vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 09:41:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,907 Commits 1,233 Branches 104 Tags
afff0716f7d720272fb68d31b5a877dffc241bda
Commit Graph

29907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tak Hoffman
afff0716f7 ci: shard checks-node-test by vitest suite 2026-04-10 15:59:41 -05:00
Davanum Srinivas
fbf11ebdb7 fix(sandbox): enforce CDP source-range restriction by default (#61404) 
* fix(sandbox): enforce CDP source-range restriction by default

Auto-derive CDP_SOURCE_RANGE from Docker network gateway IP when not
explicitly configured. The entrypoint script refuses to start the socat
CDP relay without a source range (fail-closed).

- readDockerNetworkGateway: use Go template println, filter <no value>
  sentinel, prefer IPv4 gateway on dual-stack networks
- Reject IPv6-only gateways for auto-derivation (relay binds IPv4)
- Remove stale browser_cdp_bridge_unrestricted audit check (runtime
  auto-derives range for all bridge-like networks)
- Bump SANDBOX_BROWSER_SECURITY_HASH_EPOCH to force container recreation

* chore(changelog): add sandbox CDP source-range entry

* fix(sandbox): gate CDP source-range derivation to bridge-style networks

Only auto-derive OPENCLAW_BROWSER_CDP_SOURCE_RANGE from the Docker
gateway IP for bridge networks (or when driver is unknown). Non-bridge
drivers (macvlan, ipvlan, overlay) may route traffic from different
source IPs, so they require explicit cdpSourceRange config.

Adds readDockerNetworkDriver helper and a regression test for macvlan.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:59:25 -06:00
Peter Steinberger
67ae576b9e test: remove redundant launchd conversions 2026-04-10 21:58:40 +01:00
Peter Steinberger
fc50e23262 refactor: remove redundant model picker conversions 2026-04-10 21:57:01 +01:00
Peter Steinberger
fdaebf587c test: remove redundant phone control conversions 2026-04-10 21:55:28 +01:00
Peter Steinberger
9470b616c9 refactor: remove redundant camera CLI conversions 2026-04-10 21:53:47 +01:00
Peter Steinberger
7ccf4b7d02 refactor: remove redundant twitch setup conversions 2026-04-10 21:51:36 +01:00
Peter Steinberger
506f564fb9 refactor: remove redundant telegram conversions 2026-04-10 21:49:54 +01:00
Peter Steinberger
405a920862 refactor: remove redundant browser helper conversions 2026-04-10 21:48:38 +01:00
Peter Steinberger
20849e7196 refactor: remove redundant browser session conversions 2026-04-10 21:46:52 +01:00
Peter Steinberger
3475404c7e refactor: remove redundant browser state conversions 2026-04-10 21:46:00 +01:00
Peter Steinberger
c66afe472a docs: add codex harness setup guide 2026-04-10 21:45:32 +01:00
Peter Steinberger
b76f218c53 refactor: remove redundant browser screenshot conversions 2026-04-10 21:44:53 +01:00
Peter Steinberger
e892def77c chore: bump basic-ftp override 2026-04-10 21:44:16 +01:00
Peter Steinberger
1560da7be2 refactor: remove redundant browser cdp conversions 2026-04-10 21:43:34 +01:00
Peter Steinberger
b8554128b4 refactor: remove redundant model auth conversions 2026-04-10 21:42:10 +01:00
Peter Steinberger
972ed139a7 fix: make docs anchor audit use Mintlify CLI 2026-04-10 21:39:52 +01:00
Peter Steinberger
b0a39f4112 test: remove redundant matrix conversions 2026-04-10 21:34:41 +01:00
Tak Hoffman
71c4900051 test: harden telegram reply media transport stub 2026-04-10 15:31:55 -05:00
Peter Steinberger
75823947ae test: remove redundant loader message conversions 2026-04-10 21:30:48 +01:00
Peter Steinberger
cb3fbe7e50 refactor: remove redundant session patch conversions 2026-04-10 21:29:27 +01:00
Peter Steinberger
277028f1f5 test: remove redundant doctor string conversions 2026-04-10 21:27:33 +01:00
Peter Steinberger
c16b1b7433 docs: document harness fallback policy 2026-04-10 21:27:26 +01:00
Peter Steinberger
d236cb4680 chore: enable redundant type constituent checks 2026-04-10 21:23:40 +01:00
Peter Steinberger
6783bef7ed ci: refresh browser raw fetch guard 2026-04-10 21:22:16 +01:00
Peter Steinberger
bce0e5228a fix(codex): satisfy approval bridge lint 2026-04-10 21:22:16 +01:00
Peter Steinberger
8bc157c304 fix: prefer manifest evidence in install scanner 2026-04-10 21:22:16 +01:00
Peter Steinberger
ba55a81a32 fix: close landing test gaps 2026-04-10 21:22:16 +01:00
Peter Steinberger
b174d8aed4 build: refresh pi-ai lockfile snapshot 2026-04-10 21:22:16 +01:00
Peter Steinberger
d3cabde7b8 fix(browser): keep legacy ssrf alias raw-config only 2026-04-10 21:22:16 +01:00
Peter Steinberger
2bd56b8c38 build: refresh Codex harness lockfile 2026-04-10 21:22:16 +01:00
Peter Steinberger
c9067b6520 fix: preserve scoped plugin symlink installs 2026-04-10 21:22:16 +01:00
Peter Steinberger
3198c10fba fix: stabilize Codex harness landing checks 2026-04-10 21:22:16 +01:00
Peter Steinberger
d5698038d7 fix(codex): keep app-server inside extension src 2026-04-10 21:22:16 +01:00
Peter Steinberger
dbca237c77 docs: note Codex harness PR in changelog 2026-04-10 21:22:16 +01:00
Peter Steinberger
2d80bbc43d feat(agents): allow disabling PI harness fallback 2026-04-10 21:22:16 +01:00
Peter Steinberger
6e4d78ce80 fix(codex): require supported app-server version 2026-04-10 21:22:16 +01:00
Peter Steinberger
cb19451132 refactor: drop legacy Codex approval support 2026-04-10 21:22:16 +01:00
Peter Steinberger
84098a2267 fix: keep Codex harness opt-in by default 2026-04-10 21:22:16 +01:00
Peter Steinberger
106256d896 fix: address Codex harness review regressions 2026-04-10 21:22:16 +01:00
Peter Steinberger
b79f9f965e fix: address Codex harness review issues 2026-04-10 21:22:16 +01:00
Peter Steinberger
bfc0889776 docs: document Codex harness plugin workflow 2026-04-10 21:22:16 +01:00
Peter Steinberger
dd26e8c44d feat: add Codex app-server harness extension 2026-04-10 21:22:16 +01:00
Peter Steinberger
44ec4d05de feat: add pluggable agent harness registry 2026-04-10 21:22:16 +01:00
Peter Steinberger
fa97004ee1 test: remove duplicate gateway server coverage 2026-04-10 21:15:57 +01:00
Agustin Rivera
851294126b Redact Gmail watcher startup args from log tail (#62661) 
* fix(logging): redact gmail watcher startup args

* fix(logging): normalize redaction formatting

* fix(logging): harden gmail watcher log redaction

* fix(logging): honor configured log tail redaction

* fix(logging): skip redact pattern resolution when off

* fix(logging): reuse compiled redact regexes

* chore: untrack USER.md (covered by .gitignore)

* chore: untrack USER.md (covered by .gitignore)

* fix(logging): avoid double-resolution in log-tail redaction

* fix(logging): redact across line boundaries for multiline patterns

* fix(logging): guard redactSensitiveLines against empty input

* chore(changelog): add Gmail watcher log redaction entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:07:28 -06:00
Peter Steinberger
733137615f test: trim agents shard waits 2026-04-10 21:07:12 +01:00
Agustin Rivera
eab6fcedaa Ensure ACPX plugin-tools bridge honors before_tool_call (#63886) 
* fix(acpx): honor tool hook on plugin bridge

Co-authored-by: smaeljaish771 <smaeljaish771@gmail.com>

* chore(changelog): add ACPX plugin-tools before_tool_call entry

---------

Co-authored-by: smaeljaish771 <smaeljaish771@gmail.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:05:34 -06:00
Extra Small
abb4736267 fix(skills): add missing opening --- to taskflow and taskflow-inbox-triage SKILL.md frontmatter (openclaw#64469) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test src/agents/skills.bundled-frontmatter.test.ts

Co-authored-by: extrasmall0 <"258180677"+extrasmall0@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-10 14:59:55 -05:00
Peter Steinberger
0ebeee8b0d chore: enable consistent-return 2026-04-10 20:56:43 +01:00