Robin Waslander
dafd61b5c1
fix(gateway): enforce caller-scope subsetting in device.token.rotate
...
device.token.rotate accepted attacker-controlled scopes and forwarded
them to rotateDeviceToken without verifying the caller held those
scopes. A pairing-scoped token could rotate up to operator.admin on
any already-paired device whose approvedScopes included admin.
Add a caller-scope subsetting check before rotateDeviceToken: the
requested scopes must be a subset of client.connect.scopes via the
existing roleScopesAllow helper. Reject with missing scope: <scope>
if not.
Also add server.device-token-rotate-authz.test.ts covering both the
priv-esc path and the admin-to-node-invoke chain.
Fixes GHSA-4jpw-hj22-2xmc
2026-03-11 14:16:59 +01:00
Vincent Koc
04e103d10e
fix(terminal): stabilize skills table width across Terminal.app and iTerm ( #42849 )
...
* Terminal: measure grapheme display width
* Tests: cover grapheme terminal width
* Terminal: wrap table cells by grapheme width
* Tests: cover emoji table alignment
* Terminal: refine table wrapping and width handling
* Terminal: stop shrinking CLI tables by one column
* Skills: use Terminal-safe emoji in list output
* Changelog: note terminal skills table fixes
* Skills: normalize emoji presentation across outputs
* Terminal: consume unsupported escape bytes in tables
2026-03-11 09:13:10 -04:00
Andyliu
10e6e27451
fix(models): guard optional model input capabilities ( #42096 )
...
Merged via squash.
Prepared head SHA: d398fa02222377291+andyliu@users.noreply.github.com >
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com >
Reviewed-by: @hydro13
2026-03-11 13:43:59 +01:00
Nimrod Gutman
144c1b802b
macOS/onboarding: prompt for remote gateway auth tokens ( #43100 )
...
Merged via squash.
Prepared head SHA: 00e2ad847b1540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-03-11 13:53:19 +02:00
Luke
f063e57d4b
fix(macos): use foundationValue when serializing browser proxy POST body ( #43069 )
...
Merged via squash.
Prepared head SHA: 04c33fa0611272861+Effet@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-11 19:14:01 +08:00
Nimrod Gutman
2d91284fdb
feat(ios): add local beta release flow ( #42991 )
...
Merged via squash.
Prepared head SHA: 82b38fe93b1540134+ngutman@users.noreply.github.com >
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com >
Reviewed-by: @ngutman
2026-03-11 12:32:28 +02:00
Frank Yang
665f677265
docs(changelog): update context pruning PR reference
2026-03-11 18:07:37 +08:00
Frank Yang
d68d4362ee
fix(context-pruning): cover image-only tool-result pruning
2026-03-11 18:07:37 +08:00
MoerAI
a78674f115
fix(context-pruning): prune image-containing tool results instead of skipping them ( #41789 )
2026-03-11 18:07:37 +08:00
ademczuk
dc4441322f
fix(agents): include azure-openai in Responses API store override ( #42934 )
...
Merged via squash.
Prepared head SHA: d3285fef415212682+ademczuk@users.noreply.github.com >
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com >
Reviewed-by: @frankekn
2026-03-11 16:16:10 +08:00
Ayaan Zaidi
a2e30824e6
fix(telegram): fall back on ambiguous first preview sends
2026-03-11 11:23:10 +05:30
Wayne
e37e1ed24e
fix(telegram): prevent duplicate messages with slow LLM providers ( #41932 )
...
Merged via squash.
Prepared head SHA: 2f50c51d5a105773686+hougangdev@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-03-11 11:19:55 +05:30
Luke
7761e7626f
Providers: add Opencode Go support ( #42313 )
...
* feat(providers): add opencode-go provider support and onboarding
* Onboard: unify OpenCode auth handling openclaw#42313 thanks @ImLukeF
* Docs: merge OpenCode Zen and Go docs openclaw#42313 thanks @ImLukeF
* Update CHANGELOG.md
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca >
Co-authored-by: Vincent Koc <vincentkoc@ieee.org >
2026-03-11 01:31:06 -04:00
Vincent Koc
bd33a340fb
fix(sandbox): sanitize Docker env before marking OPENCLAW_CLI ( #42256 )
...
* Sandbox: sanitize Docker env before exec marker injection
* Sandbox: add regression test for Docker exec marker env
* Sandbox: disable Windows shell fallback for Docker
* Sandbox: cover Windows Docker wrapper rejection
* Sandbox: test strict env sanitization through Docker args
2026-03-11 00:59:36 -04:00
Luke
061b8258bc
macOS: add chat model selector and persist thinking ( #42314 )
...
* feat(macos): add chat model selector and thinking persistence UX
* Chat UI: carry session model providers
* Docs: add macOS model selector changelog
* macOS: persist extended thinking levels
* Chat UI: keep model picker state in sync
* Chat UI tests: cover model selection races
---------
Co-authored-by: Ubuntu <ubuntu@vps-90352893.vps.ovh.ca >
Co-authored-by: Vincent Koc <vincentkoc@ieee.org >
2026-03-11 00:43:04 -04:00
Ayaan Zaidi
bf70a333fa
fix: clear pnpm prod audit vulnerabilities
2026-03-11 09:33:45 +05:30
Peter Steinberger
0aa79fc4d3
fix(build): restore full gate
2026-03-11 02:52:55 +00:00
Peter Steinberger
c91d1622d5
fix(gateway): split conversation reset from admin reset
2026-03-11 02:50:44 +00:00
Peter Steinberger
0ab8d20917
docs(changelog): note interpreter approval hardening
2026-03-11 02:45:10 +00:00
Josh Avant
0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
Peter Steinberger
a52104c235
test: restore fs bridge helper export
2026-03-11 02:38:00 +00:00
Peter Steinberger
a0d5462571
fix(security): pin staged writes and fs mutations
2026-03-11 02:38:00 +00:00
Peter Steinberger
daaf211e20
fix(node-host): fail closed on unbound interpreter approvals
2026-03-11 02:36:38 +00:00
Peter Steinberger
72b0e00eab
refactor: unify sandbox fs bridge mutations
2026-03-11 02:10:23 +00:00
Shadow
841f3b4af5
Switch to org-wide funding.yml file
2026-03-10 20:55:08 -05:00
Peter Steinberger
aad014c7c1
fix: harden subagent control boundaries
2026-03-11 01:44:38 +00:00
Peter Steinberger
68c674d37c
refactor(security): simplify system.run approval model
2026-03-11 01:43:06 +00:00
Peter Steinberger
5716e52417
refactor: unify gateway credential planning
2026-03-11 01:37:25 +00:00
Peter Steinberger
3a39dc4e18
refactor(security): unify config write target policy
2026-03-11 01:35:04 +00:00
Peter Steinberger
7289c19f1a
fix(security): bind system.run approvals to exact argv text
2026-03-11 01:25:31 +00:00
Peter Steinberger
8eac939417
fix(security): enforce target account configWrites
2026-03-11 01:24:36 +00:00
Peter Steinberger
11924a7026
fix(sandbox): pin fs-bridge staged writes
2026-03-11 01:15:47 +00:00
Peter Steinberger
702f6f3305
fix: fail closed for unresolved local gateway auth refs
2026-03-11 01:14:06 +00:00
Peter Steinberger
ecdbd8aa52
fix(security): restrict leaf subagent control scope
2026-03-11 01:12:22 +00:00
Gustavo Madeira Santana
3ba6491659
Infra: extract backup and plugin path helpers
2026-03-10 20:16:35 -04:00
Peter Steinberger
f4a4b50cd5
refactor: compile allowlist matchers
2026-03-11 00:07:47 +00:00
Peter Steinberger
fa0329c340
test: cover cron nested lane selection
2026-03-11 00:02:00 +00:00
Peter Steinberger
f604cbedf3
fix: remove stale allowlist matcher cache
2026-03-11 00:00:04 +00:00
Peter Steinberger
825a435709
fix: avoid cron embedded lane deadlock
2026-03-10 23:56:21 +00:00
Peter Steinberger
8901032007
Merge remote-tracking branch 'origin/main'
2026-03-10 23:55:30 +00:00
Josh Avant
36d2ae2a22
SecretRef: harden custom/provider secret persistence and reuse ( #42554 )
...
* Models: gate custom provider keys by usable secret semantics
* Config: project runtime writes onto source snapshot
* Models: prevent stale apiKey preservation for marker-managed providers
* Runner: strip SecretRef marker headers from resolved models
* Secrets: scan active agent models.json path in audit
* Config: guard runtime-source projection for unrelated configs
* Extensions: fix onboarding type errors in CI
* Tests: align setup helper account-enabled expectation
* Secrets audit: harden models.json file reads
* fix: harden SecretRef custom/provider secret persistence (#42554 ) (thanks @joshavant)
2026-03-10 23:55:10 +00:00
Peter Steinberger
20237358d9
refactor: clarify archive staging intent
2026-03-10 23:54:12 +00:00
Peter Steinberger
0bac47de51
refactor: split tar.bz2 extraction helpers
2026-03-10 23:53:32 +00:00
Peter Steinberger
9c64508822
refactor: rename tar archive preflight checker
2026-03-10 23:52:51 +00:00
Peter Steinberger
6565ae1857
refactor: extract archive staging helpers
2026-03-10 23:52:31 +00:00
Peter Steinberger
658cf4bd94
fix: harden archive extraction destinations
2026-03-10 23:49:35 +00:00
Josh Avant
fbc66324ee
SecretRef: harden custom/provider secret persistence and reuse ( #42554 )
...
* Models: gate custom provider keys by usable secret semantics
* Config: project runtime writes onto source snapshot
* Models: prevent stale apiKey preservation for marker-managed providers
* Runner: strip SecretRef marker headers from resolved models
* Secrets: scan active agent models.json path in audit
* Config: guard runtime-source projection for unrelated configs
* Extensions: fix onboarding type errors in CI
* Tests: align setup helper account-enabled expectation
* Secrets audit: harden models.json file reads
* fix: harden SecretRef custom/provider secret persistence (#42554 ) (thanks @joshavant)
2026-03-10 18:46:47 -05:00
Peter Steinberger
201420a7ee
fix: harden secret-file readers
2026-03-10 23:40:10 +00:00
Peter Steinberger
208fb1aa35
test: share runtime group policy fallback cases
2026-03-10 22:20:19 +00:00
Peter Steinberger
344b2286aa
refactor: share windows command shim resolution
2026-03-10 22:18:04 +00:00
