openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 15:30:39 +00:00

Author	SHA1	Message	Date
Peter Steinberger	cc1eaf130b	docs(gateway): clarify remote token local fallback semantics	2026-02-26 15:59:44 +01:00
Peter Steinberger	4380d74d49	docs(secrets): add dedicated apply plan contract page	2026-02-26 14:47:22 +00:00
joshavant	14897e8de7	docs(secrets): clarify partial migration guidance	2026-02-26 14:47:22 +00:00
joshavant	ea1ccf4896	docs(secrets): add direct 1password exec example	2026-02-26 14:47:22 +00:00
joshavant	f46b9c996f	feat(secrets): allow opt-in symlink exec command paths	2026-02-26 14:47:22 +00:00
joshavant	06290b49b2	feat(secrets): finalize mode rename and validated exec docs	2026-02-26 14:47:22 +00:00
joshavant	f413e314b9	feat(secrets): replace migrate flow with audit/configure/apply	2026-02-26 14:47:22 +00:00
joshavant	bde9cbb058	docs(secrets): align provider model and add exec resolver coverage	2026-02-26 14:47:22 +00:00
joshavant	5e3a86fd2f	feat(secrets): expand onboarding secret-ref flows and custom-provider parity	2026-02-26 14:47:22 +00:00
joshavant	e8637c79b3	fix(secrets): harden sops migration sops rule matching	2026-02-26 14:47:22 +00:00
joshavant	0e69660c41	feat(secrets): finalize external secrets runtime and migration hardening	2026-02-26 14:47:22 +00:00
joshavant	9203d583f9	Docs: add secrets and CLI secrets reference pages	2026-02-26 14:47:22 +00:00
joshavant	c0a3801086	Docs: document secrets refs runtime and migration	2026-02-26 14:47:22 +00:00
Peter Steinberger	7d8aeaaf06	fix(gateway): pin paired reconnect metadata for node policy	2026-02-26 14:11:04 +01:00
Gustavo Madeira Santana	dfa0b5b4fc	Channels: move single-account config into accounts.default (#27334 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `50b5771808` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-26 04:06:03 -05:00
Sid	c289b5ff9f	fix(config): preserve agent-level apiKey/baseUrl during models.json merge (#27293 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `6b4b37b03d` Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-26 03:46:36 -05:00
yinghaosang	92c309f2e1	docs: fix wrong Providers link in configuration examples	2026-02-26 02:41:07 -06:00
Gustavo Madeira Santana	91a3f0a3fe	pairing: enforce strict account-scoped state	2026-02-26 00:31:24 -05:00
Peter Steinberger	4ada143794	docs(heartbeat): add directPolicy to config examples	2026-02-26 03:59:38 +01:00
Peter Steinberger	8a006a3260	feat(heartbeat): add directPolicy and restore default direct delivery	2026-02-26 03:57:03 +01:00
Peter Steinberger	c736f11a16	fix(gateway): harden browser websocket auth chain	2026-02-26 01:22:49 +01:00
Peter Steinberger	42f455739f	fix(security): clarify denyCommands exact-match guidance	2026-02-26 00:55:35 +01:00
Peter Steinberger	eb73e87f18	fix(session): prevent silent overflow on parent thread forks (#26912 ) Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates. Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com>	2026-02-25 23:54:02 +00:00
Peter Steinberger	8f5f599a34	docs(security): note narrow filesystem roots for tool access	2026-02-25 05:10:10 +00:00
Peter Steinberger	52d933b3a9	refactor: replace bot.molt identifiers with ai.openclaw	2026-02-25 05:03:24 +00:00
Peter Steinberger	069c495df6	docs: clarify pairing commands in faq and troubleshooting	2026-02-25 02:50:17 +00:00
Peter Steinberger	a12cbf8994	docs: refresh CLI and trusted-proxy docs	2026-02-25 02:40:12 +00:00
Peter Steinberger	24d7612ddf	refactor(heartbeat): harden dm delivery classification	2026-02-25 02:13:07 +00:00
Peter Steinberger	a805d6b439	fix(heartbeat): block dm targets and internalize blocked prompts	2026-02-25 02:05:45 +00:00
Peter Steinberger	e2362d352d	fix(heartbeat): default target none and internalize relay prompts	2026-02-25 01:28:47 +00:00
Peter Steinberger	ee6fec36eb	docs(discord): document DAVE defaults and decrypt recovery	2026-02-25 00:28:06 +00:00
Peter Steinberger	9cd50c51b0	fix(discord): harden voice DAVE receive reliability (#25861 ) Reimplements and consolidates related work: - #24339 stale disconnect/destroyed session guards - #25312 voice listener cleanup on stop - #23036 restore @snazzah/davey runtime dependency Adds Discord voice DAVE config passthrough, repeated decrypt failure rejoin recovery, regression tests, docs, and changelog updates. Co-authored-by: Frank Yang <frank.ekn@gmail.com> Co-authored-by: Do Cao Hieu <admin@docaohieu.com>	2026-02-25 00:19:50 +00:00
Peter Steinberger	14b6eea6e3	feat(sandbox): block container namespace joins by default	2026-02-24 23:20:34 +00:00
Peter Steinberger	370d115549	fix: enforce workspaceOnly for native prompt image autoload	2026-02-24 14:47:59 +00:00
Peter Steinberger	8cc841766c	docs(security): enumerate dangerous config parameters	2026-02-24 14:25:43 +00:00
Peter Steinberger	4d124e4a9b	feat(security): warn on likely multi-user trust-model mismatch	2026-02-24 14:03:19 +00:00
Peter Steinberger	8c5cf2d5b2	docs(subagents): document default runTimeoutSeconds config (#24594 ) (thanks @mitchmcalister)	2026-02-24 04:22:43 +00:00
Peter Steinberger	223d7dc23d	feat(gateway)!: require explicit non-loopback control-ui origins	2026-02-24 01:57:11 +00:00
Peter Steinberger	5eb72ab769	fix(security): harden browser SSRF defaults and migrate legacy key	2026-02-24 01:52:01 +00:00
Peter Steinberger	f0f886ecc4	docs(security): clarify gateway-node trust boundary in docs	2026-02-24 01:35:44 +00:00
Peter Steinberger	cfa44ea6b4	fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907 ) * fix(channels): default allowFrom to id-only; add dangerous name opt-in * docs(security): align channel allowFrom docs with id-only default	2026-02-24 01:01:51 +00:00
Peter Steinberger	41b0568b35	docs(security): clarify shared-agent trust boundaries	2026-02-24 01:00:05 +00:00
Peter Steinberger	400220275c	docs: clarify multi-instance recommendations for user isolation	2026-02-24 00:40:08 +00:00
Peter Steinberger	7d55277d72	docs: clarify operator trust boundary for shared gateways	2026-02-24 00:25:01 +00:00
Gustavo Madeira Santana	eff3c5c707	Session/Cron maintenance hardening and cleanup UX (#24753 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `7533b85156` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com> Reviewed-by: @shakkernerd	2026-02-23 22:39:48 +00:00
Peter Steinberger	9af3ec92a5	fix(gateway): add HSTS header hardening and docs	2026-02-23 19:47:29 +00:00
Peter Steinberger	78e7f41d28	docs: detail per-agent prompt caching configuration	2026-02-23 18:46:40 +00:00
边黎安	a4c373935f	fix(agents): fall back to agents.defaults.model when agent has no model config (#24210 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: `0f272b1027` Co-authored-by: bianbiandashen <16240681+bianbiandashen@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-02-23 03:18:55 -05:00
Tak Hoffman	9e1a13bf4c	Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman Verified: - pnpm install --frozen-lockfile - pnpm build - gh pr checks 24199 --watch --fail-fast Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>	2026-02-22 23:55:59 -06:00
Peter Steinberger	e0d4194869	docs: add missing summary/read_when metadata	2026-02-22 20:45:09 +01:00

1 2 3 4 5 ...

549 Commits