* fix(agents): scope provider SSRF trust by origin
* fix(provider): preserve explicit private-network deny
* docs(provider): document exact-origin SSRF trust
* test(provider): cover exact-origin SSRF edges
* docs(provider): align local model private-origin guidance
* refactor(ssrf): keep policy merging in infra
* test(ssrf): cover exact-origin trust through guard
* test(ssrf): block sibling private-origin redirects
* fix(provider): keep loopback trust origin-scoped
* fix(provider): block metadata origin trust
* fix(ssrf): keep metadata rebinding blocked
* fix(ssrf): block cloud metadata origins
* fix(ssrf): block ipv6 metadata origins
* fix(ssrf): block embedded metadata origins
* test(ssrf): cover embedded link-local metadata
* test(provider): cover custom anthropic proxy classification
* test(provider): widen transport policy mock
* test(plugin-sdk): assert metadata-IP allowedOrigins entries are rejected
Plugin authors can construct an SsrFPolicy that lists any well-formed
http(s) origin in allowedOrigins. The abuse-resistance lives one layer
deeper, in resolvePinnedHostnameWithPolicy's metadata/link-local block.
Add an SDK-level smoke test asserting that contract directly:
- AWS/Alibaba IMDS IPv4 literals, GCP metadata canonical hostname,
IPv6 ULA metadata literal, and non-metadata link-local IPv4 entries
build a policy via ssrfPolicyFromHttpBaseUrlAllowedOrigin and are
then rejected at resolvePinnedHostnameWithPolicy.
- DNS rebinding from a trusted private DNS origin to a metadata IP is
rejected even when the request hostname is origin-trusted.
This would fail if the SDK helper or resolveSsrFPolicyForUrl ever
short-circuited past the metadata block.
* chore(docs): regenerate baselines after upstream rebase
upstream/main moved between rebases; the merged source state for the
PR's `src/config/schema.help.ts` change and the upstream plugin-sdk
surface changes both produce different hashes than the committed
baselines, so `config:docs:check` and `plugin-sdk:api:check` would fail.
Regenerated via `pnpm config:docs:gen` + `pnpm plugin-sdk:api:gen` on
Crabbox; both baselines verified with their respective `--check`
generators.
* test(plugin-sdk): assert SSRF blocked error class
* fix(lint): satisfy exact-origin PR lint rules
* docs: clarify custom provider origin trust
* chore(docs): refresh plugin sdk api baseline
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Remove the bundled codex-cli backend, migrate legacy codex-cli refs and runtime pins to the Codex app-server runtime, and update live/backend workflow coverage for the supported CLI lanes.
- Add mistral-medium-3-5 to model catalog with reasoning: true
- Add compat support for reasoning in api.ts
- Update docs/providers/mistral.md
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
Add an accordion under the Built-in provider tab describing the runtime
catalog refresh from the Copilot `/models` endpoint and the
`plugins.entries.github-copilot.config.discovery.enabled = false` opt-out
for offline / air-gapped scenarios. Pairs with the
`fetchCopilotModelCatalog` change so users know what the new behavior
is and how to disable it if needed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add resolveBedrockServiceTier() and createBedrockServiceTierWrapper()
to bedrock-stream-wrappers.ts
- Export service tier functions from provider-stream-shared.ts SDK barrel
- Wire service tier into Bedrock provider wrapStreamFn
- Accepts serviceTier or service_tier via agents.defaults.params
Valid values: default, flex, priority, reserved
Authored by Deepseek-v4-Pro, reviewed by rob@mobilinkd.com.
Add openai/chat-latest as an explicit direct API-key OpenAI model override, document the moving alias, and normalize unsupported Responses text verbosity for that model.
SenseAudio (docs/providers/senseaudio.md): removed the duplicate
'# SenseAudio' H1 (Mintlify renders title from frontmatter; an in-body
H1 produces a brittle anchor). Reordered the properties table to lead
with provider id, plugin, and the speechProviders/mediaUnderstanding
contract before the website/docs links, sourced from
extensions/senseaudio/openclaw.plugin.json. Lowercased the H2 to
'Getting started' for consistency.
Xiaomi (docs/providers/xiaomi.md): expanded the 4-row properties table
to include plugin, onboarding flag, direct CLI flag, and contracts
(chat completions plus speechProviders). The TTS default is surfaced
inline so readers see the dual-contract setup in one glance, sourced
from extensions/xiaomi/openclaw.plugin.json.
Inworld (docs/providers/inworld.md): renamed the table header from
'Detail' to 'Property' and added bundled-plugin status and the
speechProviders contract. Surfaced the audio output formats (MP3,
OGG_OPUS, PCM 22050 Hz) as a Property row so readers do not have to
read the Audio outputs accordion to confirm telephony support.
Verified against extensions/inworld/openclaw.plugin.json.
Tencent (docs/providers/tencent.md): rewrote against
extensions/tencent/openclaw.plugin.json. Removed the duplicate
'# Tencent Cloud TokenHub' H1 (Mintlify renders title from frontmatter;
the in-body H1 produces a brittle anchor). Added a properties summary
with onboarding flag and direct CLI flag. Promoted the Quick Start
auth step into a CodeGroup covering onboarding/direct/env. Added a
tiered-pricing table sourced from the bundled cost.tieredPricing
metadata so cost expectations are visible alongside the catalog.
Replaced trailing bullet list under 'Related documentation' with a
CardGroup pointing at TokenHub product/model-card pages.
Mistral (docs/providers/mistral.md): replaced the 3-bullet provider
header with a properties table that surfaces all four contracts the
plugin registers (chat completions via the model catalog, media
understanding Voxtral batch, voice-call streaming Voxtral Realtime, and
memory embeddings via mistral-embed) plus the onboarding flag and
direct CLI flag. Removed a stray 'Z.AI uses Bearer auth' line that had
leaked into the 'Auth and base URL' accordion from a copy-paste
elsewhere; replaced it with a Mistral-correct base-URL override note.
Verified the seven-row LLM catalog matches plugin manifest model ids.
Inferrs (docs/providers/inferrs.md): added a properties table
explicitly stating that inferrs is NOT a bundled plugin and is
configured under models.providers.inferrs (no onboarding choice flag,
no extension package). Cross-linked SGLang and vLLM as bundled
self-hosted alternatives so readers picking a local backend can
compare.
GLM (docs/providers/glm.md): rewrote against extensions/zai/openclaw.plugin.json.
Removed the duplicate '# GLM models' H1 (Mintlify renders title from
frontmatter; an in-body H1 produces a brittle anchor). Replaced the
two-column model table with a single Notes column covering all 13
bundled refs, including which are reasoning, which accept image input,
and which is the default image model (zai/glm-4.6v from the auto-routing
defaults). Expanded the auth-choice step into a CodeGroup covering all
five onboarding choices (zai-api-key, zai-coding-global, zai-coding-cn,
zai-global, zai-cn) sourced from the plugin manifest's
providerAuthChoices.
Runway (docs/providers/runway.md): expanded the supported-modes table
to cover all seven Runway models from
extensions/runway/video-generation-provider.ts. Text-to-video now lists
veo3, veo3.1, veo3.1_fast alongside gen4.5; image-to-video adds
gen4_turbo, gen3a_turbo, veo3, veo3.1, and veo3.1_fast. Added an
aspect-ratio table covering the documented RUNWAY_TEXT_ASPECT_RATIOS
('16:9'/'9:16') and RUNWAY_EDIT_ASPECT_RATIOS ('1:1'/'16:9'/'9:16'/
'3:4'/'4:3'/'21:9'). Promoted the existing properties table with
plugin/onboarding/CLI flag rows from the manifest.
Vydra (docs/providers/vydra.md): added a properties table sourced from
extensions/vydra/openclaw.plugin.json, including the three
providerAuthContract memberships (image/video/speech) and the
vydra-api-key onboarding choice plus --vydra-api-key direct flag. Kept
the existing Warning about the apex-host redirect intact.
