vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-14 19:40:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,096 Commits 716 Branches 80 Tags
d5a724fbee33dbee07febcda4363acdfbb1d37d2
Commit Graph

454 Commits

Author SHA1 Message Date
Marcus Castro
d14be8472e fix(whatsapp): honor account-level dmPolicy override (#10082) (thanks @mcaxtr) 
Fixes openclaw#10082 (issue #8736): inbound WhatsApp DM policy now respects account-level dmPolicy overrides.
 2026-02-14 19:41:42 +01:00
Peter Steinberger
7cc6add9b8 test(web): add SSRF guard cases 2026-02-14 18:53:23 +01:00
Robby
8e5689a84d feat(telegram): add sendPoll support (#16193) (#16209) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b58492cfed
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 18:34:30 +01:00
Peter Steinberger
9236a27456 perf(test): speed up web logout tests 2026-02-14 16:36:15 +00:00
Peter Steinberger
ee82c173ae perf(test): reduce web logout fs churn 2026-02-14 16:36:15 +00:00
Peter Steinberger
2b5e0a6075 perf(test): speed up memory batch + web logout 2026-02-14 16:36:15 +00:00
Peter Steinberger
2f4cef2021 perf(test): remove last-route polling in partial reply gating 2026-02-14 04:57:28 +00:00
Peter Steinberger
dd08ca97bb perf(test): reduce import and fixture overhead in hot tests 2026-02-14 02:49:19 +00:00
Peter Steinberger
d3eb014892 perf(test): dedupe telegram/node coverage and speed fixtures 2026-02-14 02:37:09 +00:00
Peter Steinberger
0b8227fa92 perf(test): trim redundant suites and tighten wait loops 2026-02-14 02:02:03 +00:00
Peter Steinberger
db8cabedde perf(test): reduce lock wait and fixture setup overhead 2026-02-14 01:42:47 +00:00
Peter Steinberger
2c849ea4c2 perf(test): reuse SSRF mock setup in web media tests 2026-02-14 01:42:47 +00:00
Peter Steinberger
e8377799bb perf(test): reduce vitest logging overhead and media fixture cost 2026-02-14 00:59:53 +00:00
Peter Steinberger
aa6d8b27ac perf(test): merge queue integration coverage and shrink media fixture 2026-02-14 00:50:14 +00:00
Peter Steinberger
e7c3c27fd0 perf(test): trim browser and models suite overhead 2026-02-14 00:38:55 +00:00
Peter Steinberger
784e7c1fd5 perf(test): reduce repeated image work in web auto-reply e2e 2026-02-14 00:21:53 +00:00
Peter Steinberger
dac8f5ba3f perf(test): trim fixture and import overhead in hot suites 2026-02-13 23:16:41 +00:00
Peter Steinberger
caebe70e9a perf(test): cut setup/import overhead in hot suites 2026-02-13 21:23:50 +00:00
Peter Steinberger
34eb14d24f perf: trim web auto-reply test cleanup backoff 2026-02-13 19:19:11 +00:00
Tseka Luk
c544811559 fix(whatsapp): preserve outbound document filenames (#15594) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8e0d765d1d
Co-authored-by: TsekaLuk <79151285+TsekaLuk@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-13 18:54:10 +01:00
davidbors-snyk
29d7839582 fix: execute sandboxed file ops inside containers (#4026) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 795ec6aa2f
Co-authored-by: davidbors-snyk <240482518+davidbors-snyk@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-13 16:29:10 +01:00
Abdel Fane
c60780ba20 security: enforce 0o600 permissions on WhatsApp credential files (#10529) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4f10b7dc63
Co-authored-by: abdelsfane <32418586+abdelsfane@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-13 16:02:15 +01:00
Peter Steinberger
9131b22a28 test: migrate suites to e2e coverage layout 2026-02-13 14:28:22 +00:00
Peter Steinberger
8899f9e94a perf(test): optimize heavy suites and stabilize lock timing 2026-02-13 13:29:07 +00:00
Marcus Castro
186dc0363f fix: default MIME type for WhatsApp voice messages when Baileys omits it (#14444) 2026-02-11 23:09:09 -06:00
Ajay Rajnikanth
e24d023080 fix(whatsapp): convert Markdown bold/strikethrough to WhatsApp formatting (#14285) 
* fix(whatsapp): convert Markdown bold/strikethrough to WhatsApp formatting

* refactor: Move `escapeRegExp` utility function to `utils.js`.

---------

Co-authored-by: Luna AI <luna@coredirection.ai>
 2026-02-11 23:09:02 -06:00
buddyh
4baa43384a fix(media): guard local media reads + accept all path types in MEDIA directive 2026-02-11 15:01:18 -08:00
Tak Hoffman
d2c2f4185b Heartbeat: inject cron-style current time into prompts (#13733) 
* Heartbeat: inject cron-style current time into prompts

* Tests: fix type for web heartbeat timestamp test

* Infra: inline heartbeat current-time injection
 2026-02-10 18:58:45 -06:00
Peter Steinberger
53273b490b fix(auto-reply): prevent sender spoofing in group prompts 2026-02-10 00:44:38 -06:00
Sk Akram
1cee5135e4 fix: preserve original filename for WhatsApp inbound documents (#12691) 
* fix: preserve original filename for WhatsApp inbound documents

* fix: cover WhatsApp document filenames (#12691) (thanks @akramcodez)

* test: streamline inbound media waits (#12691) (thanks @akramcodez)

---------

Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
 2026-02-09 16:56:19 -05:00
max
f0924d3c4e refactor: consolidate PNG encoder and safeParseJson utilities (#12457) 
- Create shared PNG encoder module (src/media/png-encode.ts)

- Refactor qr-image.ts and live-image-probe.ts to use shared encoder

- Add safeParseJson to utils.ts and plugin-sdk exports

- Update msteams and pairing-store to use centralized safeParseJson
 2026-02-09 00:21:54 -08:00
Mariano
5acb1e3c52 Tests: trim timezone in envelope timestamp helper (#12446) 2026-02-09 09:04:54 +01:00
max
ec910a235e refactor: consolidate duplicate utility functions (#12439) 
* refactor: consolidate duplicate utility functions

- Add escapeRegExp to src/utils.ts and remove 10 local duplicates
- Rename bash-tools clampNumber to clampWithDefault (different signature)
- Centralize formatError calls to use formatErrorMessage from infra/errors.ts
- Re-export formatErrorMessage from cli/cli-utils.ts to preserve API

* refactor: consolidate remaining escapeRegExp duplicates

* refactor: consolidate sleep, stripAnsi, and clamp duplicates
 2026-02-08 23:59:43 -08:00
juanpablodlc
8d96955e19 fix(routing): make bindings dynamic by calling loadConfig() per-message (#11372) 2026-02-09 00:34:55 -06:00
max
223eee0a20 refactor: unify peer kind to ChatType, rename dm to direct (#11881) 
* fix: use .js extension for ESM imports of RoutePeerKind

The imports incorrectly used .ts extension which doesn't resolve
with moduleResolution: NodeNext. Changed to .js and added 'type'
import modifier.

* fix tsconfig

* refactor: unify peer kind to ChatType, rename dm to direct

- Replace RoutePeerKind with ChatType throughout codebase
- Change 'dm' literal values to 'direct' in routing/session keys
- Keep backward compat: normalizeChatType accepts 'dm' -> 'direct'
- Add ChatType export to plugin-sdk, deprecate RoutePeerKind
- Update session key parsing to accept both 'dm' and 'direct' markers
- Update all channel monitors and extensions to use ChatType

BREAKING CHANGE: Session keys now use 'direct' instead of 'dm'.
Existing 'dm' keys still work via backward compat layer.

* fix tests

* test: update session key expectations for dmdirect migration

- Fix test expectations to expect :direct: in generated output
- Add explicit backward compat test for normalizeChatType('dm')
- Keep input test data with :dm: keys to verify backward compat

* fix: accept legacy 'dm' in session key parsing for backward compat

getDmHistoryLimitFromSessionKey now accepts both :dm: and :direct:
to ensure old session keys continue to work correctly.

* test: add explicit backward compat tests for dmdirect migration

- session-key.test.ts: verify both :dm: and :direct: keys are valid
- getDmHistoryLimitFromSessionKey: verify both formats work

* feat: backward compat for resetByType.dm config key

* test: skip unix-path Nix tests on Windows
 2026-02-09 09:20:52 +09:00
max
a1123dd9be Centralize date/time formatting utilities (#11831) 2026-02-08 04:53:31 -08:00
Gustavo Madeira Santana
e2dea2684f Tests: harden flake hotspots and consolidate provider-auth suites (#11598) 
* Tests: harden flake hotspots and consolidate provider-auth suites

* Tests: restore env vars by deleting missing snapshot values

* Tests: use real newline in memory summary filter case

* Tests(memory): use fake timers for qmd timeout coverage

* Changelog: add tests hardening entry for #11598
 2026-02-07 21:32:23 -05:00
cpojer
8b8451231c chore: Typecheck test helper files. 2026-02-05 19:51:00 +09:00
mudrii
5d82c82313 feat: per-channel responsePrefix override (#9001) 
* feat: per-channel responsePrefix override

Add responsePrefix field to all channel config types and Zod schemas,
enabling per-channel and per-account outbound response prefix overrides.

Resolution cascade (most specific wins):
  L1: channels.<ch>.accounts.<id>.responsePrefix
  L2: channels.<ch>.responsePrefix
  L3: (reserved for channels.defaults)
  L4: messages.responsePrefix (existing global)

Semantics:
  - undefined -> inherit from parent level
  - empty string -> explicitly no prefix (stops cascade)
  - "auto" -> derive [identity.name] from routed agent

Changes:
  - Core logic: resolveResponsePrefix() in identity.ts accepts
    optional channel/accountId and walks the cascade
  - resolveEffectiveMessagesConfig() passes channel context through
  - Types: responsePrefix added to WhatsApp, Telegram, Discord, Slack,
    Signal, iMessage, Google Chat, MS Teams, Feishu, BlueBubbles configs
  - Zod schemas: responsePrefix added for config validation
  - All channel handlers wired: telegram, discord, slack, signal,
    imessage, line, heartbeat runner, route-reply, native commands
  - 23 new tests covering backward compat, channel/account levels,
    full cascade, auto keyword, empty string stops, unknown fallthrough

Fully backward compatible - no existing config is affected.
Fixes #8857

* fix: address CI lint + review feedback

- Replace Record<string, any> with proper typed helpers (no-explicit-any)
- Add curly braces to single-line if returns (eslint curly)
- Fix JSDoc: 'Per-channel' → 'channel/account' on shared config types
- Extract getChannelConfig() helper for type-safe dynamic key access

* fix: finish responsePrefix overrides (#9001) (thanks @mudrii)

* fix: normalize prefix wiring and types (#9001) (thanks @mudrii)

---------

Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
 2026-02-04 16:16:34 -05:00
cpojer
425003417d fix: Remove tsconfig.oxlint.json AGAIN. 2026-02-03 21:53:48 +09:00
Josh Palmer
991ed3ab58 Tests: stub SSRF DNS pinning (#6619) (thanks @joshp123) 2026-02-02 16:38:25 +01:00
cpojer
6b0d6e2540 chore: We have a sleep at home. The sleep at home: 2026-02-02 21:44:02 +09:00
Peter Steinberger
81c68f582d fix: guard remote media fetches with SSRF checks 2026-02-02 04:07:29 -08:00
David Iach
4e4ed2ea17 fix(security): cap Slack media downloads and validate Slack file URLs (#6639) 
* Security: cap Slack media downloads and validate Slack file URLs

* Security: relax web media fetch cap for compression

* Fixes: sync pi-coding-agent options

* Fixes: align system prompt override type

* Slack: clarify fetchImpl assumptions

* fix: respect raw media fetch cap (#6639) (thanks @davidiach)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-02 00:48:07 -08:00
cpojer
935a0e5708 chore: Enable typescript/no-explicit-any rule. 2026-02-02 16:18:09 +09:00
Leszek Szpunar
1bdd9e313f security(web): sanitize WhatsApp accountId to prevent path traversal (#4610) 
* security(web): sanitize WhatsApp accountId to prevent path traversal

Apply normalizeAccountId() from routing/session-key to
resolveDefaultAuthDir() so that malicious config values like
"../../../etc" cannot escape the intended auth directory.

Fixes #2692

* fix(web): check sanitized segment instead of full path in Windows test

* style(web): fix oxfmt formatting in accounts test
 2026-02-01 14:29:53 -08:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
59cfff02f6 chore: Emit TypeScript declaration files so that we can type-check the extensions folder soon. 2026-01-31 21:57:21 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
cpojer
15792b153f chore: Enable more lint rules, disable some that trigger a lot. Will clean up later. 2026-01-31 16:04:04 +09:00