vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 23:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,213 Commits 683 Branches 76 Tags
ca49372a8d3efe62eb0fa2da816aeff5cbfda7da
Commit Graph

10915 Commits

Author SHA1 Message Date
Peter Steinberger
ca49372a8d refactor(agents): dedupe anthropic turn validation fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
02b3e85eac refactor(agents): dedupe embedded fallback e2e helpers 2026-03-07 17:58:31 +00:00
Peter Steinberger
2d4a0c79a3 refactor(agents): dedupe nodes photos_latest camera tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
2891c6c93c refactor(agents): dedupe model fallback probe failure tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
e41613f6ec refactor(agents): dedupe kilocode fetch-path tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
53c1ae229f refactor(agents): dedupe minimax api-key normalization tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
4e8fcc1d3d refactor(cli): dedupe command secret gateway env fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
c1a8f8150e refactor(commands): dedupe gateway status token secret fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
4113a0f39e refactor(gateway): dedupe readiness healthy snapshot fixtures 2026-03-07 17:58:31 +00:00
Peter Steinberger
c5bb6db85b refactor(cron): share isolated-agent turn core test setup 2026-03-07 17:58:31 +00:00
Peter Steinberger
41e0c35b61 refactor(cron): reuse cron job builder in issue-13992 tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
90a41aa1f7 refactor(discord): dedupe resolve channels fallback tests 2026-03-07 17:58:31 +00:00
Peter Steinberger
1fc11ea7d8 refactor(daemon): dedupe systemd restart test scaffolding 2026-03-07 17:58:30 +00:00
Peter Steinberger
a31d3cad96 refactor(fetch-guard): clarify cross-origin redirect header filtering 2026-03-07 17:58:05 +00:00
Byungsker
7735a0b85c fix(security): use icacls /sid for locale-independent Windows ACL audit (#38900) 
* fix(security): use icacls /sid for locale-independent Windows ACL audit

On non-English Windows editions (Russian, Chinese, etc.) icacls prints
account names in the system locale.  When Node.js reads the output in a
different code page the strings are garbled (e.g. "NT AUTHORITY\???????"
for "NT AUTHORITY\СИСТЕМА"), causing summarizeWindowsAcl to classify SYSTEM
and Administrators as untrusted and flag the config files as "others
writable" — a false-positive security alert.

Fix:
1. Pass /sid to icacls so it outputs security identifiers (*S-1-5-X-...)
   instead of locale-dependent account names.
2. Extend SID_RE to accept the leading * that icacls prepends to SIDs in
   /sid mode: /^\*?s-\d+-\d+(-\d+)+$/i
3. Strip the * before looking up the bare SID in TRUSTED_SIDS / the
   per-user USERSID set so *S-1-5-18 is correctly classified as SYSTEM
   (trusted) and *S-1-5-32-544 as Administrators (trusted).

Tests:
- Update the inspectWindowsAcl "returns parsed ACL entries" assertion to
  expect the /sid flag in the icacls call.
- Add "classifies *S-1-5-18 (icacls /sid prefix form of SYSTEM) as trusted"
  SID classification test.
- Add "classifies *S-1-5-32-544 (icacls /sid Administrators) as trusted".
- Add inspectWindowsAcl end-to-end test with /sid-format mock output
  (*S-1-5-18, *S-1-5-32-544, user SID) — all three classified as trusted.

Fixes #35834

* fix(security): classify world-equivalent SIDs as 'world' when using icacls /sid

When icacls is invoked with /sid, world-equivalent principals like
Everyone, Authenticated Users, and BUILTIN\Users are emitted as raw
SIDs (*S-1-1-0, *S-1-5-11, *S-1-5-32-545). classifyPrincipal() had
no SID-based mapping for these, so they fell through to the generic
'group' category instead of 'world', silently downgrading security
findings that should trigger world-write/world-readable alerts.

Fix: add a WORLD_SIDS constant and check it before falling back to
'group'. Add three regression tests to lock in the behaviour.

* Security: resolve owner SID fallback for Windows ACL audit

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 12:49:33 -05:00
Peter Steinberger
46715371b0 fix(security): strip custom auth headers on cross-origin redirects 2026-03-07 17:34:42 +00:00
Josh Avant
8e20dd22d8 Secrets: harden SecretRef-safe models.json persistence (#38955) 2026-03-07 11:28:39 -06:00
Peter Steinberger
6f3990ddca refactor(commands): dedupe onboard search perplexity test setup 2026-03-07 17:05:23 +00:00
Peter Steinberger
8e6acded82 refactor(commands): dedupe message command secret-config tests 2026-03-07 17:05:23 +00:00
Peter Steinberger
0a73328053 refactor(cli): dedupe restart health probe setup tests 2026-03-07 17:05:23 +00:00
Peter Steinberger
8fd043abac refactor(cron): dedupe interim retry fallback assertions 2026-03-07 17:05:23 +00:00
Peter Steinberger
d103918891 refactor(commands): dedupe model probe target test fixtures 2026-03-07 17:05:23 +00:00
Peter Steinberger
bffec0f5d5 refactor(discord): dedupe message preflight test runners 2026-03-07 17:05:23 +00:00
Peter Steinberger
9849ee8390 refactor(discord): share message handler test scaffolding 2026-03-07 17:05:23 +00:00
Peter Steinberger
3381efc5c1 refactor(discord): dedupe native command ACP routing test setup 2026-03-07 17:05:23 +00:00
Peter Steinberger
949beca0c2 refactor(slack): dedupe app mention in-flight race setup 2026-03-07 17:05:23 +00:00
Peter Steinberger
d33efeef10 refactor(slack): reuse shared prepare test scaffolding 2026-03-07 17:05:23 +00:00
Peter Steinberger
08aae60dc9 refactor(plugin-sdk): extract shared channel prelude exports 2026-03-07 17:05:23 +00:00
Peter Steinberger
969b9029c0 refactor(slack): dedupe app mention race test setup 2026-03-07 17:05:23 +00:00
Peter Steinberger
5d37139ee5 refactor(line): dedupe replay webhook test fixtures 2026-03-07 17:05:23 +00:00
Peter Steinberger
4575bbbb69 refactor(telegram): dedupe topic agent routing tests 2026-03-07 17:05:23 +00:00
Peter Steinberger
c1eb973e32 refactor(telegram): dedupe native command session-meta fixtures 2026-03-07 17:05:23 +00:00
Peter Steinberger
a82df52753 refactor(extensions): share secret input schema builder 2026-03-07 17:05:23 +00:00
Peter Steinberger
134c1e23d3 refactor(commands): dedupe ACP stream test scaffolding 2026-03-07 17:05:23 +00:00
Peter Steinberger
e51bad0c3a refactor(discord): dedupe preflight test builders 2026-03-07 17:05:23 +00:00
Peter Steinberger
b3fd537740 refactor(line): share command authorization gate logic 2026-03-07 17:05:23 +00:00
Peter Steinberger
f7fef07725 refactor(slack): share account surface field types 2026-03-07 17:05:23 +00:00
Peter Steinberger
d02ef9efc2 refactor(telegram): share account config helpers 2026-03-07 17:05:23 +00:00
Peter Steinberger
398bf51659 refactor(slack): reuse shared account merge helper 2026-03-07 17:05:23 +00:00
Peter Steinberger
d01cb7b65f refactor(cron): share cron schedule resolver 2026-03-07 17:05:23 +00:00
Peter Steinberger
4204c96105 refactor(gateway): share input allowlist normalizer 2026-03-07 17:05:23 +00:00
Vincent Koc
70da80bcb5 Auto-reply: scope allowlist store writes by account (#39015) 
* Auto-reply: scope allowlist store writes

* Tests: cover allowlist store account scoping

* Changelog: note allowlist store scoping hardening
 2026-03-07 08:51:20 -08:00
Peter Steinberger
74912037dc perf: harden chunking against quadratic scans 2026-03-07 16:50:35 +00:00
Peter Steinberger
1dd4f92ea2 fix: default local onboarding tools profile to coding 2026-03-07 16:41:27 +00:00
Muhammed Mukhthar CM
4f08dcccfd Mattermost: add interactive model picker (#38767) 
Merged via squash.

Prepared head SHA: 0883654e88
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-07 21:45:29 +05:30
Florian Hines
33e7394861 fix(providers): make all models available in kilocode provider (#32352) 
* kilocode: dynamic model discovery, kilo/auto default, cooldown exemption

- Replace 9-model hardcoded catalog with dynamic discovery from
  GET /api/gateway/models (Venice-like pattern with static fallback)
- Default model changed from anthropic/claude-opus-4.6 to kilo/auto
  (smart routing model)
- Add createKilocodeWrapper for X-KILOCODE-FEATURE header injection
  and reasoning.effort handling (skip for kilo/auto)
- Add kilocode to cooldown-exempt providers (proxy like OpenRouter)
- Keep sync buildKilocodeProvider for onboarding, add async
  buildKilocodeProviderWithDiscovery for implicit provider resolution
- Per-token gateway pricing converted to per-1M-token for cost fields

* kilocode: skip reasoning injection for x-ai models, harden discovery loop

* fix(kilocode): keep valid discovered duplicates (openclaw#32352, thanks @pandemicsyn)

* refactor(proxy): normalize reasoning payload guards (openclaw#32352, thanks @pandemicsyn)

* chore(changelog): note kilocode hardening (openclaw#32352, thanks @pandemicsyn and @vincentkoc)

* chore(changelog): fix kilocode note format (openclaw#32352, thanks @pandemicsyn and @vincentkoc)

* test(kilocode): support auto-model override cases (openclaw#32352, thanks @pandemicsyn)

* Update CHANGELOG.md

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 08:14:06 -08:00
Jason
786ec21b5a docs(cli): improve memory command examples (#31803) 
Merged via squash.

Prepared head SHA: 15dcda3027
Co-authored-by: JasonOA888 <101583541+JasonOA888@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-07 19:03:23 +03:00
Rodrigo Uroz
4c0b873a4d Config/Compaction: expose safeguard preserve and quality settings (#25557) 
Merged via squash.

Prepared head SHA: ea9904039a
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-07 07:13:13 -08:00
Ayaan Zaidi
d25b493c7f fix: address markdown image review feedback 2026-03-07 19:46:41 +05:30
Ayaan Zaidi
4bf902de58 fix: flatten remote markdown images 2026-03-07 19:46:41 +05:30