vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-01 10:30:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
25,850 Commits 1,843 Branches 149 Tags
5b294b7fbd63221497afacf17e8ff6be7aa5dcda
Commit Graph

44 Commits

Author SHA1 Message Date
Peter Steinberger
0633406ff6 fix(gateway): restore compat HTTP operator auth 2026-03-31 16:49:30 +09:00
Shakker
1dda032531 style: format rebased main files 2026-03-31 01:40:55 +01:00
Jacob Tomlinson
f0af186726 gateway: ignore bearer-declared HTTP operator scopes (#57783) 
* gateway: ignore bearer-declared HTTP operator scopes

* gateway: key HTTP bearer guards to auth mode

* gateway: refresh rebased HTTP regression expectations

* gateway: honor resolved HTTP auth method

* gateway: remove duplicate openresponses owner flags
 2026-03-30 20:04:33 +01:00
Jacob Tomlinson
f011d0be28 fix(gateway): treat OpenAI HTTP ingress as non-owner (#57769) 
Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
 2026-03-30 16:26:53 +01:00
Devin Robison
703e68a749 Fix HTTP OpenAI-compatible routes missing operator.write scope checks (#56618) 
* Fix HTTP OpenAI-compatible routes missing operator.write scope checks

* Update src/gateway/http-endpoint-helpers.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* Address Greptile feedback

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-28 15:22:21 -06:00
Vincent Koc
d10669629d feat(gateway): make openai compatibility agent-first 2026-03-24 18:06:24 -07:00
Vincent Koc
eaad4ad1be feat(gateway): add missing OpenAI-compatible endpoints (models and embeddings) (#53992) 
* feat(gateway): add OpenAI-compatible models and embeddings

* docs(gateway): clarify model list and agent routing

* Update index.md

* fix(gateway): harden embeddings HTTP provider selection

* fix(gateway): validate compat model overrides

* fix(gateway): harden embeddings and response continuity

* fix(gateway): restore compat model id handling
 2026-03-24 16:53:51 -07:00
Josh Lehman
1399ca5fcb fix(plugins): forward plugin subagent overrides (#48277) 
Merged via squash.

Prepared head SHA: ffa45893e0
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-17 07:20:27 -07:00
Peter Steinberger
00b57145ff refactor: move agent runtime into agents layer 2026-03-16 22:53:16 -07:00
Peter Steinberger
4204c96105 refactor(gateway): share input allowlist normalizer 2026-03-07 17:05:23 +00:00
Vincent Koc
9521e61a22 Gateway: follow up HEIC input image handling (#38146) 
* Media: scope HEIC MIME sniffing

* Media: hermeticize HEIC input tests

* Gateway: fix HEIC image budget accounting

* Gateway: add HEIC image budget regression test

* Changelog: note HEIC follow-up fix
 2026-03-06 11:53:59 -05:00
Vincent Koc
9dab154519 Gateway: normalize OpenAI stream chunk text 2026-03-06 01:05:56 -05:00
Vincent Koc
9c86a9fd23 fix(gateway): support image_url in OpenAI chat completions (#34068) 
* fix(gateway): parse image_url in openai chat completions

* test(gateway): cover openai chat completions image_url flows

* docs(changelog): note openai image_url chat completions fix (#17685)

* fix(gateway): harden openai image_url parsing and limits

* test(gateway): add openai image_url regression coverage

* docs(changelog): expand #17685 openai chat completions note

* Gateway: make OpenAI image_url URL fetch opt-in and configurable

* Diagnostics: redact image base64 payload data in trace logs

* Changelog: note OpenAI image_url hardening follow-ups

* Gateway: enforce OpenAI image_url total budget incrementally

* Gateway: scope OpenAI image_url extraction to the active turn

* Update CHANGELOG.md
 2026-03-06 00:35:50 -05:00
Peter Steinberger
b8b8a5f314 fix(security): enforce explicit ingress owner context 2026-03-02 23:50:36 +00:00
Peter Steinberger
7066d5e192 refactor: extract shared sandbox and gateway plumbing 2026-03-02 23:16:47 +00:00
bmendonca3
0d8f14fed3 gateway: cover default message-channel fallback 2026-03-02 22:51:32 +00:00
bmendonca3
842a79cf99 Gateway: honor message-channel header for chat completions 2026-03-02 22:51:32 +00:00
Peter Steinberger
0f989d3109 fix(gateway): tighten openai-http edge handling 2026-02-22 11:29:31 +00:00
Peter Steinberger
be7f825006 refactor(gateway): harden proxy client ip resolution 2026-02-21 13:36:23 +01:00
Peter Steinberger
2863661bcc refactor(gateway): share openai response text extraction 2026-02-18 18:54:22 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger
a2ceadcc2a refactor(gateway): dedupe assistant delta parsing 2026-02-15 19:08:47 +00:00
Peter Steinberger
9e2233da7f refactor(gateway): dedupe json endpoint prelude 2026-02-15 13:24:37 +00:00
Peter Steinberger
b5c81f732c refactor(gateway): share bearer auth helper 2026-02-15 04:40:04 +00:00
Peter Steinberger
7fc1026746 refactor(gateway): share agent prompt builder 2026-02-14 15:39:45 +00:00
David Rudduck
f788de30c8 fix(security): sanitize error responses to prevent information leakage (#5) 
* fix(security): sanitize error responses to prevent information leakage

Replace raw error messages in HTTP responses with generic messages.
Internal error details (stack traces, module paths, error messages)
were being returned to clients in 4 gateway endpoints.

* fix: sanitize 2 additional error response leaks in openresponses-http

Address CodeRabbit feedback: non-stream and streaming error paths in
openresponses-http.ts were still returning String(err) to clients.

* fix: add server-side error logging to sanitized catch blocks

Restore err parameter and add logWarn() calls so errors are still
captured server-side for diagnostics while keeping client responses
sanitized. Addresses CodeRabbit feedback about silently discarded errors.
 2026-02-13 16:58:30 +01:00
Harald Buerbaumer
30b6eccae5 feat(gateway): add auth rate-limiting & brute-force protection (#15035) 
* feat(gateway): add auth rate-limiting & brute-force protection

Add a per-IP sliding-window rate limiter to Gateway authentication
endpoints (HTTP, WebSocket upgrade, and WS message-level auth).

When gateway.auth.rateLimit is configured, failed auth attempts are
tracked per client IP. Once the threshold is exceeded within the
sliding window, further attempts are blocked with HTTP 429 + Retry-After
until the lockout period expires. Loopback addresses are exempt by
default so local CLI sessions are never locked out.

The limiter is only created when explicitly configured (undefined
otherwise), keeping the feature fully opt-in and backward-compatible.

* fix(gateway): isolate auth rate-limit scopes and normalize 429 responses

---------

Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 15:32:38 +01:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
e6e71457e0 fix: honor trusted proxy client IPs (PR #1654) 
Thanks @ndbroadbent.

Co-authored-by: Nathan Broadbent <git@ndbroadbent.com>
 2026-01-25 01:52:19 +00:00
Peter Steinberger
f06ad4502b refactor: share responses input handling 2026-01-20 08:21:57 +00:00
Peter Steinberger
bbc67f3754 fix: expand /v1/responses inputs (#1229) (thanks @RyanLisse) 2026-01-20 07:37:30 +00:00
Peter Steinberger
436c5fd751 fix(openai-http): reuse history markers for chat prompts 
Co-authored-by: Andrew Lauppe <andy@t5tele.com>
 2026-01-18 06:07:59 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00
Peter Steinberger
90342a4f3a refactor!: rename chat providers to channels 2026-01-13 08:40:39 +00:00
Peter Steinberger
0d00d6dfd4 style(gateway): format openai-http 2026-01-10 22:11:15 +01:00
Peter Steinberger
6546a1a23a feat(gateway): allow agent via model 2026-01-10 22:11:12 +01:00
Peter Steinberger
dafa8a2881 feat(gateway): add OpenAI-compatible HTTP endpoint 2026-01-10 22:11:04 +01:00