openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00

Author	SHA1	Message	Date
Vincent Koc	5a453eacbd	chore(onboarding): add explicit account-risk warning for Gemini CLI OAuth and docs (#16683 ) * docs: add account-risk caution to Google OAuth provider docs * docs(plugin): add Gemini CLI account safety caution * CLI: add risk hint for Gemini CLI auth choice * Onboarding: require confirmation for Gemini CLI OAuth * Tests: cover Gemini CLI OAuth risk confirmation flow	2026-02-26 15:25:42 -05:00
Peter Steinberger	9f154efa8d	docs(acp): expand /acp operator playbook	2026-02-26 16:49:20 +00:00
Peter Steinberger	0ec7711bc2	fix(agents): harden compaction and reset safety Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com> Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>	2026-02-26 17:41:24 +01:00
Peter Steinberger	c81e9866ff	fix(pi): stop history image reinjection token blowup	2026-02-26 16:38:20 +01:00
Peter Steinberger	03d7641b0e	feat(agents): default codex transport to websocket-first	2026-02-26 16:22:53 +01:00
Peter Steinberger	cc1eaf130b	docs(gateway): clarify remote token local fallback semantics	2026-02-26 15:59:44 +01:00
Peter Steinberger	4380d74d49	docs(secrets): add dedicated apply plan contract page	2026-02-26 14:47:22 +00:00
joshavant	14897e8de7	docs(secrets): clarify partial migration guidance	2026-02-26 14:47:22 +00:00
joshavant	ea1ccf4896	docs(secrets): add direct 1password exec example	2026-02-26 14:47:22 +00:00
joshavant	f46b9c996f	feat(secrets): allow opt-in symlink exec command paths	2026-02-26 14:47:22 +00:00
joshavant	06290b49b2	feat(secrets): finalize mode rename and validated exec docs	2026-02-26 14:47:22 +00:00
joshavant	f413e314b9	feat(secrets): replace migrate flow with audit/configure/apply	2026-02-26 14:47:22 +00:00
joshavant	bde9cbb058	docs(secrets): align provider model and add exec resolver coverage	2026-02-26 14:47:22 +00:00
joshavant	5e3a86fd2f	feat(secrets): expand onboarding secret-ref flows and custom-provider parity	2026-02-26 14:47:22 +00:00
joshavant	e8637c79b3	fix(secrets): harden sops migration sops rule matching	2026-02-26 14:47:22 +00:00
joshavant	0e69660c41	feat(secrets): finalize external secrets runtime and migration hardening	2026-02-26 14:47:22 +00:00
joshavant	c5b89fbaea	Docs: address review feedback on secrets docs	2026-02-26 14:47:22 +00:00
joshavant	9203d583f9	Docs: add secrets and CLI secrets reference pages	2026-02-26 14:47:22 +00:00
joshavant	c0a3801086	Docs: document secrets refs runtime and migration	2026-02-26 14:47:22 +00:00
Peter Steinberger	7d8aeaaf06	fix(gateway): pin paired reconnect metadata for node policy	2026-02-26 14:11:04 +01:00
Peter Steinberger	5df9aacf68	fix(podman): default run-openclaw-podman bind to loopback (land #27491 , thanks @robbyczgw-cla) Co-authored-by: robbyczgw-cla <robbyczgw@gmail.com>	2026-02-26 12:13:20 +00:00
Peter Steinberger	8bdda7a651	fix(security): keep DM pairing allowlists out of group auth	2026-02-26 12:58:18 +01:00
Peter Steinberger	caace61ba1	chore: bump versions to 2026.2.26	2026-02-26 12:11:02 +01:00
Gustavo Madeira Santana	1ffc319831	Doctor: keep allowFrom account-scoped in multi-account configs	2026-02-26 05:34:58 -05:00
Onur Solmaz	a7d56e3554	feat: ACP thread-bound agents (#23580 ) * docs: add ACP thread-bound agents plan doc * docs: expand ACP implementation specification * feat(acp): route ACP sessions through core dispatch and lifecycle cleanup * feat(acp): add /acp commands and Discord spawn gate * ACP: add acpx runtime plugin backend * fix(subagents): defer transient lifecycle errors before announce * Agents: harden ACP sessions_spawn and tighten spawn guidance * Agents: require explicit ACP target for runtime spawns * docs: expand ACP control-plane implementation plan * ACP: harden metadata seeding and spawn guidance * ACP: centralize runtime control-plane manager and fail-closed dispatch * ACP: harden runtime manager and unify spawn helpers * Commands: route ACP sessions through ACP runtime in agent command * ACP: require persisted metadata for runtime spawns * Sessions: preserve ACP metadata when updating entries * Plugins: harden ACP backend registry across loaders * ACPX: make availability probe compatible with adapters * E2E: add manual Discord ACP plain-language smoke script * ACPX: preserve streamed spacing across Discord delivery * Docs: add ACP Discord streaming strategy * ACP: harden Discord stream buffering for thread replies * ACP: reuse shared block reply pipeline for projector * ACP: unify streaming config and adopt coalesceIdleMs * Docs: add temporary ACP production hardening plan * Docs: trim temporary ACP hardening plan goals * Docs: gate ACP thread controls by backend capabilities * ACP: add capability-gated runtime controls and /acp operator commands * Docs: remove temporary ACP hardening plan * ACP: fix spawn target validation and close cache cleanup * ACP: harden runtime dispatch and recovery paths * ACP: split ACP command/runtime internals and centralize policy * ACP: harden runtime lifecycle, validation, and observability * ACP: surface runtime and backend session IDs in thread bindings * docs: add temp plan for binding-service migration * ACP: migrate thread binding flows to SessionBindingService * ACP: address review feedback and preserve prompt wording * ACPX plugin: pin runtime dependency and prefer bundled CLI * Discord: complete binding-service migration cleanup and restore ACP plan * Docs: add standalone ACP agents guide * ACP: route harness intents to thread-bound ACP sessions * ACP: fix spawn thread routing and queue-owner stall * ACP: harden startup reconciliation and command bypass handling * ACP: fix dispatch bypass type narrowing * ACP: align runtime metadata to agentSessionId * ACP: normalize session identifier handling and labels * ACP: mark thread banner session ids provisional until first reply * ACP: stabilize session identity mapping and startup reconciliation * ACP: add resolved session-id notices and cwd in thread intros * Discord: prefix thread meta notices consistently * Discord: unify ACP/thread meta notices with gear prefix * Discord: split thread persona naming from meta formatting * Extensions: bump acpx plugin dependency to 0.1.9 * Agents: gate ACP prompt guidance behind acp.enabled * Docs: remove temp experiment plan docs * Docs: scope streaming plan to holy grail refactor * Docs: refactor ACP agents guide for human-first flow * Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow * Docs/Skill: add OpenCode and Pi to ACP harness lists * Docs/Skill: align ACP harness list with current acpx registry * Dev/Test: move ACP plain-language smoke script and mark as keep * Docs/Skill: reorder ACP harness lists with Pi first * ACP: split control-plane manager into core/types/utils modules * Docs: refresh ACP thread-bound agents plan * ACP: extract dispatch lane and split manager domains * ACP: centralize binding context and remove reverse deps * Infra: unify system message formatting * ACP: centralize error boundaries and session id rendering * ACP: enforce init concurrency cap and strict meta clear * Tests: fix ACP dispatch binding mock typing * Tests: fix Discord thread-binding mock drift and ACP request id * ACP: gate slash bypass and persist cleared overrides * ACPX: await pre-abort cancel before runTurn return * Extension: pin acpx runtime dependency to 0.1.11 * Docs: add pinned acpx install strategy for ACP extension * Extensions/acpx: enforce strict local pinned startup * Extensions/acpx: tighten acp-router install guidance * ACPX: retry runtime test temp-dir cleanup * Extensions/acpx: require proactive ACPX repair for thread spawns * Extensions/acpx: require restart offer after acpx reinstall * extensions/acpx: remove workspace protocol devDependency * extensions/acpx: bump pinned acpx to 0.1.13 * extensions/acpx: sync lockfile after dependency bump * ACPX: make runtime spawn Windows-safe * fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)	2026-02-26 11:00:09 +01:00
Gustavo Madeira Santana	dfa0b5b4fc	Channels: move single-account config into accounts.default (#27334 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `50b5771808` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-26 04:06:03 -05:00
Sid	c289b5ff9f	fix(config): preserve agent-level apiKey/baseUrl during models.json merge (#27293 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `6b4b37b03d` Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-26 03:46:36 -05:00
yinghaosang	92c309f2e1	docs: fix wrong Providers link in configuration examples	2026-02-26 02:41:07 -06:00
Gustavo Madeira Santana	96c7702526	Agents: add account-scoped bind and routing commands (#27195 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `ad35a458a5` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-26 02:36:56 -05:00
Gustavo Madeira Santana	f08fe02a1b	Onboarding: support plugin-owned interactive channel flows (#27191 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `53872cf8e7` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-26 01:14:57 -05:00
Gustavo Madeira Santana	91a3f0a3fe	pairing: enforce strict account-scoped state	2026-02-26 00:31:24 -05:00
Peter Steinberger	35976da7a0	fix: harden Docker/GCP onboarding flow (#26253 ) (thanks @pandego)	2026-02-26 04:46:18 +00:00
pandego	e8197404d0	Docker/docs: reduce docker build OOM risk on small GCP hosts	2026-02-26 04:46:18 +00:00
Peter Steinberger	cb3e5c35b0	docs: fix onboarding markdown list spacing	2026-02-26 05:23:30 +01:00
Peter Steinberger	4ada143794	docs(heartbeat): add directPolicy to config examples	2026-02-26 03:59:38 +01:00
Peter Steinberger	8a006a3260	feat(heartbeat): add directPolicy and restore default direct delivery	2026-02-26 03:57:03 +01:00
Peter Steinberger	b8bb8ab3ca	docs: clarify personal-by-default onboarding security notice	2026-02-26 02:59:34 +01:00
Peter Steinberger	c736f11a16	fix(gateway): harden browser websocket auth chain	2026-02-26 01:22:49 +01:00
Peter Steinberger	e56b0cf1a0	fix: enforce telegram reaction authorization	2026-02-26 01:03:03 +01:00
Peter Steinberger	42f455739f	fix(security): clarify denyCommands exact-match guidance	2026-02-26 00:55:35 +01:00
Peter Steinberger	eb73e87f18	fix(session): prevent silent overflow on parent thread forks (#26912 ) Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates. Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com>	2026-02-25 23:54:02 +00:00
Peter Steinberger	8f3310000a	refactor(macos): remove anthropic oauth onboarding flow	2026-02-26 00:17:03 +01:00
Peter Steinberger	8f5f599a34	docs(security): note narrow filesystem roots for tool access	2026-02-25 05:10:10 +00:00
Peter Steinberger	52d933b3a9	refactor: replace bot.molt identifiers with ai.openclaw	2026-02-25 05:03:24 +00:00
Peter Steinberger	480cc4b85c	chore: roll to 2026.2.25 unreleased	2026-02-25 03:35:33 +00:00
Peter Steinberger	069c495df6	docs: clarify pairing commands in faq and troubleshooting	2026-02-25 02:50:17 +00:00
Peter Steinberger	c2a837565c	docs: fix configure section example	2026-02-25 02:44:49 +00:00
Peter Steinberger	bfafec2271	docs: expand doctor and devices CLI references	2026-02-25 02:41:13 +00:00
Peter Steinberger	a12cbf8994	docs: refresh CLI and trusted-proxy docs	2026-02-25 02:40:12 +00:00
Peter Steinberger	24d7612ddf	refactor(heartbeat): harden dm delivery classification	2026-02-25 02:13:07 +00:00

1 2 3 4 5 ...

2627 Commits