vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-02 00:50:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,175 Commits 1,843 Branches 149 Tags
b86bc9de95d0f301044caed43cbb4e66beb98db7
Commit Graph

5037 Commits

Author SHA1 Message Date
Josh Avant
0ffcc308f2 Secrets: gate exec dry-run and preflight resolution behind --allow-exec (#49417) 
* Secrets: gate exec dry-run resolution behind --allow-exec

* Secrets: fix dry-run completeness and skipped exec audit semantics

* Secrets: require --allow-exec for exec-containing apply writes

* Docs: align secrets exec consent behavior

* Changelog: note secrets exec consent gating
 2026-03-17 23:24:34 -05:00
Val Alexander
df72ca1ece UI: add corner radius slider and appearance polish (#49436) 
* Refactor CSS styles: replace hardcoded colors with CSS variables for accent colors and optimize spacing rules in layout files.

* Update CSS styles: streamline selectors, enhance hover effects, and adjust focus states for chat components and layout elements.

* Enhance focus styles for chat components: update border colors and box-shadow effects for improved accessibility and visual consistency.

* Implement theme management in UI: add dynamic theme switching based on user settings, update CSS variables for new themes, and enhance security by preventing prototype pollution in form utilities.

* Implement border radius customization in UI: add settings for corner roundness, update CSS styles for sliders, and integrate border radius adjustments across components.

* Remove border radius property from UI settings and related functions to simplify configuration and enhance consistency across components.

* Enhance responsive design in UI: add media queries for mobile layouts, adjust padding and grid structures, and implement bottom navigation for improved usability on smaller screens.

* UI: add corner radius slider to Appearance settings
 2026-03-17 23:06:01 -05:00
Gustavo Madeira Santana
a4b98f95c2 Changelog: attribute message discovery break 2026-03-18 03:38:01 +00:00
Vincent Koc
a34944c918 Tests: pin Telegram fallback host (#49364) 
* Tests: pin Telegram fallback host

* Changelog: note Telegram fallback guardrail
 2026-03-17 20:32:38 -07:00
Vincent Koc
f8f9e06b58 Guardrails: pin runtime-api export seams (#49371) 
* Guardrails: pin runtime-api export seams

* Guardrails: tighten runtime-api keyed lookup

* Changelog: note runtime-api guardrails

* Tests: harden runtime-api guardrail parsing

* Tests: align runtime-api guardrails with current seams
 2026-03-17 20:30:14 -07:00
Gustavo Madeira Santana
206d1be082 Changelog: note plugin message discovery break 2026-03-18 03:05:23 +00:00
Vincent Koc
870f260772 Gateway: cover trusted-proxy scope regression (#49372) 
* Gateway: cover trusted-proxy scope regression

* Changelog: note trusted-proxy regression coverage

* Gateway: format trusted-proxy regression test
 2026-03-17 19:59:01 -07:00
Peter Steinberger
055632460d docs: reorder changelog sections by interest 2026-03-17 19:51:57 -07:00
Vincent Koc
6f060d7e6c Deps: bump fast-xml-parser audit override (#49367) 
* Deps: bump fast-xml-parser audit override

* Changelog: note fast-xml-parser audit fix [skip ci]
 2026-03-17 19:43:15 -07:00
Peter Steinberger
841b1a59d7 docs: unify unreleased changelog sections 2026-03-17 19:41:17 -07:00
Brian Ernesto
ab1da26f4d fix(macos): show sessions after controls in tray menu (#38079) 
* fix(macos): show sessions after controls in tray menu

When many sessions are active, the injected session rows push the
toggles, action buttons, and settings items off-screen, requiring
a scroll to reach them.

Change findInsertIndex and findNodesInsertIndex to anchor just before
the separator above 'Settings…' instead of before 'Send Heartbeats'.
This ensures the controls section is always immediately visible on
menu open, with sessions appearing below.

* refactor: extract findAnchoredInsertIndex to eliminate duplication

findInsertIndex and findNodesInsertIndex shared identical logic.
Extract into a single private helper so any future anchor change
(e.g. Settings item title) only needs one edit.

* macOS: use structural tray menu anchor

---------

Co-authored-by: Brian Ernesto <bernesto@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
 2026-03-18 11:29:11 +11:00
scoootscooob
4e912bffd8 Agents: improve prompt cache hit rate and add prompt composition regression tests (#49237) 
Merged via squash.

Prepared head SHA: 978b0cd6c7
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Reviewed-by: @scoootscooob
 2026-03-17 16:40:20 -07:00
joshavant
79f7dbfd6e Changelog: add config set expansion entry 2026-03-17 18:32:55 -05:00
Vincent Koc
0e4c072f37 Models: add native GPT-5.4 mini and nano support (#49289) 
* Models: add GPT-5.4 mini and nano support

* Tests: cover OpenAI GPT-5.4 mini and nano extension support
 2026-03-17 16:21:39 -07:00
Ayaan Zaidi
e4825a0f93 fix(telegram): unify transport fallback chain (#49148) 
* fix(telegram): unify transport fallback chain

* fix: address telegram fallback review comments

* fix: validate pinned SSRF overrides

* fix: unify telegram fallback retries (#49148)
 2026-03-17 22:44:15 +05:30
Harold Hunt
272d6ed24b Plugins: add binding resolution callbacks (#48678) 
Merged via squash.

Prepared head SHA: 6d7b32b184
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Reviewed-by: @huntharo
 2026-03-17 13:11:08 -04:00
Peter Steinberger
ccf16cd889 fix(gateway): clear trusted-proxy control ui scopes 2026-03-17 10:07:53 -07:00
Jonathan Jing
2145eb5908 feat(mattermost): add retry logic and timeout handling for DM channel creation (#42398) 
Merged via squash.

Prepared head SHA: 3db47be907
Co-authored-by: JonathanJing <17068507+JonathanJing@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-17 22:16:56 +05:30
Menglin Li
7b61b025ff fix(compaction): break safeguard cancel loop for sessions with no summarizable messages (#41981) (#42215) 
Merged via squash.

Prepared head SHA: 7ce6bd834e
Co-authored-by: lml2468 <39320777+lml2468@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-17 09:44:31 -07:00
Peter Steinberger
4d8106eece docs(security): clarify wildcard Control UI origins 2026-03-17 09:36:51 -07:00
Peter Steinberger
a724bbce1a feat: add bundled Chutes extension (#49136) 
* refactor: generalize bundled provider discovery seams

* feat: land chutes extension via plugin-owned auth (#41416) (thanks @Veightor)
 2026-03-17 09:35:21 -07:00
Bob
ea15819ecf ACP: harden startup and move configured routing behind plugin seams (#48197) 
* ACPX: keep plugin-local runtime installs out of dist

* Gateway: harden ACP startup and service PATH

* ACP: reinitialize error-state configured bindings

* ACP: classify pre-turn runtime failures as session init failures

* Plugins: move configured ACP routing behind channel seams

* Telegram tests: align startup probe assertions after rebase

* Discord: harden ACP configured binding recovery

* ACP: recover Discord bindings after stale runtime exits

* ACPX: replace dead sessions during ensure

* Discord: harden ACP binding recovery

* Discord: fix review follow-ups

* ACP bindings: load channel snapshots across workspaces

* ACP bindings: cache snapshot channel plugin resolution

* Experiments: add ACP pluginification holy grail plan

* Experiments: rename ACP pluginification plan doc

* Experiments: drop old ACP pluginification doc path

* ACP: move configured bindings behind plugin services

* Experiments: update bindings capability architecture plan

* Bindings: isolate configured binding routing and targets

* Discord tests: fix runtime env helper path

* Tests: fix channel binding CI regressions

* Tests: normalize ACP workspace assertion on Windows

* Bindings: isolate configured binding registry

* Bindings: finish configured binding cleanup

* Bindings: finish generic cleanup

* Bindings: align runtime approval callbacks

* ACP: delete residual bindings barrel

* Bindings: restore legacy compatibility

* Revert "Bindings: restore legacy compatibility"

This reverts commit ac2ed68fa2426ecc874d68278c71c71ad363fcfe.

* Tests: drop ACP route legacy helper names

* Discord/ACP: fix binding regressions

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-17 17:27:52 +01:00
Kwest OG
8139f83175 fix(telegram): persist sticky IPv4 fallback across polling restarts (fixes #48177) (#48282) 
* fix(telegram): persist sticky IPv4 fallback across polling restarts (fixes #48177)

Hoist resolveTelegramTransport() out of createTelegramBot() so the
transport (and its sticky IPv4 fallback state) persists across polling
restarts. Previously, each polling restart created a new transport with
stickyIpv4FallbackEnabled=false, causing repeated IPv6 timeouts on
hosts with unstable IPv6 connectivity.

Changes:
- bot.ts: accept optional telegramTransport in TelegramBotOptions
- monitor.ts: resolve transport once before polling loop
- polling-session.ts: pass transport through to bot creation

AI-assisted (Claude Sonnet 4). Tested: tsc --noEmit clean.

* Update extensions/telegram/src/polling-session.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* style: fix oxfmt formatting in bot.ts

* test: cover telegram transport reuse across restarts

* fix: preserve telegram sticky IPv4 fallback across polling restarts (#48282) (thanks @yassinebkr)

---------

Co-authored-by: Yassine <yassinebkr@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-17 21:56:12 +05:30
F_ool
094a0cc412 fix(context-engine): preserve legacy plugin sessionKey interop (#44779) 
Merged via squash.

Prepared head SHA: e04c6fb47d
Co-authored-by: hhhhao28 <112874572+hhhhao28@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-17 09:14:14 -07:00
Peter Steinberger
ebee4e2210 fix(tlon): defer DM cite expansion until after auth 2026-03-17 09:08:20 -07:00
Jari Mustonen
4f6955fb11 fix(hooks): pass sessionFile and sessionKey in after_compaction hook (#40781) 
Merged via squash.

Prepared head SHA: 11e85f8651
Co-authored-by: jarimustonen <1272053+jarimustonen@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-17 08:30:37 -07:00
Andrew Demczuk
f84a41dcb8 fix(security): block JVM, Python, and .NET env injection vectors in host exec sandbox (#49025) 
Add JAVA_TOOL_OPTIONS, _JAVA_OPTIONS, JDK_JAVA_OPTIONS, PYTHONBREAKPOINT, and
DOTNET_STARTUP_HOOKS to blockedKeys in the host exec security policy.

Closes #22681
 2026-03-17 15:37:55 +01:00
Josh Lehman
1399ca5fcb fix(plugins): forward plugin subagent overrides (#48277) 
Merged via squash.

Prepared head SHA: ffa45893e0
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-17 07:20:27 -07:00
Stable Genius
6b6942552d fix(macos): stop relaunching the app after quit when launch-at-login is enabled (#40213) 
Merged via squash.

Prepared head SHA: c702d98bd6
Co-authored-by: stablegenius49 <259448942+stablegenius49@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Reviewed-by: @ImLukeF
 2026-03-17 20:59:56 +11:00
Br1an
7303253427 fix: update macOS node service to use current CLI command shape (closes #43171) (#46843) 
Merged via squash.

Prepared head SHA: dbf2edd6f4
Co-authored-by: Br1an67 <29810238+Br1an67@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Reviewed-by: @ImLukeF
 2026-03-17 20:46:54 +11:00
stim64045-spec
6101c023bb fix(ui): restore control-ui query token compatibility (#43979) 
* fix(ui): restore control-ui query token imports

* chore(changelog): add entry for openclaw#43979 thanks @stim64045-spec

---------

Co-authored-by: 大禹 <dayu@dayudeMac-mini.local>
Co-authored-by: Val Alexander <bunsthedev@gmail.com>
Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
 2026-03-17 04:03:35 -05:00
Peter Steinberger
990d0d7261 docs(image-generation): remove nano banana stock docs 2026-03-17 01:09:58 -07:00
Vincent Koc
99c7750c2d Changelog: add Telegram DM topic session-key fix 2026-03-17 01:07:47 -07:00
Peter Steinberger
f9588da3e0 refactor: split plugin testing seam from bundled extension helpers 2026-03-17 01:05:09 -07:00
Peter Steinberger
13505c7392 docs(changelog): restore 2026.2.27 heading 2026-03-17 00:05:42 -07:00
Peter Steinberger
e5919bc524 docs(gateway): clarify URL allowlist semantics 2026-03-17 00:03:27 -07:00
scoootscooob
80a2af1d65 Agents: move bootstrap warnings out of system prompt (#48753) 
Merged via squash.

Prepared head SHA: dc1d4d075a
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Reviewed-by: @scoootscooob
 2026-03-16 23:25:04 -07:00
Peter Steinberger
57204b4fa9 fix(gateway): surface env override keys in exec approvals 2026-03-16 23:24:32 -07:00
Peter Steinberger
be2e6ca0f6 fix(macos): harden exec approval socket auth 2026-03-16 23:00:22 -07:00
Vincent Koc
cc88b4a72d Commands: add /plugins chat command (#48765) 
* Tests: stabilize MCP config merge follow-ups

* Commands: add /plugins chat command

* Docs: add /plugins slash command guide
 2026-03-16 22:57:44 -07:00
Peter Steinberger
223ae42c79 fix(feishu): harden webhook signature compare 2026-03-16 22:22:30 -07:00
Josh Avant
da34f81ce2 fix(secrets): scope message SecretRef resolution and harden doctor/status paths (#48728) 
* fix(secrets): scope message runtime resolution and harden doctor/status

* docs: align message/doctor/status SecretRef behavior notes

* test(cli): accept scoped targetIds wiring in secret-resolution coverage

* fix(secrets): keep scoped allowedPaths isolation and tighten coverage gate

* fix(secrets): avoid default-account coercion in scoped target selection

* test(doctor): cover inactive telegram secretref inspect path

* docs

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-17 00:01:34 -05:00
Vincent Koc
06459ca0df Agents: run bundle MCP tools in embedded Pi (#48611) 
* Agents: run bundle MCP tools in embedded Pi

* Plugins: fix bundle MCP path resolution

* Plugins: warn on unsupported bundle MCP transports

* Commands: add embedded Pi MCP management

* Config: move MCP management to top-level config
 2026-03-16 21:46:05 -07:00
Peter Steinberger
1ffe8fde84 fix: stabilize docker test suite 2026-03-17 03:02:03 +00:00
Keshav Rao
3aa4199ef0 agent: preemptive context overflow detection during tool loops (#29371) 
Merged via squash.

Prepared head SHA: 19661b8fb1
Co-authored-by: keshav55 <3821985+keshav55@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-16 19:04:00 -07:00
lishuaigit
76500c7a78 fix: detect Ollama "prompt too long" as context overflow error (#34019) 
Merged via squash.

Prepared head SHA: 825a402f0f
Co-authored-by: lishuaigit <7495165+lishuaigit@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-16 18:57:33 -07:00
Tak Hoffman
4863b651c6 docs: rename onboarding user-facing wizard copy 
Co-authored-by: Tak <contact-redacted@example.com>
 2026-03-16 19:50:31 -05:00
Clayton Shaw
6ba4d0ddc3 fix: remove orphaned tool_result blocks during compaction (#15691) (#16095) 
Merged via squash.

Prepared head SHA: b772432c1f
Co-authored-by: claw-sylphx <260243939+claw-sylphx@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-16 15:57:45 -07:00
Sayr Wolfridge
a53030a7f2 fix(compaction): stabilize toolResult trim/prune flow in safeguard (#44133) 
Merged via squash.

Prepared head SHA: ec789c66ec
Co-authored-by: SayrWolfridge <267323413+SayrWolfridge@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-16 15:02:49 -07:00
sparkyrider
10ef58dd69 fix(whatsapp): restore implicit reply mentions for LID identities (#48494) 
Threads selfLid from the Baileys socket through the inbound WhatsApp
pipeline and adds LID-format matching to the implicit mention check
in group gating, so reply-to-bot detection works when WhatsApp sends
the quoted sender in @lid format.

Also fixes the device-suffix stripping regex (was a silent no-op).

Closes #23029

Co-authored-by: sparkyrider <sparkyrider@users.noreply.github.com>
Reviewed-by: @ademczuk
 2026-03-16 22:44:35 +01:00