vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-04 12:00:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,683 Commits 1,843 Branches 149 Tags
b40ef364b71cd686c1ee87db5499d5cc0deca4ef
Commit Graph

4399 Commits

Author SHA1 Message Date
dhananjai1729
32b7c00f90 fix: apply SSE auth headers to initial GET, redact URL credentials, warn on malformed headers 2026-03-30 04:23:47 +09:00
dhananjai1729
6fda8b4e9a fix: use SDK Transport type to satisfy client.connect() signature 2026-03-30 04:23:47 +09:00
dhananjai1729
bf8303370e fix: address review feedback - fix env JSDoc, warn on dropped headers, await server close 2026-03-30 04:23:47 +09:00
dhananjai1729
d89bfed5cc feat(mcp): add SSE transport support for remote MCP servers 2026-03-30 04:23:47 +09:00
George Zhang
e133924047 [codex] harden clawhub plugin publishing and install (#56870) 
* fix: harden clawhub plugin publishing and install

* fix(process): preserve windows shim exit success
 2026-03-29 11:59:19 -07:00
Peter Steinberger
637b4c8193 refactor: move remaining provider policy into plugins 2026-03-29 23:05:58 +09:00
Peter Steinberger
edc58a6864 refactor: generalize provider transport hooks 2026-03-29 23:05:58 +09:00
wangchunyue
2c8c4e45f1 fix: preserve fallback prompt on model fallback for new sessions (#55632) (thanks @openperf) 
* fix(agents): preserve original task prompt on model fallback for new sessions

* fix(agents): use dynamic transcript check for sessionHasHistory on fallback retry

Address Greptile review feedback: replace the static !isNewSession flag
with a dynamic sessionFileHasContent() check that reads the on-disk
transcript before each fallback retry. This correctly handles the edge
case where the primary model completes at least one assistant-response
turn (flushing the user message to disk) before failing - the fallback
now sends the recovery prompt instead of duplicating the original body.

The !isNewSession short-circuit is kept as a fast path so existing
sessions skip the file read entirely.

* fix(agents): address security vulnerabilities in session fallback logic

Fixes three medium-severity security issues identified by Aisle Security Analysis on PR #55632:
- CWE-400: Unbounded session transcript read in sessionFileHasContent()
- CWE-400: Symlink-following in sessionFileHasContent()
- CWE-201: Sensitive prompt replay to a different fallback provider

* fix(agents): use JSONL parsing for session history detection (CWE-703)

Replace bounded byte-prefix substring matching in sessionFileHasContent()
with line-by-line JSONL record parsing. The previous approach could miss
an assistant message when the preceding user content exceeded the 256KB
read limit, causing a false negative that blocks cross-provider fallback
entirely.

* fix(agents): preserve fallback prompt across providers

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-29 18:35:45 +05:30
wangchunyue
fc3f6fa51f fix: preserve node exec cwd on remote hosts (#50961) (thanks @openperf) 
* fix(gateway): skip local workdir resolution for remote node execution

* chore: add inline comment for non-obvious node workdir skip

* fix: preserve node exec cwd on remote hosts (#50961) (thanks @openperf)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-29 17:46:49 +05:30
Mariano
17c36b5093 Gateway: track background task lifecycle (#52518) 
Merged via squash.

Prepared head SHA: 7c4554204e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-29 12:48:02 +02:00
nanakotsai
571da81a35 fix: keep openai-codex on HTTP responses transport 2026-03-29 15:04:38 +05:30
助爪
443295448c Track ACP sessions_spawn runs and emit ACP lifecycle events (#40885) 
* Fix ACP sessions_spawn lifecycle tracking

* fix(tests): resolve leftover merge markers in sessions spawn lifecycle test

* fix(agents): clarify acp spawn cleanup semantics

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-29 18:20:10 +09:00
Vincent Koc
af694def5b fix(agents): fail closed on silent turns (#52593) 
* fix(agents): fail closed on silent turns

* fix(agents): suppress all silent turn emissions

* fix(agents): pass silent turns into embedded subscribe
 2026-03-29 17:40:20 +09:00
Vincent Koc
57882f0351 fix(web-search): localize shared search cache (#54040) 
* fix(web-search): localize shared search cache

* docs(changelog): note localized web search cache

* test(web-search): assert module-local cache behavior

* Update CHANGELOG.md
 2026-03-29 17:25:07 +09:00
Vignesh Natarajan
9c185faba9 Agents: cover subagent memory tool policy 2026-03-29 01:12:58 -07:00
factnest365-ops
6c85c82ba3 fix: allow memory_search and memory_get in sub-agent sessions 
Remove memory_search and memory_get from SUBAGENT_TOOL_DENY_ALWAYS.

These are read-only tools with no side effects that are essential for
multi-agent setups relying on shared memory for context retrieval.

Rationale:
- Read-only tools (memory_search, memory_get) have no side effects and
  cannot modify state, send messages, or affect external systems
- Other read-only tools (read, web_search, web_fetch) are already
  available to sub-agents by default
- Multi-agent deployments with shared knowledge depend on memory tools
  for context retrieval
- The workaround (tools.subagents.tools.alsoAllow) works but requires
  manual configuration that contradicts memorySearch.enabled: true

Fixes #55385
 2026-03-29 01:12:58 -07:00
Peter Steinberger
8e0ab35b0e refactor(plugins): decouple bundled plugin runtime loading 2026-03-29 09:10:38 +01:00
Vincent Koc
d6a4ec6a3d fix(telegram): sanitize invalid stream-order errors (#55999) 
* fix(telegram): sanitize invalid stream order errors

* docs(changelog): remove maintainer follow-up entry
 2026-03-29 16:59:15 +09:00
Vincent Koc
aec58d4cde fix(agents): repair btw reasoning and oauth snapshot refresh (#56001) 
* fix(agents): repair btw reasoning and oauth snapshot refresh

* Update CHANGELOG.md

* test(agents): strengthen btw reasoning assertion
 2026-03-29 16:58:49 +09:00
Peter Steinberger
c48e0f8e6a style: normalize import order and formatting 2026-03-29 16:33:22 +09:00
Peter Steinberger
c664b67796 fix: apply Mistral compat across proxy transports 2026-03-29 16:32:31 +09:00
scoootscooob
5d81b64343 fix(exec): fail closed when sandbox is unavailable and harden deny followups (#56800) 
* fix(exec): fail closed when sandbox is unavailable and harden deny followups

* docs(changelog): note exec fail-closed fix
 2026-03-28 22:20:49 -07:00
yuanchao
ec7f19e2ef fix(kimi): preserve valid Anthropic-compatible toolCall arguments in malformed-args repair path (openclaw#54491) 
Verified:
- pnpm build
- pnpm check
- pnpm test -- src/agents/pi-embedded-runner/run/attempt.test.ts

Co-authored-by: yuanaichi <7549002+yuanaichi@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-28 22:37:50 -05:00
Vignesh Natarajan
a2e4707cfe fix(agents): recover prefixed malformed tool-call JSON 2026-03-28 20:22:22 -07:00
Edward-Qiang-2024
1c8758fbd5 Fix: Correctly estimate CJK character token count in context pruner (openclaw#39985) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test -- src/agents/pi-extensions/context-pruning.test.ts src/utils/cjk-chars.test.ts

Co-authored-by: Edward-Qiang-2024 <176464463+Edward-Qiang-2024@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-28 21:16:52 -05:00
Tak Hoffman
3ce48aff66 Memory: add configurable FTS5 tokenizer for CJK text support (openclaw#56707) 
Verified:
- pnpm build
- pnpm check
- pnpm test -- extensions/memory-core/src/memory/manager-search.test.ts packages/memory-host-sdk/src/host/query-expansion.test.ts
- pnpm test -- extensions/memory-core/src/memory/index.test.ts -t "reindexes when extraPaths change"
- pnpm test -- src/config/schema.base.generated.test.ts
- pnpm test -- src/media-understanding/image.test.ts
- pnpm test

Co-authored-by: Mitsuyuki Osabe <24588751+carrotRakko@users.noreply.github.com>
 2026-03-28 20:53:29 -05:00
Tak Hoffman
6f7ff545dd fix(line): add ACP binding parity (#56700) 
* fix(line): support ACP current-conversation binding

* fix(line): add ACP binding routing parity

* docs(changelog): note LINE ACP parity

* fix(line): accept canonical ACP binding targets
 2026-03-28 20:52:31 -05:00
Peter Steinberger
f9b1079283 build: cut 2026.3.28 stable 2026-03-29 02:33:41 +01:00
Vignesh Natarajan
7f46b03de0 fix: keep memory flush daily files append-only (#53725) (thanks @HPluseven) 2026-03-28 18:22:11 -07:00
Vignesh Natarajan
9d1498b2c2 Agents: add memory flush append regression 2026-03-28 18:22:11 -07:00
HPluseven
60b7613156 Agents: forward memory flush append guard 2026-03-28 18:22:11 -07:00
Robin Waslander
468185d1b5 fix(agents): handle unhandled stop reasons gracefully instead of crashing (#56639) 
Wrap the embedded agent stream to catch 'Unhandled stop reason: ...'
errors from the provider adapter and convert them into structured
assistant error messages instead of crashing the agent run.

Covers all unknown stop reasons so future provider additions don't
crash the runner. The wrapper becomes a harmless no-op once the
upstream dependency handles them natively.

Fixes #43607
 2026-03-28 23:35:12 +01:00
huntharo
b7ab0ddb55 refactor(xai): move code_execution into plugin 2026-03-28 21:35:13 +00:00
Peter Steinberger
dba1b31243 fix(xai): repair extension test boundaries 2026-03-28 21:35:13 +00:00
Peter Steinberger
1e424990a2 fix(xai): restore config-backed auth discovery 2026-03-28 21:35:13 +00:00
Peter Steinberger
2a950157b1 refactor(xai): move x_search into plugin 2026-03-28 21:35:13 +00:00
huntharo
396bf20cc6 Tools: add xAI-backed code_execution 2026-03-28 21:35:13 +00:00
huntharo
1c9684608a Docs: guide x_search toward exact-post stats lookups 2026-03-28 21:35:13 +00:00
huntharo
c8ed1638ea xAI: restore generic auth and x_search seams 2026-03-28 21:35:13 +00:00
huntharo
0391e455bf Lint: drop stale model compat imports 2026-03-28 21:35:13 +00:00
huntharo
92fb4ad233 xAI: route x_search through public api seam 2026-03-28 21:35:13 +00:00
huntharo
09e2ef965b Tests: fix rebased auth and runner type coverage 2026-03-28 21:35:13 +00:00
huntharo
b22f65992e Build: fix rebased provider secrets helper 2026-03-28 21:35:13 +00:00
huntharo
b918568b1e Rebase: reconcile xAI post-main conflicts 2026-03-28 21:35:13 +00:00
huntharo
df61660a26 xAI: centralize fallback auth resolution 2026-03-28 21:35:13 +00:00
huntharo
9dd08a49a4 xAI: reuse fallback auth for runtime and discovery 2026-03-28 21:35:13 +00:00
huntharo
800042a3d5 xAI: reuse plugin key for x_search 2026-03-28 21:35:13 +00:00
huntharo
8ca3710b90 xAI: strip unsupported payload fields 2026-03-28 21:35:13 +00:00
huntharo
fd748171b8 xAI: strip unsupported Responses reasoning params 2026-03-28 21:35:13 +00:00
huntharo
80a1ccc552 xAI: preserve session auth in embedded runs 2026-03-28 21:35:13 +00:00