vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 07:10:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
33,141 Commits 1,843 Branches 149 Tags
c4ddaf63fdee9eb56d5c4b841d45476d475baa3d
Commit Graph

188 Commits

Author SHA1 Message Date
Peter Steinberger
a216b4ebc3 test: merge system run path binding cases 2026-04-20 23:34:59 +01:00
Peter Steinberger
b07c40a5a8 test: merge system run denial matrices 2026-04-20 23:26:37 +01:00
Peter Steinberger
eb6a0f3529 test: trim runtime approval matrix duplicates 2026-04-20 21:08:16 +01:00
Peter Steinberger
3df9a60b0b perf(test): trim hotspot coverage duplication 2026-04-20 21:01:06 +01:00
Peter Steinberger
44082acef5 perf(test): reuse node host runtime fixtures 2026-04-20 20:34:55 +01:00
Peter Steinberger
8a09b40cb2 perf(test): trim test teardown waits 2026-04-20 20:30:16 +01:00
Peter Steinberger
41cce9ea79 perf(test): reuse run-plan fixture root 2026-04-20 20:06:49 +01:00
Peter Steinberger
dab1be48fc perf(test): merge chat and system run cases 2026-04-20 19:32:05 +01:00
Peter Steinberger
85c1ff6ea4 perf(test): merge system run plan matrix tests 2026-04-20 19:09:51 +01:00
Peter Steinberger
785ecf7715 perf(test): mock system run logger 2026-04-20 19:01:37 +01:00
Peter Steinberger
4f37a5d590 test: remove duplicated env lookup helper 2026-04-20 14:43:03 +01:00
Peter Steinberger
df525b90f2 chore(lint): enable unnecessary type parameter rule 2026-04-18 18:31:13 +01:00
Peter Steinberger
08e1eb7a9f test: narrow system run dispatch matrix 2026-04-17 20:27:52 +01:00
Peter Steinberger
087f1584df test: streamline system run hotspot coverage 2026-04-17 20:18:01 +01:00
Peter Steinberger
014eaa8492 test: merge env rejection invoke cases 2026-04-17 20:03:35 +01:00
Peter Steinberger
e9d052d728 test: merge shell payload plan checks 2026-04-17 20:01:58 +01:00
Peter Steinberger
125b1e0e20 test: reuse node-host runtime bins 2026-04-17 19:47:43 +01:00
Peter Steinberger
729feb4b99 test: reuse exec approval home fixture 2026-04-17 19:37:47 +01:00
Peter Steinberger
c0a9b694f3 test: reuse node host home fixture 2026-04-17 19:35:19 +01:00
Peter Steinberger
7edce9c8fa test: reuse inline eval fixtures 2026-04-17 19:25:58 +01:00
Peter Steinberger
38923d13a6 test: trim boundary and fixture hotspots 2026-04-17 19:22:38 +01:00
Peter Steinberger
7b27d08e56 perf: lazy load system run config 2026-04-17 16:39:24 +01:00
Peter Steinberger
7e9ff0f86e test: reuse system-run temp fixtures 2026-04-17 02:49:37 +01:00
Peter Steinberger
12a59b0a18 test: trim hotspot wait overhead 2026-04-17 02:47:09 +01:00
Peter Steinberger
6ba8626c25 test: trim remaining hotspot tests 2026-04-17 02:07:26 +01:00
Peter Steinberger
8507935d3a test: reuse system run plan fixtures 2026-04-17 00:20:06 +01:00
Ayaan Zaidi
75c551e89e fix: harden node-host shell payload mutability checks 2026-04-16 20:34:17 +05:30
tmimmanuel
29919bb6e4 fix: land node-host approval binding for native binaries (#66731) (thanks @tmimmanuel) 
* fix(node-host): allow absolute-path native binaries through approval binder

* test(node-host): cover binary binder edge cases

* test(node-host): use stable native binary fixture

* fix(ci): restore fail-closed race handling

* refactor(node-host): distill approval binding regressions

* fix(node-host): fail closed on unknown shell payload headers

* fix: land node-host approval binding for native binaries (#66731) (thanks @tmimmanuel)

* fix: keep relative shell binary payloads fail-closed (#66731) (thanks @tmimmanuel)

* fix: keep shell binary bypass on stable paths only (#66731) (thanks @tmimmanuel)

* fix: fail closed on symlinked shell binary targets (#66731) (thanks @tmimmanuel)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-16 20:30:09 +05:30
Pavan Kumar Gondhi
666f48d9b8 fix(security): remove busybox/toybox from interpreter-like safe bins [AI-assisted] (#65713) 
* fix: address issue

* fix: address review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-13 12:03:15 +05:30
Pavan Kumar Gondhi
8f8492d172 fix(security): broaden shell-wrapper detection and block env-argv assignment injection [AI-assisted] (#65717) 
* fix: address issue

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-13 11:48:42 +05:30
Vincent Koc
0f7d9c9570 fix(runtime): split approval and gateway client seams 2026-04-11 18:36:48 +01:00
Vincent Koc
74e7b8d47b fix(cycles): bulk extract leaf type surfaces 2026-04-11 13:26:50 +01:00
Peter Steinberger
9e0d358695 refactor: simplify runtime conversions 2026-04-11 01:23:34 +01:00
Peter Steinberger
08cee3316d refactor: dedupe core trimmed readers 2026-04-08 01:36:39 +01:00
Peter Steinberger
bfff74fb11 refactor: dedupe core lowercase helpers 2026-04-07 20:58:01 +01:00
Peter Steinberger
572c5b6dd0 refactor: dedupe daemon lowercase helpers 2026-04-07 13:44:42 +01:00
Nimrod Gutman
de6bac331c fix(exec): detect cmd wrapper carriers (#62439) 
* fix(exec): detect cmd wrapper carriers

* fix(exec): block env cmd wrapper carriers

* fix: keep cmd wrapper carriers approval-gated (#62439) (thanks @ngutman)
 2026-04-07 14:27:06 +03:00
Nimrod Gutman
d008e2d015 fix(exec): align node shell allowlist wrappers (#62401) 
* fix(exec): align node shell allowlist wrappers

* fix: align node shell allowlist wrappers (#62401) (thanks @ngutman)
 2026-04-07 13:05:57 +03:00
Peter Steinberger
679a393f6d refactor: dedupe metadata readers 2026-04-07 07:36:11 +01:00
Peter Steinberger
01dc9792fc refactor: dedupe nullable string helper 2026-04-07 00:21:11 +01:00
Peter Steinberger
2b6e08bbfa refactor: remove confirmed dead helpers 2026-04-06 16:13:26 +01:00
Peter Steinberger
471d056e2f refactor: move browser runtime seams behind plugin metadata 2026-04-05 23:13:14 +01:00
Peter Steinberger
acd78e0c2f refactor: split browser sdk seams 2026-04-05 17:17:16 +01:00
Peter Steinberger
629baf5fa7 refactor: move plugin setup and memory capabilities to registries 2026-04-05 14:53:53 +01:00
Peter Steinberger
c5c5c77ebb fix(ci): restore contract-safe core imports 2026-04-04 15:09:48 +01:00
Peter Steinberger
38bd525888 test: align strict inline-eval awk denial expectation 2026-04-02 19:09:39 +01:00
Peter Steinberger
3e452f2671 fix: preserve strict inline-eval approval boundaries (#59780) (thanks @luoyanglang) 2026-04-02 18:30:29 +01:00
Peter Steinberger
a406045f2f test: accept Windows exec approval denial path 2026-04-03 02:04:26 +09:00
Vincent Koc
990545181b fix(ci): preserve strict inline-eval denial after durable awk trust 2026-04-03 01:55:01 +09:00
Jacob Tomlinson
176c059b05 node-host: bind pnpm dlx approval scripts (#58374) 
* node-host: bind pnpm dlx approval scripts

* node-host: cover pnpm dlx package alias

* node-host: cover pnpm dlx flag forms

* node-host: fail closed on unsafe pnpm dlx flags

* node-host: narrow pnpm dlx fail-closed guard

* node-host: scan pnpm dlx past global --

* node-host: allow pnpm dlx file args

* node-host: allow pnpm dlx data args

* node-host: fail closed on unknown pnpm dlx flags

* node-host: support pnpm workspace-root flag

* node-host: restrict pnpm dlx tail scan

* node-host: support pnpm parallel flag

* changelog: node-host pnpm dlx approval binding (#58374)
 2026-04-02 09:41:28 -07:00