vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-17 12:11:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
30,484 Commits 1,339 Branches 111 Tags
6738e9abdf297a5ec9da8f4590de2ea1dbad0ccc
Commit Graph

242 Commits

Author SHA1 Message Date
Peter Steinberger
85fa33d9d7 style: apply formatter drift 2026-04-11 14:08:55 +01:00
Tak Hoffman
cc5c691f00 feat(ui): render assistant directives and add embed tag (#64104) 
* Add embed rendering for Control UI assistant output

* Add changelog entry for embed rendering

* Harden canvas path resolution and stage isolation

* Secure assistant media route and preserve UI avatar override

* Fix chat media and history regressions

* Harden embed iframe URL handling

* Fix embed follow-up review regressions

* Restore offloaded chat attachment persistence

* Harden hook and media routing

* Fix embed review follow-ups

* feat(ui): add configurable embed sandbox mode

* fix(gateway): harden assistant media and auth rotation

* fix(gateway): restore websocket pairing handshake flows

* fix(gateway): restore ws hello policy details

* Restore dropped control UI shell wiring

* Fix control UI reconnect cleanup regressions

* fix(gateway): restore media root and auth getter compatibility

* feat(ui): rename public canvas tag to embed

* fix(ui): address remaining media and gateway review issues

* fix(ui): address remaining embed and attachment review findings

* fix(ui): restore stop control and tool card inputs

* fix(ui): address history and attachment review findings

* fix(ui): restore prompt contribution wiring

* fix(ui): address latest history and directive reviews

* fix(ui): forward password auth for assistant media

* fix(ui): suppress silent transcript tokens with media

* feat(ui): add granular embed sandbox modes

* fix(ui): preserve relative media directives in history

* docs(ui): document embed sandbox modes

* fix(gateway): restrict canvas history hoisting to tool entries

* fix(gateway): tighten embed follow-up review fixes

* fix(ci): repair merged branch type drift

* fix(prompt): restore stable runtime prompt rendering

* fix(ui): harden local attachment preview checks

* fix(prompt): restore channel-aware approval guidance

* fix(gateway): enforce auth rotation and media cleanup

* feat(ui): gate external embed urls behind config

* fix(ci): repair rebased branch drift

* fix(ci): resolve remaining branch check failures
 2026-04-11 07:32:53 -05:00
Vincent Koc
74e7b8d47b fix(cycles): bulk extract leaf type surfaces 2026-04-11 13:26:50 +01:00
Vincent Koc
7308e72fac fix(cycles): continue seam extraction 2026-04-11 10:43:22 +01:00
Peter Steinberger
9e0d358695 refactor: simplify runtime conversions 2026-04-11 01:23:34 +01:00
Agustin Rivera
e3a845bde5 Normalize agent hook system event trust handling (#64372) 
* fix(hooks): sanitize agent hook system events

Co-authored-by: zsx <git@zsxsoft.com>

* chore(changelog): add agent hook trust normalization entry

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 12:56:00 -06:00
Peter Steinberger
cbce38d78c style: format post-rebase files 2026-04-10 19:28:42 +01:00
Menglin Li
36c3a54b51 fix(gateway): plug long-running memory leaks 
Prune stale gateway control-plane rate-limit buckets, bound transcript-session lookup caching, clear agent event sequence state with run contexts, and clear node wake/nudge state on disconnect.\n\nVerified locally after rebasing onto main:\n\n- pnpm test src/gateway/control-plane-rate-limit.test.ts src/gateway/session-transcript-key.test.ts src/infra/agent-events.test.ts src/gateway/server-methods/nodes.invoke-wake.test.ts\n- pnpm check\n\nCo-authored-by: lml2468 <39320777+lml2468@users.noreply.github.com>
 2026-04-10 17:45:12 +01:00
Peter Steinberger
bf40baaa4d fix(gateway): improve websocket auth logging 2026-04-10 12:39:08 +01:00
Pavan Kumar Gondhi
6517c700de fix(nostr): require operator.admin scope for profile mutation routes [AI] (#63553) 
* fix: address issue

* fix: address review feedback

* fix: address review feedback

* fix: finalize issue changes

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-10 16:38:41 +05:30
Peter Steinberger
6c82a91d3d refactor: tighten device pairing approval types 2026-04-10 10:22:00 +01:00
Nimrod Gutman
f3c304917a revert: undo background alive review findings fix 2026-04-08 14:02:49 +03:00
Nimrod Gutman
b328c66115 fix: resolve background alive beacon review findings 2026-04-08 13:46:39 +03:00
Peter Steinberger
3174c6919d refactor: dedupe gateway memory trimmed readers 2026-04-08 01:36:39 +01:00
Peter Steinberger
b3ecabbbb7 refactor: dedupe gateway trimmed readers 2026-04-08 00:09:42 +01:00
Peter Steinberger
e51a00ffc7 refactor: dedupe gateway infra lowercase helpers 2026-04-07 20:57:03 +01:00
Peter Steinberger
037340d287 refactor: dedupe gateway lowercase helpers 2026-04-07 17:50:38 +01:00
pgondhi987
5880ec17b1 fix(gateway): invalidate shared-token/password WS sessions on secret rotation [AI] (#62350) 
* fix: address issue

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 10:10:10 -06:00
Peter Steinberger
9d8d1dd4c5 refactor: dedupe shared string aliases 2026-04-07 09:44:53 +01:00
Peter Steinberger
ce7ef626b8 refactor: dedupe gateway helper readers 2026-04-07 08:40:35 +01:00
Peter Steinberger
b081f88952 Gateway: allow Docker loopback Control UI pairing 2026-04-07 07:54:39 +01:00
Agustin Rivera
5b6e552b51 fix(hooks): mark wake hook events untrusted (#62003) 
* fix(hooks): mark wake hook events untrusted

* docs(changelog): add wake-hook trust entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-06 14:17:48 -06:00
Peter Steinberger
1703bdcaf6 Revert "fix(gateway): bound silent local pairing scopes" 
This reverts commit 7f1b159c03.
 2026-04-05 23:09:58 +01:00
Peter Steinberger
7f1b159c03 fix(gateway): bound silent local pairing scopes 2026-04-05 22:56:40 +01:00
Nimrod Gutman
28955a36e7 feat(ios): add exec approval notification flow (#60239) 
* fix(auth): hand off qr bootstrap to bounded device tokens

* feat(ios): add exec approval notification flow

* fix(gateway): harden approval notification delivery

* docs(changelog): add ios exec approval entry (#60239) (thanks @ngutman)
 2026-04-05 16:33:22 +03:00
Peter Steinberger
20b08f1a85 fix: enforce paired scope baselines on reconnect 2026-04-05 07:53:57 +01:00
Peter Steinberger
6596e64a68 fix: stabilize gateway auth fallback tests 2026-04-05 12:03:30 +09:00
Peter Steinberger
7d22a16adb fix: bound bootstrap handoff token scopes 2026-04-04 22:29:52 +09:00
Peter Steinberger
65fcf7e104 fix(gateway): scope browser-origin auth throttling 2026-04-04 20:30:39 +09:00
Peter Steinberger
926c107fe5 fix: narrow plugin route runtime scope fallback (#59815) (thanks @pgondhi987) 2026-04-04 16:57:44 +09:00
Pavan Kumar Gondhi
74270762ff fix: address review feedback 2026-04-04 16:57:44 +09:00
Pavan Kumar Gondhi
b02b2c3a0b fix: address issue 2026-04-04 16:57:44 +09:00
Peter Steinberger
20266ff7dd fix: preserve mobile bootstrap auth fallback (#60238) (thanks @ngutman) 2026-04-04 15:57:38 +09:00
Nimrod Gutman
a9140abea6 fix(auth): hand off qr bootstrap to bounded device tokens 2026-04-04 15:57:38 +09:00
Peter Steinberger
1ab37d7a12 refactor(gateway): classify pairing locality 2026-04-04 06:47:14 +01:00
Peter Steinberger
40da986b21 fix: preserve docker cli pairing locality (#55113) (thanks @sar618) 2026-04-04 14:36:30 +09:00
sar618
224fceee1a fix(gateway): skip device pairing for authenticated CLI connections in Docker 
CLI connections with valid shared auth (token/password) now bypass device
pairing, fixing the chicken-and-egg problem where Docker CLI commands fail
with 'pairing required' (1008) despite sharing the gateway's network
namespace and auth token.

The existing shouldSkipBackendSelfPairing only matched gateway-client/backend
mode. CLI connections use cli/cli mode and were excluded. Additionally,
isLocalDirectRequest produces false negatives in Docker (host networking,
network_mode sharing) even when remoteAddress is 127.0.0.1, so CLI connections
with valid shared auth skip the locality check entirely — the token is the
trust anchor.

Closes #55067
Related: #12210, #23471, #30740
 2026-04-04 14:36:30 +09:00
mappel-nv
21e53aea9e Gateway: refresh websocket auth after secrets reload (#60323) 
* Gateway: refresh websocket auth after secrets reload

* Gateway: always restore auth reload test globals

* chore: add changelog for websocket auth reload

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-03 14:35:31 -06:00
Peter Steinberger
ab96520bba refactor(plugins): move channel behavior into plugins 2026-04-03 19:09:20 +01:00
Michael Appel
97558f2325 Gateway: expand shared-auth rotation coverage 2026-04-04 02:20:22 +09:00
Michael Appel
54b269b2cb Gateway: disconnect shared-auth sessions on auth change 2026-04-04 02:20:22 +09:00
Ayaan Zaidi
39361d13be fix: restore bootstrap tokens after send failure (#60221) 2026-04-03 21:52:35 +09:00
Ayaan Zaidi
5e3a3c42ca fix(gateway): revoke bootstrap tokens after handshake commit 2026-04-03 21:52:35 +09:00
Ayaan Zaidi
b08d58c917 fix(gateway): track bootstrap profile redemption 2026-04-03 21:52:35 +09:00
Ayaan Zaidi
a42f000b53 fix(gateway): defer bootstrap token revocation 2026-04-03 21:52:35 +09:00
Agustin Rivera
676b748056 Limit connect snapshot metadata to admin-scoped clients (#58469) 
* fix(gateway): gate connect snapshot metadata by scope

* fix(gateway): clarify connect snapshot trust boundary

* fix(gateway): note connect snapshot change in changelog

* fix(gateway): remove changelog changes from PR

* chore: add changelog for scoped gateway snapshot metadata

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:41:47 -06:00
wangchunyue
51edd30bea fix: restore local loopback role upgrades (#59092) (thanks @openperf) 
* fix(gateway ): allow silent role upgrades for local loopback clients

When a local loopback client connects with a role not covered by
existing device tokens, listEffectivePairedDeviceRoles incorrectly
returns an empty role set for devices whose tokens map is an empty
object. This triggers a role-upgrade pairing request that
shouldAllowSilentLocalPairing rejects because it does not recognise
the role-upgrade reason.

Fix listEffectivePairedDeviceRoles to fall back to legacy role fields
when the tokens map has no entries, and extend
shouldAllowSilentLocalPairing to accept role-upgrade for local
clients.

Fixes #59045

* fix: restore local loopback role upgrades (#59092) (thanks @openperf)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-02 08:13:45 +05:30
Nimrod Gutman
017bc5261c fix(gateway): prefer bootstrap auth over tailscale (#59232) 
* fix(gateway): prefer bootstrap auth over tailscale

* fix(gateway): prefer bootstrap auth over tailscale (#59232) (thanks @ngutman)
 2026-04-01 23:20:10 +03:00
Peter Steinberger
db0cea5689 refactor(gateway): extract node pairing reconciliation 2026-04-01 18:02:31 +09:00
Peter Steinberger
19d0c2dd1d refactor: remove cron legacy delivery from runtime 2026-04-01 17:06:01 +09:00