vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-09 08:11:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,683 Commits 1,175 Branches 101 Tags
b40ef364b71cd686c1ee87db5499d5cc0deca4ef
Commit Graph

24 Commits

Author SHA1 Message Date
Gustavo Madeira Santana
ba735d0158 Exec approvals: unify effective policy reporting and actions (#59283) 
Merged via squash.

Prepared head SHA: d579b97a93
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-01 22:02:39 -04:00
Vincent Koc
2d53ffdec1 fix(exec): resolve remote approval regressions (#58792) 
* fix(exec): restore remote approval policy defaults

* fix(exec): handle headless cron approval conflicts

* fix(exec): make allow-always durable

* fix(exec): persist exact-command shell trust

* fix(doctor): match host exec fallback

* fix(exec): preserve blocked and inline approval state

* Doctor: surface allow-always ask bypass

* Doctor: match effective exec policy

* Exec: match node durable command text

* Exec: tighten durable approval security

* Exec: restore owner approver fallback

* Config: refresh Slack approval metadata

---------

Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-04-01 02:07:20 -07:00
Peter Steinberger
5e30da3cad fix(exec): restore strict inline-eval allow-always reuse 2026-03-31 23:45:22 +09:00
Peter Steinberger
7f373823b0 refactor: separate exec policy and execution targets 2026-03-23 19:36:44 -07:00
Peter Steinberger
d8cef14eb1 fix: split exec and policy resolution for wrapper trust (#53134) (thanks @vincentkoc) 2026-03-23 19:04:04 -07:00
Peter Steinberger
a94ec3b79b fix(security): harden exec approval boundaries 2026-03-22 09:35:25 -07:00
Peter Steinberger
57204b4fa9 fix(gateway): surface env override keys in exec approvals 2026-03-16 23:24:32 -07:00
Peter Steinberger
6720bf5be0 refactor: share exec host approval helpers 2026-03-14 02:40:28 +00:00
Peter Steinberger
565dc0d17b refactor: share exec approval registration context 2026-03-13 18:38:12 +00:00
Harold Hunt
de49a8b72c Telegram: exec approvals for OpenCode/Codex (#37233) 
Merged via squash.

Prepared head SHA: f243379094
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
 2026-03-09 23:04:35 -04:00
Peter Steinberger
3c71e2bd48 refactor(core): extract shared dedup helpers 2026-03-07 10:41:05 +00:00
Peter Steinberger
9617ac9dd5 refactor: dedupe agent and reply runtimes 2026-03-02 19:57:33 +00:00
Peter Steinberger
ed21b63bb8 refactor(plugin-sdk): share auth, routing, and stream/account helpers 2026-03-02 15:21:19 +00:00
Peter Steinberger
7fcec6ca3e refactor(streaming): share approval and stream message builders 2026-03-02 05:20:19 +00:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00
Peter Steinberger
6f0dd61795 fix(exec): restore two-phase approval registration flow 2026-02-24 03:16:36 +00:00
Peter Steinberger
a1c4bf07c6 fix(security): harden exec wrapper allowlist execution parity 2026-02-24 01:52:17 +00:00
Vincent Koc
0e28e50b45 fix(security): detect obfuscated commands that bypass allowlist filters (#24287) 
* security(exec): add obfuscated command detector

* test(exec): cover obfuscation detector patterns

* security(exec): enforce obfuscation approval on gateway host

* security(exec): enforce obfuscation approval on node host

* test(exec): prevent obfuscation timeout bypass

* chore(changelog): credit obfuscation security fix
 2026-02-23 02:50:06 -05:00
Peter Steinberger
8af19ddc5b refactor: extract shared dedupe helpers for runtime paths 2026-02-23 05:43:43 +00:00
Peter Steinberger
47c3f742b6 fix(exec): require explicit safe-bin profiles 2026-02-22 12:58:55 +01:00
Vignesh Natarajan
98b2b16ac3 Security/Exec: persist inner commands for shell-wrapper approvals 2026-02-21 21:26:20 -08:00
Peter Steinberger
f23da067f6 fix(security): harden heredoc allowlist parsing 2026-02-21 14:27:51 +01:00
Peter Steinberger
2581b67cdb refactor: share exec approval request helper 2026-02-19 14:27:37 +00:00
Peter Steinberger
fec48a5006 refactor(exec): split host flows and harden safe-bin trust 2026-02-19 14:22:01 +01:00