vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 04:31:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
28,861 Commits 1,353 Branches 111 Tags
82535771cd818a0acec2bdee8d069bce8980643d
Commit Graph

28861 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vincent Koc
82535771cd fix(qa): pin gateway child control ui root 2026-04-07 20:32:42 +01:00
Vincent Koc
f9f38a48e6 fix(qa): align mock model-switch continuity 2026-04-07 20:32:42 +01:00
Vincent Koc
9a106f7e3c fix(qa): support neutral-cwd suite runs 2026-04-07 20:32:42 +01:00
Vincent Koc
e8b446b985 docs(qa): expand frontier bakeoff runbook 2026-04-07 20:32:42 +01:00
Vincent Koc
f93b217834 feat(qa): add manual harness lane 2026-04-07 20:32:42 +01:00
Vincent Koc
63e6bb026c fix(qa): isolate gateway child runtime 2026-04-07 20:32:42 +01:00
Vincent Koc
4f421fa0f1 fix(qa): harden frontier claude bakeoffs 2026-04-07 20:32:42 +01:00
Vincent Koc
18fb171179 feat(qa): add frontier harness bakeoff loop 2026-04-07 20:32:41 +01:00
Andrew Demczuk
bffb83acf8 fix(gateway): stop SSRF guard rejecting operator-configured proxy hostnames (#62312) 
When allowPrivateProxy is true, the explicit proxy hostname is operator-
configured and trusted. The SSRF guard was checking the proxy hostname
against the target-scoped hostnameAllowlist (e.g. ["api.telegram.org"]),
which rejected localhost and other local proxy hostnames. This broke
Telegram media downloads (and any channel using a local proxy) after
the url-fetch security hardening in 2026.4.x.

Clear the hostnameAllowlist for the proxy hostname check while keeping
private-network IP validation in place via allowPrivateNetwork.

Fixes #61906

Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 13:22:21 -06:00
Peter Steinberger
cfbe7ac227 fix(test): refresh schema snapshot and stabilize channel registry 2026-04-07 20:04:29 +01:00
Agustin Rivera
e5aae5e056 fix(browser): align browser.proxy profile mutation guards (#60489) 
* fix(browser): block proxy profile mutations

* docs(changelog): add browser proxy guard entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 13:00:21 -06:00
Peter Steinberger
744d176744 test: speed up plugin cli tests 2026-04-07 19:59:46 +01:00
Peter Steinberger
4a0b8c6248 test: speed up slack setup entry tests 2026-04-07 19:59:46 +01:00
Peter Steinberger
f02ba9a3ed test: speed up browser plugin entry tests 2026-04-07 19:59:46 +01:00
Nimrod Gutman
6380c872bc feat(ios): improve gateway connection error ux (#62650) 
* feat(ios): improve gateway connection error ux

* fix(ios): address gateway problem review feedback

* feat(ios): improve gateway connection error ux (#62650) (thanks @ngutman)
 2026-04-07 21:53:22 +03:00
Agustin Rivera
a383878e97 Require re-pairing for node reconnect command upgrades (#62658) 
* fix(node): require re-pairing for reconnect command upgrades

Co-authored-by: zsx <git@zsxsoft.com>

* fix(node): tighten reconnect pairing test polling

* docs(changelog): add node reconnect pairing entry

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 12:48:18 -06:00
Peter Steinberger
93ab2ac69d test(gateway): cover isolated cron session key routing 2026-04-07 19:46:16 +01:00
Bruce MacDonald
ceb2311a1b Changelog: restore dropped Approvals/runtime entry from conflict resolution 2026-04-07 11:45:07 -07:00
Bruce MacDonald
86f35a9bc0 chore(ollama): update suggested onboarding models (#62626) 
Merged via squash.

Prepared head SHA: 48c083b88a
Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com>
Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com>
Reviewed-by: @BruceMacD
 2026-04-07 11:42:29 -07:00
pgondhi987
23ab290a71 fix: expand host-exec env blocklist for Java, Rust, and Cargo toolchains [AI-assisted] (#62291) 
* fix: address issue

* docs(changelog): add host env blocklist entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 12:40:54 -06:00
BitToby
9edf9804b1 feat: add cover image support to Discord event create (#60883) 
* feat: add image param to Discord event create for cover art

* fix: pass trusted media roots to event cover image loader

* fix: solve lint error

* fix: add changelog entry for Discord event cover image support (#60883) (thanks @bittoby)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-04-07 13:40:39 -05:00
Gustavo Madeira Santana
d78512b09d Refactor: centralize native approval lifecycle assembly (#62135) 
Merged via squash.

Prepared head SHA: b7c20a7398
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-07 14:40:26 -04:00
pgondhi987
4108901932 fix(fetch-guard): drop request body on cross-origin unsafe-method redirects [AI-assisted] (#62357) 
* fix: address issue

* fix: address review feedback

* docs(changelog): add fetch guard redirect body entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 12:11:00 -06:00
Peter Steinberger
d855f5f505 Tests: fix full-suite regressions 2026-04-07 18:59:38 +01:00
DhruvBhatia0
12331f0463 feat: add pluggable compaction provider registry (#56224) 
Merged via squash.

Prepared head SHA: 0cc9cf3f30
Co-authored-by: DhruvBhatia0 <69252327+DhruvBhatia0@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-07 10:55:34 -07:00
pgondhi987
14ec1ac50f fix(browser): harden SSRF redirect guard against non-navigation document hops [AI] (#62355) 
* fix: address issue

* fix: address PR review feedback

* docs(changelog): add browser redirect SSRF entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 11:37:31 -06:00
i-dentifier
adb7b0d5d6 fix: compaction after tool use abortion cause agent infinite loop calls (#62600) 
Merged via squash.

Prepared head SHA: 304ba07207
Co-authored-by: i-dentifier <44976464+i-dentifier@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-07 10:28:00 -07:00
Agustin Rivera
e617aa6d1e fix(browser): add changelog entry for #62023 2026-04-07 17:23:22 +00:00
Peter Steinberger
7c478473fe Tests: tighten cron timeout start handshakes 2026-04-08 01:20:00 +08:00
Peter Steinberger
16cebe5669 Tests: stabilize cron timeout regressions 2026-04-08 01:10:19 +08:00
Agustin Rivera
049acf23cb fix(browser): guard interaction-driven navigations 2026-04-07 10:03:12 -07:00
pgondhi987
df881d5c18 fix(allowlist): gate write commands behind owner check before channel resolution [AI] (#62383) 
* fix: address issue

* docs(changelog): add allowlist owner gate entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 11:01:15 -06:00
EVA
caecd3c1fe fix(agents): heartbeat always targets main session — prevent routing to active subagent sessions (#61803) 
Merged via squash.

Prepared head SHA: 5d79db3940
Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-07 09:59:18 -07:00
mappel-nv
c6b5731c5d Plugins: verify ClawHub archive integrity (#60517) 
* docs(changelog): add clawhub archive integrity entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 10:55:22 -06:00
Peter Steinberger
b2dc25cd12 fix: repair ci type narrowing 2026-04-07 17:51:05 +01:00
Peter Steinberger
037340d287 refactor: dedupe gateway lowercase helpers 2026-04-07 17:50:38 +01:00
Peter Steinberger
6058eacaec refactor: dedupe infra lowercase helpers 2026-04-07 17:50:38 +01:00
Peter Steinberger
1a3f141215 refactor: dedupe cli lowercase helpers 2026-04-07 17:50:38 +01:00
Peter Steinberger
cebfa70277 refactor: dedupe auto-reply lowercase helpers 2026-04-07 17:50:37 +01:00
Peter Steinberger
d40dc8f025 refactor: dedupe agent lowercase helpers 2026-04-07 17:50:37 +01:00
Peter Steinberger
d56fe040b4 refactor: dedupe agent lowercase helpers 2026-04-07 17:50:37 +01:00
Peter Steinberger
9e61209780 refactor: dedupe agent lowercase helpers 2026-04-07 17:50:37 +01:00
Peter Steinberger
d4eb3e12c9 test: speed up channel setup entry tests 2026-04-07 17:36:41 +01:00
Peter Steinberger
0828db93e9 test: speed up provider entry tests 2026-04-07 17:36:41 +01:00
Peter Steinberger
c1fc2ed0e8 test: speed up provider auth onboarding test 2026-04-07 17:36:41 +01:00
pgondhi987
f0c9978030 fix(feishu): enforce workspace-only localRoots in docx upload actions [AI-assisted] (#62369) 
* fix: address issue

* docs(changelog): add feishu workspace-only docx entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 10:35:03 -06:00
Peter Steinberger
67a3af7f8d Tests: fix nostr package boundary drift 2026-04-08 00:33:13 +08:00
Josh Lehman
e46e32b98c feat: expose prompt-cache runtime context to context engines (#62179) 
* Context engine: plumb prompt cache runtime context

Add a typed prompt-cache payload to the context-engine runtime context and populate it from the embedded runner's resolved retention, last-call usage, cache-break observation, and cache-touch metadata. Also pass the same payload through the retry compaction runtime context when a run attempt already has it.

Regeneration-Prompt: |
  Expose OpenClaw prompt-cache telemetry to context engines in a narrow,
  additive way without changing compaction policy. Keep the public change on
  the OpenClaw side only: add a typed promptCache payload to the context-engine
  runtime context, thread it into afterTurn, and also into compact where the
  existing run loop already has the data cheaply available.

  Use OpenClaw's resolved cache retention, not raw config. Use last-call usage
  for the new payload, not accumulated retry or tool-loop totals. Reuse the
  existing prompt-cache observability result and tracked change causes instead
  of inventing a new heuristic. If cache-touch metadata is already available
  from the cache-TTL bookkeeping, include it; do not invent expiry timestamps
  for providers where OpenClaw cannot know them confidently.

  Keep the interface backward-compatible for engines that ignore the new field.
  Add focused tests around the existing attempt/context-engine helpers and the
  compaction runtime-context propagation path rather than broad new integration
  coverage.

* Agents: fix prompt-cache afterTurn usage

Regeneration-Prompt: |
  Fix PR #62179 so context-engine prompt-cache metadata uses only the current attempt's usage. The review comment pointed out that early exits could reuse a prior turn's assistant usage when no new assistant message was produced. Restrict the prompt-cache lastCallUsage lookup to assistant messages added after prePromptMessageCount, and fall back to current-attempt usage totals instead of stale snapshot history. Also repair the PR's new context-engine test typings and add a regression test for the stale prior-turn case. Two import-only fixes in doctor-state-integrity and config/talk were already broken on origin/main, but they blocked build/check and the gateway-watch regression harness, so include the minimum unblocking imports as well.

* Agents: document prompt-cache context

* Agents: address prompt-cache review feedback

* Doctor: drop unused isRecord import
 2026-04-07 09:29:57 -07:00
James Reagan
dac72889e5 fix(bluebubbles): localhost probe respects private-network opt-out (#59373) 
* honor localhost private-network policy

* drop flaky monitor private-network test

* align mocks and imports

* preserve account private-network overrides

* keep default account config

* strip stale private-network aliases

* fix(bluebubbles): remove unused channel imports

* fix: add changelog for bluebubbles private-network opt-out landing (#59373) (thanks @jpreagan)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-04-07 11:29:21 -05:00
Peter Steinberger
23edd9921e Tests: isolate channel tool-result session stores 2026-04-08 00:16:22 +08:00