vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-18 21:40:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,257 Commits 790 Branches 80 Tags
8a9d3071778eb146109ae6ee7fc09daabe706fd1
Commit Graph

11622 Commits

Author SHA1 Message Date
Gustavo Madeira Santana
2203d3c728 Matrix: harden alias trust and log redaction 2026-03-12 16:47:56 +00:00
Gustavo Madeira Santana
da2503426f Matrix: scope reply media to agent roots 2026-03-12 16:47:56 +00:00
Gustavo Madeira Santana
212b73efa6 Matrix: honor scoped media roots 2026-03-12 16:47:56 +00:00
Gustavo Madeira Santana
c27e5b1555 Matrix: validate homeserver URLs at runtime 2026-03-12 16:47:56 +00:00
Gustavo Madeira Santana
b096f3ad4d Matrix: tighten migration identity matching 2026-03-12 16:47:55 +00:00
Gustavo Madeira Santana
b2f2578eff Matrix: match migration device ids to resolved creds 2026-03-12 16:47:55 +00:00
Gustavo Madeira Santana
3d82e38d9d Build: sync main manifests and harden Matrix reasoning suppression 2026-03-12 16:47:21 +00:00
Gustavo Madeira Santana
2f71349c03 Matrix: harden config threading and binding cleanup 2026-03-12 16:47:21 +00:00
Gustavo Madeira Santana
cde0d16316 ACP: drop stale session id import after main rebase 2026-03-12 16:47:21 +00:00
Gustavo Madeira Santana
69dc1528fa fMatrix: fix remaining typecheck regressions 2026-03-12 16:47:20 +00:00
Gustavo Madeira Santana
9cff461a12 Matrix: harden migration workflow 2026-03-12 16:47:20 +00:00
Gustavo Madeira Santana
450ed87cb0 Matrix: normalize legacy account selection 2026-03-12 16:47:19 +00:00
Gustavo Madeira Santana
ede2500137 Matrix: honor env-backed legacy migration config 2026-03-12 16:47:19 +00:00
Gustavo Madeira Santana
e3102fcae7 Matrix: add backup reset and fix migration targeting 2026-03-12 16:47:18 +00:00
Gustavo Madeira Santana
4ae8558288 Matrix: fix validated review comments 2026-03-12 16:47:18 +00:00
Gustavo Madeira Santana
2048d5f668 Matrix: fix secrets scan false positives 2026-03-12 16:47:17 +00:00
Gustavo Madeira Santana
229a897b93 Matrix: finish main sync follow-ups 2026-03-12 16:47:17 +00:00
Gustavo Madeira Santana
723e347294 ACP: fix Matrix binding resolution 2026-03-12 16:47:17 +00:00
Gustavo Madeira Santana
6a53c583e4 Matrix: show account-scoped onboarding paths 2026-03-12 16:47:14 +00:00
Gustavo Madeira Santana
6bfbc4a3ff Matrix: scope onboarding config to selected account 2026-03-12 16:47:14 +00:00
Gustavo Madeira Santana
df6b6762c0 Matrix: fix verification client lifecycle and quiet CLI noise 2026-03-12 16:47:10 +00:00
Gustavo Madeira Santana
21f1e903a4 Plugins: scope SDK imports and harden Matrix routing 2026-03-12 16:47:09 +00:00
Gustavo Madeira Santana
e80483ff00 poll and profile fixes 2026-03-12 16:47:09 +00:00
Gustavo Madeira Santana
50568f29d5 Matrix: tighten verification trust and expose profile updates 2026-03-12 16:47:09 +00:00
Gustavo Madeira Santana
9101916e53 Matrix: improve migration startup warnings 2026-03-12 16:47:09 +00:00
Gustavo Madeira Santana
0fdc404a2b Matrix: keep default account device fields scoped 2026-03-12 16:47:08 +00:00
Gustavo Madeira Santana
8e962668ce Matrix: replace legacy plugin with new implementation 2026-03-12 16:47:08 +00:00
Gustavo Madeira Santana
887e2aca79 matrix-js: require explicit thread-bound spawn config 2026-03-12 16:47:07 +00:00
Gustavo Madeira Santana
94f3b1b57d matrix-js: add account-aware bindings and ACP routing 2026-03-12 16:47:07 +00:00
Gustavo Madeira Santana
d4e3a98613 matrix-js: add startup verification policy 2026-03-12 16:47:07 +00:00
Gustavo Madeira Santana
3eb6c4c8ec matrix-js: improve thread context and auto-threading 2026-03-12 16:47:06 +00:00
Gustavo Madeira Santana
a670c21ab4 matrix-js: harden reaction handling 2026-03-12 16:47:06 +00:00
Gustavo Madeira Santana
00019c73e4 move matrix-js helpers to be locally scoped 2026-03-12 16:47:06 +00:00
Gustavo Madeira Santana
e07b6072b5 make matrix-js atomic and add poll voting support 2026-03-12 16:47:06 +00:00
Gustavo Madeira Santana
082a1aedd5 Tests: restore matrix-js bind integration coverage 2026-03-12 16:47:05 +00:00
Gustavo Madeira Santana
5fddbc1d9b Matrix-js: sync with main plugin-loading standards 2026-03-12 16:47:05 +00:00
Peter Steinberger
9f08af1f06 fix(ci): harden docker builds and unblock config docs 2026-03-12 16:45:29 +00:00
Gustavo Madeira Santana
46f0bfc55b Gateway: harden custom session-store discovery (#44176) 
Merged via squash.

Prepared head SHA: 52ebbf5188
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-12 16:44:46 +00:00
Nimrod Gutman
b77b7485e0 feat(push): add iOS APNs relay gateway (#43369) 
* feat(push): add ios apns relay gateway

* fix(shared): avoid oslog string concatenation

# Conflicts:
#	apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift

* fix(push): harden relay validation and invalidation

* fix(push): persist app attest state before relay registration

* fix(push): harden relay invalidation and url handling

* feat(push): use scoped relay send grants

* feat(push): configure ios relay through gateway config

* feat(push): bind relay registration to gateway identity

* fix(push): tighten ios relay trust flow

* fix(push): bound APNs registration fields (#43369) (thanks @ngutman)
 2026-03-12 18:15:35 +02:00
2233admin
9342739d71 fix(providers): respect user-configured baseUrl for kimi-coding (#36647) 
* fix(providers): respect user-configured baseUrl for kimi-coding

The kimi-coding provider was built exclusively from
`buildKimiCodingProvider()` defaults, ignoring any user-specified
`baseUrl` or other overrides in `openclaw.json` providers config.
This caused 404 errors when users configured a custom endpoint.

Now merge `explicitProviders["kimi-coding"]` on top of defaults,
matching the pattern used by ollama/vllm. User's `baseUrl`, `api`,
and `models` take precedence; env/profile API key still wins.

Fixes #36353

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Tests: use Kimi implicit provider harness

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-12 12:14:07 -04:00
Vincent Koc
3e28e10c2f Plugins: require explicit trust for workspace-discovered plugins (#44174) 
* Plugins: disable implicit workspace plugin auto-load

* Tests: cover workspace plugin trust gating

* Changelog: note workspace plugin trust hardening

* Plugins: keep workspace trust gate ahead of memory slot defaults

* Tests: cover workspace memory-slot trust bypass
 2026-03-12 12:12:41 -04:00
chengzhichao-xydt
0a8fa0e001 Moonshot: respect explicit baseUrl for CN endpoint so platform.moonshot.cn keys authenticate (#33637) (#33696) 
* Moonshot: respect explicit baseUrl for CN endpoint so platform.moonshot.cn keys authenticate (#33637)

* Moonshot: address review - remove dead constant, import canonical URLs (#33696)
 2026-03-12 12:10:38 -04:00
Jacob Riff
3fa91cd69d feat: add sessions_yield tool for cooperative turn-ending (#36537) 
Merged via squash.

Prepared head SHA: 75d9204c86
Co-authored-by: jriff <50276+jriff@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-12 08:46:47 -07:00
Gustavo Madeira Santana
e6897c800b Plugins: fix env-aware root resolution and caching (#44046) 
Merged via squash.

Prepared head SHA: 6e8852a188
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-12 15:31:31 +00:00
Rodrigo Uroz
688e3f0863 Compaction Runner: emit transcript updates post-compact (#25558) 
Merged via squash.

Prepared head SHA: 8a858436ed
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-12 08:22:12 -07:00
Vincent Koc
8ad0ca309e Subagents: stop retrying external completion timeouts (#41235) (#43847) 
* Changelog: add subagent announce timeout note

* Tests: cover subagent completion timeout no-retry

* Subagents: stop retrying external completion timeouts

* Config: update subagent announce timeout default docs

* Tests: use fake timers for subagent timeout retry guard
 2026-03-12 11:03:06 -04:00
Vincent Koc
7844bc89a1 Security: require Feishu webhook encrypt key (#44087) 
* Feishu: require webhook encrypt key in schema

* Feishu: cover encrypt key webhook validation

* Feishu: enforce encrypt key at startup

* Feishu: add webhook forgery regression test

* Feishu: collect encrypt key during onboarding

* Docs: require Feishu webhook encrypt key

* Changelog: note Feishu webhook hardening

* Docs: clarify Feishu encrypt key screenshot

* Feishu: treat webhook encrypt key as secret input

* Feishu: resolve encrypt key only in webhook mode
 2026-03-12 11:01:00 -04:00
Vincent Koc
99170e2408 Hardening: normalize Unicode command obfuscation detection (#44091) 
* Exec: cover unicode obfuscation cases

* Exec: normalize unicode obfuscation detection

* Changelog: note exec detection hardening

* Exec: strip unicode tag character obfuscation

* Exec: harden unicode suppression and length guards

* Exec: require path boundaries for safe URL suppressions
 2026-03-12 10:57:49 -04:00
Vincent Koc
eff0d5a947 Hardening: tighten preauth WebSocket handshake limits (#44089) 
* Gateway: tighten preauth handshake limits

* Changelog: note WebSocket preauth hardening

* Gateway: count preauth frame bytes accurately

* Gateway: cap WebSocket payloads before auth
 2026-03-12 10:55:41 -04:00
Vincent Koc
48cbfdfac0 Hardening: require LINE webhook signatures (#44090) 
* LINE: require webhook signatures in express handler

* LINE: require webhook signatures in node handler

* LINE: update express signature tests

* LINE: update node signature tests

* Changelog: note LINE webhook hardening

* LINE: validate signatures before parsing webhook bodies

* LINE: reject missing signatures before body reads
 2026-03-12 10:50:36 -04:00