vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-22 14:41:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,748 Commits 1,412 Branches 117 Tags
c869ca4bbf08730eec0520b0eef2d99210d424b6
Commit Graph

324 Commits

Author SHA1 Message Date
Peter Steinberger
c869ca4bbf fix: harden discord agent cid parsing (#29013) (thanks @Jacky1n7) 2026-03-02 03:07:48 +00:00
李肖然
c14c17403e style: oxfmt for agent-components 2026-03-02 03:07:48 +00:00
李肖然
e95f96f77a fix(discord): guard cid decode to avoid URIError 2026-03-02 03:07:48 +00:00
李肖然
9aba8422ca fix(discord): accept cid in agent component interactions 2026-03-02 03:07:48 +00:00
Peter Steinberger
25b731c34a fix: harden discord media fallback regressions (#28906) (thanks @Sid-Qin) 2026-03-02 03:05:12 +00:00
SidQin-cyber
0a67033fe3 fix(discord): keep attachment metadata when media fetch is blocked 
Preserve inbound attachment/sticker metadata in Discord message context when media download fails (for example due to SSRF blocking), so agents still see file references instead of silent drops.

Closes #28816
 2026-03-02 03:05:12 +00:00
Glucksberg
a25a73e707 discord: expose EventQueue listenerTimeout as configurable option (fixes #24458) 2026-03-02 02:06:24 +00:00
Ash (Bug Lab)
5b64b96c6c fix(discord): add ackReactionScope channel override + off/none values (#28268) 2026-03-02 02:04:39 +00:00
haosenwang1018
60330e011b fix(discord): log ignored messages from non-allowlisted channels 
Closes #30676

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-02 02:03:44 +00:00
Peter Steinberger
e7cd4bf1bd refactor(web): split trusted and strict web tool fetch paths 2026-03-02 01:14:06 +00:00
Peter Steinberger
a95c8077e8 test(discord): type gateway stop mock params 2026-03-02 01:10:03 +00:00
Peter Steinberger
c80f34f0e0 test(discord): type gateway stop mock params 2026-03-02 00:49:27 +00:00
Shakker
4274374297 Tests: type Discord gateway lifecycle wait mock 2026-03-02 00:44:34 +00:00
Peter Steinberger
0c0f556927 fix(discord): unify reconnect watchdog and land #31025/#30530 
Landed follow-up intent from contributor PR #31025 (@theotarr) and PR #30530 (@liuxiaopai-ai).

Co-authored-by: theotarr <theotarr@users.noreply.github.com>
Co-authored-by: liuxiaopai-ai <liuxiaopai-ai@users.noreply.github.com>
 2026-03-02 00:24:15 +00:00
Peter Steinberger
a62d55b283 test(discord): cover DM command decision flow 2026-03-02 00:00:05 +00:00
Peter Steinberger
75596e9370 refactor(discord): unify DM command auth handling 2026-03-02 00:00:05 +00:00
Peter Steinberger
881ac62005 test(discord): stabilize model picker timeout assertions 2026-03-01 23:53:07 +00:00
Peter Steinberger
50e2674dfc fix(discord): unify dm command auth gating 2026-03-01 23:50:24 +00:00
Peter Steinberger
5056b6438d fix(discord): harden reconnect recovery and preserve message delivery 
Landed from contributor PR #29508 by @cgdusek.

Co-authored-by: Charles Dusek <cgdusek@gmail.com>
 2026-03-01 23:46:07 +00:00
Sid
39a45121d9 fix(discord,slack): add SSRF policy for media downloads in proxy environments (#25475) 
* fix(discord,slack): add SSRF policy for media downloads in proxy environments

Discord and Slack media downloads (attachments, stickers, forwarded
images) call fetchRemoteMedia without any ssrfPolicy. When running
behind a local transparent proxy (Clash, mihomo, Shadowrocket) in
fake-ip mode, DNS returns virtual IPs in the 198.18.0.0/15 range,
which the SSRF guard blocks.

Add per-channel SSRF policy constants—matching the pattern already
applied to Telegram on main—that allowlist known CDN hostnames and
set allowRfc2544BenchmarkRange: true.

Refs #25355, #25322

Co-authored-by: Cursor <cursoragent@cursor.com>

* chore(slack): keep raw-fetch allowlist line anchors stable

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-01 11:30:10 -06:00
Onur Solmaz
a7929abad8 Discord: thread bindings idle + max-age lifecycle (#27845) (thanks @osolmaz) 
* refactor discord thread bindings to idle and max-age lifecycle

* fix: migrate legacy thread binding expiry and reduce hot-path disk writes

* refactor: remove remaining thread-binding ttl legacy paths

* fix: harden thread-binding lifecycle persistence

* Discord: fix thread binding types in message/reply paths

* Infra: handle win32 unknown inode in file identity checks

* Infra: relax win32 guarded-open identity checks

* Config: migrate threadBindings ttlHours to idleHours

* Revert "Infra: relax win32 guarded-open identity checks"

This reverts commit de94126771.

* Revert "Infra: handle win32 unknown inode in file identity checks"

This reverts commit 96fc5ddfb3.

* Discord: re-read live binding state before sweep unbind

* fix: add changelog note for thread binding lifecycle update (#27845) (thanks @osolmaz)

---------

Co-authored-by: Onur Solmaz <onur@textcortex.com>
 2026-02-27 10:02:39 +01:00
Peter Steinberger
bce643a0bd refactor(security): enforce account-scoped pairing APIs 2026-02-26 21:57:52 +01:00
Peter Steinberger
cd80c7e7ff refactor: unify dm policy store reads and reason codes 2026-02-26 17:47:57 +01:00
Peter Steinberger
9a4b2266cc fix(security): bind node system.run approvals to env 2026-02-26 16:38:07 +01:00
Onur Solmaz
a7d56e3554 feat: ACP thread-bound agents (#23580) 
* docs: add ACP thread-bound agents plan doc

* docs: expand ACP implementation specification

* feat(acp): route ACP sessions through core dispatch and lifecycle cleanup

* feat(acp): add /acp commands and Discord spawn gate

* ACP: add acpx runtime plugin backend

* fix(subagents): defer transient lifecycle errors before announce

* Agents: harden ACP sessions_spawn and tighten spawn guidance

* Agents: require explicit ACP target for runtime spawns

* docs: expand ACP control-plane implementation plan

* ACP: harden metadata seeding and spawn guidance

* ACP: centralize runtime control-plane manager and fail-closed dispatch

* ACP: harden runtime manager and unify spawn helpers

* Commands: route ACP sessions through ACP runtime in agent command

* ACP: require persisted metadata for runtime spawns

* Sessions: preserve ACP metadata when updating entries

* Plugins: harden ACP backend registry across loaders

* ACPX: make availability probe compatible with adapters

* E2E: add manual Discord ACP plain-language smoke script

* ACPX: preserve streamed spacing across Discord delivery

* Docs: add ACP Discord streaming strategy

* ACP: harden Discord stream buffering for thread replies

* ACP: reuse shared block reply pipeline for projector

* ACP: unify streaming config and adopt coalesceIdleMs

* Docs: add temporary ACP production hardening plan

* Docs: trim temporary ACP hardening plan goals

* Docs: gate ACP thread controls by backend capabilities

* ACP: add capability-gated runtime controls and /acp operator commands

* Docs: remove temporary ACP hardening plan

* ACP: fix spawn target validation and close cache cleanup

* ACP: harden runtime dispatch and recovery paths

* ACP: split ACP command/runtime internals and centralize policy

* ACP: harden runtime lifecycle, validation, and observability

* ACP: surface runtime and backend session IDs in thread bindings

* docs: add temp plan for binding-service migration

* ACP: migrate thread binding flows to SessionBindingService

* ACP: address review feedback and preserve prompt wording

* ACPX plugin: pin runtime dependency and prefer bundled CLI

* Discord: complete binding-service migration cleanup and restore ACP plan

* Docs: add standalone ACP agents guide

* ACP: route harness intents to thread-bound ACP sessions

* ACP: fix spawn thread routing and queue-owner stall

* ACP: harden startup reconciliation and command bypass handling

* ACP: fix dispatch bypass type narrowing

* ACP: align runtime metadata to agentSessionId

* ACP: normalize session identifier handling and labels

* ACP: mark thread banner session ids provisional until first reply

* ACP: stabilize session identity mapping and startup reconciliation

* ACP: add resolved session-id notices and cwd in thread intros

* Discord: prefix thread meta notices consistently

* Discord: unify ACP/thread meta notices with gear prefix

* Discord: split thread persona naming from meta formatting

* Extensions: bump acpx plugin dependency to 0.1.9

* Agents: gate ACP prompt guidance behind acp.enabled

* Docs: remove temp experiment plan docs

* Docs: scope streaming plan to holy grail refactor

* Docs: refactor ACP agents guide for human-first flow

* Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow

* Docs/Skill: add OpenCode and Pi to ACP harness lists

* Docs/Skill: align ACP harness list with current acpx registry

* Dev/Test: move ACP plain-language smoke script and mark as keep

* Docs/Skill: reorder ACP harness lists with Pi first

* ACP: split control-plane manager into core/types/utils modules

* Docs: refresh ACP thread-bound agents plan

* ACP: extract dispatch lane and split manager domains

* ACP: centralize binding context and remove reverse deps

* Infra: unify system message formatting

* ACP: centralize error boundaries and session id rendering

* ACP: enforce init concurrency cap and strict meta clear

* Tests: fix ACP dispatch binding mock typing

* Tests: fix Discord thread-binding mock drift and ACP request id

* ACP: gate slash bypass and persist cleared overrides

* ACPX: await pre-abort cancel before runTurn return

* Extension: pin acpx runtime dependency to 0.1.11

* Docs: add pinned acpx install strategy for ACP extension

* Extensions/acpx: enforce strict local pinned startup

* Extensions/acpx: tighten acp-router install guidance

* ACPX: retry runtime test temp-dir cleanup

* Extensions/acpx: require proactive ACPX repair for thread spawns

* Extensions/acpx: require restart offer after acpx reinstall

* extensions/acpx: remove workspace protocol devDependency

* extensions/acpx: bump pinned acpx to 0.1.13

* extensions/acpx: sync lockfile after dependency bump

* ACPX: make runtime spawn Windows-safe

* fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
 2026-02-26 11:00:09 +01:00
Peter Steinberger
e915b4c64a refactor: unify monitor abort lifecycle handling 2026-02-26 04:36:25 +01:00
Peter Steinberger
02c731826a test(discord): fix monitor test typings 2026-02-26 04:35:49 +01:00
Theo Tarr
7af6849c2f Discord: handle early gateway startup errors 2026-02-26 03:22:02 +00:00
Peter Steinberger
8f8e46d898 refactor: unify reaction ingress policy guards across channels 2026-02-26 01:34:47 +01:00
Peter Steinberger
aedf62ac7e fix: harden discord and slack reaction ingress authorization 2026-02-26 01:26:47 +01:00
Shakker
a0a229a3bb Discord: align embed fallback in thread starter parsing 2026-02-25 23:58:42 +00:00
User
39cc547f74 fix(discord): include embed title in fallback text (#26907) 2026-02-25 23:58:42 +00:00
Nimrod Gutman
a0fa283839 fix(discord): prevent stuck typing indicator 2026-02-25 10:21:52 +02:00
bmendonca3
c1964e73a8 fix(discord): gate component command authorization for guild interactions (#26119) 
* Discord: gate component command authorization

* test: cover allowlisted guild component authorization path (#26119) (thanks @bmendonca3)

---------

Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-25 04:57:41 +00:00
Peter Steinberger
d42ef2ac62 refactor: consolidate typing lifecycle and queue policy 2026-02-25 02:16:03 +00:00
Peter Steinberger
e0201c2774 fix: keep channel typing active during long inference (#25886, thanks @stakeswky) 
Co-authored-by: stakeswky <stakeswky@users.noreply.github.com>
 2026-02-25 02:03:27 +00:00
Peter Steinberger
97e56cb73c fix(discord): land proxy/media/reaction/model-picker regressions 
Reimplements core Discord fixes from #25277 #25523 #25575 #25588 #25731 with expanded tests.

- thread proxy-aware fetch into inbound attachment/sticker downloads
- fetch /gateway/bot via proxy dispatcher before ws connect
- wire statusReactions emojis/timing overrides into controller
- compact model-picker custom_id keys with backward-compatible parsing

Co-authored-by: openperf <openperf@users.noreply.github.com>
Co-authored-by: chilu18 <chilu18@users.noreply.github.com>
Co-authored-by: Yipsh <Yipsh@users.noreply.github.com>
Co-authored-by: lbo728 <lbo728@users.noreply.github.com>
Co-authored-by: s1korrrr <s1korrrr@users.noreply.github.com>
 2026-02-25 00:03:30 +00:00
Peter Steinberger
58309fd8d9 refactor(matrix,tests): extract helpers and inject send-queue timing 2026-02-24 23:37:50 +00:00
Peter Steinberger
a2529c25ff test(matrix,discord,sandbox): expand breakage regression coverage 2026-02-24 23:37:50 +00:00
Peter Steinberger
e7a5f9f4d8 fix(channels,sandbox): land hard breakage cluster from reviewed PR bases 
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety.

Fixes #25836
Fixes #25840
Fixes #25824
Fixes #25868

Co-authored-by: Peter Wallin <pwallin@gmail.com>
Co-authored-by: Joshua Hall <josh@yaplabs.com>
Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com>
Co-authored-by: peteragility <peteragility@users.noreply.github.com>
 2026-02-24 23:27:56 +00:00
justinhuangcode
6ea1607f1c test(discord): add regression tests for reasoning tag stripping in stream 
Verify that partial stream updates containing <thinking> tags are stripped
before reaching the draft preview, and that pure "Reasoning:\n" partials
are suppressed entirely.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 04:37:30 +00:00
justinhuangcode
e8a4d5d9bd fix(discord): strip reasoning tags from partial stream preview 
When streamMode is "partial", reasoning/thinking block content can leak
into the Discord draft preview because the partial text is forwarded to
the draft stream without filtering.  Apply `stripReasoningTagsFromText`
before updating the draft and skip pure-reasoning messages (those
starting with "Reasoning:\n") so internal thinking traces never reach
the user-visible preview.

Fixes #24532

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 04:37:30 +00:00
Peter Steinberger
721d8b2278 test(discord): stabilize parent-info + doctor migration assertions (#25028) 2026-02-24 04:10:52 +00:00
Peter Steinberger
6c1ed9493c fix: harden queue retry debounce and add regression tests 2026-02-24 03:52:49 +00:00
Peter Steinberger
a216f2dabe fix: extend discord thread parent fallback coverage (#24897) (thanks @z-x-yang) 2026-02-24 03:52:43 +00:00
Zongxin Yang
d883ecade6 fix(discord): fallback thread parent lookup when parentId missing 2026-02-24 03:52:43 +00:00
Sid
38da3f40cb fix(discord): suppress reasoning/thinking block payloads from delivery (#24969) 
Block payloads (info.kind === "block") contain reasoning/thinking content
that should only be visible in the internal web UI. When streamMode is
"partial", these blocks were being delivered to Discord as visible
messages, leaking chain-of-thought to end users.

Add an early return for block payloads in the deliver callback,
consistent with the WhatsApp fix and Telegram's existing behavior.

Fixes #24532

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-24 03:33:40 +00:00
Peter Steinberger
161d9841dc refactor(security): unify dangerous name matching handling 2026-02-24 01:33:08 +00:00
Peter Steinberger
cfa44ea6b4 fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907) 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
 2026-02-24 01:01:51 +00:00
Peter Steinberger
a2dfe9879f fix(security): harden regex compilation for filters and redaction 2026-02-23 23:54:50 +00:00