vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-16 11:41:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
27,836 Commits 1,319 Branches 109 Tags
b4e1747391c74fead9cd1657bdbb366382ea5f22
Commit Graph

4434 Commits

Author SHA1 Message Date
Peter Steinberger
b4e1747391 feat: add one-command qa lab docker launcher 2026-04-06 17:47:17 +01:00
Peter Steinberger
d733786cf7 test: slim memory cli runtime mock imports 2026-04-06 17:46:48 +01:00
Peter Steinberger
30c686423f perf: avoid full config resolution in qmd sync 2026-04-06 17:46:48 +01:00
Peter Steinberger
6acb43f294 fix: resolve channel typing regressions 2026-04-06 17:43:57 +01:00
Peter Steinberger
f7f861082a fix(ci): repair boundary guards 2026-04-06 17:42:19 +01:00
Peter Steinberger
ec359f5942 Discord: trim monitor test import cost 2026-04-07 00:37:37 +08:00
Peter Steinberger
67520b6abf fix(ci): restore bundled channel loading 2026-04-06 17:35:47 +01:00
Peter Steinberger
a47cb0a3b3 refactor: dedupe approval gateway resolver setup 2026-04-06 17:31:16 +01:00
Peter Steinberger
e7e3f11b20 refactor: dedupe legacy private-network doctor contracts 2026-04-06 17:28:11 +01:00
Peter Steinberger
591347113e refactor(deadcode): prune extension test shims 2026-04-06 17:26:25 +01:00
Peter Steinberger
943d7de240 refactor: dedupe doctor compatibility adapters 2026-04-06 17:25:36 +01:00
Vincent Koc
e7fe087677 fix(openai): normalize prompt overlay personality config 2026-04-06 17:24:51 +01:00
Peter Steinberger
5f906c926d refactor: remove qa-e2e compatibility facade 2026-04-06 17:23:35 +01:00
Peter Steinberger
350238d402 feat: add interactive qa lab suite runner 2026-04-06 17:23:35 +01:00
Peter Steinberger
e70168212d refactor: dedupe script and matrix send helpers 2026-04-06 17:21:52 +01:00
Peter Steinberger
7422e90053 fix(ci): restore shared test seams 2026-04-06 17:20:38 +01:00
Peter Steinberger
1c5cbad0a6 refactor: dedupe account conversation bindings 2026-04-06 17:18:36 +01:00
Peter Steinberger
1aee8c55ce refactor: dedupe channel doctor compat helpers 2026-04-06 17:18:36 +01:00
Peter Steinberger
a86fa3b211 refactor(deadcode): drop orphaned extension helpers 2026-04-06 17:18:03 +01:00
Peter Steinberger
ce87d5e242 refactor(deadcode): remove extension wrapper shims 2026-04-06 17:18:03 +01:00
Peter Steinberger
5d7a73380f fix(ci): repair tsgo test harnesses 2026-04-06 17:16:01 +01:00
Vincent Koc
c01b4981af test(memory-core): seed qmd manager provider registry 2026-04-06 17:10:18 +01:00
Peter Steinberger
645c331200 fix(ci): repair type and extension regressions 2026-04-06 17:06:22 +01:00
Vincent Koc
a797068206 refactor(lint): tighten channel and config defaults 2026-04-06 17:06:18 +01:00
Peter Steinberger
5d0e8336ab perf(test): trim bundled channel bootstrap 2026-04-06 17:05:59 +01:00
Peter Steinberger
8b79cbcd06 build(plugins): align package versions to 2026.4.6 2026-04-06 17:05:30 +01:00
Peter Steinberger
860721f28d build(plugins): sync bundled versions to 2026.4.6 2026-04-06 17:05:30 +01:00
Peter Steinberger
723c0ea2b7 test: speed up memory manager hotspot tests 2026-04-06 17:04:13 +01:00
Peter Steinberger
6f841ff121 test: cache memory manager helper imports 2026-04-06 17:04:13 +01:00
Peter Steinberger
821a30981a test: refresh agent harness and latest-main type fixes 2026-04-06 17:02:10 +01:00
Vincent Koc
38c520acc3 chore(memory-core): type embedding test mocks 2026-04-06 16:58:14 +01:00
Peter Steinberger
f2a710ce63 fix(ci): align stale test expectations 2026-04-06 16:53:21 +01:00
Peter Steinberger
9c82974082 refactor: dedupe discord send target parsing 2026-04-06 16:52:42 +01:00
Peter Steinberger
d60149c655 test: move provider tests into owning extensions 2026-04-06 16:47:03 +01:00
Peter Steinberger
074e6d5047 fix(discord): use ws for gateway sockets 2026-04-06 16:43:47 +01:00
Vincent Koc
c3b19d204a perf(test): lazy-load bundled channel secrets 2026-04-06 16:40:41 +01:00
Peter Steinberger
c22372dec6 fix(ci): restore discord and feishu lifecycle tests 2026-04-06 16:32:41 +01:00
Peter Steinberger
de20d3a024 refactor(plugin-sdk): add simple completion runtime entrypoint 2026-04-06 16:29:43 +01:00
Peter Steinberger
7785dc21e6 fix(discord): drop generated thread title temperature 2026-04-06 16:29:43 +01:00
Peter Steinberger
6cc54e5059 fix(extensions): restore lint-safe xai imports 2026-04-06 16:27:38 +01:00
Vincent Koc
44cd91b0a9 fix(feishu): load lifecycle mocks before card action imports 2026-04-06 16:26:48 +01:00
Peter Steinberger
d5bfc79112 fix(discord): preserve stack hints for empty gateway type errors 2026-04-06 16:20:36 +01:00
Vincent Koc
90d246959b fix(matrix): align forged mention test with route precheck 2026-04-06 16:19:13 +01:00
Vincent Koc
d425aa0912 fix(feishu): await websocket startup in cleanup test 2026-04-06 16:16:53 +01:00
Peter Steinberger
514328a9ad style(repo): format touched helpers and tests 2026-04-06 16:16:10 +01:00
Peter Steinberger
7f336aba56 fix(discord): normalize gateway fatal type errors 2026-04-06 15:59:56 +01:00
Peter Steinberger
378b2c2f5c fix(check): absorb latest main lint drift 2026-04-06 15:56:02 +01:00
Lewis
1234c873bc fix(msteams): add SSRF validation to file consent upload URL (#23596) 
* fix(msteams): add SSRF validation to file consent upload URL

The uploadToConsentUrl() function previously accepted any URL from the
fileConsent/invoke response without validation. A malicious Teams tenant
user could craft an invoke activity with an attacker-controlled uploadUrl,
causing the bot to PUT file data to arbitrary destinations (SSRF).

This commit adds validateConsentUploadUrl() which enforces:

1. HTTPS-only protocol
2. Hostname must match a strict allowlist of Microsoft/SharePoint
   domains (sharepoint.com, graph.microsoft.com, onedrive.com, etc.)
3. DNS resolution check rejects private/reserved IPs (RFC 1918,
   loopback, link-local) to prevent DNS rebinding attacks

The CONSENT_UPLOAD_HOST_ALLOWLIST is intentionally narrower than the
existing DEFAULT_MEDIA_HOST_ALLOWLIST, excluding overly broad domains
like blob.core.windows.net and trafficmanager.net that any Azure
customer can create endpoints under.

Includes 47 tests covering IPv4/IPv6 private IP detection, protocol
enforcement, hostname allowlist matching, DNS failure handling, and
end-to-end upload validation.

* fix(msteams): validate all DNS answers for consent uploads

* fix(msteams): restore changelog header

---------

Co-authored-by: Brad Groux <bradgroux@users.noreply.github.com>
 2026-04-06 09:52:56 -05:00
Vincent Koc
c921a6ecad refactor(lint): report unused extension lint disables 2026-04-06 15:52:08 +01:00
Peter Steinberger
a010ce462f perf(test): split light vitest lanes and restore hooks 2026-04-06 15:51:00 +01:00