vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-04 13:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,683 Commits 1,080 Branches 95 Tags
b40ef364b71cd686c1ee87db5499d5cc0deca4ef
Commit Graph

24683 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
wangchunyue
b40ef364b7 fix: pin admin-only subagent gateway scopes (#59555) (thanks @openperf) 
* fix(agents): pin subagent gateway calls to admin scope to prevent scope-upgrade pairing failures

callSubagentGateway forwards params to callGateway without explicit scopes,
so callGatewayLeastPrivilege negotiates the minimum scope per method
independently.  The first connection pairs the device at a lower tier and
every subsequent higher-tier call triggers a scope-upgrade handshake that
headless gateway-client connections cannot complete interactively
(close 1008 "pairing required").

Pin callSubagentGateway to operator.admin so the device is paired at the
ceiling scope on the very first (silent, local-loopback) handshake, avoiding
any subsequent scope-upgrade negotiation entirely.

Fixes #59428

* fix: pin admin-only subagent gateway scopes (#59555) (thanks @openperf)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-02 19:40:03 +05:30
Vincent Koc
4f692190b4 fix(config): tolerate missing facade boundary config 2026-04-02 23:04:53 +09:00
skernelx
e0d20966ae Refine JSONL socket EOF regression test 2026-04-02 23:03:36 +09:00
skernelx
0e3cc12900 Fix macOS exec-host JSONL socket deadlock 2026-04-02 23:03:36 +09:00
Peter Steinberger
c4fb15e492 test: make web fetch runtime env handling hermetic 2026-04-02 15:02:40 +01:00
jacky
ecf72319ed fix: use JSON5 parser for plugin manifest loading (#57734) [AI-assisted] (#59084) 
Merged via squash.

Prepared head SHA: 58a4d537fc
Co-authored-by: singleGanghood <179357632+singleGanghood@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-02 22:02:04 +08:00
Vincent Koc
bb3f17fc02 refactor(plugins): drop generic status report alias (#59700) 2026-04-02 22:59:25 +09:00
Vincent Koc
b0f94a227b refactor(providers): normalize transport policy wiring (#59682) 
* refactor(providers): normalize transport policy wiring

* fix(providers): address transport policy review

* fix(providers): harden transport overrides

* fix(providers): keep env proxy tls separate

* fix(changelog): note provider transport policy hardening
 2026-04-02 22:54:34 +09:00
Peter Steinberger
4269f40811 docs(security): clarify exec yolo default 2026-04-02 14:52:51 +01:00
Peter Steinberger
c678ae7e7a feat(exec): default host exec to yolo 2026-04-02 14:52:51 +01:00
Vincent Koc
0500b410c5 docs: update config paths for Firecrawl web_fetch and xAI x_search migrations, add Android assistant section, backfill PR numbers 2026-04-02 22:52:00 +09:00
Vincent Koc
def5b954a8 feat(plugins): surface imported runtime state in status tooling (#59659) 
* feat(plugins): surface imported runtime state

* fix(plugins): keep status imports snapshot-only

* fix(plugins): keep status snapshots manifest-only

* fix(plugins): restore doctor load checks

* refactor(plugins): split snapshot and diagnostics reports

* fix(plugins): track imported erroring modules

* fix(plugins): keep hot metadata where required

* fix(plugins): keep hot doctor and write targeting

* fix(plugins): track throwing module imports
 2026-04-02 22:50:17 +09:00
Peter Steinberger
1ecd92af89 chore: refresh deps and backfill changelog 2026-04-02 14:49:47 +01:00
Ayaan Zaidi
a1f95e5278 fix: land Android assistant entrypoints (#59596) 2026-04-02 19:16:34 +05:30
Ayaan Zaidi
41b81ca7f8 fix: address Android assistant review feedback 2026-04-02 19:16:34 +05:30
Ayaan Zaidi
59eccef768 feat: add Google Assistant App Actions entrypoint 2026-04-02 19:16:34 +05:30
Ayaan Zaidi
e45b29b247 feat: add Android assistant role entrypoint 2026-04-02 19:16:34 +05:30
Ayaan Zaidi
fcf708665c feat: route Android assistant launches into chat 2026-04-02 19:16:34 +05:30
Agustin Rivera
290e5bf219 fix(dotenv): block helper interpreter workspace overrides (#58473) 
* fix(dotenv): block helper interpreter workspace overrides

* fix(dotenv): cover trusted helper interpreter envs

* fix(changelog): note dotenv helper override hardening

* fix(changelog): remove dotenv entry from pr

* changelog: note dotenv helper override hardening

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 06:45:13 -07:00
Vincent Koc
52a6e354a8 fix(tasks): reset agent events in executor tests 2026-04-02 22:25:59 +09:00
Vincent Koc
ec6a07ef05 fix(secrets): add legacy x_search secret target 2026-04-02 22:24:08 +09:00
Jacob Tomlinson
3528e15817 changelog: add openshell mirror sync fix entry (#58515) 2026-04-02 13:23:58 +00:00
Peter Steinberger
3cca07a983 docs: reorder changelog entries by user interest 2026-04-02 14:22:19 +01:00
Agustin Rivera
b21c9840c2 OpenShell: constrain mirror sync roots (#58515) 
* fix(openshell): constrain mirror sync roots

* fix(openshell): restore config test types

* fix(openshell): simplify managed root sync
 2026-04-02 06:21:30 -07:00
Vincent Koc
3e4de956c0 !refactor(xai): move x_search config behind plugin boundary (#59674) 
* refactor(xai): move x_search config behind plugin boundary

* chore(changelog): note x_search config migration

* fix(xai): include x_search migration helpers
 2026-04-02 22:08:59 +09:00
Agustin Rivera
ef7c553dd1 fix(zalo): scope webhook replay dedupe (#58444) 
* fix(zalo): scope webhook replay dedupe

* fix(zalo): harden replay metadata reads

* docs(changelog): add Zalo replay scope fix entry

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 06:07:14 -07:00
Vincent Koc
12bd6b7bb9 fix(tasks): address task-flow audit review (#59672) 2026-04-02 22:02:00 +09:00
Devin Robison
7eae9c0e62 Block remaining host env override pivots (#59233) 
* Blck remaining host env override pivots

* Feedback update
 2026-04-02 06:00:26 -07:00
Agustin Rivera
54a0878517 fix(gateway): enforce session kill HTTP scopes (#59128) 
* fix(gateway): enforce session kill HTTP scopes

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* fix(gateway): type session kill auth mock

* fix(gateway): gate session kill before lookup

* docs: add changelog entry for session kill HTTP scopes

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-04-02 05:56:17 -07:00
Agustin Rivera
be10ecef77 fix(compare): reuse shared secret comparison helper (#58432) 
* fix(compare): reuse shared secret comparison helper

* fix(compare): reject empty bluebubbles auth tokens

* docs: add changelog entry for shared secret comparison fix

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 13:53:19 +01:00
Vincent Koc
4c08b0bb08 fix(tasks): allow task-flow registry audit seams 2026-04-02 21:49:26 +09:00
Vincent Koc
cfbad0a4f9 fix(providers): unify request policy resolution (#59653) 
* fix(providers): unify request policy resolution

* fix(providers): preserve request config SDK contract

* fix(providers): harden request header policy
 2026-04-02 21:42:11 +09:00
Vincent Koc
d4f69878da fix(tasks): close registry stores on test resets 2026-04-02 21:40:40 +09:00
Vincent Koc
6f91f87f3b refactor(tasks): move task-flow ownership under tasks 2026-04-02 21:40:40 +09:00
Vincent Koc
0f45630d19 fix(tasks): harden task-flow restore and maintenance 2026-04-02 21:40:40 +09:00
mappel-nv
9c22d63669 Browser: normalize localhost absolute-form CDP hosts (#59236) 
* Browser: normalize localhost absolute-form CDP hosts

* CHANGELOG: note localhost absolute-form CDP fix

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 13:34:55 +01:00
Vincent Koc
e48ee8ae9e test(secrets): update inactive warning coverage 2026-04-02 21:21:38 +09:00
Vincent Koc
b18de06bff test(secrets): fix runtime coverage env allowlist 2026-04-02 21:10:30 +09:00
Vincent Koc
15e6a88c67 fix(config): sync generated base schema 2026-04-02 21:04:06 +09:00
gavyngong
761cdc967d fix(gateway): prune empty node-pending-work state entries to prevent memory leak (#58179) 
Merged via squash.

Prepared head SHA: 1efee3099f
Co-authored-by: gavyngong <267269824+gavyngong@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-02 20:00:18 +08:00
Vincent Koc
9823833383 fix(plugins): preserve activation provenance (#59641) 
* fix(plugins): preserve activation provenance

* fix(gateway): preserve activation reason metadata

* fix(plugins): harden activation state policy
 2026-04-02 20:57:14 +09:00
Vincent Koc
6eca1949d5 refactor(plugins): tighten web fetch provider boundary (#59646) 
* refactor(plugins): tighten web fetch provider boundary

* fix(config): sync fetch secret parity and baseline

* fix(ci): enforce web fetch boundary guard
 2026-04-02 20:53:57 +09:00
Vincent Koc
5abd5d889f fix(providers): classify copilot native endpoints (#59644) 
* fix(providers): classify copilot native endpoints

* fix(changelog): add copilot endpoint note

* fix(providers): handle copilot proxy hints
 2026-04-02 20:51:46 +09:00
Shakker
71d49012fc fix: align secretref web-fetch matrix 2026-04-02 12:47:09 +01:00
Vincent Koc
5639e8d242 fix(tasks): stabilize task-flow rename gates 2026-04-02 20:43:04 +09:00
Vincent Koc
e894c7e66e refactor(commands): switch flow tooling to task-flow names 2026-04-02 20:43:03 +09:00
Vincent Koc
b6c3ecedd8 refactor(tasks): update plugin and acp task-flow consumers 2026-04-02 20:43:03 +09:00
Vincent Koc
a7909d46d2 refactor(tasks): migrate task runtime callsites to task-flow 2026-04-02 20:43:03 +09:00
Vincent Koc
a51c976d27 refactor(tasks): rename flow registry modules to task-flow 2026-04-02 20:43:03 +09:00
Vincent Koc
c405bcfa98 refactor(providers): centralize request capabilities (#59636) 
* refactor(providers): centralize request capabilities

* fix(providers): harden comparable base url parsing
 2026-04-02 20:26:22 +09:00