vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 00:10:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
37,863 Commits 1,843 Branches 149 Tags
d3683a61c5f8b7a42e66c291d6646dd67eafc1a5
Commit Graph

172 Commits

Author SHA1 Message Date
Vincent Koc
98f5fd12df docs(gateway/security): list system-reminder and previous_response in outbound stripping 
For c2d31a5e59: docs/gateway/security/index.md "External content
special-token sanitization" section already mentions the outbound
sanitizer with `<tool_call>` and `<function_calls>` examples, but it
predates the new internal-runtime-scaffolding stripping that targets
`<system-reminder>` and `<previous_response>` tags. Adds those two tags
as explicit examples and notes the final channel delivery boundary so
operators reading the security page see the same coverage exposed by
the c2d31a5e59 sanitizer.
 2026-04-28 12:39:15 -07:00
Peter Steinberger
78a12706ec fix(docs): make docs formatter mintlify-safe 2026-04-28 08:13:21 +01:00
Vincent Koc
7b18bd03bb fix(gateway): allow explicit loopback trusted proxy auth 
Fixes #59167.

Supersedes #63379.
 2026-04-27 22:01:06 -07:00
Vincent Koc
6c49039a23 docs(gateway): batch convert callouts and fix JSON5 smart quotes 
- security/index: 3 prose callouts (Note/Warning) for remote credential rules, sandbox scope, elevated mode
- tailscale: loopback Note component
- pairing: bulleted Important warning to Warning component
- openshell: host-edit warning to Warning component
- local-models: replace 13 smart quotes inside the LM Studio JSON5 example so it parses
 2026-04-26 21:56:59 -07:00
Vincent Koc
406ae72fd2 fix(logging): redact persisted transcript text 2026-04-26 12:12:44 -07:00
Shakker
56f4264f1b fix: keep plugin audit check ids stable 2026-04-26 01:03:12 +01:00
Shakker
37ce39b5c5 docs: describe plugin install index store 2026-04-26 01:03:12 +01:00
Peter Steinberger
e640c0a95f fix(gateway): decouple backend RPC from CLI pairing 2026-04-25 23:23:52 +01:00
Peter Steinberger
bd796d1c85 docs(plugins): clarify local dependency installs 2026-04-25 22:59:09 +01:00
Peter Steinberger
f44759073b feat(gateway): auto-approve trusted CIDR node pairing (#61004) (thanks @sahilsatralkar) 2026-04-25 06:40:25 +01:00
Peter Steinberger
67a2b187b7 docs: fix gateway security accordion 2026-04-24 18:42:07 +01:00
Peter Steinberger
b2352c3e24 docs: improve 2026.4.23 release docs 2026-04-24 17:55:03 +01:00
Peter Steinberger
b7fba2100f docs: clarify private ws node setup 2026-04-24 07:32:29 +01:00
Vincent Koc
4a2cd533ac docs: remove duplicate H1 where frontmatter title already sets it 2026-04-23 13:11:14 -07:00
Vincent Koc
b0efa8d43d docs(gateway): security — sentence-case headings, remove manual TOC and H1, drop custom anchors, tuck triage notes into Accordion 2026-04-23 11:09:33 -07:00
Vincent Koc
b7506521e6 docs: restructure gateway security page and extract audit checks reference 2026-04-23 01:01:12 -07:00
Vincent Koc
daaedf37b7 docs: prune recent additions for readability 2026-04-23 00:23:18 -07:00
Peter Steinberger
dd17dea761 docs: align pairing metadata upgrade approval 2026-04-23 07:56:16 +01:00
Vincent Koc
c8aec6b951 docs: Control UI identity + gateway pairing hardening + release verification 2026-04-22 23:52:37 -07:00
Vincent Koc
30a5c441f3 docs(channels): cover WhatsApp replyToMode, Discord inheritParent, Slack HTTP/ACP/downloadFile, Telegram webhook+picker auth, Mattermost reasoning suppression, workspace .env block for channel endpoints 2026-04-22 23:39:38 -07:00
Peter Steinberger
46fba1d814 docs(config): clarify symlinked config support 2026-04-22 23:45:03 +01:00
Vincent Koc
475e6ff1d1 docs(gateway): replace user-facing 'extension' references with 'plugin' per terminology rules 2026-04-21 14:39:10 -07:00
Vincent Koc
9702f0bf21 docs: tool-progress preview streaming, Control UI avatar auth, exec heredoc and external-content token sanitization 2026-04-21 13:39:55 -07:00
Vincent Koc
b4a59be9b6 docs: document stdio env filter, enforceOwnerForCommands, OPENCLAW_* .env blocking 2026-04-21 13:21:34 -07:00
Peter Steinberger
2514746b32 fix: sanitize LLM special tokens in external content 2026-04-21 20:29:02 +01:00
Peter Steinberger
a292cbf46f docs: clarify optional Docker sandboxing 2026-04-20 19:27:45 +01:00
Tak Hoffman
c37e49f275 Add /trace toggle and fix Active Memory diagnostics 2026-04-12 13:20:22 -05:00
Peter Steinberger
972ed139a7 fix: make docs anchor audit use Mintlify CLI 2026-04-10 21:39:52 +01:00
Agustin Rivera
905f19230a Align external marker span mapping (#63885) 
* fix(markers): align external marker spans

* fix(browser): ssrfPolicy defaults fail-closed for unconfigured installs (GHSA-53vx-pmqw-863c)

* fix(browser): enforce strict default SSRF policy

* chore(changelog): add browser SSRF default + marker alignment entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 12:35:20 -06:00
Peter Steinberger
4f9804ec24 docs: refresh config schema and gateway tool mirrors 2026-04-04 21:43:09 +01:00
Peter Steinberger
1ae356c40c docs: refresh sandbox bind security refs 2026-04-04 20:57:37 +01:00
Peter Steinberger
976bc47458 docs: refresh gateway rpc safe-flow mirrors 2026-04-04 20:32:28 +01:00
Peter Steinberger
b1279b0db3 docs: refresh untrusted file wrapper refs 2026-04-04 19:39:09 +01:00
Peter Steinberger
0c3ec064f1 docs: refresh OpenResponses file input refs 2026-04-04 19:13:44 +01:00
Peter Steinberger
4db910698a docs: refresh sandbox and security elevated refs 2026-04-04 18:39:12 +01:00
Peter Steinberger
89535f9313 docs: refresh pairing locality refs 2026-04-04 16:13:04 +01:00
Peter Steinberger
9ac9edff43 docs: refresh gateway operator scope refs 2026-04-04 15:25:57 +01:00
Peter Steinberger
114496871d docs: refresh tailscale auth rate limit refs 2026-04-04 14:30:13 +01:00
Peter Steinberger
07c7c4b9ec docs: refresh tailscale http auth refs 2026-04-04 14:13:36 +01:00
Peter Steinberger
022618e887 docs: refresh browser auth refs 2026-04-04 14:04:24 +01:00
Peter Steinberger
0afd30d325 docs: refresh shared-secret auth mirrors 2026-04-04 14:02:29 +01:00
Peter Steinberger
b0025b1921 docs: refresh hook ingress security refs 2026-04-04 13:59:09 +01:00
Peter Steinberger
c63a32661a docs: refresh gateway auth overview mirrors 2026-04-04 13:54:15 +01:00
Peter Steinberger
11d17b3c38 docs: refresh control ui device identity refs 2026-04-04 13:52:23 +01:00
Peter Steinberger
4991cd66ef docs: refresh reverse proxy hardening refs 2026-04-04 13:47:59 +01:00
Peter Steinberger
62babffc40 docs: refresh security audit reference docs 2026-04-04 13:42:47 +01:00
Peter Steinberger
375bd73ce1 docs: refresh security fix refs 2026-04-04 13:35:42 +01:00
Peter Steinberger
3100984a33 docs: refresh browser origin auth refs 2026-04-04 12:34:11 +01:00
Peter Steinberger
aaa173a4a7 docs: clarify node exec approval binding 2026-04-04 12:18:32 +01:00
Peter Steinberger
7671f4f1e3 docs: clarify gateway and plugin http auth scopes 2026-04-04 09:01:05 +01:00