openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-04-03 21:31:26 +00:00

Author	SHA1	Message	Date
scoootscooob	dd9d0bdd8e	fix(exec): harden shell-side approval guardrails (#57839 ) * fix(exec): harden approval handling * fix(exec): tighten approval guardrails * fix(exec): reject prefixed approval commands * fix(exec): isolate shell approval guardrails * fix(exec): recurse through wrapped approval commands * fix(exec): restore allowlist wrapper import * fix(exec): strip env wrappers before approval detection * fix(exec): inspect nested shell wrapper options	2026-03-30 15:49:24 -07:00
scoootscooob	9ff57ac479	refactor(exec): unify channel approvals and restore routing/auth (#57838 ) * fix(exec): add shared approval runtime * fix(exec): harden shared approval runtime * fix(exec): guard approval expiration callbacks * fix(exec): handle approval runtime races * fix(exec): clean up failed approval deliveries * fix(exec): restore channel approval routing * fix(exec): scope telegram legacy approval fallback * refactor(exec): centralize native approval delivery * fix(exec): harden approval auth and account routing * test(exec): align telegram approval auth assertions * fix(exec): align approval rebase followups * fix(exec): clarify plugin approval not-found errors * fix(exec): fall back to session-bound telegram accounts * fix(exec): detect structured telegram approval misses * test(exec): align discord approval auth coverage * fix(exec): ignore discord dm origin channel routes * fix(telegram): skip self-authored message echoes * fix(exec): keep implicit approval auth non-explicit	2026-03-30 15:49:02 -07:00
Gustavo Madeira Santana	e7e15b92bd	Chore: remove orphaned agent workflow	2026-03-30 18:43:14 -04:00
Gustavo Madeira Santana	b9f5d02f04	fix(matrix): restore E2EE for one-off CLI sends (#57936 ) Merged via squash. Prepared head SHA: `4b79fbea22` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-30 17:28:33 -04:00
mappel-nv	5cc0bc936c	Gateway: open config files without shell interpolation (#57921 ) * Gateway: open config files without shell interpolation Co-authored-by: peteryuqin <peter.yuqin@gmail.com> * Gateway: align config opener review fixes * Gateway: tidy config opener logging * Gateway: simplify config opener error path * Gateway: cover Windows config opener test path * Gateway: use literal Windows config open path --------- Co-authored-by: peteryuqin <peter.yuqin@gmail.com>	2026-03-30 15:21:25 -06:00
Dinakar Sarbada	62d6cfedee	fix(doctor/plugins): skip unused Matrix inspector loads and honor enabledByDefault startup plugins (#57931 ) Merged via squash. Prepared head SHA: `634794b954` Co-authored-by: dinakars777 <250428393+dinakars777@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-30 17:06:04 -04:00
Gustavo Madeira Santana	9a94578d47	Diffs: fall back on invalid language hints (#57902 ) Merged via squash. Prepared head SHA: `567ca3a56f` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-30 16:30:05 -04:00
Gustavo Madeira Santana	66777e140e	Diffs: return schema-shaped plugin config (#57904 ) Merged via squash. Prepared head SHA: `df95f53aaa` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-30 16:27:11 -04:00
Gustavo Madeira Santana	07900facf6	Diffs: skip unused render targets (#57909 ) Merged via squash. Prepared head SHA: `9972f3029f` Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-30 16:21:08 -04:00
Agustin Rivera	30a1690323	fix(diffs): harden viewer proxy access (#57912 ) * fix(diffs): harden viewer proxy access * fix(diffs): restore mapped loopback access	2026-03-30 14:17:27 -06:00
Altay	910134b702	fix(memory): stabilize qmd collection scoping	2026-03-30 22:41:21 +03:00
Altay	9c25544e6c	test(ci): fix stale regression expectations (#57899 )	2026-03-30 22:31:13 +03:00
Gustavo Madeira Santana	4a6267bfe1	Diffs: preserve base paths for viewer assets	2026-03-30 15:28:16 -04:00
Gustavo Madeira Santana	b96b1efc69	Changelog: restore Matrix history entry	2026-03-30 15:14:53 -04:00
chain710	943163a419	feat(matrix): add group chat history context for agent triggers (#57022 ) Merged via squash. Prepared head SHA: `b6f88b72e8` Co-authored-by: chain710 <486539+chain710@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras	2026-03-30 15:10:43 -04:00
Jacob Tomlinson	8deb9522f3	Guard marketplace and Ollama network requests (#57850 ) * Plugins: guard marketplace and Ollama fetches * Ollama: pin guarded host allowlist	2026-03-30 20:08:38 +01:00
Jacob Tomlinson	e277a37f89	Infra: block compiler env overrides (#57832 )	2026-03-30 20:06:32 +01:00
Jacob Tomlinson	cfe1445953	Sandbox: sanitize SSH subprocess env (#57848 ) * Sandbox: sanitize SSH subprocess env * Sandbox: add sanitize env undefined test	2026-03-30 20:05:57 +01:00
Jacob Tomlinson	f0af186726	gateway: ignore bearer-declared HTTP operator scopes (#57783 ) * gateway: ignore bearer-declared HTTP operator scopes * gateway: key HTTP bearer guards to auth mode * gateway: refresh rebased HTTP regression expectations * gateway: honor resolved HTTP auth method * gateway: remove duplicate openresponses owner flags	2026-03-30 20:04:33 +01:00
Jacob Tomlinson	2a75416634	CLI: reset remote URL after trust decline (#57828 ) Co-authored-by: zsxsoft <git@zsxsoft.com>	2026-03-30 20:03:06 +01:00
Jacob Tomlinson	ad77666054	fix(voice-call): canonicalize Telnyx replay request keys (#57829 )	2026-03-30 20:01:43 +01:00
Agustin Rivera	e65c265e89	Security: block exec approval shell carrier targets (#57871 ) * Security: block exec approval shell carrier targets * Tests: tighten exec approval carrier regression assertions	2026-03-30 12:35:04 -06:00
Mariano	9d9cf0d8ff	Tasks: route one-task emergence through parent flows (#57874 )	2026-03-30 20:25:01 +02:00
Mariano	7590c22db7	Tasks: add minimal flow registry scaffold (#57865 )	2026-03-30 19:57:26 +02:00
Devin Robison	8c83128fc3	Discord: fix Group DM component interaction routing and auth (#57763 ) * Discord: fix Group DM component interaction routing and auth * Update tests	2026-03-30 11:17:53 -06:00
Devin Robison	8fdb19676a	Fix Discord native commands bypassing group DM channel allowlist (#57735 ) * Fix Discord native commands bypassing group DM channel allowlist * Fix linting * Update tests	2026-03-30 11:17:36 -06:00
Gustavo Madeira Santana	dd17dae3e5	Matrix: drop unused MatrixClient constructor params	2026-03-30 13:17:02 -04:00
Gustavo Madeira Santana	1ea85a5d0b	Matrix: remove stale monitor mention regex param	2026-03-30 13:17:02 -04:00
Shakker	e8b0d57eb6	test: isolate browser navigation tests from host proxy env	2026-03-30 18:10:08 +01:00
Shakker	8746e2e216	fix: restore cli registry side-effect option	2026-03-30 18:10:08 +01:00
Shakker	ba7c98ab51	fix: align outbound media root tests with config-derived tmp paths	2026-03-30 18:10:08 +01:00
Ayaan Zaidi	1b557ffe65	fix(plugins): keep snapshot hook loads isolated	2026-03-30 22:00:54 +05:30
joelnishanth	f849b8de97	hooks: default hooks.internal.enabled to true so bundled hooks load on fresh installs Made-with: Cursor	2026-03-30 22:00:54 +05:30
Jacob Tomlinson	3886b65ef2	fix(gateway): require node pairing before enabling node commands (#57777 ) * Gateway: require node pairing for node commands * Gateway: request node pairing on initial connect * Gateway: filter pending node pairing commands	2026-03-30 17:29:28 +01:00
Jacob Tomlinson	6b38815f86	fix(gateway): tighten tools invoke HTTP guardrails (#57771 ) * fix(gateway): tighten tools invoke HTTP guardrails Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com> * fix(security): centralize gateway HTTP deny defaults * fix(gateway): drop duplicate scope guard after rebase --------- Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>	2026-03-30 17:16:33 +01:00
Jacob Tomlinson	1ca4261d7e	fix(media): keep local roots configuration-derived (#57770 ) * fix(media): keep local roots configuration-derived Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com> * fix(media): simplify local root lookup * fix(media): keep legacy local roots export	2026-03-30 17:15:03 +01:00
Shakker	aff6883f93	fix: avoid over-sharding single include-file test batches	2026-03-30 17:14:02 +01:00
Shakker	c22edbb8ee	test: align ci regression stubs with production behavior	2026-03-30 17:11:06 +01:00
Shakker	555a4d896c	test: stabilize media attachment cache path assertions	2026-03-30 17:11:06 +01:00
Shakker	4c45fc3575	test: remove telegram extension dependency from reply command tests	2026-03-30 17:11:06 +01:00
Jacob Tomlinson	17d0be02f2	fix(gateway): bind OpenResponses HTTP ingress as non-owner (#57778 ) * fix(gateway): bind OpenResponses HTTP ingress as non-owner Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com> * test(gateway): cover streaming OpenResponses non-owner ingress --------- Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>	2026-03-30 17:05:29 +01:00
Jacob Tomlinson	1a75906a6f	Exec approvals: prevent interpreter allow-always persistence (#57772 ) * Exec approvals: block interpreter allow-always persistence * Exec approvals: normalize interpreter allowlist formatting * Exec approvals: normalize interpreter allowlist wrapping * Exec approvals: tighten awk regression coverage * Exec approvals: harden awk interpreter coverage	2026-03-30 17:03:54 +01:00
pgondhi987	b7b46ad185	fix(skills): replace readFileSync with symlink-safe, root-confined skill file loader (#57519 ) * fix: replace readFileSync with symlink-safe, root-confined skill file loader * fix(skills): preserve directory-name fallback when frontmatter omits name * fix: harden skill loader path containment --------- Co-authored-by: Jacob Tomlinson <jacobtomlinson@users.noreply.github.com>	2026-03-30 17:03:05 +01:00
Jacob Tomlinson	7a5c5f33d0	Infra: block auth env vars from workspace dotenv (#57767 ) * Infra: block auth env vars from workspace dotenv * Infra: block workspace dotenv auth key variants * Infra: block workspace dotenv live auth keys	2026-03-30 17:01:22 +01:00
Jacob Tomlinson	29cb1e3c7e	Gateway: tighten HTTP tool invoke authorization (#57773 ) * Gateway: harden HTTP tool invoke access * Gateway: strengthen HTTP tools invoke regression coverage * Gateway: keep owner-only tools off HTTP	2026-03-30 16:59:40 +01:00
Jacob Tomlinson	ae703ab0e7	infra: harden identifier entropy and delay jitter (#57744 ) * infra: harden identifier entropy and delay jitter * test: make randomness hardening deterministic in CI	2026-03-30 16:57:30 +01:00
Jacob Tomlinson	32a4a47d60	Agents: pin apply-patch workspace mutations (#56016 ) * Agents: pin apply-patch file ops to workspace * Agents: resolve apply-patch review feedback * Infra: fallback pinned path helper spawn failures	2026-03-30 16:49:49 +01:00
pgondhi987	6d341cf366	fix(auto-reply): thread per-agent tools.exec defaults into reply directives (#57689 ) * fix(auto-reply): thread per-agent tools.exec defaults into exec overrides * test(auto-reply): add session-override and inline-directive priority tests for exec agent defaults	2026-03-30 16:46:54 +01:00
samzong	09bb93c6e0	fix(subagents): correct duration display showing 5-6x inflated runtime (#57739 ) Merged via squash. Prepared head SHA: `018bbbca4d` Co-authored-by: samzong <13782141+samzong@users.noreply.github.com> Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com> Reviewed-by: @frankekn	2026-03-30 23:44:36 +08:00
Jacob Tomlinson	f011d0be28	fix(gateway): treat OpenAI HTTP ingress as non-owner (#57769 ) Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>	2026-03-30 16:26:53 +01:00

1 2 3 4 5 ...

23900 Commits