vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-24 23:51:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,794 Commits 1,466 Branches 126 Tags
520d753b277b39ebb65aca3bac7ffdd213923254
Commit Graph

1773 Commits

Author SHA1 Message Date
Peter Steinberger
aa2d5aaa0c feat(plugins): add image generation capability 2026-03-16 22:58:55 -07:00
Peter Steinberger
00b57145ff refactor: move agent runtime into agents layer 2026-03-16 22:53:16 -07:00
Peter Steinberger
9ebe38b6e3 refactor: untangle remaining plugin sdk boundaries 2026-03-16 21:16:32 -07:00
Peter Steinberger
3e010e280a feat(plugins): add media understanding provider registration 2026-03-16 20:42:00 -07:00
Peter Steinberger
fe4368cbca fix: align thinking defaults and plugin sdk exports 2026-03-17 03:16:39 +00:00
Peter Steinberger
1ffe8fde84 fix: stabilize docker test suite 2026-03-17 03:02:03 +00:00
Peter Steinberger
662031a88e feat(plugins): add speech provider registration 2026-03-16 18:50:09 -07:00
Josh Lehman
eeb140b4f0 fix(plugins): late-binding subagent runtime for non-gateway load paths (#46648) 
Merged via squash.

Prepared head SHA: 44742652c9
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-16 14:27:54 -07:00
Gustavo Madeira Santana
13894ec5aa Gateway tests: share ordered client teardown helper 2026-03-16 14:36:04 +00:00
Gustavo Madeira Santana
d352be8e99 Gateway tests: centralize mock responses provider setup 2026-03-16 14:36:04 +00:00
Gustavo Madeira Santana
771fbeae79 Gateway: simplify startup and stabilize mock responses tests 2026-03-16 14:32:55 +00:00
Gustavo Madeira Santana
96ed010a37 Gateway: gate deferred channel startup behind opt-in 2026-03-16 13:55:53 +00:00
Gustavo Madeira Santana
1b234b910b Gateway: defer full channel plugins until after listen 2026-03-16 13:31:20 +00:00
Ayaan Zaidi
ccba943738 test(gateway): restore agent request route mock 2026-03-16 17:17:03 +05:30
Vincent Koc
9ee0fb52e9 Gateway: cover lazy channel runtime resolution 2026-03-16 01:43:47 -07:00
Vincent Koc
776e5d8a08 Gateway: lazily resolve channel runtime 2026-03-16 01:43:47 -07:00
Peter Steinberger
7e74adef91 refactor: shrink public channel plugin sdk surfaces 2026-03-16 01:34:22 -07:00
Peter Steinberger
a73d6620b3 refactor: route remaining channel imports through plugin sdk 2026-03-16 01:17:13 -07:00
Vincent Koc
7a09255361 Runtime: lazy-load channel runtime singletons 2026-03-16 01:02:19 -07:00
Peter Steinberger
74d0c39b32 refactor: move session lifecycle and outbound fallbacks into plugins 2026-03-16 00:40:43 -07:00
Peter Steinberger
4ab016a9bd fix: preserve loopback gateway scopes for local auth 2026-03-16 06:22:15 +00:00
Vincent Koc
7b2a7da549 Gateway: import normalizeAgentId in hooks 2026-03-15 23:20:11 -07:00
Vincent Koc
c4b18ab3c9 Status: split lightweight gateway agent list 2026-03-15 22:55:27 -07:00
Vincent Koc
4cb46f223c Security: trim audit policy import surfaces 2026-03-15 22:55:26 -07:00
Joey Krug
304703f165 fix: resume orphaned subagent sessions after SIGUSR1 reload 
Closes #47711

After a SIGUSR1 gateway reload aborts in-flight subagent LLM calls, the gateway now scans for orphaned sessions and sends a synthetic resume message to restart their work. Also makes the deferral timeout configurable via gateway.reload.deferralTimeoutMs (default: 5 minutes, up from 90s).
 2026-03-15 22:32:36 -07:00
Peter Steinberger
5c120cb36c refactor: make setup the primary wizard surface 2026-03-15 22:01:04 -07:00
Peter Steinberger
a69f6190ab fix(gateway): pin plugin webhook route registry (#47902) 2026-03-15 21:53:05 -07:00
Peter Steinberger
656848dcd7 refactor: rename setup wizard surfaces 2026-03-15 21:40:31 -07:00
Vincent Koc
d8e138c743 Gateway: add presence-only probe mode for status 2026-03-15 19:56:08 -07:00
Josh Avant
a2cb81199e secrets: harden read-only SecretRef command paths and diagnostics (#47794) 
* secrets: harden read-only SecretRef resolution for status and audit

* CLI: add SecretRef degrade-safe regression coverage

* Docs: align SecretRef status and daemon probe semantics

* Security audit: close SecretRef review gaps

* Security audit: preserve source auth SecretRef configuredness

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-15 21:55:24 -05:00
Peter Steinberger
d56559bad7 fix: repair node24 ci type drift 2026-03-16 01:15:31 +00:00
Peter Steinberger
74c762beb0 refactor: decouple channel setup discovery 2026-03-15 16:26:09 -07:00
Vincent Koc
c9a8b6f82f chore(fmt): format changes and broken types 2026-03-15 12:03:35 -07:00
Vincent Koc
fc2d29ea92 Gateway: tighten forwarded client and pairing guards (#46800) 
* Gateway: tighten forwarded client and pairing guards

* Gateway: make device approval scope checks atomic

* Gateway: preserve device approval baseDir compatibility
 2026-03-15 10:50:49 -07:00
Peter Steinberger
7c0a849ed7 fix: harden device token rotation denial paths 2026-03-15 09:05:45 -07:00
Vincent Koc
a60fd3feed Nodes tests: prove pull-time policy revalidation 2026-03-15 09:05:22 -07:00
Vincent Koc
ec2c6d83b9 Nodes: recheck queued actions before delivery (#46815) 
* Nodes: recheck queued actions before delivery

* Nodes tests: cover pull-time policy recheck

* Nodes tests: type node policy mocks explicitly
 2026-03-15 08:47:17 -07:00
Andrew Demczuk
26e0a3ee9a fix(gateway): skip Control UI pairing when auth.mode=none (closes #42931) (#47148) 
When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.

Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the #43478 regression where a top-level OR disabled pairing for ALL
websocket clients.
 2026-03-15 13:03:39 +01:00
Ace Lee
d7ac16788e fix(android): support android node calllog.search (#44073) 
* fix(android): support android node  `calllog.search`

* fix(android): support android node calllog.search

* fix(android): wire callLog through shared surfaces

* fix: land Android callLog support (#44073) (thanks @lxk7280)

---------

Co-authored-by: lixuankai <lixuankai@oppo.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-15 14:54:32 +05:30
Tak Hoffman
29fec8bb9f fix(gateway): harden health monitor account gating (#46749) 
* gateway: harden health monitor account gating

* gateway: tighten health monitor account-id guard
 2026-03-14 21:58:28 -05:00
rstar327
ba6064cc22 feat(gateway): make health monitor stale threshold and max restarts configurable (openclaw#42107) 
Verified:
- pnpm exec vitest --run src/config/config-misc.test.ts -t "gateway.channelHealthCheckMinutes"
- pnpm exec vitest --run src/gateway/server-channels.test.ts -t "health monitor"
- pnpm exec vitest --run src/gateway/channel-health-monitor.test.ts src/gateway/server/readiness.test.ts
- pnpm exec vitest --run extensions/feishu/src/outbound.test.ts
- pnpm exec tsc --noEmit

Co-authored-by: rstar327 <114364448+rstar327@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-14 21:21:56 -05:00
Andrew Demczuk
92fc8065e9 fix(gateway): remove re-introduced auth.mode=none pairing bypass 
The revert of #43478 (commit 39b4185d0b) was silently undone by
3704293e6f which was based on a branch that included the original
change. This removes the auth.mode=none skipPairing condition again.

The blanket skip was too broad - it disabled pairing for ALL websocket
clients, not just Control UI behind reverse proxies.
 2026-03-15 00:46:24 +01:00
George Zhang
3704293e6f browser: drop headless/remote MCP attach modes, simplify existing-session to autoConnect-only (#46628) 2026-03-14 15:54:22 -07:00
George Zhang
b1d8737017 browser: drop chrome-relay auto-creation, simplify to user profile only (#46596) 
Merged via squash.

Prepared head SHA: 74becc8f7d
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Co-authored-by: odysseus0 <8635094+odysseus0@users.noreply.github.com>
Reviewed-by: @odysseus0
 2026-03-14 15:40:02 -07:00
Vincent Koc
39b4185d0b revert: 9bffa3422c 2026-03-14 15:09:22 -07:00
Andrew Demczuk
678ea77dcf style(gateway): fix oxfmt formatting and remove unused test helper 2026-03-14 21:46:53 +01:00
Sally O'Malley
8db6fcca77 fix(gateway/cli): relax local backend self-pairing and harden launchd restarts (#46290) 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-03-14 14:27:52 -04:00
Andrew Demczuk
9bffa3422c fix(gateway): skip device pairing when auth.mode=none 
Fixes #42931

When gateway.auth.mode is set to "none", authentication succeeds with
method "none" but sharedAuthOk remains false because the auth-context
only recognises token/password/trusted-proxy methods. This causes all
pairing-skip conditions to fail, so Control UI browser connections get
closed with code 1008 "pairing required" despite auth being disabled.

Short-circuit the skipPairing check: if the operator explicitly
disabled authentication, device pairing (which is itself an auth
mechanism) must also be bypassed.

Fixes #42931
 2026-03-14 19:17:39 +01:00
Nimrod Gutman
9aac55d306 Add /btw side questions (#45444) 
* feat(agent): add /btw side questions

* fix(agent): gate and log /btw reviews

* feat(btw): isolate side-question delivery

* test(reply): update route reply runtime mocks

* fix(btw): complete side-result delivery across clients

* fix(gateway): handle streamed btw side results

* fix(telegram): unblock btw side questions

* fix(reply): make external btw replies explicit

* fix(chat): keep btw side results ephemeral in internal history

* fix(btw): address remaining review feedback

* fix(chat): preserve btw history on mobile refresh

* fix(acp): keep btw replies out of prompt history

* refactor(btw): narrow side questions to live channels

* fix(btw): preserve channel typing indicators

* fix(btw): keep side questions isolated in chat

* fix(outbound): restore typed channel send deps

* fix(btw): avoid blocking replies on transcript persistence

* fix(btw): keep side questions fast

* docs(commands): document btw slash command

* docs(changelog): add btw side questions entry

* test(outbound): align session transcript mocks
 2026-03-14 17:27:54 +02:00
scoootscooob
439c21e078 refactor: remove channel shim directories, point all imports to extensions (#45967) 
* refactor: remove channel shim directories, point all imports to extensions

Delete the 6 backward-compat shim directories (src/telegram, src/discord,
src/slack, src/signal, src/imessage, src/web) that were re-exporting from
extensions. Update all 112+ source files to import directly from
extensions/{channel}/src/ instead of through the shims.

Also:
- Move src/channels/telegram/ (allow-from, api) to extensions/telegram/src/
- Fix outbound adapters to use resolveOutboundSendDep (fixes 5 pre-existing TS errors)
- Update cross-extension imports (src/web/media.js → extensions/whatsapp/src/media.js)
- Update vitest, tsdown, knip, labeler, and script configs for new paths
- Update guard test allowlists for extension paths

After this, src/ has zero channel-specific implementation code — only the
generic plugin framework remains.

* fix: update raw-fetch guard allowlist line numbers after shim removal

* refactor: document direct extension channel imports

* test: mock transcript module in delivery helpers
 2026-03-14 03:43:07 -07:00