vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-28 23:03:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
59,734 Commits 1,843 Branches 149 Tags
db4bcd7d09de5602bb641eabcd03db2b46064f08
Commit Graph

59734 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Momo
db4bcd7d09 Expose verified ClawHub source in skill verify output (#93532) 
* fix(skills): expose verified ClawHub source in verify output

* fix(ci): repair verify check regressions

* fix(ci): refresh prompt snapshots

* fix(skills): require pinned ClawHub verify commits
 2026-06-17 16:35:36 +08:00
Vincent Koc
745b011632 refactor(tasks): hide flow audit internals 2026-06-17 16:34:14 +08:00
Vincent Koc
a18cbcb7c6 refactor(status): hide internal helpers 2026-06-17 16:31:42 +08:00
Vincent Koc
2ca375fc1a fix(codex): rotate mcp bindings before transient search 2026-06-17 10:30:46 +02:00
Vincent Koc
22356395a2 fix(codex): drop unused transient binding assignment 2026-06-17 10:30:46 +02:00
Vincent Koc
759b7902ee test(codex): dedupe context engine binding helper 2026-06-17 10:30:46 +02:00
Vincent Koc
f1c44e2d6d fix(codex): rotate mismatched bindings before transient search 2026-06-17 10:30:46 +02:00
Vincent Koc
ffeccce5f9 test(telegram): isolate model callback session state 2026-06-17 10:30:45 +02:00
Vincent Koc
d4fb49f3c4 test(channels): update command output progress expectations 2026-06-17 10:30:45 +02:00
Vincent Koc
f7178a74ef test(feishu): expect send receipts 2026-06-17 10:30:45 +02:00
Vincent Koc
da67802baf fix(codex): respect lifecycle mismatch rotations 2026-06-17 10:30:45 +02:00
Vincent Koc
5b46a11d2d fix(telegram): preserve default model and sticker cache state 2026-06-17 10:30:45 +02:00
Vincent Koc
5ee0f13a54 fix(channels): reset completed command output detail 2026-06-17 10:30:45 +02:00
Vincent Koc
3f18ee4567 refactor(skills): hide workshop internals 2026-06-17 16:28:40 +08:00
Vincent Koc
5b1ba437ba refactor(skills): trim loader export surface 2026-06-17 16:25:01 +08:00
Vincent Koc
4132ce155e fix(cohere): translate system prompts 2026-06-17 16:23:52 +08:00
Vincent Koc
91bcc4cf2a docs(i18n): add Cohere glossary entries 2026-06-17 16:23:52 +08:00
Vincent Koc
a079d98eb4 docs(plugins): refresh Cohere inventory 2026-06-17 16:23:52 +08:00
Vincent Koc
85d5d94519 feat(cohere): add provider plugin 2026-06-17 16:23:52 +08:00
Vincent Koc
cb1e4356aa refactor(skills): hide clawhub lifecycle internals 2026-06-17 16:20:09 +08:00
Alix-007
93e3bcef7a fix(cli): clarify MCP list registry scope (#87487) 
Clarify that `openclaw mcp list`, `show`, `set`, and `unset` manage the OpenClaw `mcp.servers` registry and do not include the separate mcporter registry.

Co-authored-by: Alix-007 <li.long15@xydigit.com>
 2026-06-17 10:18:18 +02:00
Vincent Koc
8decb546f7 refactor(skills): hide status upload internals 2026-06-17 16:16:55 +08:00
Vincent Koc
e99a6d4c19 refactor(skills): hide internal result types 2026-06-17 16:12:06 +08:00
Vincent Koc
19c7731292 fix(plugins): classify npm-pack security events as archives 2026-06-17 16:11:32 +08:00
Vincent Koc
3c64a575dd fix(gateway): classify pairing rejection events 2026-06-17 16:11:32 +08:00
Vincent Koc
81df1b239b fix(plugins): satisfy install security lint 2026-06-17 16:11:32 +08:00
Vincent Koc
80c47ecb99 test(plugins): narrow npm install mock options 2026-06-17 16:11:32 +08:00
Vincent Koc
41a0b8df36 fix(agents): classify tool block security events 2026-06-17 16:11:32 +08:00
Vincent Koc
122f29e5ea fix(plugins): preserve install security provenance 2026-06-17 16:11:32 +08:00
Vincent Koc
b6714bf109 fix(diagnostics): preserve plugin security identities 2026-06-17 16:11:32 +08:00
Vincent Koc
df86f36a57 fix(agents): emit inline exec approval decisions 2026-06-17 16:11:32 +08:00
Vincent Koc
7279f43bbb fix(plugins): avoid duplicate npm install security events 2026-06-17 16:11:32 +08:00
Vincent Koc
f51b52ceca fix(diagnostics): narrow security severity text 2026-06-17 16:11:32 +08:00
Vincent Koc
10da9ae248 fix(diagnostics): satisfy security severity lint 2026-06-17 16:11:32 +08:00
Vincent Koc
49e95c5308 fix(logging): project security diagnostics for stability 2026-06-17 16:11:32 +08:00
Vincent Koc
7de5bdca19 test(diagnostics): satisfy security event fixture types 2026-06-17 16:11:32 +08:00
Vincent Koc
7a880bcf29 feat(security): emit audit summary events 2026-06-17 16:11:32 +08:00
Vincent Koc
b86b891326 feat(plugins): emit security events for installs 2026-06-17 16:11:32 +08:00
Vincent Koc
481fd10988 feat(agents): emit security events for exec approvals 2026-06-17 16:11:32 +08:00
Vincent Koc
299d31c56e feat(gateway): emit security events for auth handshakes 2026-06-17 16:11:32 +08:00
Vincent Koc
d6774e46e0 feat(gateway): emit security events for device pairing 2026-06-17 16:11:32 +08:00
Vincent Koc
d491018a45 feat(agents): emit security events for tool vetoes 2026-06-17 16:11:32 +08:00
Vincent Koc
f3a1d1fcb0 feat(diagnostics): export security events to OTLP logs 2026-06-17 16:11:32 +08:00
Vincent Koc
6456d03868 feat(diagnostics): add trusted security events 2026-06-17 16:11:32 +08:00
Alex Knight
e68db3a1b8 fix(config): remove unnecessary dm warning conversion 2026-06-17 18:07:35 +10:00
Alex Knight
57b66b2ec8 fix(config): tighten dm policy warnings 2026-06-17 18:07:35 +10:00
Alex Knight
90e72a67a3 fix(config): resolve DM allowFrom via canonical-or-legacy before warning 
The generic dmPolicy/allowFrom warning read only the canonical top-level
allowFrom, so channels that keep their wildcard under the legacy dm.allowFrom
alias (e.g. Discord/Slack, mode=topOnly/topOrNested) got a false 'all DMs
dropped' warning even though runtime honors dm.allowFrom. Resolve policy and
allowFrom through the shared resolveChannelDm* helpers with the channel's
dmAllowFromMode (matching runtime and doctor), and skip nestedOnly channels
whose canonical fields live under dm.* and do not match this warning's
top-level paths. Adds a Discord legacy-alias regression test.

Addresses ClawSweeper review finding P1 (false positives on legacy dm.allowFrom).
 2026-06-17 18:07:35 +10:00
Alex Knight
6810c67f0c refactor(config): make DM policy/allowFrom validation generic across channels 
Replace the hardcoded Mattermost-only open-DM config check with a generic,
plugin-agnostic warning driven by a single shared evaluator
(evaluateDmPolicyAllowFromDependency) reused by the Zod refinements and the
CLI validator. Surface warnings at 'config validate' and on config load.
Remove the Mattermost-specific status-issues module now covered generically;
keep the runtime drop-log diagnostic.
 2026-06-17 18:07:35 +10:00
Alex Knight
ba91eb7acf Fix Mattermost open DM validation 2026-06-17 18:07:35 +10:00
Vincent Koc
c12d921291 refactor(shared): trim helper constants 2026-06-17 16:06:41 +08:00