vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-13 18:21:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,472 Commits 1,260 Branches 106 Tags
b8af4d6739d1ef9ec6900a0fbcfc1630ce072f41
Commit Graph

5099 Commits

Author SHA1 Message Date
Neerav Makwana
9267c3f8f2 fix: preserve iMessage self-chat aliases (#61619) (thanks @neeravmakwana) 
* fix(imessage): avoid DM self-chat false positives

* fix(imessage): treat blank destination caller id as missing

* fix(imessage): preserve alias self-chat

* fix: preserve iMessage self-chat aliases (#61619) (thanks @neeravmakwana)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-09 17:13:22 +05:30
Peter Steinberger
8be3a4466c fix(feishu): read webhook bodies through pre-auth guard 2026-04-09 10:18:07 +01:00
Frank Yang
3e062acbcb fix(fireworks): disable FirePass Kimi reasoning leak (#63607) 
* fix: disable FirePass Kimi reasoning leak

* fix: preserve Fireworks wrapper fallbacks

* fix: harden Fireworks Kimi model matching

* fix: restore Fireworks payload sanitization
 2026-04-09 17:09:17 +08:00
Davanum Srinivas
08ae021d1f fix(qqbot): guard image-size probe against SSRF (#63495) 
* fix(qqbot): replace raw fetch in image-size probe with SSRF-guarded fetchRemoteMedia

Replace the bare fetch() in getImageSizeFromUrl() with fetchRemoteMedia()
from the plugin SDK, closing the blind SSRF via markdown image dimension
probing (GHSA-2767-2q9v-9326).

fetchRemoteMedia options: maxBytes 65536, maxRedirects 0, generic
public-network-only SSRF policy (no hostname allowlist, blocks
private/reserved/loopback/link-local/metadata IPs after DNS resolution).

Also fixes the repo-root resolution in scripts/lib/ts-guard-utils.mjs
which caused lint:tmp:no-raw-channel-fetch to miss extension files
entirely. The guard now walks up to .git instead of hardcoding two parent
traversals, and the allowlist is refreshed with all pre-existing raw
fetch callsites that became visible.

* fix(qqbot): guard image-size probe against SSRF (#63495) (thanks @dims)

---------

Co-authored-by: sliverp <870080352@qq.com>
 2026-04-09 16:48:04 +08:00
Vincent Koc
3f7e6c7c64 fix(feishu): remove runtime api type cycle 2026-04-09 09:23:52 +01:00
Vincent Koc
60a3733f12 fix(bluebubbles): remove status type barrel cycle 2026-04-09 09:22:11 +01:00
Vincent Koc
ce32697250 fix(openshell): split fs bridge backend types 2026-04-09 09:17:29 +01:00
Vincent Koc
7d6af7e154 fix(agents): split sandbox backend handle types 2026-04-09 08:52:14 +01:00
Peter Steinberger
03d056989a test: isolate discord model picker dispatch mock 2026-04-09 08:04:53 +01:00
Gustavo Madeira Santana
1801702ed9 Matrix: gate legacy crypto migration on inspector availability 2026-04-09 01:38:58 -04:00
manuel-claw
e30d0cffc4 fix(whatsapp): drain reconnect queue after WhatsApp reconnects (#30806) (#46299) 
Merged via squash.

Prepared head SHA: 5ce763406e
Co-authored-by: manuel-claw <268194568+manuel-claw@users.noreply.github.com>
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Reviewed-by: @mcaxtr
 2026-04-09 02:33:36 -03:00
Gustavo Madeira Santana
b7c28f3e1f Matrix: trim dead client config exports 2026-04-09 01:28:03 -04:00
Gustavo Madeira Santana
cc6654a055 Matrix: remove native approval wrapper 2026-04-09 01:28:03 -04:00
Gustavo Madeira Santana
4fd65616d2 Matrix: drop dead helper aliases 2026-04-09 01:28:03 -04:00
Gustavo Madeira Santana
66e52a3e5d matrix: break migration runtime import cycle 2026-04-09 01:20:46 -04:00
Peter Steinberger
2ee39fab83 test: run Ollama stream coverage inside plugin 2026-04-09 06:13:39 +01:00
Peter Steinberger
766a676d48 test: update browser and reply mocks for direct imports 2026-04-09 05:52:07 +01:00
Pavan Kumar Gondhi
b1724f8b5f fix(browser): auto-generate browser control auth token for none/trusted-proxy modes [AI] (#63280) 
* fix: address issue

* fix: address review feedback

* fix: finalize issue changes

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-09 09:55:24 +05:30
Marcus Castro
da1da61102 fix(whatsapp): preserve replies across reconnects (#62892) 2026-04-09 00:05:52 -03:00
Peter Steinberger
719f06510c chore: bump version to 2026.4.10 2026-04-09 03:56:22 +01:00
Peter Steinberger
0c278bb93c refactor: break runtime import cycles 2026-04-09 03:56:22 +01:00
sudie-codes
1fed7bc379 fix(msteams): pin reply target at inbound time to prevent DM/channel leak (#54520) (#62716) 2026-04-08 21:22:12 -05:00
sudie-codes
9edfefedf7 fix(msteams): route thread replies to correct thread via replyToId (#58030) (#62715) 2026-04-08 21:22:09 -05:00
sudie-codes
38aa1edf76 fix(msteams): isolate channel thread sessions by replyToId (#58615) (#62713) 
* fix(msteams): isolate thread sessions by replyToId (#58615)

* fix(msteams): align thread ID extraction + fix test types
 2026-04-08 21:22:05 -05:00
Peter Steinberger
62bde7ede3 test: isolate slack thread-ts recovery 2026-04-09 02:43:29 +01:00
Mason
74b5b97f62 tests: reset discord native-command seams in model picker (#63267) 2026-04-09 09:38:31 +08:00
Peter Steinberger
dcfb3ed4e3 plugins: keep google provider policy lightweight 2026-04-09 01:48:48 +01:00
Peter Steinberger
f0ea5bf393 plugins: add lightweight anthropic vertex discovery 2026-04-09 01:43:40 +01:00
Mason Huang
aa15de8fdc plugin-sdk: split command status surface 2026-04-09 01:35:15 +01:00
Peter Steinberger
be46d0ddc6 test: update character eval public panel 2026-04-09 01:25:59 +01:00
Vignesh Natarajan
2484064c48 chore(lint): clear extension lint regressions and add #63416 changelog 2026-04-08 17:17:29 -07:00
Peter Steinberger
39cc6b7dc7 fix: stabilize character eval and Qwen model routing 2026-04-09 01:04:09 +01:00
Peter Steinberger
ac12b0701b style: format memory and gateway touchups 2026-04-09 00:44:09 +01:00
Peter Steinberger
f2c0482d3c fix: surface delayed browser navigation blocks 2026-04-09 00:42:52 +01:00
Peter Steinberger
fbbd644d7a plugins: load lightweight provider discovery entries 2026-04-09 00:33:33 +01:00
Peter Steinberger
c62a39c7a1 fix: restore main ci 2026-04-08 23:30:18 +01:00
Mariano
d514f4de83 Dreaming: surface grounded scene lane (#63395) 
Merged via squash.

Prepared head SHA: 0c7f586f32
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-04-09 00:24:47 +02:00
Gustavo Madeira Santana
bd7801eefa Slack: key turn-local dedupe by dispatch kind 
Scope Slack turn-local delivery dedupe by reply dispatch kind so identical tool and final payloads on the same thread do not collapse into one send.

Expose the existing dispatcher kind on the public reply-runtime seam and cover the Slack tracker and preview-fallback paths with regression tests.
 2026-04-08 18:19:34 -04:00
Altay
554bc0a9fd fix(plugins): keep test helpers out of contract barrels (#63311) 
Merged via squash.

Prepared head SHA: 769e90c6af
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-04-08 22:59:05 +01:00
Gustavo Madeira Santana
10c87527d5 Slack: dedupe partial streaming replies (#62859) 
Merged via squash.

Prepared head SHA: cbecb50c06
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-08 17:55:30 -04:00
Mariano Belinky
a71ad12044 Memory/dreaming: harden grounded backfill follow-ups 2026-04-08 23:43:39 +02:00
Peter Steinberger
868d03d6d0 fix(memory): align dreaming status payloads 2026-04-08 22:38:29 +01:00
Mariano
e8209e4cf9 Memory/dreaming: feed grounded backfill into short-term promotion (#63370) 
Merged via squash.

Prepared head SHA: 5dfe246ef9
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-04-08 23:31:37 +02:00
lukeboyett
f6e1da3ab3 fix(matrix/doctor): migrate legacy channels.matrix.dm.policy 'trusted' (fixes #62931) (#62942) 
Merged via squash.

Prepared head SHA: d9f553bccf
Co-authored-by: lukeboyett <46942646+lukeboyett@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-08 17:00:19 -04:00
Shakker
d66e2d5b33 test: cover curated qa missing-key reply classification 2026-04-08 21:55:39 +01:00
Shakker
c63d25bd9b fix: classify curated qa missing-key replies 2026-04-08 21:55:39 +01:00
Shakker
9cfa152962 test: cover mixed-traffic qa wait cursors 2026-04-08 21:55:39 +01:00
Shakker
204d766b27 fix: align qa wait cursor semantics 2026-04-08 21:55:39 +01:00
Shakker
a6d76df4f0 test: cover qa scenario wait failure replies 2026-04-08 21:55:39 +01:00
Shakker
b3f3cfd598 fix: fail fast across qa scenario wait paths 2026-04-08 21:55:39 +01:00