openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-05-20 23:14:45 +00:00

Author	SHA1	Message	Date
Pavan Kumar Gondhi	b17e77a22b	Require approval for setup-code device pairing [AI] (#81292 ) * fix: require approval for setup-code bootstrap pairing * addressing review-skill * addressing codex review * addressing codex review * addressing codex review * addressing codex review * addressing codex review * addressing ci * addressing ci * docs: add changelog entry for PR merge	2026-05-13 18:48:44 +05:30
Peter Steinberger	694ca50e97	Revert "refactor: move runtime state to SQLite" This reverts commit `f91de52f0d`.	2026-05-13 13:33:38 +01:00
Peter Steinberger	f91de52f0d	refactor: move runtime state to SQLite * refactor: remove stale file-backed shims * fix: harden sqlite state ci boundaries * refactor: store matrix idb snapshots in sqlite * fix: satisfy rebased CI guardrails * refactor: store current conversation bindings in sqlite table * refactor: store tui last sessions in sqlite table * refactor: reset sqlite schema history * refactor: drop unshipped sqlite table migration * refactor: remove plugin index file rollback * refactor: drop unshipped sqlite sidecar migrations * refactor: remove runtime commitments kv migration * refactor: preserve kysely sync result types * refactor: drop unshipped sqlite schema migration table * test: keep session usage coverage sqlite-backed * refactor: keep sqlite migration doctor-only * refactor: isolate device legacy imports * refactor: isolate push voicewake legacy imports * refactor: isolate remaining runtime legacy imports * refactor: tighten sqlite migration guardrails * test: cover sqlite persisted enum parsing * refactor: isolate legacy update and tui imports * refactor: tighten sqlite state ownership * refactor: move legacy imports behind doctor * refactor: remove legacy session row lookup * refactor: canonicalize memory transcript locators * refactor: drop transcript path scope fallbacks * refactor: drop runtime legacy session delivery pruning * refactor: store tts prefs only in sqlite * refactor: remove cron store path runtime * refactor: use cron sqlite store keys * refactor: rename telegram message cache scope * refactor: read memory dreaming status from sqlite * refactor: rename cron status store key * refactor: stop remembering transcript file paths * test: use sqlite locators in agent fixtures * refactor: remove file-shaped commitments and cron store surfaces * refactor: keep compaction transcript handles out of session rows * refactor: derive transcript handles from session identity * refactor: derive runtime transcript handles * refactor: remove gateway session locator reads * refactor: remove transcript locator from session rows * refactor: store raw stream diagnostics in sqlite * refactor: remove file-shaped transcript rotation * refactor: hide legacy trajectory paths from runtime * refactor: remove runtime transcript file bridges * refactor: repair database-first rebase fallout * refactor: align tests with database-first state * refactor: remove transcript file handoffs * refactor: sync post-compaction memory by transcript scope * refactor: run codex app-server sessions by id * refactor: bind codex runtime state by session id * refactor: pass memory transcripts by sqlite scope * refactor: remove transcript locator cleanup leftovers * test: remove stale transcript file fixtures * refactor: remove transcript locator test helper * test: make cron sqlite keys explicit * test: remove cron runtime store paths * test: remove stale session file fixtures * test: use sqlite cron keys in diagnostics * refactor: remove runtime delivery queue backfill * test: drop fake export session file mocks * refactor: rename acp session read failure flag * refactor: rename acp row session key * refactor: remove session store test seams * refactor: move legacy session parser tests to doctor * refactor: reindex managed memory in place * refactor: drop stale session store wording * refactor: rename session row helpers * refactor: rename sqlite session entry modules * refactor: remove transcript locator leftovers * refactor: trim file-era audit wording * refactor: clean managed media through sqlite * fix: prefer explicit agent for exports * fix: use prepared agent for session resets * fix: canonicalize legacy codex binding import * test: rename state cleanup helper * docs: align backup docs with sqlite state * refactor: drop legacy Pi usage auth fallback * refactor: move legacy auth profile imports to doctor * refactor: keep Pi model discovery auth in memory * refactor: remove MSTeams legacy learning key fallback * refactor: store model catalog config in sqlite * refactor: use sqlite model catalog at runtime * refactor: remove model json compatibility aliases * refactor: store auth profiles in sqlite * refactor: seed copied auth profiles in sqlite * refactor: make auth profile runtime sqlite-addressed * refactor: migrate hermes secrets into sqlite auth store * refactor: move plugin install config migration to doctor * refactor: rename plugin index audit checks * test: drop auth file assumptions * test: remove legacy transcript file assertions * refactor: drop legacy cli session aliases * refactor: store skill uploads in sqlite * refactor: keep subagent attachments in sqlite vfs * refactor: drop subagent attachment cleanup state * refactor: move legacy session aliases to doctor * refactor: require node 24 for sqlite state runtime * refactor: move provider caches into sqlite state * fix: harden virtual agent filesystem * refactor: enforce database-first runtime state * refactor: rename compaction transcript rotation setting * test: clean sqlite refactor test types * refactor: consolidate sqlite runtime state * refactor: model session conversations in sqlite * refactor: stop deriving cron delivery from session keys * refactor: stop classifying sessions from key shape * refactor: hydrate announce targets from typed delivery * refactor: route heartbeat delivery from typed sqlite context * refactor: tighten typed sqlite session routing * refactor: remove session origin routing shadow * refactor: drop session origin shadow fixtures * perf: query sqlite vfs paths by prefix * refactor: use typed conversation metadata for sessions * refactor: prefer typed session routing metadata * refactor: require typed session routing metadata * refactor: resolve group tool policy from typed sessions * refactor: delete dead session thread info bridge * Show Codex subscription reset times in channel errors (#80456) * feat(plugin-sdk): consolidate session workflow APIs * fix(agents): allow read-only agent mount reads * [codex] refresh plugin regression fixtures * fix(agents): restore compaction gateway logs * test: tighten gateway startup assertions * Redact persisted secret-shaped payloads [AI] (#79006) * test: tighten device pair notify assertions * test: tighten hermes secret assertions * test: assert matrix client error shapes * test: assert config compat warnings * fix(heartbeat): remap cron-run exec events to session keys (#80214) * fix(codex): route btw through native side threads * fix(auth): accept friendly OpenAI order for Codex profiles * fix(codex): rotate auth profiles inside harness * fix: keep browser status page probe within timeout * test: assert agents add outputs * test: pin cron read status * fix(agents): avoid Pi resource discovery stalls Co-authored-by: dataCenter430 <titan032000@gmail.com> * fix: retire timed-out codex app-server clients * test: tighten qa lab runtime assertions * test: check security fix outputs * test: verify extension runtime messages * feat(wake): expose typed sessionKey on wake protocol + system event CLI * fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790) * test: guard talk consult call helper * fix(codex): scale context engine projection (#80761) * fix(codex): scale context engine projection * fix: document Codex context projection scaling * fix: document Codex context projection scaling * fix: document Codex context projection scaling * fix: document Codex context projection scaling * chore: align Codex projection changelog * chore: realign Codex projection changelog * fix: isolate Codex projection patch --------- Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org> Co-authored-by: Josh Lehman <josh@martian.engineering> * refactor: move agent runtime state toward piless * refactor: remove cron session reaper * refactor: move session management to sqlite * refactor: finish database-first state migration * chore: refresh generated sqlite db types * refactor: remove stale file-backed shims * test: harden kysely type coverage # Conflicts: # .agents/skills/kysely-database-access/SKILL.md # src/infra/kysely-sync.types.test.ts # src/proxy-capture/store.sqlite.test.ts # src/state/openclaw-agent-db.test.ts # src/state/openclaw-state-db.test.ts * refactor: remove cron store path runtime * refactor: keep compaction transcript handles out of session rows * refactor: derive embedded transcripts from sqlite identity * refactor: remove embedded transcript locator handoff * refactor: remove runtime transcript file bridges * refactor: remove transcript file handoffs * refactor: remove MSTeams legacy learning key fallback * refactor: store model catalog config in sqlite * refactor: use sqlite model catalog at runtime # Conflicts: # docs/cli/secrets.md # docs/gateway/authentication.md # docs/gateway/secrets.md * fix: keep oauth sibling sync sqlite-local # Conflicts: # src/commands/onboard-auth.test.ts * refactor: remove task session store maintenance # Conflicts: # src/commands/tasks.ts * refactor: keep diagnostics in state sqlite * refactor: enforce database-first runtime state * refactor: consolidate sqlite runtime state * Show Codex subscription reset times in channel errors (#80456) * fix(codex): refresh subscription limit resets * fix(codex): format reset times for channels * Update CHANGELOG with latest changes and fixes Updated CHANGELOG with recent fixes and improvements. * fix(codex): keep command load failures on codex surface * fix(codex): format account rate limits as rows * fix(codex): summarize account limits as usage status * fix(codex): simplify account limit status * test: tighten subagent announce queue assertion * test: tighten session delete lifecycle assertions * test: tighten cron ops assertions * fix: track cron execution milestones * test: tighten hermes secret assertions * test: assert matrix sync store payloads * test: assert config compat warnings * fix(codex): align btw side thread semantics * fix(codex): honor codex fallback blocking * fix(agents): avoid Pi resource discovery stalls * test: tighten codex event assertions * test: tighten cron assertions * Fix Codex app-server OAuth harness auth * refactor: move agent runtime state toward piless * refactor: move device and push state to sqlite * refactor: move runtime json state imports to doctor * refactor: finish database-first state migration * chore: refresh generated sqlite db types * refactor: clarify cron sqlite store keys * refactor: remove stale file-backed shims * refactor: bind codex runtime state by session id * test: expect sqlite trajectory branch export * refactor: rename session row helpers * fix: keep legacy device identity import in doctor * refactor: enforce database-first runtime state * refactor: consolidate sqlite runtime state * build: align pi contract wrappers * chore: repair database-first rebase * refactor: remove session file test contracts * test: update gateway session expectations * refactor: stop routing from session compatibility shadows * refactor: stop persisting session route shadows * refactor: use typed delivery context in clients * refactor: stop echoing session route shadows * refactor: repair embedded runner rebase imports # Conflicts: # src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts * refactor: align pi contract imports * refactor: satisfy kysely sync helper guard * refactor: remove file transcript bridge remnants * refactor: remove session locator compatibility * refactor: remove session file test contracts * refactor: keep rebase database-first clean * refactor: remove session file assumptions from e2e * docs: clarify database-first goal state * test: remove legacy store markers from sqlite runtime tests * refactor: remove legacy store assumptions from runtime seams * refactor: align sqlite runtime helper seams * test: update memory recall sqlite audit mock * refactor: align database-first runtime type seams * test: clarify doctor cron legacy store names * fix: preserve sqlite session route projections * test: fix copilot token cache test syntax * docs: update database-first proof status * test: align database-first test fixtures * docs: update database-first proof status * refactor: clean extension database-first drift * test: align agent session route proof * test: clarify doctor legacy path fixtures * chore: clean database-first changed checks * chore: repair database-first rebase markers * build: allow baileys git subdependency * chore: repair exp-vfs rebase drift * chore: finish exp-vfs rebase cleanup * chore: satisfy rebase lint drift * chore: fix qqbot rebase type seam * chore: fix rebase drift leftovers * fix: keep auth profile oauth secrets out of sqlite * fix: repair rebase drift tests * test: stabilize pairing request ordering * test: use source manifests in plugin contract checks * fix: restore gateway session metadata after rebase * fix: repair database-first rebase drift * fix: clean up database-first rebase fallout * test: stabilize line quick reply receipt time * fix: repair extension rebase drift * test: keep transcript redaction tests sqlite-backed * fix: carry injected transcript redaction through sqlite * chore: clean database branch rebase residue * fix: repair database branch CI drift * fix: repair database branch CI guard drift * fix: stabilize oauth tls preflight test * test: align database branch fast guards * test: repair build artifact boundary guards * chore: clean changelog rebase markers --------- Co-authored-by: pashpashpash <nik@vault77.ai> Co-authored-by: Eva <eva@100yen.org> Co-authored-by: stainlu <stainlu@newtype-ai.org> Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com> Co-authored-by: Ruben Cuevas <hi@rubencu.com> Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com> Co-authored-by: dataCenter430 <titan032000@gmail.com> Co-authored-by: Kaspre <kaspre@gmail.com> Co-authored-by: pandadev66 <nova.full.stack@outlook.com> Co-authored-by: Eva <admin@100yen.org> Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org> Co-authored-by: Josh Lehman <josh@martian.engineering> Co-authored-by: jeffjhunter <support@aipersonamethod.com>	2026-05-13 13:15:12 +01:00
Pavan Kumar Gondhi	96fba91b3a	Require Control UI pairing before proxy-scoped access [AI] (#81288 ) * fix: require control ui device pairing for proxy auth * addressing review-skill * fix: cover proxy control ui unbound scopes * docs: add changelog entry for PR merge	2026-05-13 16:48:39 +05:30
Peter Steinberger	d11275e3c3	test: tighten control ui pairing assertions	2026-05-10 20:16:28 +01:00
Josh Avant	3391c5b050	fix(gateway): preserve trusted-proxy Control UI scopes (#79643 ) * fix(gateway): preserve trusted proxy control ui scopes * docs: add trusted proxy control ui changelog	2026-05-08 23:15:19 -05:00
Peter Steinberger	ab192eb3f0	test: tighten helper assertion guards	2026-05-08 06:56:38 +01:00
Peter Steinberger	538605ff44	[codex] Extract filesystem safety primitives (#77918 ) * refactor: extract filesystem safety primitives * refactor: use fs-safe for file access helpers * refactor: reuse fs-safe for media reads * refactor: use fs-safe for image reads * refactor: reuse fs-safe in qqbot media opener * refactor: reuse fs-safe for local media checks * refactor: consume cleaner fs-safe api * refactor: align fs-safe json option names * fix: preserve fs-safe migration contracts * refactor: use fs-safe primitive subpaths * refactor: use grouped fs-safe subpaths * refactor: align fs-safe api usage * refactor: adapt private state store api * chore: refresh proof gate * refactor: follow fs-safe json api split * refactor: follow reduced fs-safe surface * build: default fs-safe python helper off * fix: preserve fs-safe plugin sdk aliases * refactor: consolidate fs-safe usage * refactor: unify fs-safe store usage * refactor: trim fs-safe temp workspace usage * refactor: hide low-level fs-safe primitives * build: use published fs-safe package * fix: preserve outbound recovery durability after rebase * chore: refresh pr checks	2026-05-06 02:15:17 +01:00
Pavan Kumar Gondhi	0e702f1063	fix(gateway): clamp unbound websocket auth scopes [AI] (#77413 ) * fix: clamp unapproved trusted proxy websocket scopes * addressing claude review * addressing claude review * addressing ci * addressing ci * docs: add changelog entry for PR merge	2026-05-04 23:16:07 +05:30
Peter Steinberger	e94c0bf515	perf: trim control ui auth tests	2026-04-24 06:29:12 +01:00
Ayaan Zaidi	4e01916a7e	fix(gateway): report pairing upgrade details	2026-04-20 13:08:04 +05:30
Peter Steinberger	5cf01ac7c1	test: keep gateway suites minimal	2026-04-18 01:33:37 +01:00
Gustavo Madeira Santana	e2351b5fdc	test: skip throwaway control ui auth clients	2026-04-17 19:25:19 -04:00
Val Alexander	0b6c39be18	fix: report shared auth scopes in hello-ok (#67810 ) thanks @BunsDev Co-authored-by: Val Alexander <bunsthedev@gmail.com>	2026-04-17 02:48:30 -05:00
Vincent Koc	20bfa3cce3	perf(test): reuse control-ui device identities	2026-04-14 16:32:14 +01:00
Peter Steinberger	ff7a842509	perf: reduce command and gateway test imports	2026-04-11 13:55:08 +01:00
Peter Steinberger	a0158a9dad	test: simplify control ui auth nonces	2026-04-11 00:25:16 +01:00
Peter Steinberger	04c8026d03	chore: enable no-unnecessary-type-arguments	2026-04-10 20:14:49 +01:00
Peter Steinberger	6c82a91d3d	refactor: tighten device pairing approval types	2026-04-10 10:22:00 +01:00
Peter Steinberger	b28cc98c9b	test: sync gateway and config expectations	2026-04-07 08:05:32 +01:00
Nimrod Gutman	28955a36e7	feat(ios): add exec approval notification flow (#60239 ) * fix(auth): hand off qr bootstrap to bounded device tokens * feat(ios): add exec approval notification flow * fix(gateway): harden approval notification delivery * docs(changelog): add ios exec approval entry (#60239) (thanks @ngutman)	2026-04-05 16:33:22 +03:00
Peter Steinberger	a235f5ed64	test: stabilize gateway control ui auth suites	2026-04-05 12:11:29 +09:00
Peter Steinberger	7d22a16adb	fix: bound bootstrap handoff token scopes	2026-04-04 22:29:52 +09:00
Nimrod Gutman	a9140abea6	fix(auth): hand off qr bootstrap to bounded device tokens	2026-04-04 15:57:38 +09:00
Peter Steinberger	40da986b21	fix: preserve docker cli pairing locality (#55113 ) (thanks @sar618)	2026-04-04 14:36:30 +09:00
Ayaan Zaidi	5e3a3c42ca	fix(gateway): revoke bootstrap tokens after handshake commit	2026-04-03 21:52:35 +09:00
Ayaan Zaidi	b08d58c917	fix(gateway): track bootstrap profile redemption	2026-04-03 21:52:35 +09:00
Ayaan Zaidi	a42f000b53	fix(gateway): defer bootstrap token revocation	2026-04-03 21:52:35 +09:00
Nimrod Gutman	69fe999373	fix(pairing): restore qr bootstrap onboarding handoff (#58382 ) (thanks @ngutman) * fix(pairing): restore qr bootstrap onboarding handoff * fix(pairing): tighten bootstrap handoff follow-ups * fix(pairing): migrate legacy gateway device auth * fix(pairing): narrow qr bootstrap handoff scope * fix(pairing): clear ios tls trust on onboarding reset * fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman)	2026-03-31 21:11:35 +03:00
Jacob Tomlinson	4ee4960de2	Pairing: forward caller scopes during approval (#55950 ) * Pairing: require caller scopes on approvals * Gateway: reject forbidden silent pairing results	2026-03-27 18:55:33 +00:00
Shakker	f1de00c107	fix: keep tui out of browser origin checks	2026-03-27 10:32:13 +00:00
Shakker	2b96569e2d	fix: add dedicated tui gateway client auth	2026-03-27 10:32:13 +00:00
Val Alexander	3e2b3bd2c5	Fix Control UI operator.read scope handling (#53110 ) Preserve Control UI scopes through the device-auth bypass path, normalize implied operator device-auth scopes, ignore cached under-scoped operator tokens, and degrade read-backed main pages gracefully when a connection truly lacks operator.read. Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>	2026-03-23 14:57:21 -05:00
Peter Steinberger	6d34d62795	test: harden no-isolate gateway auth and pairing	2026-03-22 15:15:50 -07:00
Vincent Koc	04eb17bfab	Tests: clean up trusted proxy pairing seed	2026-03-17 21:33:25 -07:00
Vincent Koc	870f260772	Gateway: cover trusted-proxy scope regression (#49372 ) * Gateway: cover trusted-proxy scope regression * Changelog: note trusted-proxy regression coverage * Gateway: format trusted-proxy regression test	2026-03-17 19:59:01 -07:00
Peter Steinberger	ccf16cd889	fix(gateway): clear trusted-proxy control ui scopes	2026-03-17 10:07:53 -07:00
Vincent Koc	5e389d5e7c	Gateway/ws: clear unbound scopes for shared-token auth (#44306 ) * Gateway/ws: clear unbound shared-auth scopes * Gateway/auth: cover shared-token scope stripping * Changelog: add shared-token scope stripping entry * Gateway/ws: preserve allowed control-ui scopes * Gateway/auth: assert control-ui admin scopes survive allowed device-less auth * Gateway/auth: cover shared-password scope stripping	2026-03-12 14:52:24 -04:00
Josh Avant	a76e810193	fix(gateway): harden token fallback/reconnect behavior and docs (#42507 ) * fix(gateway): harden token fallback and auth reconnect handling * docs(gateway): clarify auth retry and token-drift recovery * fix(gateway): tighten auth reconnect gating across clients * fix: harden gateway token retry (#42507) (thanks @joshavant)	2026-03-10 17:05:57 -05:00
Vincent Koc	e4d80ed556	CI: restore main detect-secrets scan (#38438 ) * Tests: stabilize detect-secrets fixtures * Tests: fix rebased detect-secrets false positives * Docs: keep snippets valid under detect-secrets * Tests: finalize detect-secrets false-positive fixes * Tests: reduce detect-secrets false positives * Tests: keep detect-secrets pragmas inline * Tests: remediate next detect-secrets batch * Tests: tighten detect-secrets allowlists * Tests: stabilize detect-secrets formatter drift	2026-03-07 10:06:35 -08:00
Peter Steinberger	25a2fe2bea	refactor(tests): dedupe control ui auth pairing fixtures	2026-03-03 02:53:13 +00:00
Peter Steinberger	6a42d09129	refactor: dedupe gateway config and infra flows	2026-03-03 00:15:14 +00:00
Peter Steinberger	3beb1b9da9	test: speed up heavy suites with shared fixtures	2026-03-02 21:58:35 +00:00
Peter Steinberger	5f0cbd0edc	refactor(gateway): dedupe auth and discord monitor suites	2026-03-02 21:31:36 +00:00
Peter Steinberger	83c8406f01	refactor(security): split gateway auth suites and share safe write path checks	2026-03-02 18:07:03 +00:00

45 Commits