vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-10 08:41:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,777 Commits 1,192 Branches 101 Tags
bcd61e54e1fcf5f92cfc034f378ab264df5a5771
Commit Graph

2146 Commits

Author SHA1 Message Date
Agustin Rivera
676b748056 Limit connect snapshot metadata to admin-scoped clients (#58469) 
* fix(gateway): gate connect snapshot metadata by scope

* fix(gateway): clarify connect snapshot trust boundary

* fix(gateway): note connect snapshot change in changelog

* fix(gateway): remove changelog changes from PR

* chore: add changelog for scoped gateway snapshot metadata

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:41:47 -06:00
pgondhi987
7eb094a00d fix(infra): align env key normalization in approval binding path (#59182) 
* fix: address issue

* fix: address PR review feedback

* fix: address review feedback

* fix: address review feedback

* chore: add changelog for Windows env approval binding

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:14:33 -06:00
Vincent Koc
d2ce3e9acc perf(plugins): keep gateway startup channel-only (#59754) 
* perf(plugins): keep gateway startup channel-only

* fix(gateway): preserve startup sidecars in plugin scope
 2026-04-03 00:28:15 +09:00
Peter Steinberger
fff6333773 fix(exec): implement Windows argPattern allowlist flow 2026-04-03 00:09:28 +09:00
Peter Steinberger
a5f99f4a30 test: stabilize docker test lanes 2026-04-02 15:59:23 +01:00
Agustin Rivera
54a0878517 fix(gateway): enforce session kill HTTP scopes (#59128) 
* fix(gateway): enforce session kill HTTP scopes

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

* fix(gateway): type session kill auth mock

* fix(gateway): gate session kill before lookup

* docs: add changelog entry for session kill HTTP scopes

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-04-02 05:56:17 -07:00
mappel-nv
9c22d63669 Browser: normalize localhost absolute-form CDP hosts (#59236) 
* Browser: normalize localhost absolute-form CDP hosts

* CHANGELOG: note localhost absolute-form CDP fix

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 13:34:55 +01:00
gavyngong
761cdc967d fix(gateway): prune empty node-pending-work state entries to prevent memory leak (#58179) 
Merged via squash.

Prepared head SHA: 1efee3099f
Co-authored-by: gavyngong <267269824+gavyngong@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-02 20:00:18 +08:00
Vincent Koc
9823833383 fix(plugins): preserve activation provenance (#59641) 
* fix(plugins): preserve activation provenance

* fix(gateway): preserve activation reason metadata

* fix(plugins): harden activation state policy
 2026-04-02 20:57:14 +09:00
Vincent Koc
38d2faee20 !feat(plugins): add web fetch provider boundary (#59465) 
* feat(plugins): add web fetch provider boundary

* feat(plugins): add web fetch provider modules

* refactor(web-fetch): remove remaining core firecrawl fetch config

* fix(web-fetch): address review follow-ups

* fix(web-fetch): harden provider runtime boundaries

* fix(web-fetch): restore firecrawl compare helper

* fix(web-fetch): restore env-based provider autodetect

* fix(web-fetch): tighten provider hardening

* fix(web-fetch): restore fetch autodetect and compat args

* chore(changelog): note firecrawl fetch config break
 2026-04-02 20:25:19 +09:00
Vincent Koc
08962b6812 fix(browser): keep static helper seams cold (#59471) 
* fix(browser): keep static helper seams cold

* fix(browser): narrow sandbox helper facade imports

* fix(browser): harden host inspection helpers
 2026-04-02 17:12:32 +09:00
Vincent Koc
52a018680d fix(plugins): guard runtime facade activation (#59412) 
* fix(plugins): guard runtime facade activation

* refactor(plugin-sdk): localize facade load policy

* fix(plugin-sdk): narrow facade activation guards

* fix(browser): keep cleanup helpers outside activation guard

* style(browser): apply formatter follow-ups

* chore(changelog): note plugin activation guard regressions

* fix(discord): keep cleanup thread unbinds outside activation guard

* fix(browser): fallback when trash exits non-zero
 2026-04-02 14:37:12 +09:00
wangchunyue
51edd30bea fix: restore local loopback role upgrades (#59092) (thanks @openperf) 
* fix(gateway ): allow silent role upgrades for local loopback clients

When a local loopback client connects with a role not covered by
existing device tokens, listEffectivePairedDeviceRoles incorrectly
returns an empty role set for devices whose tokens map is an empty
object. This triggers a role-upgrade pairing request that
shouldAllowSilentLocalPairing rejects because it does not recognise
the role-upgrade reason.

Fix listEffectivePairedDeviceRoles to fall back to legacy role fields
when the tokens map has no entries, and extend
shouldAllowSilentLocalPairing to accept role-upgrade for local
clients.

Fixes #59045

* fix: restore local loopback role upgrades (#59092) (thanks @openperf)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-02 08:13:45 +05:30
Gustavo Madeira Santana
ba735d0158 Exec approvals: unify effective policy reporting and actions (#59283) 
Merged via squash.

Prepared head SHA: d579b97a93
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-01 22:02:39 -04:00
Bruno Lorente
ca76e2fedc fix(cron-tool): add typed properties to job/patch schemas (#55043) 
Merged via squash.

Prepared head SHA: 979bb0e8b7
Co-authored-by: brunolorente <127802443+brunolorente@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-04-01 23:41:19 +03:00
Nimrod Gutman
017bc5261c fix(gateway): prefer bootstrap auth over tailscale (#59232) 
* fix(gateway): prefer bootstrap auth over tailscale

* fix(gateway): prefer bootstrap auth over tailscale (#59232) (thanks @ngutman)
 2026-04-01 23:20:10 +03:00
VACInc
711c9e7249 fix(gateway): emit before_reset on session reset (#53872) 
Merged via squash.

Prepared head SHA: a47894ef16
Co-authored-by: VACInc <3279061+VACInc@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-01 12:46:53 -07:00
Josh Lehman
1c83e2eec7 fix: scope session create aliases to requested agent (#58207) 
Merged via squash.

Prepared head SHA: 9462848777
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-01 11:39:31 -07:00
Luke
1654c3a851 feat(gateway): make chat history max chars configurable (#58900) 
* feat(gateway): make chat history max chars configurable

* fix(gateway): address review feedback

* docs(changelog): note configurable chat history limits
 2026-04-01 21:08:37 +11:00
Peter Steinberger
f6317fb747 fix(gateway): stop pinning node commands to pairing state 2026-04-01 18:27:06 +09:00
Peter Steinberger
db0cea5689 refactor(gateway): extract node pairing reconciliation 2026-04-01 18:02:31 +09:00
Peter Steinberger
19d0c2dd1d refactor: remove cron legacy delivery from runtime 2026-04-01 17:06:01 +09:00
Peter Steinberger
7cf8ccf9b3 fix: avoid startup gateway reload loop (#58678) (thanks @yelog) 2026-04-01 16:47:55 +09:00
Peter Steinberger
802bdb099e refactor: move cron legacy delivery migration to doctor 2026-04-01 16:44:10 +09:00
yelog
ffa1e5fa92 test: assert console.error in async-rejection stage test 2026-04-01 16:09:36 +09:00
yelog
0a636aef24 fix: catch per-stage errors in HTTP request pipeline to prevent cascade 500s (#58689) 2026-04-01 16:09:36 +09:00
Neerav Makwana
26a891aaeb fix: preserve rewritten stream snapshots in webchat (#58641) (thanks @neeravmakwana) 2026-04-01 11:09:19 +05:30
狼哥
40b24dfa6b fix(session-status): infer custom runtime providers from config (#58474) 
* fix(session-status): infer custom runtime providers from config

* test(session-status): satisfy custom provider type checks
 2026-03-31 21:09:42 -04:00
Jalen
915e15c13d fix(gateway): skip restart when config.patch has no actual changes (#58502) 
config.patch unconditionally writes the config file and sends SIGUSR1
even when diffConfigPaths detects zero changed paths. This causes a
full gateway restart (~10s downtime, all SSE/WebSocket connections
dropped) on every control-plane config.patch call, even when the
config is identical — e.g. a model hot-apply that doesn't change any
gateway.* paths.

Fix: when changedPaths is empty, return early with `noop: true`
without writing the file or scheduling SIGUSR1. The validated config
is still returned so the caller knows the current state.

This lets control-plane clients safely call config.patch for
idempotent updates without triggering unnecessary restarts.
 2026-03-31 21:09:23 -04:00
hcl
b8fea43bf2 fix(gateway): return default scopes when trusted HTTP request has no scope header (#58603) 
resolveTrustedHttpOperatorScopes() returns [] when the x-openclaw-scopes
header is absent, even for trusted requests (--auth none). This causes
403 "missing scope: operator.write" on /v1/chat/completions.

Root cause: src/gateway/http-utils.ts:138-140. PR #57783 (f0af18672)
replaced the old resolveGatewayRequestedOperatorScopes which had an
explicit fallback to CLI_DEFAULT_OPERATOR_SCOPES when no header was
present. The new function treats absent header the same as empty header
— both return [].

Fix: distinguish absent header (undefined → return defaults) from empty
header ("" → return []). Trusted clients without an explicit scope
header get the default operator scopes, matching pre-#57783 behavior.

Closes #58357

Signed-off-by: HCL <chenglunhu@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-31 21:09:05 -04:00
Gustavo Madeira Santana
bea53d7a3f Fix: move bootstrap session grammar into plugin-owned session-key surfaces (#58400) 
Merged via squash.

Prepared head SHA: b062b18b03
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 19:41:01 -04:00
Peter Steinberger
78d1120a41 test: retry gateway acp bind warmup 2026-03-31 23:20:25 +01:00
Josh Lehman
adc329b26b test: dedupe extension-owned coverage (#58554) 
* test: dedupe extension-owned coverage

* test: remove duplicate coverage files

* test: move helper coverage into extensions

* test: trim duplicate helper assertions

* test: remove cloudflare helper import from agent test

* test: align stale expectations with current main
 2026-03-31 15:18:29 -07:00
Peter Steinberger
0d742c3c1b test: skip unavailable live model providers 2026-03-31 20:37:42 +01:00
Peter Steinberger
64091caf8f fix: preserve cli and slack fallback behavior 2026-03-31 20:37:42 +01:00
Peter Steinberger
ce58f55fe0 fix: require doctor migration for legacy web search config 2026-04-01 04:22:41 +09:00
Vincent Koc
7cd0ff2d88 refactor(tasks): add owner-key task access boundaries (#58516) 
* refactor(tasks): add owner-key task access boundaries

* test(acp): update task owner-key assertion

* fix(tasks): align owner key checks and migration scope
 2026-04-01 03:12:33 +09:00
Nimrod Gutman
69fe999373 fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman) 
* fix(pairing): restore qr bootstrap onboarding handoff

* fix(pairing): tighten bootstrap handoff follow-ups

* fix(pairing): migrate legacy gateway device auth

* fix(pairing): narrow qr bootstrap handoff scope

* fix(pairing): clear ios tls trust on onboarding reset

* fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman)
 2026-03-31 21:11:35 +03:00
Peter Steinberger
759d37635d Revert "refactor: move tasks behind plugin-sdk seam" 
This reverts commit da6e9bb76f.
 2026-04-01 01:30:22 +09:00
Jacob Tomlinson
6c679e5f04 Gateway: reject mixed trusted-proxy token config (#58371) 
* Gateway: reject mixed trusted-proxy token config

Co-authored-by: boy-hack <w8ay@qq.com>

* Gateway: fail closed for loopback trusted-proxy auth

---------

Co-authored-by: boy-hack <w8ay@qq.com>
 2026-03-31 17:05:03 +01:00
Peter Steinberger
a842e34f15 test: require Claude 4.6 for Anthropic live selection 2026-03-31 16:41:50 +01:00
Peter Steinberger
43ef8a5a86 refactor(media): centralize outbound access plumbing 2026-04-01 00:32:53 +09:00
Peter Steinberger
015ab98591 fix: restore ci status fast path and whatsapp tests 2026-03-31 16:21:55 +01:00
Vincent Koc
2a1db0c0f1 fix(gateway): narrow plugin route runtime scopes (#58167) 
* wip(gateway): preserve plugin route scope progress

* test(gateway): cover plugin route runtime scopes

* test(gateway): finish plugin route scope rebase

* fix(gateway): drop scopes from plugin-auth routes
 2026-04-01 00:20:49 +09:00
Peter Steinberger
85611f0021 fix: tighten gateway startup plugin loading 2026-04-01 00:20:06 +09:00
Vincent Koc
1ca12ec8bf fix(hooks): rebind hook agent session keys to the target agent (#58225) 
* fix(hooks): rebind hook agent session keys

* fix(hooks): preserve scoped hook session keys

* fix(hooks): validate normalized dispatch keys
 2026-04-01 00:16:39 +09:00
Peter Steinberger
177687ae29 fix: adapt pi model registry calls to constructor API 2026-03-31 15:28:29 +01:00
Peter Steinberger
0d7f1e2c84 feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Peter Steinberger
da6e9bb76f refactor: move tasks behind plugin-sdk seam 2026-03-31 15:22:09 +01:00
Peter Steinberger
c75f4695b7 refactor: move tasks into bundled plugin 2026-03-31 15:22:08 +01:00