vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-05 22:32:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
26,579 Commits 1,106 Branches 95 Tags
8bc59eceb75e25a1ea9324ecdf9ee03a4d03d55a
Commit Graph

14 Commits

Author SHA1 Message Date
Peter Steinberger
d06633c618 docs: refresh device management authz refs 2026-04-04 15:28:36 +01:00
Peter Steinberger
8ca5a9174a docs: refresh gateway auth precedence refs 2026-04-04 14:36:52 +01:00
Peter Steinberger
ebe0a27b4d docs: refresh device token scope refs 2026-04-04 14:23:41 +01:00
Peter Steinberger
d1bf2c6de1 docs: clarify device token role bounds 2026-04-04 11:36:02 +01:00
Peter Steinberger
7a03027e7f docs: refresh pairing devices and dns refs 2026-04-04 08:36:27 +01:00
Josh Avant
8e132aed6e Hardening: refresh stale device pairing requests and pending metadata (#50695) 
* Docs: clarify device pairing supersede behavior

* Device pairing: supersede pending requests on auth changes
 2026-03-19 18:26:06 -05:00
Josh Avant
a76e810193 fix(gateway): harden token fallback/reconnect behavior and docs (#42507) 
* fix(gateway): harden token fallback and auth reconnect handling

* docs(gateway): clarify auth retry and token-drift recovery

* fix(gateway): tighten auth reconnect gating across clients

* fix: harden gateway token retry (#42507) (thanks @joshavant)
 2026-03-10 17:05:57 -05:00
Peter Steinberger
a12cbf8994 docs: refresh CLI and trusted-proxy docs 2026-02-25 02:40:12 +00:00
Mariano Belinky
b114c82701 CLI: approve latest pending device request 2026-02-17 14:08:04 +00:00
Gustavo Madeira Santana
a13ff55bd9 Security: Prevent gateway credential exfiltration via URL override (#9179) 
* Gateway: require explicit auth for url overrides

* Gateway: scope credential blocking to non-local URLs only

Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.

Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.

This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.

* Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier)

* Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier)

* Tests: format gateway chat test (#8113) (thanks @victormier)

* Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 18:59:44 -05:00
Seb Slight
abcaa8c7a9 Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
d88b239d3c feat: add device token auth and devices cli 2026-01-20 10:30:53 +00:00