vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 14:50:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
44,175 Commits 1,843 Branches 149 Tags
5967218cdffb593f6a34ea40e5ef4e1df122bfba
Commit Graph

431 Commits

Author SHA1 Message Date
Shakker
01741f81f8 test: remove stale unused imports 2026-05-09 11:26:43 +01:00
Peter Steinberger
4883a0e6c4 chore: update workspace dependencies 2026-05-09 10:58:36 +01:00
Peter Steinberger
9385eaaf88 chore(release): prepare 2026.5.8 2026-05-09 08:05:17 +01:00
Peter Steinberger
297665197b test: tighten browser request timeout assertion 2026-05-09 05:38:42 +01:00
Shakker
5496100a51 test: tighten browser empty array assertions 2026-05-09 05:17:37 +01:00
Shakker
c6faba0713 test: tighten browser empty payload assertions 2026-05-09 04:28:18 +01:00
Peter Steinberger
ac18768c19 test: tighten browser download path assertion 2026-05-09 03:31:54 +01:00
Shakker
20a2ac3e5d test: tighten extension cleanup assertions 2026-05-09 02:56:17 +01:00
Peter Steinberger
c958716d10 test: dedupe browser download absence assertions 2026-05-09 02:42:52 +01:00
Peter Steinberger
b28e29c4f3 test: tighten browser cdp transport failure assertions 2026-05-09 01:49:26 +01:00
Peter Steinberger
387846f1c7 test: tighten browser proxy file absence assertion 2026-05-09 01:44:15 +01:00
Shakker
105cc8d18a test: clear browser open tab timeout guard 2026-05-09 00:59:36 +01:00
Peter Steinberger
35363a279b test: simplify browser doctor warning ids 2026-05-08 23:03:18 +01:00
Peter Steinberger
aa78d9eab9 test: avoid extension filter count helpers 2026-05-08 22:15:56 +01:00
Peter Steinberger
73faa75be1 test: require browser async callbacks 2026-05-08 19:23:45 +01:00
Peter Steinberger
ad818ed99d test: require matrix test targets 2026-05-08 17:03:43 +01:00
Shakker
a07802e7f0 test: tighten browser profile assertion 2026-05-08 16:56:54 +01:00
Peter Steinberger
bbd6d9e254 test: stabilize node 26 full-suite edge cases 2026-05-08 16:52:23 +01:00
Peter Steinberger
7cc0b21e4d test: restore node 26 test compatibility 2026-05-08 16:52:23 +01:00
Peter Steinberger
f6476140d2 test: tighten live provider assertions 2026-05-08 15:11:21 +01:00
Peter Steinberger
f5e6108133 test: clarify browser cdp fuzz assertions 2026-05-08 13:17:30 +01:00
clawsweeper
48c24c86c9 test: cover download parent symlink race 2026-05-08 20:31:43 +10:00
jesse-merhi
c71dfb6f52 test: cover download parent symlink race 2026-05-08 20:31:43 +10:00
Shakker
9ae982f486 test: clarify browser download output assertions 2026-05-08 09:45:28 +01:00
Peter Steinberger
b55dfd53b4 test: clarify browser doctor warning assertions 2026-05-08 08:43:51 +01:00
Peter Steinberger
3e53b19284 test: clarify browser client endpoint assertions 2026-05-08 08:17:08 +01:00
scotthuang
37af50f3db fix(browser): keep user tabs open on SSRF-denied reads (#78874) 
Summary:
- Split browser SSRF quarantine from tab closure so read-only browser operations do not close user-owned tabs on policy denial.
- Keep OpenClaw-initiated navigation/create paths closing blocked tabs, and add regression coverage for both contracts.
- Update changelog with contributor credit.

Verification:
- pnpm test extensions/browser/src/browser/pw-session.assert-navigation-safety.test.ts extensions/browser/src/browser/pw-tools-core.snapshot.navigate-guard.test.ts
- pnpm test extensions/browser/src/browser/pw-tools-core.browser-ssrf-guard.test.ts extensions/browser/src/browser/pw-tools-core.snapshot.test.ts
- Exact-head CI success: 25535578610
- Exact-head Real behavior proof success: 25536652326

Thanks @scotthuang.
 2026-05-08 08:13:04 +01:00
Jesse Merhi
a9377fe667 Harden browser download output writes (#78780) 
Summary:
- The PR exports `ensureAbsoluteDirectory` through the fs-safe/SDK runtime facades and routes browser download ... through safe output directory/file helpers with focused tests, a changelog entry, and SDK API hash updates.
- Reproducibility: yes. at source level: current main creates browser download/output roots with raw recursive ... jection coverage for that path. I did not run a live browser runtime reproduction in this read-only review.

Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(browser): use fs-safe output directory helper
- PR branch already contained follow-up commit before automerge: docs(changelog): mention browser fs-safe hardening
- PR branch already contained follow-up commit before automerge: fix(browser): harden download output writes

Validation:
- ClawSweeper review passed for head a9c9570f66.
- Required merge gates passed before the squash merge.

Prepared head SHA: a9c9570f66
Review: https://github.com/openclaw/openclaw/pull/78780#issuecomment-4394146682

Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
 2026-05-08 05:57:23 +00:00
Peter Steinberger
9ef37d1907 test: tighten assertions and harness coverage 2026-05-08 05:28:12 +01:00
Peter Steinberger
6a4069dead fix: share plugin runtime helpers 
Consolidate shared plugin runtime MIME/schema helpers, preserve canonical runtime behavior, and guard QQBot STT fetches.
 2026-05-08 00:28:43 +01:00
Peter Steinberger
252a76d25c refactor: stage external output writes through fs-safe 2026-05-07 06:05:24 +01:00
Vincent Koc
b680360fde test(browser): allow fs-safe download staging 2026-05-06 21:11:18 -07:00
Vincent Koc
dddd9cb3b6 test(browser): use existing outside trash path 2026-05-06 21:03:06 -07:00
Vincent Koc
0c4111de9d test(browser): use real trash fixture paths 2026-05-06 21:01:53 -07:00
Peter Steinberger
0b88d6286c chore: bump version to 2026.5.6 2026-05-06 09:47:34 +01:00
Peter Steinberger
6da5eda488 test: avoid real waits in cdp and outbound tests 2026-05-06 05:43:48 +01:00
Peter Steinberger
afc2c2e207 test(browser): avoid real retry waits 2026-05-06 05:33:28 +01:00
Peter Steinberger
b85b1c68d1 Refactor file access to use fs-safe primitives (#78255) 
* refactor: use fs-safe primitives across file access

* fix: preserve invalid managed npm manifests

* fix: keep fs seams for startup metadata
 2026-05-06 05:03:11 +01:00
Peter Steinberger
b43efd3793 fix: clean up post-land CI guards 2026-05-06 02:51:53 +01:00
Peter Steinberger
538605ff44 [codex] Extract filesystem safety primitives (#77918) 
* refactor: extract filesystem safety primitives

* refactor: use fs-safe for file access helpers

* refactor: reuse fs-safe for media reads

* refactor: use fs-safe for image reads

* refactor: reuse fs-safe in qqbot media opener

* refactor: reuse fs-safe for local media checks

* refactor: consume cleaner fs-safe api

* refactor: align fs-safe json option names

* fix: preserve fs-safe migration contracts

* refactor: use fs-safe primitive subpaths

* refactor: use grouped fs-safe subpaths

* refactor: align fs-safe api usage

* refactor: adapt private state store api

* chore: refresh proof gate

* refactor: follow fs-safe json api split

* refactor: follow reduced fs-safe surface

* build: default fs-safe python helper off

* fix: preserve fs-safe plugin sdk aliases

* refactor: consolidate fs-safe usage

* refactor: unify fs-safe store usage

* refactor: trim fs-safe temp workspace usage

* refactor: hide low-level fs-safe primitives

* build: use published fs-safe package

* fix: preserve outbound recovery durability after rebase

* chore: refresh pr checks
 2026-05-06 02:15:17 +01:00
Peter Steinberger
8ee08b2b77 chore: update dependencies 2026-05-04 23:07:09 +01:00
Peter Steinberger
4556707cb7 test(browser): mirror route URL guard in existing-session helper 2026-05-04 22:29:13 +01:00
Vincent Koc
a71f906837 fix(browser): guard existing-session screenshots 2026-05-04 13:56:33 -07:00
Agustin Rivera
ef0dbcf49d Guard current browser tab exports (#75731) 
* fix(browser): guard current tab exports

* fix(browser): expand tab guard coverage

* fix(browser): guard tab reads

* fix(browser): guard screenshot route

* changelog: PR #75731

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-05-04 14:07:17 -06:00
Peter Steinberger
5397667272 chore(release): prepare 2026.5.4 2026-05-04 10:09:55 +01:00
Peter Steinberger
5fa7d3b1a4 fix: repair Google Meet media permission grants 2026-05-03 22:40:20 +01:00
Peter Steinberger
31161abd40 chore(release): bump version to 2026.5.3 2026-05-03 03:08:47 +01:00
Peter Steinberger
80da0a0213 chore: bump version to 2026.5.2 2026-05-02 11:58:45 +01:00
Peter Steinberger
3c8381c183 refactor: hide browser test and error internals 2026-05-02 09:02:40 +01:00
Peter Steinberger
68c99879e2 refactor: trim browser config facade 2026-05-02 09:00:30 +01:00