vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 09:10:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
37,730 Commits 1,843 Branches 149 Tags
7120f5b25487f2fc021d7642c663e2cea279e015
Commit Graph

855 Commits

Author SHA1 Message Date
Vincent Koc
e10f493160 ci: shard config codeql quality 
Split config quality CodeQL results into a separate category while keeping the default quality bucket narrow.
 2026-04-28 04:00:14 -07:00
Peter Steinberger
2a0af6754e ci: narrow ClawSweeper dispatch cancellation 2026-04-28 11:53:06 +01:00
Peter Steinberger
94fc91e235 ci: harden clawsweeper dispatch workflow 2026-04-28 11:35:40 +01:00
Peter Steinberger
7150acba69 ci: debounce clawsweeper dispatch metadata 2026-04-28 11:31:49 +01:00
Vincent Koc
77192572f6 ci: split macos codeql shard 
Split the slow macOS CodeQL job into its own weekly/manual workflow and keep the daily CodeQL default on the fast JS/Actions security path.
 2026-04-28 03:14:07 -07:00
Vincent Koc
5820a48fca ci: add plugin boundary codeql quality shard (#73447) 2026-04-28 02:30:33 -07:00
Vincent Koc
b6a21cde34 ci: schedule android codeql shard (#73430) 2026-04-28 01:54:57 -07:00
Vincent Koc
5ac6d7661c fix(ci): harden workflow checkouts 2026-04-28 01:37:00 -07:00
Peter Steinberger
8ff0ea50b0 ci: stabilize full release validation 2026-04-28 09:26:50 +01:00
Vincent Koc
dbab162abd ci: split codeql quality workflow (#73404) 2026-04-28 01:04:59 -07:00
Peter Steinberger
a811e164e3 ci: speed up full release validation 2026-04-28 09:02:57 +01:00
Peter Steinberger
c7af9c765c ci: tolerate missing clawsweeper dispatch access 2026-04-28 09:02:28 +01:00
Peter Steinberger
bcf4628092 ci: use gpt-5.5 for live OpenAI defaults 2026-04-28 08:27:11 +01:00
Peter Steinberger
39cecd6428 ci: avoid unnecessary docker image pulls 2026-04-28 08:24:29 +01:00
Vincent Koc
1278f0bcc0 fix(codeql): tune Android pinning profile 
Remove noisy missing-certificate-pinning query from the critical Android CodeQL profile; gateway TLS uses custom certificate fingerprint pinning.
 2026-04-27 23:04:16 -07:00
Peter Steinberger
ee75a8ec2c ci: document clawsweeper dispatch trigger 2026-04-28 06:50:33 +01:00
Peter Steinberger
6f3674c8d0 ci: harden ClawSweeper dispatcher credentials 2026-04-28 06:48:38 +01:00
Peter Steinberger
ba17db96a4 ci: skip clawsweeper without app credentials 2026-04-28 06:48:29 +01:00
Peter Steinberger
0fc1cdec45 ci: fix ClawSweeper dispatcher payload 2026-04-28 06:44:26 +01:00
Peter Steinberger
23818600bb ci: add ClawSweeper event dispatcher 2026-04-28 06:43:38 +01:00
Peter Steinberger
017b8db616 ci: speed up release validation shards 2026-04-28 06:14:23 +01:00
Vincent Koc
2bce63cb65 fix(android): harden canvas webview bridge (#73240) 
* fix(android): harden canvas webview bridge

* fix(android): make canvas content access hardening explicit

* fix(android): keep webview hardening inline for CodeQL

* fix(android): avoid webview getter false positive
 2026-04-27 21:41:01 -07:00
Peter Steinberger
000d52be37 ci: pin Google live gateway profile models 2026-04-28 05:19:33 +01:00
Peter Steinberger
d9a6dd0c36 ci: pin OpenAI live gateway profile model 2026-04-28 04:57:48 +01:00
Vincent Koc
42de56cc22 fix(ci): trust live docker harness scripts 2026-04-27 20:52:37 -07:00
Peter Steinberger
0bdc1d0375 ci: hydrate provider env for testbox commands 2026-04-28 04:34:21 +01:00
Peter Steinberger
68561a8c94 ci: use trusted codex live harness 2026-04-28 04:29:35 +01:00
Peter Steinberger
e7495e2d92 ci: pass provider secrets to testbox 2026-04-28 04:24:15 +01:00
Peter Steinberger
4db4d8976d ci: run release validation with trusted harness 2026-04-28 04:14:09 +01:00
Peter Steinberger
e5452a9c57 ci: speed up release validation 2026-04-28 03:52:05 +01:00
Peter Steinberger
fdd2ff02c6 ci: stabilize release validation lanes 2026-04-28 01:31:00 +01:00
Peter Steinberger
0294aebe6f feat(providers): add DeepInfra provider plugin (#73038) 
* feat(providers): add DeepInfra provider plugin

* feat(deepinfra): add media provider surfaces

* fix(deepinfra): satisfy provider boundary checks

* docs: add gitcrawl maintainer skill

* test: include deepinfra in live media sweeps

* fix: remove stale tts contract import
 2026-04-28 01:12:54 +01:00
Peter Steinberger
47f40788cf ci: install ffmpeg for live audio media shard 2026-04-28 00:57:43 +01:00
Peter Steinberger
b90f29d313 ci: split native live release shards 2026-04-28 00:49:10 +01:00
Peter Steinberger
f1edd601bc ci: split release qa parity lanes 2026-04-28 00:05:33 +01:00
Vincent Koc
cc80a40d86 fix(ci): preserve mixed macOS CodeQL SARIF findings 
Conservatively filter macOS CodeQL SARIF by dropping only findings where every location is SwiftPM build output. Verified with workflow sanity, local jq filtering, PR CI, and a failed-job rerun for an unrelated stalled Vitest shard.
 2026-04-27 15:43:53 -07:00
Peter Steinberger
39e3d8d31d ci: shard release validation reruns 2026-04-27 23:38:13 +01:00
Vincent Koc
6e77c10c6c fix(ci): harden macOS CodeQL SARIF filtering 
Harden the macOS CodeQL SARIF filter to drop only findings whose primary location is SwiftPM build output. Verified with workflow sanity, local jq filtering, full PR CI, and profile=macos-security branch proof in 18m44s.
 2026-04-27 15:25:38 -07:00
Vincent Koc
2c2a240344 fix(ci): filter macOS CodeQL dependency SARIF 
Filter SwiftPM dependency build results from the manual macOS CodeQL shard before upload. Verified with workflow sanity, local jq filtering, and profile=macos-security branch proof in 15m54s. PR CI has the same unrelated extensions/memory-core timeout failure currently present on main.
 2026-04-27 14:37:29 -07:00
Peter Steinberger
fb4d9fc4fb ci: harden npm telegram artifact upload 2026-04-27 22:13:21 +01:00
Peter Steinberger
295d63c331 ci: record package proof in release evidence 2026-04-27 22:00:03 +01:00
Vincent Koc
bd51f82efa fix(security): harden CodeQL secret ref validation 
Remediate current-profile CodeQL findings for file SecretRef id validation and release workflow job permissions. Includes changelog credit. Thanks @vincentkoc.
 2026-04-27 13:53:27 -07:00
Vincent Koc
36b5e34fc0 fix(ci): add macOS CodeQL security shard 
Add a manual macOS CodeQL security shard scoped to app sources. Verified with profile=macos-security on Blacksmith in 16m55s.
 2026-04-27 13:40:34 -07:00
Peter Steinberger
cdf88bcad4 test: harden release qa live gates 2026-04-27 21:16:48 +01:00
Vincent Koc
74eccd42d8 fix(ci): add android CodeQL security shard 
Add a manual Android CodeQL security shard scoped to app production sources. Verified with profile=android-security on Blacksmith in 4m22s.
 2026-04-27 12:32:55 -07:00
Peter Steinberger
54e13d4910 ci: split release validation slow shards 2026-04-27 20:30:17 +01:00
dependabot[bot]
48f433479d chore(deps): bump github/codeql-action 
Bump github/codeql-action from b25d0ebf40e5b63ee81e1bd6e5d2a12b7c2aeb61 to 95e58e9a2cdfd71adc6e0353d5c52f41a045d225.
 2026-04-27 12:01:27 -07:00
Vincent Koc
282af9c50a fix(ci): run CodeQL on small Blacksmith runners (#72988) 2026-04-27 11:56:48 -07:00
Vincent Koc
e864fd39cc fix(ci): narrow CodeQL critical scan (#72982) 2026-04-27 11:42:42 -07:00
Peter Steinberger
c41126dbbb ci: capture dispatched full validation runs 2026-04-27 15:51:03 +01:00