Kesku
3d7bc5958d
feat(onboarding): add web search to onboarding flow ( #34009 )
...
* add web search to onboarding flow
* remove post onboarding step (now redundant)
* post-onboarding nudge if no web search set up
* address comments
* fix test mocking
* add enabled: false assertion to the no-key test
* --skip-search cli flag
* use provider that a user has a key for
* add assertions, replace the duplicated switch blocks
* test for quickstart fast-path with existing config key
* address comments
* cover quickstart falls through to key test
* bring back key source
* normalize secret inputs instead of direct string trimming
* preserve enabled: false if it's already set
* handle missing API keys in flow
* doc updates
* hasExistingKey to detect both plaintext strings and SecretRef objects
* preserve enabled state only on the "keep current" paths
* add test for preserving
* better gate flows
* guard against invalid provider values in config
* Update src/commands/configure.wizard.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* format fix
* only mentions env var when it's actually available
* search apiKey fields now typed as SecretInput
* if no provider check if any search provider key is detectable
* handle both kimi keys
* remove .filter(Boolean)
* do not disable web_search after user enables it
* update resolveSearchProvider
* fix(onboarding): skip search key prompt in ref mode
* fix: add onboarding web search step (#34009 ) (thanks @kesku)
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev >
2026-03-06 13:09:00 -06:00
Josh Avant
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
Josh Avant
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com >
2026-03-03 02:58:20 +00:00
joshavant
5e3a86fd2f
feat(secrets): expand onboarding secret-ref flows and custom-provider parity
2026-02-26 14:47:22 +00:00
Peter Steinberger
b8bb8ab3ca
docs: clarify personal-by-default onboarding security notice
2026-02-26 02:59:34 +01:00
Peter Steinberger
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
Peter Steinberger
5c5af2b14e
perf(wizard): lazy-load onboarding deps
2026-02-15 19:29:27 +00:00
Peter Steinberger
af34c8fafe
refactor(onboard): share local workspace+gateway config
2026-02-15 14:21:28 +00:00
gejifeng
d44c118334
fix: avoid unused custom preferred provider
2026-02-13 15:48:37 +01:00
gejifeng
e6715bcb64
format: fix onboarding.ts wrapping
2026-02-13 15:48:37 +01:00
gejifeng
03c502ef31
lint: fix unused imports and onboarding preferred provider
2026-02-13 15:48:37 +01:00
gejifeng
e73d881c50
Onboarding: add vLLM provider support
2026-02-13 15:48:37 +01:00
Blossom
c0befdee0b
feat(onboard): add custom/local API configuration flow ( #11106 )
...
* feat(onboard): add custom/local API configuration flow
* ci: retry macos check
* fix: expand custom API onboarding (#11106 ) (thanks @MackDing)
* fix: refine custom endpoint detection (#11106 ) (thanks @MackDing)
* fix: streamline custom endpoint onboarding (#11106 ) (thanks @MackDing)
* fix: skip model picker for custom endpoint (#11106 ) (thanks @MackDing)
* fix: avoid allowlist picker for custom endpoint (#11106 ) (thanks @MackDing)
* Onboard: reuse shared fetch timeout helper (#11106 ) (thanks @MackDing)
* Onboard: clarify default base URL name (#11106 ) (thanks @MackDing)
---------
Co-authored-by: OpenClaw Contributor <contributor@openclaw.ai >
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com >
2026-02-10 07:31:02 -05:00
Shakker
981de05181
Onboarding: drop completion prompt
2026-02-03 08:43:25 +00:00
Shakker
58d5b39c9a
Onboarding: keep TUI flow exclusive
2026-02-03 06:11:11 +00:00
cpojer
f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
cpojer
15792b153f
chore: Enable more lint rules, disable some that trigger a lot. Will clean up later.
2026-01-31 16:04:04 +09:00
Shakker
b1d25ed0dd
feat: automated completion setup in postinstall and onboarding
2026-01-31 05:18:27 +00:00
Peter Steinberger
9a7160786a
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5
refactor: rename clawdbot to moltbot with legacy compat
2026-01-27 12:21:02 +00:00
Peter Steinberger
83460df96f
chore: update molt.bot domains
2026-01-27 12:21:01 +00:00
Peter Steinberger
526303d9a2
refactor(auth)!: remove external CLI OAuth reuse
2026-01-26 19:05:00 +00:00
Peter Steinberger
b9098f3401
fix: remove unsupported gateway auth off option
2026-01-26 17:44:23 +00:00
Peter Steinberger
b06fc50e25
docs: clarify onboarding security warning
2026-01-26 16:58:55 +00:00
Ian Hildebrand
ff78e9a564
fix: support direct token and provider in auth apply commands ( #1485 )
2026-01-23 07:27:52 +00:00
Peter Steinberger
e750ad5e75
refactor: centralize config update logging
2026-01-23 04:01:26 +00:00
Peter Steinberger
814e9a500e
feat: add manual onboarding flow alias
2026-01-22 23:09:28 +00:00
Peter Steinberger
b5fd66c92d
fix: add explicit tailnet gateway bind
2026-01-21 20:36:09 +00:00
Peter Steinberger
6d5195c890
refactor: normalize cli command hints
2026-01-20 07:43:00 +00:00
Peter Steinberger
34d59d7913
refactor: rename hooks docs and add tests
2026-01-17 07:32:54 +00:00
Peter Steinberger
faba508fe0
feat: add internal hooks system
2026-01-17 01:31:57 +00:00
Peter Steinberger
0ac5480034
fix(onboarding): move web search hint to end
2026-01-15 07:57:18 +00:00
Peter Steinberger
042b65dfcc
feat: add web tools config to configure
2026-01-15 05:08:56 +00:00
Peter Steinberger
2e0325e3bf
feat: add web search hint to onboarding
2026-01-15 04:25:19 +00:00
Peter Steinberger
1b79730db8
style: apply oxfmt fixes
2026-01-15 01:53:14 +00:00
Peter Steinberger
c2a4f256c8
feat: add security audit + onboarding checkpoint
2026-01-15 01:25:11 +00:00
Peter Steinberger
c379191f80
chore: migrate to oxlint and oxfmt
...
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com >
2026-01-14 15:02:19 +00:00
Peter Steinberger
b11eea07b0
refactor(wizard): split onboarding
2026-01-14 05:40:10 +00:00
Peter Steinberger
84bfaad6e6
fix: finish channels rename sweep
2026-01-13 08:40:40 +00:00
Peter Steinberger
90342a4f3a
refactor!: rename chat providers to channels
2026-01-13 08:40:39 +00:00
Peter Steinberger
dfbe4041f5
fix: skip Control UI asset check when UI is skipped
2026-01-13 07:27:32 +00:00
Peter Steinberger
5918def440
fix: honor gateway service override labels
2026-01-13 05:58:49 +00:00
Peter Steinberger
78627ce7c2
fix: tighten custom bind probing ( #740 ) (thanks @jeffersonwarrior)
2026-01-13 05:21:59 +00:00
Jefferson Warrior
c851bdd47a
feat: add Tailscale binary detection, IP binding modes, and health probe password fix
...
This PR includes three main improvements:
1. Tailscale Binary Detection with Fallback Strategies
- Added findTailscaleBinary() with multi-strategy detection:
* PATH lookup via 'which' command
* Known macOS app path (/Applications/Tailscale.app/Contents/MacOS/Tailscale)
* find /Applications for Tailscale.app
* locate database lookup
- Added getTailscaleBinary() with caching
- Updated all Tailscale operations to use detected binary
- Added TUI warning when Tailscale binary not found for serve/funnel modes
2. Custom Gateway IP Binding with Fallback
- New bind mode "custom" allowing user-specified IP with fallback to 0.0.0.0
- Removed "tailnet" mode (folded into "auto")
- All modes now support graceful fallback: custom (if fail → 0.0.0.0), loopback (127.0.0.1 → 0.0.0.0), auto (tailnet → 0.0.0.0), lan (0.0.0.0)
- Added customBindHost config option for custom bind mode
- Added canBindTo() helper to test IP availability before binding
- Updated configure and onboarding wizards with new bind mode options
3. Health Probe Password Auth Fix
- Gateway probe now tries both new and old passwords
- Fixes issue where password change fails health check if gateway hasn't restarted yet
- Uses nextConfig password first, falls back to baseConfig password if needed
Files changed:
- src/infra/tailscale.ts: Binary detection + caching
- src/gateway/net.ts: IP binding with fallback logic
- src/config/types.ts: BridgeBindMode type + customBindHost field
- src/commands/configure.ts: Health probe dual-password try + Tailscale detection warning + bind mode UI
- src/wizard/onboarding.ts: Tailscale detection warning + bind mode UI
- src/gateway/server.ts: Use new resolveGatewayBindHost
- src/gateway/call.ts: Updated preferTailnet logic (removed "tailnet" mode)
- src/commands/onboard-types.ts: Updated GatewayBind type
- src/commands/onboard-helpers.ts: resolveControlUiLinks updated
- src/cli/*.ts: Updated bind mode casts
- src/gateway/call.test.ts: Removed "tailnet" mode test
2026-01-13 05:20:02 +00:00
Peter Steinberger
231d2d5fdf
fix(config): require doctor for invalid configs ( #764 — thanks @mukhtharcm)
2026-01-13 01:18:18 +00:00
