vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-13 02:01:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
28,927 Commits 1,246 Branches 105 Tags
a51488c13ca4c19265fc454dc4f1df241cfadbfd
Commit Graph

18026 Commits

Author SHA1 Message Date
Peter Steinberger
7e2fc57858 Tests: update compaction fallback retry mock 2026-04-07 23:52:54 +01:00
Peter Steinberger
c0aed59fca refactor: move qa suite definitions into markdown 2026-04-07 23:39:50 +01:00
Peter Steinberger
11185f6397 fix(test): align boundary and approval suites 2026-04-07 23:26:34 +01:00
Peter Steinberger
d471bbc94d test: speed up auth profile store tests 2026-04-07 23:17:39 +01:00
Peter Steinberger
b2169c4295 test: speed up subagent registry persistence resume test 2026-04-07 23:17:28 +01:00
Peter Steinberger
fdf60c06b0 refactor: dedupe gateway agent trimmed readers 2026-04-07 22:57:52 +01:00
Peter Steinberger
7999767a0f refactor: dedupe core trimmed string readers 2026-04-07 22:57:52 +01:00
Peter Steinberger
7897fb9c84 refactor: dedupe locale lowercase helpers 2026-04-07 22:57:52 +01:00
Peter Steinberger
88ac6f1194 refactor: dedupe remaining lowercase helpers 2026-04-07 22:57:52 +01:00
Peter Steinberger
b6970865b6 refactor: dedupe path lowercase helpers 2026-04-07 22:57:52 +01:00
Peter Steinberger
5a020cf9a1 refactor: dedupe canvas lowercase helpers 2026-04-07 22:57:52 +01:00
Peter Steinberger
e0ad3e79e6 refactor: dedupe normalization lowercase helpers 2026-04-07 22:57:52 +01:00
Agustin Rivera
fa82193c72 fix(env): align inherited host exec env filtering (#59119) 
* fix(env): block inherited host exec config vars

* fix(env): preserve trusted inherited proxy env

* fix(env): preserve inherited host exec vars

* fix(env): refresh host env policy parity artifacts

* test(env): align blocked override ordering

* docs(changelog): add host env policy parity entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 15:50:32 -06:00
Agustin Rivera
423a14e2be fix(git): expand host env denylist coverage (#62002) 
* fix(git): expand host env denylist

* fix(git): block alternate object directories

* docs(changelog): add git env denylist entry

* docs(changelog): remove conflict markers

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 15:39:28 -06:00
Peter Steinberger
81a613f687 test: speed up agent config auth tests 2026-04-07 22:26:23 +01:00
Peter Steinberger
1a72ed7e13 test: speed up subagent registry tests 2026-04-07 22:26:23 +01:00
Agustin Rivera
a31cb15561 Guard missed base64 decode paths (#62007) 
* fix(media): guard missed base64 decode paths

Co-authored-by: zsxsoft <git@zsxsoft.com>

* fix(media): wire maxBytes into image-generate-tool and consolidate base64 guard helpers

* docs(changelog): add base64 decode guard entry

* fix(image-generate): validate configured media cap

---------

Co-authored-by: zsxsoft <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 15:25:19 -06:00
Peter Steinberger
67dc6e82b9 refactor: dedupe misc lowercase helpers 2026-04-07 22:24:32 +01:00
Gustavo Madeira Santana
af4a2faa1d types: preserve approval runtime payload typing 2026-04-07 17:11:04 -04:00
Peter Steinberger
5fb6aeaf86 fix: preserve fallback error details 2026-04-07 22:07:12 +01:00
Agustin Rivera
b9e972e174 Protect gateway exec approval config paths (#62001) 
* fix(gateway): protect exec approval config paths

* fix(gateway): compare protected config paths by value

* docs(changelog): add gateway exec config entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 14:56:14 -06:00
Gustavo Madeira Santana
ecc9a65f34 Tests: align approval gateway seams 2026-04-07 16:06:02 -04:00
Gustavo Madeira Santana
28fc5d9b5e Plugin SDK: split approval adapter seams 2026-04-07 16:06:02 -04:00
Gustavo Madeira Santana
9bcef781e7 Tests: restore approval runtime coverage 2026-04-07 16:06:02 -04:00
Peter Steinberger
bfff74fb11 refactor: dedupe core lowercase helpers 2026-04-07 20:58:01 +01:00
Peter Steinberger
abf81ff1ed refactor: dedupe plugin lowercase helpers 2026-04-07 20:57:04 +01:00
Peter Steinberger
182d41d678 refactor: dedupe command config lowercase helpers 2026-04-07 20:57:03 +01:00
Peter Steinberger
493e1c246e refactor: dedupe remaining lowercase helpers 2026-04-07 20:57:03 +01:00
Peter Steinberger
e51a00ffc7 refactor: dedupe gateway infra lowercase helpers 2026-04-07 20:57:03 +01:00
Gustavo Madeira Santana
ad6bfc44d5 Tests: align approval runtime helpers 2026-04-07 15:37:28 -04:00
Gustavo Madeira Santana
b78202d44e fix(exec): harden stale/replay/live requests 2026-04-07 15:37:28 -04:00
Gustavo Madeira Santana
6484b41eb9 Approvals: replay pending requests on startup 2026-04-07 15:37:01 -04:00
Peter Steinberger
a00b01f5ed fix: harden complex qa suite scenarios 2026-04-07 20:35:39 +01:00
Andrew Demczuk
bffb83acf8 fix(gateway): stop SSRF guard rejecting operator-configured proxy hostnames (#62312) 
When allowPrivateProxy is true, the explicit proxy hostname is operator-
configured and trusted. The SSRF guard was checking the proxy hostname
against the target-scoped hostnameAllowlist (e.g. ["api.telegram.org"]),
which rejected localhost and other local proxy hostnames. This broke
Telegram media downloads (and any channel using a local proxy) after
the url-fetch security hardening in 2026.4.x.

Clear the hostnameAllowlist for the proxy hostname check while keeping
private-network IP validation in place via allowPrivateNetwork.

Fixes #61906

Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 13:22:21 -06:00
Peter Steinberger
cfbe7ac227 fix(test): refresh schema snapshot and stabilize channel registry 2026-04-07 20:04:29 +01:00
Agustin Rivera
e5aae5e056 fix(browser): align browser.proxy profile mutation guards (#60489) 
* fix(browser): block proxy profile mutations

* docs(changelog): add browser proxy guard entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 13:00:21 -06:00
Peter Steinberger
744d176744 test: speed up plugin cli tests 2026-04-07 19:59:46 +01:00
Agustin Rivera
a383878e97 Require re-pairing for node reconnect command upgrades (#62658) 
* fix(node): require re-pairing for reconnect command upgrades

Co-authored-by: zsx <git@zsxsoft.com>

* fix(node): tighten reconnect pairing test polling

* docs(changelog): add node reconnect pairing entry

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 12:48:18 -06:00
Peter Steinberger
93ab2ac69d test(gateway): cover isolated cron session key routing 2026-04-07 19:46:16 +01:00
pgondhi987
23ab290a71 fix: expand host-exec env blocklist for Java, Rust, and Cargo toolchains [AI-assisted] (#62291) 
* fix: address issue

* docs(changelog): add host env blocklist entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-07 12:40:54 -06:00
BitToby
9edf9804b1 feat: add cover image support to Discord event create (#60883) 
* feat: add image param to Discord event create for cover art

* fix: pass trusted media roots to event cover image loader

* fix: solve lint error

* fix: add changelog entry for Discord event cover image support (#60883) (thanks @bittoby)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-04-07 13:40:39 -05:00
Gustavo Madeira Santana
d78512b09d Refactor: centralize native approval lifecycle assembly (#62135) 
Merged via squash.

Prepared head SHA: b7c20a7398
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-07 14:40:26 -04:00
pgondhi987
4108901932 fix(fetch-guard): drop request body on cross-origin unsafe-method redirects [AI-assisted] (#62357) 
* fix: address issue

* fix: address review feedback

* docs(changelog): add fetch guard redirect body entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 12:11:00 -06:00
Peter Steinberger
d855f5f505 Tests: fix full-suite regressions 2026-04-07 18:59:38 +01:00
DhruvBhatia0
12331f0463 feat: add pluggable compaction provider registry (#56224) 
Merged via squash.

Prepared head SHA: 0cc9cf3f30
Co-authored-by: DhruvBhatia0 <69252327+DhruvBhatia0@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-07 10:55:34 -07:00
i-dentifier
adb7b0d5d6 fix: compaction after tool use abortion cause agent infinite loop calls (#62600) 
Merged via squash.

Prepared head SHA: 304ba07207
Co-authored-by: i-dentifier <44976464+i-dentifier@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-07 10:28:00 -07:00
Peter Steinberger
7c478473fe Tests: tighten cron timeout start handshakes 2026-04-08 01:20:00 +08:00
Peter Steinberger
16cebe5669 Tests: stabilize cron timeout regressions 2026-04-08 01:10:19 +08:00
pgondhi987
df881d5c18 fix(allowlist): gate write commands behind owner check before channel resolution [AI] (#62383) 
* fix: address issue

* docs(changelog): add allowlist owner gate entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-07 11:01:15 -06:00
EVA
caecd3c1fe fix(agents): heartbeat always targets main session — prevent routing to active subagent sessions (#61803) 
Merged via squash.

Prepared head SHA: 5d79db3940
Co-authored-by: 100yenadmin <239388517+100yenadmin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-07 09:59:18 -07:00