vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 23:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,225 Commits 683 Branches 76 Tags
cc2ff689477d0dff057f445a3527d6433ca20dec
Commit Graph

595 Commits

Author SHA1 Message Date
Peter Steinberger
549549f6a0 fix(ci): sync plugin versions and harden install smoke 2026-02-21 20:18:37 +01:00
Peter Steinberger
4540790cb6 refactor(bluebubbles): share dm/group access policy checks 2026-02-21 20:08:33 +01:00
Peter Steinberger
2ba6de7eaa refactor(security): make empty allowlist behavior explicit 2026-02-21 19:54:59 +01:00
Peter Steinberger
9632b9bcf0 fix(security): fail closed parsed chat allowlist 2026-02-21 19:51:36 +01:00
Peter Steinberger
bdfb97afad chore: prep 2026.2.22 unreleased and publish new npm plugins 2026-02-21 19:05:35 +01:00
Onur
8178ea472d feat: thread-bound subagents on Discord (#21805) 
* docs: thread-bound subagents plan

* docs: add exact thread-bound subagent implementation touchpoints

* Docs: prioritize auto thread-bound subagent flow

* Docs: add ACP harness thread-binding extensions

* Discord: add thread-bound session routing and auto-bind spawn flow

* Subagents: add focus commands and ACP/session binding lifecycle hooks

* Tests: cover thread bindings, focus commands, and ACP unbind hooks

* Docs: add plugin-hook appendix for thread-bound subagents

* Plugins: add subagent lifecycle hook events

* Core: emit subagent lifecycle hooks and decouple Discord bindings

* Discord: handle subagent bind lifecycle via plugin hooks

* Subagents: unify completion finalizer and split registry modules

* Add subagent lifecycle events module

* Hooks: fix subagent ended context key

* Discord: share thread bindings across ESM and Jiti

* Subagents: add persistent sessions_spawn mode for thread-bound sessions

* Subagents: clarify thread intro and persistent completion copy

* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions

* Discord: add thread-bound session TTL with auto-unfocus

* Subagents: fail session spawns when thread bind fails

* Subagents: cover thread session failure cleanup paths

* Session: add thread binding TTL config and /session ttl controls

* Tests: align discord reaction expectations

* Agent: persist sessionFile for keyed subagent sessions

* Discord: normalize imports after conflict resolution

* Sessions: centralize sessionFile resolve/persist helper

* Discord: harden thread-bound subagent session routing

* Rebase: resolve upstream/main conflicts

* Subagents: move thread binding into hooks and split bindings modules

* Docs: add channel-agnostic subagent routing hook plan

* Agents: decouple subagent routing from Discord

* Discord: refactor thread-bound subagent flows

* Subagents: prevent duplicate end hooks and orphaned failed sessions

* Refactor: split subagent command and provider phases

* Subagents: honor hook delivery target overrides

* Discord: add thread binding kill switches and refresh plan doc

* Discord: fix thread bind channel resolution

* Routing: centralize account id normalization

* Discord: clean up thread bindings on startup failures

* Discord: add startup cleanup regression tests

* Docs: add long-term thread-bound subagent architecture

* Docs: split session binding plan and dedupe thread-bound doc

* Subagents: add channel-agnostic session binding routing

* Subagents: stabilize announce completion routing tests

* Subagents: cover multi-bound completion routing

* Subagents: suppress lifecycle hooks on failed thread bind

* tests: fix discord provider mock typing regressions

* docs/protocol: sync slash command aliases and delete param models

* fix: add changelog entry for Discord thread-bound subagents (#21805) (thanks @onutc)

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-21 16:14:55 +01:00
Peter Steinberger
1bd3f01c17 fix(telegram): guard duplicate bot token accounts 2026-02-21 15:41:03 +01:00
Peter Steinberger
95c14d9b5f docs: prune low-signal changelog entries 2026-02-21 15:02:10 +01:00
Peter Steinberger
892620ddab chore: update workspace dependencies 2026-02-21 14:35:13 +01:00
Peter Steinberger
14b3743228 fix(ci): stabilize Windows path handling in sandbox tests 2026-02-21 14:32:15 +01:00
Peter Steinberger
283029bdea refactor(security): unify webhook auth matching paths 2026-02-21 11:52:34 +01:00
Peter Steinberger
6b2f2811dc fix(security): require BlueBubbles webhook auth 2026-02-21 11:41:50 +01:00
Peter Steinberger
9231d7d30f chore: bump version to 2026.2.21 2026-02-21 11:02:30 +01:00
Vincent Koc
5eca08dab7 Chore: trim stale TODOs and issue-template language (#22534) 
* docs: refresh issue template contact copy

* chore: remove OneDrive resumable upload TODO note
 2026-02-21 03:31:17 -05:00
Takayuki Maeda
0bee3f337a MSTeams: dedupe sent-message cache storage (#22514) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 88e14dcbe1
Co-authored-by: TaKO8Ki <41065217+TaKO8Ki@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 13:27:50 +05:30
Vincent Koc
f4a59eb5d8 Chore: harden A2UI bundle dependency resolution (#22507) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: d84c5bde51
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 13:16:31 +05:30
Vincent Koc
187f4ea41f deadcode: remove unused extension dev dependencies (#22495) 
* Chore: remove unused extension dev dependencies

* Chore: fix changelog PR reference

* Chore: restore dropped deadcode changelog entries

* Chore: retag unused-dependency changelog entries
 2026-02-21 02:15:43 -05:00
Vincent Koc
569191fff1 extensions: fix MSTeams OneDrive fallback mention handling (#22472) 2026-02-21 01:30:33 -05:00
Vincent Koc
d94d21f9b0 test: isolate local media regression fixtures to allowed roots (#22369) 
* fix(tui): strip inbound metadata blocks from user text

* chore: clean up metadata-strip format and changelog credit

* chore: format tui metadata-strip tests

* test(web): isolate local media fixture paths to allow-listed roots
 2026-02-20 21:50:50 -05:00
Shadow
f555835b09 Channels: add thread-aware model overrides 2026-02-20 19:26:25 -06:00
Tyler Yust
2dba150c16 Fix path-root flaky tests and restore status emoji defaults (#22274) 2026-02-20 15:45:33 -08:00
Kirill Shchetynin
ee519086f6 Feature/default messenger delivery target (openclaw#16985) thanks @KirillShchetinin 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: KirillShchetinin <13061871+KirillShchetinin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 22:37:19 -06:00
Peter Steinberger
f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
10379e7dcd fix: harden voice-call tts deep merge 2026-02-19 15:37:01 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger
29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger
7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie
7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger
0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger
ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger
aa267812d3 test(security): add webhook hardening regressions 2026-02-19 13:31:28 +01:00
Peter Steinberger
a23e0d5140 fix(security): harden feishu and zalo webhook ingress 2026-02-19 13:31:27 +01:00
zerone0x
3feb7fc3a3 fix(matrix): detect mentions in formatted_body matrix.to links (#16941) 
* fix(matrix): detect mentions in formatted_body matrix.to links

Many Matrix clients (including Element) send mentions using HTML links
in formatted_body instead of or in addition to the m.mentions field:

```json
{
  "formatted_body": "<a href=\"https://matrix.to/#/@bot:matrix.org\">Bot</a>: hello",
  "m.mentions": null
}
```

This change adds detection for matrix.to links in formatted_body,
supporting both plain and URL-encoded user IDs.

Changes:
- Add checkFormattedBodyMention() helper function
- Check formatted_body in resolveMentions()
- Add comprehensive test coverage

Fixes #6982

* Update extensions/matrix/src/matrix/monitor/mentions.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: zerone0x <zerone0x@users.noreply.github.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-02-19 03:40:21 -08:00
Vincent Koc
de656e3194 fix(otel): complete diagnostics-otel OpenTelemetry v2 API migration (#12897) 
* fix(otel): complete diagnostics-otel OpenTelemetry v2 API migration

* chore(format): align otel files with updated oxfmt config

* chore(format): apply updated oxfmt spacing to otel diagnostics
 2026-02-19 02:36:47 -08:00
Vincent Koc
1faa7a87a0 lobster: parse windows cmd shim paths with rooted tokens (#20833) 2026-02-19 02:34:08 -08:00
Peter Steinberger
e8e343aeee test(ci): fix launchd and diagnostics-otel test harnesses 2026-02-19 10:17:48 +00:00
Mariano
45db2aa0cd Security: disable plugin runtime command execution primitive (#20828) 
Co-authored-by: mbelinky <mbelinky@users.noreply.github.com>
 2026-02-19 10:17:29 +00:00
Peter Steinberger
771af40913 chore(ci): fix main check blockers and stabilize tests 2026-02-19 10:15:25 +00:00
Peter Steinberger
53aecf7a8e test(bluebubbles): merge typing start stop method checks 2026-02-19 10:09:34 +00:00
Peter Steinberger
cdb00fe242 fix(feishu): isolate temp download writes in mkdtemp dirs 2026-02-19 11:05:04 +01:00
Vincent Koc
88f698974a fix(otel): sanitize OTLP endpoint URL resolution (#13791) 
* fix(otel): sanitize OTLP endpoint signal URL resolution

* fix(otel): preserve signal URLs with query params

* fix(otel): accept case-insensitive signal paths
 2026-02-19 02:02:57 -08:00
Mariano
a7c0aa94d9 refactor(security): share safe temp media path builder (#20810) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7a088e6801
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:59:21 +00:00
Peter Steinberger
c06ad38a71 test(voice-call): merge provider credential source cases 2026-02-19 09:55:43 +00:00
Peter Steinberger
32ba62dc69 test(bluebubbles): merge setGroupIcon credential checks 2026-02-19 09:51:35 +00:00
Peter Steinberger
0c1d3b866c test(bluebubbles): collapse duplicate credential and chatGuid cases 2026-02-19 09:48:47 +00:00
Peter Steinberger
02123e591c refactor(lobster): extract windows spawn resolver 2026-02-19 10:44:22 +01:00
Peter Steinberger
6b14498d2f test(lobster): use lobster.exe in windows plugin path case 2026-02-19 09:35:38 +00:00
Peter Steinberger
8b34719b3a style: apply oxfmt import ordering for ci 2026-02-19 09:26:29 +00:00