:05:57 -05:00
Radek Sienkiewicz
f2f561fab1 fix(ui): preserve control-ui auth across refresh (#40892) 
Merged via squash.

Prepared head SHA: f9b2375892
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-09 12:50:47 +01:00
Vincent Koc
a3dc4b5a57 fix(tui): improve color contrast for light-background terminals (#40345) 
* fix(tui): improve colour contrast for light-background terminals (#38636)

Detect light terminal backgrounds via COLORFGBG and apply a WCAG
AA-compliant light palette. Adds OPENCLAW_THEME=light|dark env var
override for terminals without auto-detection.

Uses proper sRGB linearisation and WCAG 2.1 contrast ratios to pick
whichever text palette (dark or light) has higher contrast against
the detected background colour.

Co-authored-by: ademczuk <ademczuk@users.noreply.github.com>

* Update CHANGELOG.md

---------

Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
Co-authored-by: ademczuk <ademczuk@users.noreply.github.com>
 2026-03-08 16:17:28 -07:00
Peter Steinberger
10d0e3f3ca fix(dashboard): keep gateway tokens out of URL storage 2026-03-07 18:33:30 +00:00
Vincent Koc
2b45eb0e52 Docs: document Control UI locale support 2026-03-05 16:57:59 -05:00
Josh Avant
72cf9253fc Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094) 2026-03-05 12:53:56 -06:00
Vincent Koc
b7615e0ce3 Exec/ACP: inject OPENCLAW_SHELL into child shell env (#31271) 
* exec: mark runtime shell context in exec env

* tests(exec): cover OPENCLAW_SHELL in gateway exec

* tests(exec): cover OPENCLAW_SHELL in pty mode

* acpx: mark runtime shell context for spawned process

* tests(acpx): log OPENCLAW_SHELL in runtime fixture

* tests(acpx): assert OPENCLAW_SHELL in runtime prompt

* docs(env): document OPENCLAW_SHELL runtime markers

* docs(exec): describe OPENCLAW_SHELL exec marker

* docs(acp): document OPENCLAW_SHELL acp marker

* docs(gateway): note OPENCLAW_SHELL for background exec

* tui: tag local shell runs with OPENCLAW_SHELL

* tests(tui): assert OPENCLAW_SHELL in local shell runner

* acp client: tag spawned bridge env with OPENCLAW_SHELL

* tests(acp): cover acp client OPENCLAW_SHELL env helper

* docs(env): include acp-client and tui-local shell markers

* docs(acp): document acp-client OPENCLAW_SHELL marker

* docs(tui): document tui-local OPENCLAW_SHELL marker

* exec: keep shell runtime env string-only for docker args

* changelog: note OPENCLAW_SHELL runtime markers
 2026-03-01 20:31:06 -08:00
Peter Steinberger
aea28e26fb fix(auto-reply): expand standalone stop phrases 2026-02-24 04:02:43 +00:00
Peter Steinberger
223d7dc23d feat(gateway)!: require explicit non-loopback control-ui origins 2026-02-24 01:57:11 +00:00
Tak Hoffman
9e1a13bf4c Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-22 23:55:59 -06:00
Tak Hoffman
77c3b142a9 Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-22 23:05:42 -06:00
Peter Steinberger
356d61aacf fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
Peter Steinberger
99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Peter Steinberger
ede496fa1a docs: clarify trusted-host assumption for tokenless tailscale 2026-02-21 12:52:49 +01:00
Sebastian
81fd771cb9 fix(gateway): preserve chat.history context under hard caps 2026-02-16 21:50:01 -05:00
Advait Paliwal
bc67af6ad8 cron: separate webhook POST delivery from announce (#17901) 
* cron: split webhook delivery from announce mode

* cron: validate webhook delivery target

* cron: remove legacy webhook fallback config

* fix: finalize cron webhook delivery prep (#17901) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-16 02:36:00 -08:00
Advait Paliwal
14fb2c05b1 Gateway/Control UI: preserve partial output on abort (#15026) 
* Gateway/Control UI: preserve partial output on abort

* fix: finalize abort partial handling and tests (#15026) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-15 16:55:28 -08:00
Advait Paliwal
115cfb4430 gateway: add cron finished-run webhook (#14535) 
* gateway: add cron finished webhook delivery

* config: allow cron webhook in runtime schema

* cron: require notify flag for webhook posts

* ui/docs: add cron notify toggle and webhook docs

* fix: harden cron webhook auth and fill notify coverage (#14535) (thanks @advaitpaliwal)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-02-15 16:14:17 -08:00
Peter Steinberger
fba19fe942 docs: link trusted-proxy auth from gateway docs (#16172) 2026-02-14 12:44:25 +01:00
Seb Slight
929a3725d3 docs: canonicalize docs paths and align zh navigation (#11428) 
* docs(navigation): canonicalize paths and align zh nav

* chore(docs): remove stray .DS_Store

* docs(scripts): add non-mint docs link audit

* docs(nav): fix zh source paths and preserve legacy redirects (#11428) (thanks @sebslight)

* chore(docs): satisfy lint for docs link audit script (#11428) (thanks @sebslight)
 2026-02-07 15:40:35 -05:00
Seb Slight
578a6e27aa Docs: enable markdownlint autofixables except list numbering (#10476) 
* docs(markdownlint): enable autofixable rules except list numbering

* docs(zalo): fix malformed bot platform link
 2026-02-06 10:08:59 -05:00
Sebastian
0a1f4f666a revert(docs): undo markdownlint autofix churn 2026-02-06 10:00:08 -05:00
Sebastian
c7aec0660e docs(markdownlint): enable autofixable rules and normalize links 2026-02-06 09:55:12 -05:00
Coy Geek
717129f7f9 fix: silence unused hook token url param (#9436) 
* fix: Gateway authentication token exposed in URL query parameters

* fix: silence unused hook token url param

* fix: remove gateway auth tokens from URLs (#9436) (thanks @coygeek)

* test: fix Windows path separators in audit test (#9436)

---------

Co-authored-by: George Pickett <gpickett00@gmail.com>
 2026-02-05 18:08:29 -08:00
Gustavo Madeira Santana
a13ff55bd9 Security: Prevent gateway credential exfiltration via URL override (#9179) 
* Gateway: require explicit auth for url overrides

* Gateway: scope credential blocking to non-local URLs only

Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.

Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.

This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.

* Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier)

* Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier)

* Tests: format gateway chat test (#8113) (thanks @victormier)

* Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 18:59:44 -05:00