vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 15:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
42,667 Commits 1,843 Branches 149 Tags
d82500bd7be63ef04bb20758e02fba891e463bef
Commit Graph

20 Commits

Author SHA1 Message Date
Peter Steinberger
c2927e6d87 test: clarify script preflight flag assertion 2026-05-08 11:30:00 +01:00
Peter Steinberger
b43efd3793 fix: clean up post-land CI guards 2026-05-06 02:51:53 +01:00
Peter Steinberger
538605ff44 [codex] Extract filesystem safety primitives (#77918) 
* refactor: extract filesystem safety primitives

* refactor: use fs-safe for file access helpers

* refactor: reuse fs-safe for media reads

* refactor: use fs-safe for image reads

* refactor: reuse fs-safe in qqbot media opener

* refactor: reuse fs-safe for local media checks

* refactor: consume cleaner fs-safe api

* refactor: align fs-safe json option names

* fix: preserve fs-safe migration contracts

* refactor: use fs-safe primitive subpaths

* refactor: use grouped fs-safe subpaths

* refactor: align fs-safe api usage

* refactor: adapt private state store api

* chore: refresh proof gate

* refactor: follow fs-safe json api split

* refactor: follow reduced fs-safe surface

* build: default fs-safe python helper off

* fix: preserve fs-safe plugin sdk aliases

* refactor: consolidate fs-safe usage

* refactor: unify fs-safe store usage

* refactor: trim fs-safe temp workspace usage

* refactor: hide low-level fs-safe primitives

* build: use published fs-safe package

* fix: preserve outbound recovery durability after rebase

* chore: refresh pr checks
 2026-05-06 02:15:17 +01:00
Peter Steinberger
5eac4686aa fix: preserve env split-string payloads 2026-05-04 05:53:03 +01:00
Peter Steinberger
738f5f7508 fix: prevent channel login exec wedges 2026-04-28 05:16:43 +01:00
Peter Steinberger
63a88ff1df perf(test): slim exec preflight imports 2026-04-23 15:04:20 +01:00
Peter Steinberger
4a846dd129 fix(exec): honor yolo host exec semantics 2026-04-21 07:23:46 +01:00
Peter Steinberger
b71c91022b test: collapse exec preflight parser cases 2026-04-17 07:15:27 +01:00
Vincent Koc
d46f684898 test(agents): fix tsgo typing regressions 2026-04-12 17:02:24 +01:00
Vincent Koc
d0f090e188 test(agents): share exec preflight race helper 2026-04-12 16:36:46 +01:00
Peter Steinberger
c9e969c1a6 test: stabilize exec preflight race coverage 2026-04-09 05:33:38 +01:00
Pavan Kumar Gondhi
b024fae9e5 fix(exec): replace TOCTOU check-then-read with atomic pinned-fd open in script preflight [AI] (#62333) 
* fix: address issue

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* address review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-09 09:46:44 +05:30
Peter Steinberger
fbebf6147c Tests: fix boundary drift and shell preflight regressions 2026-04-07 07:44:21 +08:00
Martin Garramon
eede8f945f fix(agents): replace .* with \S* in interpreter heuristic regexes to prevent ReDoS 
The inner `.*\s+` in `(?:[A-Za-z_][A-Za-z0-9_]*=.*\s+)*` creates
catastrophic backtracking because both `.*` and `\s+` can match
whitespace. When the exec tool processes commands with `VAR=value`
assignments followed by whitespace-heavy text (e.g. HTML heredocs),
the regex engine hangs permanently at 100% CPU.

Replace `.*` with `\S*` in all three instances. Shell prefix variable
assignments cannot contain unquoted whitespace in the value, so `\S*`
is semantically correct and eliminates the ambiguity.

Fixes #61881
 2026-04-06 14:53:44 +01:00
pgondhi987
8aceaf5d0f fix(security): close fail-open bypass in exec script preflight [AI] (#59398) 
* fix: address issue

* fix: finalize issue changes

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* chore: add changelog for exec preflight fail-closed hardening

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:00:39 -06:00
Peter Steinberger
3c75bc0e41 refactor(test): dedupe agent and discord test fixtures 2026-02-22 20:04:51 +00:00
Peter Steinberger
8f1b467646 test(agents): dedupe exec preflight fixtures and cover quoted-path skip 2026-02-21 21:40:39 +00:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
b099171db5 perf(test): dedupe slow discord monitor cases 2026-02-18 04:04:04 +00:00
Vignesh
b0a01fe482 Agents/Tools: preflight exec script files for shell var injection (#18457) 
* fix(agents): don't force store=true for codex responses

* test: stabilize respawn + subagent usage assertions

* Agents/Tools: preflight exec to detect shell variable injection in scripts

* Changelog: fix merge marker formatting
 2026-02-16 10:34:29 -08:00