vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 19:40:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
42,667 Commits 1,843 Branches 149 Tags
d82500bd7be63ef04bb20758e02fba891e463bef
Commit Graph

57 Commits

Author SHA1 Message Date
Pavan Kumar Gondhi
758051322d Honor owner enforcement for native commands [AI] (#78864) 
* fix: honor owner enforcement for native commands

* addressing codex review

* addressing codex review

* docs: add changelog entry for PR merge
 2026-05-07 15:26:49 +05:30
Agustin Rivera
fef42acda0 fix(commands): scope owner allowlist prefixes (#72928) 
* fix(commands): scope owner allowlist prefixes

Co-authored-by: zsx <git@zsxsoft.com>

* fix(commands): annotate owner allowlist short-circuit

* docs: move changelog entry to unreleased fixes

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-29 14:00:07 -06:00
Ayaan Zaidi
8af50b5b4c fix(commands): preserve owner allowlists for native auth 2026-04-28 22:11:27 +05:30
Ayaan Zaidi
7b91f06384 fix(commands): honor channel-native command auth 2026-04-28 22:11:27 +05:30
Peter Steinberger
3fd2a94404 refactor: generalize command sender identity checks 2026-04-22 06:11:49 +01:00
Devin Robison
2aa93d44a1 fix: require owner identity for owner-enforced commands (#69774) 
* fix: require owner identity for owner-enforced commands

Stop wildcard channel allowlists from authorizing non-owner senders when a plugin requires owner-only commands.

Add a regression test for the owner-enforced wildcard allowFrom path.

* docs(changelog): note owner identity requirement for owner-enforced commands (#69774)
 2026-04-21 10:16:33 -06:00
Vincent Koc
0e8225c4a6 fix(cycles): narrow channel registry imports 2026-04-11 22:59:39 +01:00
Vincent Koc
74e7b8d47b fix(cycles): bulk extract leaf type surfaces 2026-04-11 13:26:50 +01:00
Peter Steinberger
669b352d36 refactor: dedupe auto-reply trimmed readers 2026-04-08 00:09:42 +01:00
Peter Steinberger
353678ec05 refactor: dedupe auto-reply lowercase readers 2026-04-07 12:18:22 +01:00
Peter Steinberger
fbdb20ffd3 refactor: dedupe reply lowercase helpers 2026-04-07 11:18:18 +01:00
Peter Steinberger
ad9481e2d1 refactor: dedupe auth and session helpers 2026-04-06 16:52:41 +01:00
Peter Steinberger
349a1c58f9 refactor: re-duplicate auth and session helpers 2026-04-06 16:38:57 +01:00
Peter Steinberger
1d8d2ddaa1 refactor: dedupe plugin and outbound helpers 2026-04-06 07:41:08 +01:00
Peter Steinberger
ab96520bba refactor(plugins): move channel behavior into plugins 2026-04-03 19:09:20 +01:00
Vincent Koc
a30214a624 fix(heartbeat): block owner-only auth inheritance for exec events (#57652) 2026-03-31 09:06:51 +09:00
Tak Hoffman
d2e25b03fe fix(regression): preserve external command auth context 2026-03-27 20:24:14 -05:00
Peter Steinberger
e28e520379 refactor: simplify provider inference and zoned parsing helpers 2026-03-23 21:22:30 -07:00
Peter Steinberger
69a317995d fix: fail closed when provider inference drops errored allowlists 2026-03-23 21:14:55 -07:00
Ayaan Zaidi
17c1ee7716 fix: preserve command auth resolution errors on empty inferred allowlists 2026-03-24 08:38:27 +05:30
Taras Lukavyi
d4e3babdcc fix: command auth SecretRef resolution (#52791) (thanks @Lukavyi) 
* fix(command-auth): handle unresolved SecretRef in resolveAllowFrom

* fix(command-auth): fall back to config allowlists

* fix(command-auth): avoid duplicate resolution fallback

* fix(command-auth): fail closed on invalid allowlists

* fix(command-auth): isolate fallback resolution errors

* fix: record command auth SecretRef landing notes (#52791) (thanks @Lukavyi)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-24 08:21:30 +05:30
Vincent Koc
0aa4950d21 fix(core): restore session reset defaults and type seams 2026-03-19 13:33:32 -07:00
Peter Steinberger
2054cb9431 refactor: move remaining channel seams into plugins 2026-03-15 23:47:30 -07:00
Peter Steinberger
d228a62143 refactor: share trimmed string entry normalization 2026-03-07 23:27:51 +00:00
Vincent Koc
15a5e39da2 Fix owner-only auth and overlapping skill env regressions (#38548) 2026-03-06 23:33:42 -05:00
Marcus Widing
48b3c4a043 fix(auth): treat unconfigured-owner sessions as owner for ownerOnly tools (#26331) 
Merged via squash.

Prepared head SHA: 1fbe1c7651
Co-authored-by: widingmarcus-cyber <245375637+widingmarcus-cyber@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-06 15:37:07 -08:00
Sid
60d33637d9 fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <45486779+Naylenv@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:32:42 -06:00
Peter Steinberger
08e2aa44e7 fix(commands): restrict commands.allowFrom to sender principals 2026-02-24 02:01:01 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Vignesh Natarajan
e95134ba3f fix (commands): keep webchat auth on internal provider 2026-02-16 11:30:49 -08:00
Shadow
47f6bb4146 Commands: add commands.allowFrom config 2026-02-09 23:58:52 -06:00
Peter Steinberger
d84eb46467 fix: restore discord owner hint from allowlists 2026-02-04 23:34:22 -08:00
Gustavo Madeira Santana
385a7eba33 fix: enforce owner allowlist for commands 2026-02-04 20:05:08 -05:00
Gustavo Madeira Santana
392bbddf29 Security: owner-only tools + command auth hardening (#9202) 
* Security: gate whatsapp_login by sender auth

* Security: treat undefined senderAuthorized as unauthorized (opt-in)

* fix: gate whatsapp_login to owner senders (#8768) (thanks @victormier)

* fix: add explicit owner allowlist for tools (#8768) (thanks @victormier)

* fix: normalize escaped newlines in send actions (#8768) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 19:49:36 -05:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
6a3ed5c850 fix(security): gate slash/control commands 2026-01-17 06:49:34 +00:00
Peter Steinberger
4291d56e0b chore: format + fix telegram thread ids 2026-01-15 09:13:19 +00:00
Peter Steinberger
8dacafce7f fix: harden whatsapp command auth 2026-01-15 07:54:39 +00:00
Peter Steinberger
2b4a68e276 feat: load channel plugins 2026-01-15 02:42:44 +00:00
George Pickett
232c512502 Format: apply oxfmt fixes 2026-01-15 01:27:16 +00:00
Peter Steinberger
5894ffe82e refactor(auth): streamline allowFrom normalization 2026-01-14 23:42:50 +00:00
Peter Steinberger
57b4865ab3 fix(whatsapp): normalize user JIDs for group allowlists (#838) 
Thanks @peschee.

Co-authored-by: Peter Siska <63866+peschee@users.noreply.github.com>
 2026-01-14 23:25:42 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00