vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,180 Commits 680 Branches 76 Tags
a0c5e28f3bf0cc0cd9311f9e9ec2ca0352550dcf
Commit Graph

15180 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
a0c5e28f3b refactor(extensions): use scoped pairing helper 2026-02-26 21:57:52 +01:00
Peter Steinberger
36b6ea1446 docs: enforce repo-relative file refs in AGENTS 2026-02-26 21:57:52 +01:00
Peter Steinberger
192df12d60 test(voice-call): cover verification key and header helpers 2026-02-26 21:54:09 +01:00
Peter Steinberger
535ef8991c refactor(voice-call): enforce verified webhook key contract 2026-02-26 21:54:09 +01:00
Peter Steinberger
6f0b4caa26 refactor(voice-call): share header and guarded api helpers 2026-02-26 21:54:09 +01:00
Peter Steinberger
78a7ff2d50 fix(security): harden node exec approvals against symlink rebind 2026-02-26 21:47:45 +01:00
Peter Steinberger
611dff985d fix(agents): harden embedded pi project settings loading 2026-02-26 21:46:39 +01:00
Peter Steinberger
38b6cee020 feat(config): add embedded pi project settings policy 2026-02-26 21:46:39 +01:00
Peter Steinberger
1aadf26f9a fix(voice-call): bind webhook dedupe to verified request identity 2026-02-26 21:43:51 +01:00
Vincent Koc
5a453eacbd chore(onboarding): add explicit account-risk warning for Gemini CLI OAuth and docs (#16683) 
* docs: add account-risk caution to Google OAuth provider docs

* docs(plugin): add Gemini CLI account safety caution

* CLI: add risk hint for Gemini CLI auth choice

* Onboarding: require confirmation for Gemini CLI OAuth

* Tests: cover Gemini CLI OAuth risk confirmation flow
 2026-02-26 15:25:42 -05:00
Vincent Koc
764cd5a310 fix(gemini-oauth): align OAuth project discovery metadata and endpoint fallbacks (#16684) 
* fix(gemini-oauth): align loadCodeAssist metadata and endpoint fallback

* test(gemini-oauth): cover endpoint fallback and env project fallback

* fix(gemini-oauth): route timed fetches through ssrf guard

* test(gemini-oauth): mock guarded fetch in oauth tests
 2026-02-26 15:24:35 -05:00
Peter Steinberger
a1628d89ec refactor: unify outbound session context wiring 2026-02-26 21:03:28 +01:00
Peter Steinberger
8483e01a68 refactor(matrix): dedupe sender label resolution for inbound bodies 2026-02-26 20:57:05 +01:00
Peter Steinberger
01b4f42f9a fix(matrix): preserve sender labels in Matrix BodyForAgent 2026-02-26 20:57:05 +01:00
Peter Steinberger
4cb4053993 fix: complete sessionKey forwarding for message:sent hook (#27584) (thanks @qualiobra) 2026-02-26 19:56:27 +00:00
Lucas Teixeira Campos Araujo
a4408a917e fix: pass sessionKey to deliverOutboundPayloads for message:sent hook dispatch 
Several call sites of deliverOutboundPayloads() were not passing the
sessionKey parameter, causing the internal message:sent hook to never
fire (the guard `if (!sessionKeyForInternalHooks) return` in deliver.ts
silently skipped the triggerInternalHook call).

Fixed call sites:
- commands/agent/delivery.ts (agent loop replies — main fix)
- infra/heartbeat-runner.ts (heartbeat OK + alert delivery)
- infra/outbound/message.ts (message tool sends)
- cron/isolated-agent/delivery-dispatch.ts (cron job delivery)
- gateway/server-node-events.ts (node event forwarding)

The sessionKey parameter already existed in DeliverOutboundPayloadsCoreParams
and was used by deliver.ts to emit the message:sent internal hook event,
but was simply not being passed from most callers.
 2026-02-26 19:56:27 +00:00
Taras Shynkarenko
20730af20b fix(browser): stop wrapping application errors with Can't reach message 2026-02-26 19:55:39 +00:00
Vincent Koc
311f57a2cd Changelog: add entries for PR #12849 and #27585 (#27887) 2026-02-26 14:54:48 -05:00
Peter Steinberger
675764e866 refactor(tui): simplify stream boundary-drop modes 2026-02-26 20:54:29 +01:00
Peter Steinberger
b01273cfc6 fix: narrow finalize boundary-drop guard (#27711) (thanks @scz2011) 2026-02-26 19:50:06 +00:00
AI Assistant
d6cbaea434 fix(tui): preserve streamed text during tool call transitions 
Fixes #27674

The TUI was erasing already-streamed assistant text when tool calls
were triggered. This happened because the finalize() method in
TuiStreamAssembler was not using the protectBoundaryDrops option
when updating run state.

Now finalize() applies the same boundary drop protection as
ingestDelta(), ensuring that streamed text before tool calls is
preserved when the final payload drops earlier content blocks.
 2026-02-26 19:50:06 +00:00
Shadow
03159f3942 CI: add maintainer ping auto-response 2026-02-26 13:30:12 -06:00
Peter Steinberger
344f54b84d refactor(config): dedupe model api definitions 2026-02-26 20:00:11 +01:00
Peter Steinberger
ac03803d12 fix: align codex model api schema/type coverage (#27501) (thanks @AytuncYildizli) 2026-02-26 18:51:04 +00:00
AytuncYildizli
861b90f79c fix(config): add openai-codex-responses to ModelApiSchema 
The config schema validates provider api fields against ModelApiSchema,
but openai-codex-responses was missing from the allowed values. This
forces users to set api: "openai-responses" for the openai-codex
provider, which routes requests to api.openai.com/v1/responses instead
of chatgpt.com/backend-api/codex/responses, causing HTTP 401 errors
because Codex OAuth tokens lack api.responses.write scope for the
standard OpenAI Responses endpoint.

The runtime already supports openai-codex-responses throughout: model
registry, stream dispatch (streamOpenAICodexResponses), and provider
detection (OPENAI_MODEL_APIS set). Only the config schema was missing
the literal.
 2026-02-26 18:51:04 +00:00
Peter Steinberger
d92fc85555 refactor(cli): dedupe gateway run mode parsing 2026-02-26 19:50:49 +01:00
Shakker
f7041fbee3 fix(windows): normalize namespaced path containment checks 2026-02-26 18:49:48 +00:00
Peter Steinberger
dc6e4a5b13 fix: harden dm command authorization in open mode 2026-02-26 19:49:36 +01:00
Nimrod Gutman
3f20c43308 fix: add nimrod gutman maintainer profile (#27840) (thanks @ngutman) 2026-02-26 20:46:37 +02:00
Viz
a81cf35a6f Add contributor Jonathan Taylor to CONTRIBUTING.md 
Added Jonathan Taylor's contributions and contact links.
 2026-02-26 13:22:34 -05:00
Peter Steinberger
a909019078 fix: align gateway run auth modes (#27469) (thanks @s1korrrr) 2026-02-26 18:20:27 +00:00
Rafal
1087033abd fix(cli): list all supported auth modes in gateway run --auth help 
Made-with: Cursor
 2026-02-26 18:20:27 +00:00
Shakker
47f52cd233 test(cli): tighten daemon status TLS mock typings 2026-02-26 18:13:33 +00:00
Shakker
bed69339c1 fix(cli): scope daemon status TLS fingerprint to local probes 2026-02-26 18:13:33 +00:00
Shakker
b788616d9c fix(cli): add TLS daemon-status probe regression coverage 2026-02-26 18:13:33 +00:00
Liu Yuan
90d426f9ad fix(cli): gateway status probe with TLS when bind=lan 
- Use wss:// scheme when TLS is enabled (specifically for bind=lan)
- Load TLS runtime to get certificate fingerprint
- Pass fingerprint to probeGatewayStatus for self-signed cert trust
 2026-02-26 18:13:33 +00:00
Peter Steinberger
d6eefe2e75 style: format auth boundary updates 2026-02-26 18:50:47 +01:00
Peter Steinberger
262bca9bdd fix: restore dm command and self-chat auth behavior 2026-02-26 18:49:16 +01:00
Peter Steinberger
64de4b6d6a fix: enforce explicit group auth boundaries across channels 2026-02-26 18:49:16 +01:00
Shakker
d0d83a2020 docs(changelog): add PR #17017 entry 2026-02-26 17:10:09 +00:00
Shakker
fe842b5f14 test(auto-reply): cover inbound timestamp guard 2026-02-26 17:10:09 +00:00
Liu Yuan
c596658b8d feat(auto-reply): make agent time-aware with message timestamps 
Add human-readable timestamp field to the Conversation info JSON block.

Before:
  {
    "conversation_label": "D id:123"
  }

After:
  {
    "conversation_label": "D id:123",
    "timestamp": "Sun 2026-02-15 13:35 GMT+8"
  }

Benefits:
- Better time awareness for time-related questions
- Understand conversation gaps and response delays
- Handle delayed message delivery
- Context for relative time references ("just now", "later")
 2026-02-26 17:10:09 +00:00
Peter Steinberger
10481097f8 refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
Peter Steinberger
f4391c1725 docs(security): clarify Teams fileConsent uploadUrl report scope 2026-02-26 17:58:38 +01:00
Peter Steinberger
9597cf1890 docs(security): scope obfuscation parity reports as hardening 2026-02-26 17:58:25 +01:00
joshavant
edf7ad9b7d add me to Maintainers list 
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-02-26 10:55:03 -06:00
Peter Steinberger
9f154efa8d docs(acp): expand /acp operator playbook 2026-02-26 16:49:20 +00:00
Peter Steinberger
c5facb8477 fix(discord): avoid invalid /acp native option payload 2026-02-26 16:49:20 +00:00
Peter Steinberger
cd80c7e7ff refactor: unify dm policy store reads and reason codes 2026-02-26 17:47:57 +01:00
Peter Steinberger
53e30475e2 test(agents): add compaction and workspace reset regressions 2026-02-26 17:41:25 +01:00