vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-30 11:21:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
22,372 Commits 960 Branches 90 Tags
89e6b91b899e549f0735e3500a17c2fd3ce225cd
Commit Graph

52 Commits

Author SHA1 Message Date
Peter Steinberger
68c674d37c refactor(security): simplify system.run approval model 2026-03-11 01:43:06 +00:00
Peter Steinberger
7289c19f1a fix(security): bind system.run approvals to exact argv text 2026-03-11 01:25:31 +00:00
Peter Steinberger
c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger
3c71e2bd48 refactor(core): extract shared dedup helpers 2026-03-07 10:41:05 +00:00
Peter Steinberger
155118751f refactor!: remove versioned system-run approval contract 2026-03-02 01:12:53 +00:00
Peter Steinberger
78a7ff2d50 fix(security): harden node exec approvals against symlink rebind 2026-02-26 21:47:45 +01:00
Peter Steinberger
10481097f8 refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
Peter Steinberger
4894d907fa refactor(exec-approvals): unify system.run binding and generate host env policy 2026-02-26 16:58:01 +01:00
Peter Steinberger
9a4b2266cc fix(security): bind node system.run approvals to env 2026-02-26 16:38:07 +01:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger
92eb3dfc9d refactor(security): unify exec approval request matching 2026-02-26 03:54:37 +01:00
Peter Steinberger
03e689fc89 fix(security): bind system.run approvals to argv identity 2026-02-26 03:41:31 +01:00
Peter Steinberger
4a3f8438e5 fix(gateway): bind node exec approvals to nodeId 2026-02-24 03:05:58 +00:00
Peter Steinberger
51b0772e14 fix(exec-approvals): harden forwarding target and resolve delivery paths 
Co-authored-by: bubmiller <bubmiller@users.noreply.github.com>
 2026-02-22 20:37:22 +01:00
Peter Steinberger
b73a2de9f6 refactor(infra): reuse shared home prefix expansion 2026-02-18 17:48:02 +00:00
Peter Steinberger
a0e763168f refactor(exec-approvals): share socket default merge 2026-02-15 17:36:08 +00:00
Peter Steinberger
3d0e568007 refactor(infra): share jsonl socket requester 2026-02-15 13:56:50 +00:00
Peter Steinberger
ea0ef18704 refactor: centralize exec approval timeout 2026-02-15 01:18:53 +01:00
Peter Steinberger
e9de242159 refactor(exec-approvals): share request event types 2026-02-14 15:39:46 +00:00
Peter Steinberger
83bc73f4ea refactor(exec-approvals): split allowlist evaluation module 2026-02-13 19:08:37 +00:00
Peter Steinberger
81fbfa06ee refactor(exec-approvals): extract command analysis module 2026-02-13 19:08:37 +00:00
Marcus Castro
e90caa66d8 fix(exec): allow heredoc operator (<<) in allowlist security mode (#13811) 
* fix(exec): allow heredoc operator (<<) in allowlist security mode

* fix: allow multiline heredoc parsing in exec approvals (#13811) (thanks @mcaxtr)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 04:41:51 +01:00
George Pickett
141f551a4c fix(exec-approvals): coerce bare string allowlist entries (#9903) (thanks @mcaxtr) 2026-02-05 15:52:51 -08:00
Marcus Castro
6ff209e932 fix(exec-approvals): coerce bare string allowlist entries to objects (#9790) 2026-02-05 15:52:51 -08:00
Peter Steinberger
a7f4a53ce8 fix: harden Windows exec allowlist 2026-02-03 09:34:25 -08:00
Peter Steinberger
d1ecb46076 fix: harden exec allowlist parsing 2026-02-02 16:53:15 -08:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
cad7ed1cb8 fix(exec-approvals): stabilize allowlist ids (#1521) 2026-01-23 19:00:45 +00:00
Peter Steinberger
4b19066cc1 fix: normalize Windows exec allowlist paths 2026-01-23 03:11:41 +00:00
Peter Steinberger
e872f5335b fix: allow chained exec allowlists 
Co-authored-by: Lucas Czekaj <1464539+czekaj@users.noreply.github.com>
 2026-01-23 00:11:58 +00:00
Peter Steinberger
36a2584ac7 fix: allowlist match without local exec resolution 2026-01-22 10:29:36 +00:00
Peter Steinberger
e389bd478b fix: keep backslashes in quoted exec paths 2026-01-22 09:58:24 +00:00
Peter Steinberger
1a4fade2f7 fix: honor Windows Path casing 2026-01-22 08:33:52 +00:00
Peter Steinberger
b748b86b23 fix: canonicalize allowlist paths on Windows 2026-01-22 08:07:55 +00:00
Peter Steinberger
230211fe26 fix: resolve Windows exec paths with extensions 2026-01-22 07:46:50 +00:00
Lucas Czekaj
4b3e9c0f33 fix(exec): align node exec approvals (#1425) 
Thanks @czekaj.

Co-authored-by: Lucas Czekaj <lukasz@czekaj.us>
 2026-01-22 07:22:43 +00:00
Peter Steinberger
9450873c1b fix: align exec approvals default agent 2026-01-22 04:05:54 +00:00
Peter Steinberger
2d583e877b fix: default exec approvals to main agent (#1417) (thanks @czekaj) 2026-01-22 03:58:53 +00:00
Lucas Czekaj
0c55b1e9ce fix(exec): derive agentId from sessionKey for allowlist lookup 
When creating exec tools via chat/Discord, agentId was not passed,
causing allowlist lookup to use 'default' key instead of 'main'.
User's allowlist entries in agents.main were never matched.

Now derives agentId from sessionKey if not explicitly provided,
ensuring correct allowlist lookup for all exec paths.
 2026-01-22 03:58:53 +00:00
Peter Steinberger
db61451c67 fix: handle Windows safe-bin exe names 2026-01-22 01:30:06 +00:00
Peter Steinberger
3b18efdd25 feat: tighten exec allowlist gating 2026-01-21 21:45:50 +00:00
Peter Steinberger
0d3b8f6ac3 feat: make nodes run exec-style 2026-01-21 20:25:12 +00:00
Peter Steinberger
40646c73af feat: improve exec approvals defaults and wildcard 2026-01-21 09:55:10 +00:00
Peter Steinberger
28c49db494 fix: default exec security to allowlist 2026-01-21 03:40:27 +00:00
Peter Steinberger
ffcf3263c1 fix: exec approvals parsing + boot-md changelog 2026-01-18 16:28:39 +00:00
Peter Steinberger
f6fefd7f5f fix(exec-approvals): fix command token parsing 2026-01-18 16:12:10 +00:00
Peter Steinberger
4de3c3a028 feat: add exec approvals editor in control ui and mac app 2026-01-18 08:54:38 +00:00
Peter Steinberger
ae0b4c4990 feat: add exec host routing + node daemon 2026-01-18 07:46:00 +00:00