vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-02 09:30:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,220 Commits 1,843 Branches 149 Tags
c58da46bb441ec0e4249d6c588cd869ea73a5f67
Commit Graph

5645 Commits

Author SHA1 Message Date
Peter Steinberger
91be36ca4f build: prepare 2026.3.31-beta.1 release 2026-03-31 19:32:49 +01:00
Peter Steinberger
62a39381da fix: land codex native search follow-ups (#46579) (thanks @Evizero) 2026-04-01 03:30:06 +09:00
Peter Steinberger
b7013ec207 docs: fix changelog release placement 2026-03-31 19:14:57 +01:00
Nimrod Gutman
69fe999373 fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman) 
* fix(pairing): restore qr bootstrap onboarding handoff

* fix(pairing): tighten bootstrap handoff follow-ups

* fix(pairing): migrate legacy gateway device auth

* fix(pairing): narrow qr bootstrap handoff scope

* fix(pairing): clear ios tls trust on onboarding reset

* fix(pairing): restore qr bootstrap onboarding handoff (#58382) (thanks @ngutman)
 2026-03-31 21:11:35 +03:00
Peter Steinberger
ae730d9a86 fix: cover Azure disabled reasoning omission (#58208) (thanks @jalehman) 2026-04-01 02:47:29 +09:00
Peter Steinberger
b4433a1bfe fix: normalize raw MCP schemas for OpenAI Responses (#58299) (thanks @yelog) 2026-04-01 02:30:45 +09:00
Vincent Koc
76b3235207 chore(changelog): soften sdk removal note 2026-04-01 02:21:24 +09:00
Vincent Koc
bfba84a69d chore(changelog): attribute task entries 2026-04-01 02:10:39 +09:00
Peter Steinberger
4b1c15d059 docs: simplify install policy changelog note 2026-03-31 18:09:33 +01:00
Vincent Koc
c03e2beca1 chore(changelog): rename flow entries to tasks 2026-04-01 02:08:46 +09:00
Peter Steinberger
539ba0d244 docs: merge install breaking change notes 2026-03-31 18:07:35 +01:00
Peter Steinberger
b9f8bb6308 docs: tune unreleased changelog priorities 2026-03-31 18:04:22 +01:00
Vincent Koc
d794c5ca56 chore(changelog): add missing breaking notes 2026-04-01 02:01:48 +09:00
Vincent Koc
8ef81cc983 chore(changelog): reorder unreleased sections 2026-04-01 02:00:14 +09:00
Vincent Koc
dc948bb4eb chore(changelog): sort unreleased entries 2026-04-01 01:59:05 +09:00
Peter Steinberger
7672e48c19 docs: fill changelog gaps since last release 2026-03-31 17:50:00 +01:00
Peter Steinberger
83038fcaf2 docs: add missing unreleased changelog entries 2026-03-31 17:42:05 +01:00
Peter Steinberger
8f2e1194b7 docs: reorder changelog by user interest 2026-03-31 16:34:45 +01:00
Vincent Koc
2a1db0c0f1 fix(gateway): narrow plugin route runtime scopes (#58167) 
* wip(gateway): preserve plugin route scope progress

* test(gateway): cover plugin route runtime scopes

* test(gateway): finish plugin route scope rebase

* fix(gateway): drop scopes from plugin-auth routes
 2026-04-01 00:20:49 +09:00
Vincent Koc
1ca12ec8bf fix(hooks): rebind hook agent session keys to the target agent (#58225) 
* fix(hooks): rebind hook agent session keys

* fix(hooks): preserve scoped hook session keys

* fix(hooks): validate normalized dispatch keys
 2026-04-01 00:16:39 +09:00
Peter Steinberger
3bb02d3338 fix(media): align outbound sends with fs read capability 2026-04-01 00:07:50 +09:00
Peter Steinberger
0d7f1e2c84 feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Peter Steinberger
44b9936136 feat(plugins): add dangerous unsafe install override 2026-03-31 23:16:11 +09:00
Vincent Koc
0ed4f8a72b fix(media): reject oversized image inputs before decode (#58226) 
* fix(media): cap oversized image inputs

* chore(changelog): add media input guard note

* fix(media): address input guard review feedback

* fix(media): fail closed on unknown sips dimensions

* fix(media): avoid sips fallback in input guard
 2026-03-31 22:52:55 +09:00
Vincent Koc
4ee742174f fix(nostr): verify inbound dm signatures before pairing replies (#58236) 
* fix(nostr): verify inbound dm signatures before pairing

* fix(nostr): authorize senders before rate limiting

* test(nostr): cover pending auth rate-limit starvation

* fix(nostr): rate limit oversized inbound ciphertext

* fix(nostr): dedupe blocked inbound replays

* fix(nostr): rate limit before auth work
 2026-03-31 22:51:22 +09:00
Gustavo Madeira Santana
4ea1ca4849 Sessions: parse thread suffixes by channel (#58100) 
Merged via squash.

Prepared head SHA: 2829b9c5b5
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 08:54:16 -04:00
Vincent Koc
dba96e7507 fix(discord): gate voice ingress by allowlists (#58245) 
* fix(discord): gate voice ingress by allowlists

* fix(discord): preserve voice allowlist context

* fix(discord): fetch guild metadata for voice allowlists

* fix(discord): reuse voice speaker context

* fix(discord): preserve cached speaker context

* fix(discord): tighten voice ingress authorization
 2026-03-31 21:29:13 +09:00
Vincent Koc
4d912e0451 fix(exec): block proxy-style env overrides (#58202) 
* fix(exec): block proxy-style env overrides

* fix(exec): keep trusted host proxy env inherited

* fix(exec): block git tls override env vars

* fix(skills): block dangerous env override keys
 2026-03-31 21:25:36 +09:00
Vincent Koc
730ba40763 fix(exec): unwrap arch and xcrun dispatch wrappers (#58203) 
* fix(exec): unwrap arch and xcrun dispatch wrappers

* fix(infra): scope arch wrapper unwrapping to macos

* fix(exec): scope arch wrapper unwrapping to macos

* fix(infra): validate macos arch wrapper selectors

* test(infra): cover invalid arch name wrappers
 2026-03-31 21:00:14 +09:00
Mariano
607076d164 ClawFlow: add runtime substrate (#58336) 
Merged via squash.

Prepared head SHA: 6a6158179e
Reviewed-by: @mbelinky
 2026-03-31 13:58:29 +02:00
Vincent Koc
cd5179314d fix(acp): use semantic approval classes 2026-03-31 20:49:31 +09:00
Gustavo Madeira Santana
8c0245f57b fix(matrix): tighten DM invite promotion state (#58099) 
Merged via squash.

Prepared head SHA: 6638d4b505
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 07:09:18 -04:00
Vincent Koc
e704323ff3 fix(media): drop auth headers on cross-origin redirects (#58224) 
* fix(media): drop auth headers on cross-origin redirects

* chore(changelog): sync unreleased context

* fix(media): keep fetch-guard redirect helper working
 2026-03-31 19:57:42 +09:00
Vincent Koc
3d5af14984 fix(agents): reject escaping symlinks in ssh sandbox uploads (#58220) 
* fix(agents): reject escaping ssh sandbox upload symlinks

* fix(agents): allow safe ssh upload symlink aliases

* test(ssh): keep upload stdin open in fake ssh

* Update CHANGELOG.md
 2026-03-31 19:56:45 +09:00
FMLS
44caf1ee3d fix(browser): prevent cross-origin images from disappearing in CDP screenshots (#54358) 
fromSurface: true + captureBeyondViewport: true triggers a Chromium compositor
bug where cross-origin image textures are lost when extending the capture
surface. Switch to fromSurface: false to use the software rendering path.

For full-page captures, temporarily expand the viewport via
Emulation.setDeviceMetricsOverride, preserving the current mobile/DPR/screen
state during capture and restoring it afterward so pre-existing device
emulation is not lost.

Made-with: Cursor

Co-authored-by: hakunaliu <hakunaliu@tencent.com>
 2026-03-31 18:55:25 +08:00
Vincent Koc
57700d716f fix(config): redact Nostr privateKey in config views (#58177) 
* wip(config): preserve nostr redaction progress

* fix(config): add private key redaction fallback

* fix(config): align nostr privateKey secret input handling

* fix(config): require resolved nostr private keys
 2026-03-31 19:55:03 +09:00
Vincent Koc
efe9183f9d fix(voice-call): pin plivo callback origins (#58238) 2026-03-31 19:50:35 +09:00
Vincent Koc
da7f016db6 fix(doctor): align qmd probe cwd with runtime 2026-03-31 19:49:40 +09:00
Vincent Koc
6b3f99a11f fix(gateway): enforce trusted-proxy HTTP origin checks (#58229) 
* fix(gateway): enforce trusted-proxy HTTP origin checks

* Update CHANGELOG.md
 2026-03-31 19:49:26 +09:00
Vincent Koc
9abcfdadf5 fix(voice-call): reject oversized pre-start media frames (#58241) 
* fix(voice-call): reject oversized pre-start frames

* fix(voice-call): avoid normalizing oversized frames

* chore(changelog): remove stray spacing

* fix(voice-call): remove dead inbound size guard
 2026-03-31 19:47:10 +09:00
Vincent Koc
9bc1f896c8 fix(pairing): scope pending request caps per account (#58239) 
* fix(pairing): scope pending pairing caps per account

* fix(pairing): count legacy default-account requests
 2026-03-31 19:45:45 +09:00
Vincent Koc
f45e5a6569 fix(feishu): filter fetched group thread context (#58237) 
* fix(feishu): filter fetched group thread context

* fix(feishu): preserve filtered thread bootstrap
 2026-03-31 19:43:54 +09:00
Vincent Koc
2194587d70 fix(tlon): cap inbound image downloads (#58223) 2026-03-31 19:40:15 +09:00
Vincent Koc
9023a0436c fix(exec): unwrap transparent approval wrappers (#58215) 
* fix(exec): unwrap transparent approval wrappers

* fix(exec): normalize sandbox-exec -D wrapper parsing
 2026-03-31 19:38:34 +09:00
Vincent Koc
eb8de6715f fix(exec): block risky host env overrides (#58209) 
* fix(exec): block risky host env overrides

* fix(exec): block GOPRIVATE host env overrides
 2026-03-31 19:37:43 +09:00
Vincent Koc
57c47d8c7f fix(line): bound preverify webhook concurrency (#58199) 
* fix(line): bound preverify webhook concurrency

* test(line): cover preauth release timing

* fix(line): release webhook preauth slots earlier
 2026-03-31 19:34:25 +09:00
Vincent Koc
4d038bb242 fix(zalo): scope webhook replay dedupe per target (#58196) 2026-03-31 19:33:57 +09:00
Vincent Koc
57fccca2dc fix(exec): keep awk and sed out of safeBins fast path (#58175) 
* wip(exec): preserve safe-bin semantics progress

* test(exec): cover safe-bin semantic variants

* fix(exec): address safe-bin review follow-up
 2026-03-31 19:29:53 +09:00
Vincent Koc
330a9f98cb fix(config): block workspace bundled-root dotenv overrides (#58170) 
* wip(config): preserve bundled hooks root progress

* test(config): cover bundled trust-root dotenv blocking
 2026-03-31 19:25:12 +09:00
Vincent Koc
b9f857708c wip(config): preserve bundled plugins root progress (#58168) 2026-03-31 19:23:11 +09:00