vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 13:30:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
41,734 Commits 1,843 Branches 149 Tags
c4537fa6c3cae2fe2f2b59be95a35699cf080253
Commit Graph

20 Commits

Author SHA1 Message Date
Vincent Koc
ae9f779e5f docs: typography hygiene + 1 in-body H1 removal across 6 pages 
Replaced 84 typography characters (curly quotes, apostrophes, em/en
dashes, non-breaking hyphens) with ASCII equivalents per
docs/CLAUDE.md heading and content hygiene rules.

- docs/gateway/tools-invoke-http-api.md: 14 chars; removed the
  duplicate '# Tools Invoke (HTTP)' H1 (Mintlify renders title from
  frontmatter; the in-body H1 with parens produced a brittle anchor).
- docs/tools/browser-control.md: 14 chars
- docs/security/formal-verification.md: 14 chars
- docs/gateway/configuration-reference.md: 14 chars
- docs/concepts/agent.md: 14 chars
- docs/channels/qa-channel.md: 14 chars
 2026-05-05 20:26:16 -07:00
Vincent Koc
7b18bd03bb fix(gateway): allow explicit loopback trusted proxy auth 
Fixes #59167.

Supersedes #63379.
 2026-04-27 22:01:06 -07:00
Vincent Koc
627c19c5cb docs: add Related sections to remaining CLI, gateway API, and help pages 2026-04-23 20:41:35 -07:00
Vincent Koc
2777b089b5 docs: normalize frontmatter titles to sentence case 2026-04-23 13:15:17 -07:00
Peter Steinberger
9ac9edff43 docs: refresh gateway operator scope refs 2026-04-04 15:25:57 +01:00
Peter Steinberger
6cff644dc9 docs: refresh http endpoint auth refs 2026-04-04 13:56:08 +01:00
Peter Steinberger
7671f4f1e3 docs: clarify gateway and plugin http auth scopes 2026-04-04 09:01:05 +01:00
Peter Steinberger
dc0e0b0f68 docs(security): mark shared-secret HTTP auth as designed 2026-03-31 22:58:09 +09:00
Peter Steinberger
cbfeecfab4 fix(gateway): restore shared-secret HTTP tool invoke auth 2026-03-31 22:55:15 +09:00
Peter Steinberger
0633406ff6 fix(gateway): restore compat HTTP operator auth 2026-03-31 16:49:30 +09:00
Vincent Koc
d352bd050a docs: fix tools-invoke default deny list (was missing 8 of 13 entries) 2026-03-31 14:24:19 +09:00
Peter Steinberger
43d95a2db3 docs: clarify tools invoke operator boundary 2026-03-22 09:14:42 -07:00
Peter Steinberger
767fd9f222 fix: classify /tools/invoke errors and sanitize 500s (#13185) (thanks @davidrudduck) 2026-02-13 16:58:30 +01:00
Harald Buerbaumer
30b6eccae5 feat(gateway): add auth rate-limiting & brute-force protection (#15035) 
* feat(gateway): add auth rate-limiting & brute-force protection

Add a per-IP sliding-window rate limiter to Gateway authentication
endpoints (HTTP, WebSocket upgrade, and WS message-level auth).

When gateway.auth.rateLimit is configured, failed auth attempts are
tracked per client IP. Once the threshold is exceeded within the
sliding window, further attempts are blocked with HTTP 429 + Retry-After
until the lockout period expires. Loopback addresses are exempt by
default so local CLI sessions are never locked out.

The limiter is only created when explicitly configured (undefined
otherwise), keeping the feature fully opt-in and backward-compatible.

* fix(gateway): isolate auth rate-limit scopes and normalize 429 responses

---------

Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 15:32:38 +01:00
Peter Steinberger
ee31cd47b4 fix: close OC-02 gaps in ACP permission + gateway HTTP deny config (#15390) (thanks @aether-ai-agent) 2026-02-13 14:30:06 +01:00
Seb Slight
abcaa8c7a9 Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
cpojer
8cab78abbc chore: Run pnpm format:fix. 2026-01-31 21:13:13 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
d73e8ecca3 fix: document tools invoke + honor main session key (#1575) (thanks @vignesh07) 2026-01-24 09:29:32 +00:00