vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 06:00:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,829 Commits 1,843 Branches 149 Tags
bb3a0c954505145e1e0d00dc60f9eb222059dbb7
Commit Graph

38829 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
bb3a0c9545 fix: quiet Discord slash command deploy rate limits 2026-04-30 21:12:53 +01:00
pashpashpash
027ea5f08b Isolate Codex app-server state per agent (#74556) 
* fix(codex): isolate app-server home per agent

* fix(codex): isolate native Codex assets per agent

* fix(channels): mark inbound system events untrusted

* fix(doctor): warn on personal Codex agent skills

* test(doctor): cover personal Codex agent skills warning

* fix(codex): forward auth profiles to harness runs

* fix(codex): preserve auto auth for harness runs

* fix(codex): auto-select harness auth profiles

* test(codex): type harness auth mock

* feat(codex): select migrated skills

* fix(codex): satisfy migration selection lint

* docs: add codex isolation changelog
 2026-05-01 04:49:02 +09:00
Peter Steinberger
7d77680d9f fix(gateway): keep native approvals off stale pairing baselines (#74472) 
* fix(gateway): keep native approvals off stale pairing baselines

* fix(gateway): keep native approvals off stale pairing baselines

* docs: defer maintainer-only changelog credit

* docs: keep gateway approval changelog entry

---------

Co-authored-by: clawsweeper-repair <clawsweeper-repair@users.noreply.github.com>
 2026-04-30 19:45:51 +00:00
Peter Steinberger
581fbea1d6 fix(auth): scope external CLI credential discovery 2026-04-30 19:38:18 +01:00
Peter Steinberger
54e6e3d7da fix(codex): time out silent app-server turns 2026-04-30 19:22:33 +01:00
Peter Steinberger
126dcb0d9e docs: update plugin sdk api baseline hash 2026-04-30 19:06:33 +01:00
Peter Steinberger
f98068dac2 docs: update config baseline hash 2026-04-30 19:06:33 +01:00
Peter Steinberger
7beebc9afc test: add upgrade survivor package lane 2026-04-30 19:06:33 +01:00
Peter Steinberger
7969f1f07c docs(release): clarify unpublished beta tag reuse 2026-04-30 18:21:14 +01:00
keshavbotagent
388019f5b6 fix: preserve OpenAI Codex OAuth transport (#75111) 
Preserve the existing wrapped OpenAI Codex stream so PI OAuth bearer injection reaches ChatGPT/Codex Responses, and scope native Codex payload sanitization to the ChatGPT backend.\n\nThanks @keshavbotagent.
 2026-04-30 18:00:12 +01:00
Logan Ye
adc20fed0d fix: guard blank prompt submissions (#74168) 
Fixes #74137.\n\nThanks @yelog.
 2026-04-30 16:48:46 +01:00
Peter Steinberger
46888f5afb test(gateway): align lock conflict success expectation 2026-04-30 16:39:12 +01:00
Peter Steinberger
1a2228d291 fix: align tool-result guard budget 2026-04-30 16:36:55 +01:00
NVIDIAN
797d574dfd fix(deepseek): expose V4 max thinking levels (#73008) 
Merged via squash.

Prepared head SHA: ef561a59de
Co-authored-by: ai-hpc <183861985+ai-hpc@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-30 23:34:05 +08:00
konanok
0eb8f34000 refactor(usage): add precise token buckets for Usage Mosaic (#74337) 
Merged via squash.

Prepared head SHA: 15185354c4
Co-authored-by: konanok <30515586+konanok@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-30 23:32:34 +08:00
Peter Steinberger
9289a502bb fix(gateway): stop systemd EADDRINUSE restart loops 2026-04-30 16:30:56 +01:00
Peter Steinberger
de1ac12f1c fix: keep telegram polling timeout above long poll 2026-04-30 16:11:42 +01:00
Vincent Koc
d6e568ec95 docs(changelog): backfill b85147ff76 mid-turn compaction precheck 2026-04-30 08:07:57 -07:00
Peter Steinberger
32d429e647 test(signal): cover inbound prompt body contract 2026-04-30 16:06:37 +01:00
marchpure
b85147ff76 feat(agents): add mid-turn compaction precheck (#73499) 
Co-authored-by: haoxingjun <haoxingjun@bytedance.com>
 2026-04-30 23:05:31 +08:00
Peter Steinberger
b743506549 fix: reduce runtime mirror and signal group regressions 2026-04-30 15:59:03 +01:00
Peter Steinberger
29a35f04a9 fix(browser): use source config for proxy decisions 2026-04-30 15:56:49 +01:00
Peter Steinberger
eb8e892df9 fix(plugins): harden runtime mirrors 2026-04-30 15:56:08 +01:00
Peter Steinberger
a3228977fb test(signal): cover group mention gating defaults 2026-04-30 15:53:09 +01:00
Peter Steinberger
b40c679630 fix(signal): match group allowlists against group ids 2026-04-30 15:49:44 +01:00
Peter Steinberger
65c94df872 test(infra): cover fallback tmp chmod race 2026-04-30 15:45:58 +01:00
Peter Steinberger
165d62b15f fix(infra): tolerate concurrent tmp dir repair 2026-04-30 15:45:57 +01:00
Peter Steinberger
11a56db5c1 docs(changelog): credit refresh guard contributors 2026-04-30 15:45:45 +01:00
Peter Steinberger
c5bc4b6892 fix: repair telegram transcript echo routing 2026-04-30 15:39:33 +01:00
Peter Steinberger
cf772079c6 fix(browser): share control runtime state 2026-04-30 15:35:42 +01:00
Peter Steinberger
44ad65f02b fix(signal): harden signal-cli installer downloads 2026-04-30 15:34:37 +01:00
Peter Steinberger
8291537710 fix(auto-reply): preserve visible fallback for requested modes 2026-04-30 15:26:55 +01:00
Peter Steinberger
ac599c9e53 fix: retain local memory runtime deps 2026-04-30 15:22:26 +01:00
Peter Steinberger
9d037d2f5a docs(changelog): note Signal regression fixes 2026-04-30 15:14:26 +01:00
Peter Steinberger
3b0ed18b86 fix(signal): handle attachment and SSE regressions 2026-04-30 15:14:26 +01:00
Peter Steinberger
4e168de6d9 fix: avoid provider policy runtime deps 2026-04-30 15:13:35 +01:00
Peter Steinberger
98b96182f8 test(gateway): cover web fetch startup bind 2026-04-30 14:59:30 +01:00
Peter Steinberger
2a54427aba fix(plugins): keep runtime deps manifest complete 
Co-authored-by: HCL <chenglunhu@gmail.com>
 2026-04-30 14:55:40 +01:00
Peter Steinberger
82ca6ecdde fix(auto-reply): surface private group replies 2026-04-30 14:54:34 +01:00
Peter Steinberger
8b665e0d70 fix(slack): gate bot room relays on owner presence 2026-04-30 14:46:31 +01:00
Peter Steinberger
afb17eade9 fix(secrets): skip optional web fetch discovery before bind 2026-04-30 14:45:55 +01:00
Peter Steinberger
3766bbb674 fix(models): restore codex mini oauth route 2026-04-30 14:43:39 +01:00
Peter Steinberger
0f120c09ba fix(agents): bound subagent orphan recovery 2026-04-30 14:43:18 +01:00
Vincent Koc
f3145f6db8 fix(telegram): remove unused draft stream helper 2026-04-30 06:19:08 -07:00
Vincent Koc
ad7fa6c387 docs(tools): note explicit alsoAllow needed under restrictive profiles (4aa08e9d79) 2026-04-30 05:38:28 -07:00
Ayaan Zaidi
823f13c6e4 fix: remove Telegram native draft previews (#75073) 2026-04-30 18:07:57 +05:30
Ayaan Zaidi
565f4314fe docs(telegram): remove native draft fallback note 2026-04-30 18:07:57 +05:30
Ayaan Zaidi
c9d9067931 test(telegram): cover message-only previews 2026-04-30 18:07:57 +05:30
Ayaan Zaidi
2a4dd89253 fix(telegram): remove native draft preview transport 2026-04-30 18:07:57 +05:30
Alex Knight
4aa08e9d79 fix(security): stop implicit tool grants from config sections (#47487) (#75055) 
* fix(security): stop implicit tool grants from config sections (#47487)

Configured tool sections (tools.exec, tools.fs) no longer implicitly
widen restrictive profiles (messaging, minimal). Previously, having a
tools.exec section anywhere in config — even just safety settings like
security: "allowlist" — would automatically add exec and process to the
profile's allowed tools, defeating the purpose of the restrictive
profile.

The same pattern existed in tool-fs-policy.ts where tools.fs presence
would add read/write/edit to the profile allowlist for root expansion.

Changes:
- pi-tools.policy.ts: Stop merging implicit grants into profileAlsoAllow.
  Renamed resolveImplicitProfileAlsoAllow → detectImplicitProfileGrants
  and use it only for a startup warning that tells users to add explicit
  alsoAllow entries.
- tool-fs-policy.ts: Remove the implicit read/write/edit grant from
  resolveEffectiveToolFsRootExpansionAllowed when tools.fs is present.
  Root expansion now requires actual read access via profile or alsoAllow.
- Updated 4 existing tests and added 3 new regression tests.

Migration: users who relied on tools.exec or tools.fs implicitly granting
access under a restrictive profile should add explicit alsoAllow entries:

  tools:
    profile: "messaging"
    alsoAllow: ["exec", "process"]  # was implicit, now required
    exec: { security: "allowlist" }

Fixes #47487

* fix: address tool policy review feedback
 2026-04-30 22:19:26 +10:00