vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 08:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,920 Commits 1,843 Branches 149 Tags
be918636abc12f3ed8ad524ec02ef2e5e6532046
Commit Graph

38920 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
clawsweeper[bot]
be918636ab fix: tighten webhook exposure host checks (#75465) 
Use the existing SSRF hostname/IP classifier for Voice Call and Google Meet webhook exposure checks so bracketed IPv6 loopback, unique-local, link-local, and IPv4-mapped local/private addresses fail before Twilio/Meet joins while public hostnames are not rejected by prefix accidents.

Thanks @clawsweeper, @donkeykong91, and @PfanP.
 2026-05-01 07:27:56 +01:00
VACInc
be14820b5d fix: resolve voice-call SecretRef inputs (#73632) 
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-01 07:21:02 +01:00
Peter Steinberger
ec1b96cdfa fix: honor meet preconnect twiml 2026-05-01 07:17:10 +01:00
Peter Steinberger
d23c8a8eba fix(discord): clarify deploy abort logs 2026-05-01 07:16:21 +01:00
Peter Steinberger
7340c0322f refactor: remove unused test helpers 2026-05-01 07:06:22 +01:00
clawsweeper[bot]
0d2a201b27 fix: opt-in compaction precheck retry 
Fix mid-turn compaction precheck retries so recovery continues from the current transcript instead of resubmitting the original user prompt.
 2026-04-30 23:05:27 -07:00
Peter Steinberger
ae07d57f9d fix: sequence meet dtmf before realtime bridge 2026-05-01 07:05:01 +01:00
Peter Steinberger
42d73fd955 refactor: remove dead private helpers 2026-05-01 06:55:26 +01:00
Peter Steinberger
ffcc0d1fe1 fix: delay meet twilio intro speech 2026-05-01 06:55:22 +01:00
Ayaan Zaidi
e8810c04a4 feat(rtt): add published package measurement harness 2026-05-01 11:20:11 +05:30
Ayaan Zaidi
ef270b7a28 test(e2e): make npm telegram harness configurable 2026-05-01 11:20:11 +05:30
Ayaan Zaidi
9e94a9e418 test(qa): allow telegram scenario timeout override 2026-05-01 11:20:11 +05:30
Peter Steinberger
97d42a9614 fix(voice-call): retry twilio answered updates 2026-05-01 06:47:34 +01:00
clawsweeper[bot]
e5fd9c0582 fix(media): expose generation tools for configured runtime providers 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:46:55 -07:00
clawsweeper[bot]
9931603adb fix(pairing): rethrow unreadable allowlist files 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:46:52 -07:00
Peter Steinberger
50d8ef2229 docs: expand meet voice-call troubleshooting 2026-05-01 06:45:53 +01:00
stain lu
84920fad4e security(logging): redact payment credential fields (#75230) 
Summary:
- The PR adds payment-credential redaction patterns and a key-aware structured field redaction helper, wires it into tool payload sanitization, and updates focused tests, logging docs, and the changelog.

ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 5f5f1fadbb.
- Required merge gates passed before the squash merge.

Prepared head SHA: 5f5f1fadbb
Review: https://github.com/openclaw/openclaw/pull/75230#issuecomment-4355538755

Co-authored-by: stainlu <stainlu@newtype-ai.org>
 2026-05-01 05:45:28 +00:00
clawsweeper[bot]
8b51d1fdc2 fix(plugins): keep disabled-plugin guard for non-speech providers 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:45:12 -07:00
clawsweeper[bot]
955a0e9c0f fix(heartbeat): keep due task runs tool-capable 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:44:24 -07:00
clawsweeper[bot]
173f959613 fix(bluebubbles): cache prefixed reply context aliases 
* fix: BlueBubbles reply-context fallback cache-key regression

* fix(clawsweeper): address review for clawsweeper-commit-openclaw-openclaw-76930da7ebc7 (1)

---------

Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:44:21 -07:00
clawsweeper[bot]
1b6f2969aa fix(telegram): forward audioAsVoice payloads 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:42:54 -07:00
clawsweeper[bot]
2fd7c054ae fix(search): share web search count schema limit 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:42:51 -07:00
clawsweeper[bot]
3af8e17cc5 fix(ci): accept ClawSweeper bot mention alias 
Co-authored-by: openclaw-clawsweeper[bot] <280122609+openclaw-clawsweeper[bot]@users.noreply.github.com>
 2026-04-30 22:42:47 -07:00
Peter Steinberger
b2aac178d6 fix: tighten meet voice-call setup checks 2026-05-01 06:40:22 +01:00
Peter Steinberger
464e573602 fix(voice-call): delegate cli calls to gateway 2026-05-01 06:35:36 +01:00
Ben
e8f9c3e6de fix(voice-call): stabilize Twilio STT startup (#75257) 
Fix Twilio voice-call startup so accepted media streams register immediately, realtime transcription readiness gates only the initial greeting, and early inbound media is preserved while STT connects.

Fixes #75197.
Thanks @PfanP and @donkeykong91.
 2026-05-01 06:25:36 +01:00
Jesse Merhi
4ea0556f64 feat: add proxy validation command 
Adds `openclaw proxy validate` for operator-managed proxy preflight checks, including allowed/denied destination validation, CLI output, tests, docs, and changelog coverage.

Maintainer follow-ups before landing:
- validate custom allowed URLs before probing;
- use a temporary loopback canary for default denied checks and fail custom denied transport errors as unverifiable;
- redact proxy URL userinfo, query strings, and fragments from text/JSON validation output.

Validation:
- `pnpm test src/infra/net/proxy/proxy-validation.test.ts src/cli/proxy-cli.runtime.test.ts src/cli/proxy-cli.test.ts -- --reporter=verbose`
- `pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/cli/proxy-cli.ts src/cli/proxy-cli.runtime.ts src/cli/proxy-cli.test.ts src/cli/proxy-cli.runtime.test.ts src/infra/net/proxy/proxy-validation.ts src/infra/net/proxy/proxy-validation.test.ts docs/cli/proxy.md docs/security/network-proxy.md`
- `pnpm exec oxlint src/cli/proxy-cli.runtime.ts src/cli/proxy-cli.runtime.test.ts`
- `git diff --check`
- Testbox `pnpm install && OPENCLAW_TESTBOX=1 pnpm check:changed` on `tbx_01kqgz68ff20n3dtrgq0j1mykt`
- GitHub CI success on `321b3aaf2b8be27dec6ce2ac5e4007ed064218b5`
 2026-05-01 00:19:55 -05:00
Francisco Maestre Torreblanca
214b3d3336 fix(pairing): don't silently swallow unexpected stat errors (#63324) 
Merged via squash.

Prepared head SHA: 121512c687
Co-authored-by: Francisco Maestre Torreblanca <2027043+franciscomaestre@users.noreply.github.com>
Co-authored-by: sallyom <11166065+sallyom@users.noreply.github.com>
Reviewed-by: @sallyom
 2026-05-01 01:14:39 -04:00
Peter Steinberger
1c300cec5d fix(auto-reply): keep group visible replies deliverable (#75382) 
Summary:
- The PR updates auto-reply message-tool availability and fallback policy, qa-channel group target support, qa-lab scenario coverage, generated config metadata, docs, and the changelog for group visible replies.

ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head adbec93b8a.
- Required merge gates passed before the squash merge.

Prepared head SHA: adbec93b8a
Review: https://github.com/openclaw/openclaw/pull/75382#issuecomment-4357590733

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-01 05:07:03 +00:00
Cole
76930da7eb feat(bluebubbles): add reply-context API fallback for cache misses (#71820) 
Merged via squash.

Prepared head SHA: 04f6a8740a
Co-authored-by: coletebou <12384893+coletebou@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
 2026-04-30 22:01:26 -07:00
Vyctor Huggo Przozwski
eabab1f64f fix(active-memory): expose memory tools to recall runs (#74592) 
Fix Active Memory recall runs so plugin tool allowlists from composed Memory Core agents flow into embedded tool execution, restoring callable memory plugin tools during recall.\n\nCo-authored-by: vyctorbrzezowski <vyctorbrzezowski@users.noreply.github.com>
 2026-05-01 05:48:59 +01:00
Peter Steinberger
54f44ec321 fix: restore Twilio Meet voice intro 2026-05-01 05:41:49 +01:00
Peter Steinberger
5d1ba08e3c fix(doctor): warn on plugin tool allowlist mismatch 2026-05-01 05:33:03 +01:00
Peter Steinberger
07bc320a8a fix: scope voicecall CLI activation 2026-05-01 05:32:18 +01:00
Dallin Romney
778902103d fix(agents): release embedded-run scope on hung provider abort + heap-leak harness (#75008) 
* fix(agents): extract abortable from runEmbeddedAttempt to release captured run scope on hung provider abort (#74182)

* test(agents): drop synthetic WeakRef retention test for abortable

* feat(scripts): add embedded-run-abort-leak harness for runtime closure-leak validation

* feat(scripts): add production mode to leak harness importing real abortable

* docs(changelog): add #74182 fix entry for embedded-run abort closure release
 2026-05-01 12:24:13 +08:00
Sally O'Malley
e8258fd4a6 fix(docker): restore python3 in runtime image (#75417) 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-05-01 00:11:38 -04:00
Peter Steinberger
f2d97df262 docs: add small bugfix sweep skill 2026-05-01 04:39:07 +01:00
joshavant
8093ae6029 test: validate published upgrade survivor baseline 2026-04-30 22:17:33 -05:00
Peter Steinberger
3e67ee63b4 ci: route ClawSweeper command comments 2026-05-01 04:14:41 +01:00
gavyngong
0260903f7f fix(logging): add redaction patterns for Tencent Cloud, Alibaba Cloud, HuggingFace and Replicate API keys (#58162) 
Merged via squash.

Prepared head SHA: 5227c30713
Co-authored-by: gavyngong <267269824+gavyngong@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-05-01 11:13:54 +08:00
Ayaan Zaidi
d0a7986638 docs(changelog): note telegram reply latency fix 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
60bdb96f2c fix(tools): defer media generation provider discovery 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
e0fe02fb09 fix(tools): preserve tool availability contracts 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
22d6e9564a test(tools): mirror auth profile discovery in image tests 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
45b8645079 fix(channels): keep typing indicators off reply critical path 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
40b0b1bfe0 fix(tools): avoid web search provider loading at registration 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
3144e7a729 fix(tools): defer media model resolution 2026-05-01 08:33:02 +05:30
Ayaan Zaidi
354084b1b3 fix(providers): cache targeted runtime hook resolution 2026-05-01 08:33:02 +05:30
Peter Steinberger
5a69832833 chore: ignore sea build output 2026-05-01 03:56:12 +01:00
Peter Steinberger
8989ceee50 fix(auto-reply): move visible reply warnings to doctor (#75367) 
Summary:
- The PR removes the auto-reply runtime warning for visible-reply defaults, adds doctor preview warnings and tests for message-tool visibility policy mismatches, and updates the group/channel docs and changelog wording.

ClawSweeper fixups:
- No separate fixup commits were needed after automerge opt-in.

Validation:
- ClawSweeper review passed for head 1f96b3b568.
- Required merge gates passed before the squash merge.

Prepared head SHA: 1f96b3b568
Review: https://github.com/openclaw/openclaw/pull/75367#issuecomment-4357475980

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-05-01 02:52:23 +00:00