vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-07 07:11:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,425 Commits 1,140 Branches 96 Tags
78b48735fafdfd39a99fb0dcac1d4202742860c7
Commit Graph

29 Commits

Author SHA1 Message Date
HansY
3b1f8e3461 fix: strip inbound metadata before slash command detection (#58674) 
Slash commands like /model and /new were silently ignored when the inbound
message body included metadata prefix blocks (Conversation info, Sender info,
timestamps) injected by buildInboundUserContextPrefix. The command detection
functions (hasControlCommand, isControlCommandMessage, parseSendPolicyCommand)
now call stripInboundMetadata before normalizeCommandBody so embedded slash
commands are correctly recognized.
 2026-04-01 10:17:20 +01:00
Vincent Koc
a30214a624 fix(heartbeat): block owner-only auth inheritance for exec events (#57652) 2026-03-31 09:06:51 +09:00
Tak Hoffman
d2e25b03fe fix(regression): preserve external command auth context 2026-03-27 20:24:14 -05:00
Peter Steinberger
bcd61f0a38 refactor: dedupe helpers and source seams 2026-03-24 21:00:36 +00:00
Peter Steinberger
69a317995d fix: fail closed when provider inference drops errored allowlists 2026-03-23 21:14:55 -07:00
Ayaan Zaidi
17c1ee7716 fix: preserve command auth resolution errors on empty inferred allowlists 2026-03-24 08:38:27 +05:30
Taras Lukavyi
d4e3babdcc fix: command auth SecretRef resolution (#52791) (thanks @Lukavyi) 
* fix(command-auth): handle unresolved SecretRef in resolveAllowFrom

* fix(command-auth): fall back to config allowlists

* fix(command-auth): avoid duplicate resolution fallback

* fix(command-auth): fail closed on invalid allowlists

* fix(command-auth): isolate fallback resolution errors

* fix: record command auth SecretRef landing notes (#52791) (thanks @Lukavyi)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-24 08:21:30 +05:30
Peter Steinberger
7eb48d3cf8 refactor(auto-reply): share discord auth registry test fixture 2026-03-07 17:58:31 +00:00
Sid
60d33637d9 fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <45486779+Naylenv@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:32:42 -06:00
Peter Steinberger
08e2aa44e7 fix(commands): restrict commands.allowFrom to sender principals 2026-02-24 02:01:01 +00:00
Peter Steinberger
d116bcfb14 refactor(runtime): consolidate followup, gateway, and provider dedupe paths 2026-02-22 14:08:51 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Sebastian
dff8692613 fix(discord): normalize command allowFrom prefixes 2026-02-17 08:45:41 -05:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Vignesh Natarajan
e95134ba3f fix (commands): keep webchat auth on internal provider 2026-02-16 11:30:49 -08:00
Peter Steinberger
f717a13039 refactor(agent): dedupe harness and command workflows 2026-02-16 14:59:30 +00:00
Shadow
47f6bb4146 Commands: add commands.allowFrom config 2026-02-09 23:58:52 -06:00
Peter Steinberger
bdb90ea4ee test: register discord plugin in allowlist test 2026-02-05 00:38:50 -08:00
Peter Steinberger
d6cde28c8e fix: stabilize windows acl tests and command auth registry (#9335) (thanks @M00N7682) 2026-02-05 00:38:35 -08:00
Peter Steinberger
d84eb46467 fix: restore discord owner hint from allowlists 2026-02-04 23:34:22 -08:00
Gustavo Madeira Santana
385a7eba33 fix: enforce owner allowlist for commands 2026-02-04 20:05:08 -05:00
Gustavo Madeira Santana
392bbddf29 Security: owner-only tools + command auth hardening (#9202) 
* Security: gate whatsapp_login by sender auth

* Security: treat undefined senderAuthorized as unauthorized (opt-in)

* fix: gate whatsapp_login to owner senders (#8768) (thanks @victormier)

* fix: add explicit owner allowlist for tools (#8768) (thanks @victormier)

* fix: normalize escaped newlines in send actions (#8768) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 19:49:36 -05:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
0d336272f9 test: consolidate auto-reply unit coverage 2026-01-23 18:34:33 +00:00