vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 21:50:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
39,423 Commits 1,843 Branches 149 Tags
e40c381fb878348f3f7630929a60334c91309d82
Commit Graph

1111 Commits

Author SHA1 Message Date
Peter Steinberger
0df90d9b8d fix: trace plugin tool factory timings (#75823) 
* fix: trace plugin tool factory timings

* docs: document plugin tool timing traces

* fix: keep plugin tools mcp stdout clean

* test: type plugin tools mcp mock

* test: complete plugin tools mcp mock

* test: preserve console helpers in mcp test

* chore: refresh generated protocol models
 2026-05-01 23:14:18 +01:00
Peter Steinberger
5e3265b09b feat: support openai tts extra body 2026-05-01 22:57:35 +01:00
Peter Steinberger
d2ae2a3fb0 fix(plugins): require declared runtime setup entries 2026-05-01 22:36:18 +01:00
Peter Steinberger
112dedd093 refactor: remove plugin dependency cleanup leftovers 2026-05-01 21:55:50 +01:00
Peter Steinberger
ed8f50f240 refactor: simplify plugin dependency handling 
Simplify plugin installation and runtime loading around package-manager-owned dependencies, with Jiti reserved for local/TS fallback paths.

Also scans npm plugin install roots so hoisted transitive dependencies are covered by dependency denylist and node_modules symlink checks.
 2026-05-01 21:32:22 +01:00
Peter Steinberger
7ddf28c0d4 feat: support git plugin installs 2026-05-01 10:59:10 +01:00
Peter Steinberger
250376f885 fix: simplify bundled runtime dependency repair (#75183) 
Summary:
- Merged fix: simplify bundled runtime dependency repair after ClawSweeper review.

ClawSweeper fixups:
- Included follow-up commit: fix: verify cached bundled runtime roots
- Included follow-up commit: refactor: simplify plugin runtime startup paths
- Included follow-up commit: refactor: trim plugin startup policy helpers
- Included follow-up commit: refactor: trust package manager runtime deps materialization
- Included follow-up commit: fix: narrow channel runtime deps skip policy
- Included follow-up commit: refactor: defer startup plugin runtime deps
- Ran the ClawSweeper repair loop before final review.

Validation:
- ClawSweeper review passed for head 04dc566534.
- Required merge gates passed before the squash merge.

Prepared head SHA: 04dc566534
Review: https://github.com/openclaw/openclaw/pull/75183#issuecomment-4358383786

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: clawsweeper-repair <clawsweeper-repair@users.noreply.github.com>
 2026-05-01 07:49:02 +00:00
Peter Steinberger
5d1ba08e3c fix(doctor): warn on plugin tool allowlist mismatch 2026-05-01 05:33:03 +01:00
pashpashpash
027ea5f08b Isolate Codex app-server state per agent (#74556) 
* fix(codex): isolate app-server home per agent

* fix(codex): isolate native Codex assets per agent

* fix(channels): mark inbound system events untrusted

* fix(doctor): warn on personal Codex agent skills

* test(doctor): cover personal Codex agent skills warning

* fix(codex): forward auth profiles to harness runs

* fix(codex): preserve auto auth for harness runs

* fix(codex): auto-select harness auth profiles

* test(codex): type harness auth mock

* feat(codex): select migrated skills

* fix(codex): satisfy migration selection lint

* docs: add codex isolation changelog
 2026-05-01 04:49:02 +09:00
NVIDIAN
797d574dfd fix(deepseek): expose V4 max thinking levels (#73008) 
Merged via squash.

Prepared head SHA: ef561a59de
Co-authored-by: ai-hpc <183861985+ai-hpc@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-30 23:34:05 +08:00
Peter Steinberger
0f120c09ba fix(agents): bound subagent orphan recovery 2026-04-30 14:43:18 +01:00
Vincent Koc
ad7fa6c387 docs(tools): note explicit alsoAllow needed under restrictive profiles (4aa08e9d79) 2026-04-30 05:38:28 -07:00
Otto Deng
8ca1f6d590 fix(skills): scan grouped skill directories 
* fix(skills): scan nested subdirectories for grouped skill layouts

Previously, skill discovery only checked immediate children of the
skills root for SKILL.md files. Skills organized in subdirectories
(e.g. ~/.openclaw/skills/coze/koze-retrieval/SKILL.md) were silently
ignored.

Now, when an immediate child directory does not contain a SKILL.md,
its own children are checked one level deeper. This supports grouped
skill layouts while keeping the scan depth bounded (max 2 levels) to
avoid unbounded filesystem traversal.

The existing per-source skill count limits and containment checks
still apply to nested discoveries.

Fixes #56915

* test(skills): cover nested grouped skill discovery

* fix(skills): cache contained-path checks and cap nested scans

- Reuse skillDirRealPath captured during the collection phase so the load
  loop no longer re-runs resolveContainedSkillPath on the same directory.
- Apply the per-root candidate cap (and the matching warning log) when
  descending into nested grouped skill directories, matching the outer
  scan's behavior.

Addresses Greptile P2 feedback on PR #72534.

* fix(skills): load grouped skill directories under skills roots

* fix(clownfish): address review for ghcrawl-156697-autonomous-smoke (1)

---------

Co-authored-by: Otto Deng <otto@ottodeng.com>
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: Otto Deng <ottodeng2@github.local>
 2026-04-29 23:56:19 -07:00
Peter Steinberger
30a2b3049a feat: default active steering to batched delivery 2026-04-30 01:22:43 +01:00
Peter Steinberger
4a6e10ece8 feat: default queueing to steer 2026-04-29 22:48:10 +01:00
Jeff
9b6670d5c9 fix(ssrf): allow IPv6 fake-ip SSRF opt-in 
Allow trusted fake-IP proxy stacks to opt into IPv6 unique-local SSRF resolution without opening broader private-network access.
 2026-04-29 20:31:17 +01:00
Peter Steinberger
8a06db084d fix(models): hide unauthenticated catalog entries 2026-04-29 18:05:34 +01:00
Vyctor Huggo Przozwski da Silva
df0074768c fix(exec): reject invalid host targets (#74468) 
* fix(exec): reject invalid host targets

* docs(changelog): credit exec host validation contributor

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-04-29 17:25:45 +01:00
Peter Steinberger
e6cd90e3fd fix(agents): keep OAuth auth read-through 2026-04-29 11:54:28 +01:00
Peter Steinberger
93d5cd1015 fix: honor configured xhigh thinking compat (#74273) 
* fix: honor configured xhigh thinking compat

* test: update agent command model selection mock
 2026-04-29 11:35:03 +01:00
Peter Steinberger
548c280eff fix(discord): keep exec approval fallbacks reachable 2026-04-29 06:29:44 +01:00
Peter Steinberger
2b0b614417 docs(plugins): clarify clawhub npm migration 2026-04-29 06:09:34 +01:00
Peter Steinberger
5a9c0efa54 fix(tasks): clean orphaned parent-owned acp sessions 2026-04-29 04:35:06 +01:00
nighty
6e31de5847 docs: fix custom skill naming example 
Fix the custom skill docs example so the folder and SKILL.md frontmatter use the same hyphen-case name.
 2026-04-28 20:15:36 -07:00
pashpashpash
4aa8da3756 Route sensitive group commands to the owner privately (#73872) 
* fix(commands): route sensitive group approvals privately

* fix(commands): require owner private routes

* test(commands): cover owner-derived Telegram diagnostics routing
 2026-04-29 09:27:18 +09:00
pashpashpash
43fa40a35d fix(telegram): use owners for exec approvals (#73852) 2026-04-29 08:34:46 +09:00
Patrick Erichsen
a235a487d0 docs: add clawhub rescan recovery guidance (#73414) 
* docs: add clawhub rescan recovery guidance

* docs: clarify clawhub rescan wording
 2026-04-28 16:34:00 -07:00
pashpashpash
6ce1058296 Wire diagnostics through the core chat command (#72936) 
* feat: wire codex diagnostics feedback

* fix: harden codex diagnostics hints

* fix: neutralize codex diagnostics output

* fix: tighten codex diagnostics safeguards

* fix: bound codex diagnostics feedback output

* fix: tighten codex diagnostics throttling

* fix: confirm codex diagnostics uploads

* docs: clarify codex diagnostics add-on

* fix: route diagnostics through core command

* fix: tighten diagnostics authorization

* fix: pin diagnostics to bundled codex command

* fix: limit owner status in plugin commands

* fix: scope diagnostics confirmations

* fix: scope codex diagnostics cooldowns

* fix: harden codex diagnostics ownership scopes

* fix: harden diagnostics command trust and display

* fix: keep diagnostics command trust internal

* fix: clarify diagnostics exec boundary

* fix: consume codex diagnostics confirmations atomically

* test: include codex diagnostics binding metadata

* test: use string codex binding timestamps

* fix: keep reserved command trust host-only

* fix: harden diagnostics trust and resume hints

* wire diagnostics through exec approval

* fix: keep diagnostics tests aligned with bundled root trust

* fix telegram diagnostics owner auth

* route trajectory exports through exec approval

* fix trajectory exec command encoding

* fix telegram group owner auth

* fix export trajectory approval hardening

* fix pairing command owner bootstrap

* fix telegram owner exec approvals

* fix: make diagnostics approval flow pasteable

* fix: route native sensitive command followups

* fix: invoke diagnostics exports with current cli

* fix: refresh exec approval protocol models

* fix: list codex diagnostics from thread bindings

* fix: fold codex diagnostics into exec approval

* fix: preserve diagnostics approval line breaks

* docs: clarify diagnostics codex workflow
 2026-04-29 07:40:37 +09:00
Peter Steinberger
5dfc14d49b fix(tasks): close stale terminal acp sessions 2026-04-28 21:03:55 +01:00
Peter Steinberger
0dcab4e347 fix(agents): harden bootstrap and ACP session routing 2026-04-28 20:47:34 +01:00
Gabriel Kripalani
17ef9ef895 feat(openrouter): add video generation provider (#72700) 
Adds OpenRouter video generation via video_generate, with hardened async polling/download handling, docs, and regression coverage.

Validation:
- pnpm test src/plugins/plugin-lookup-table.test.ts src/secrets/target-registry.fast-path.test.ts src/gateway/server-startup-post-attach.test.ts extensions/openrouter/video-generation-provider.test.ts src/video-generation/live-test-helpers.test.ts src/media-generation/provider-capabilities.contract.test.ts src/agents/pi-embedded-helpers/failover-matches.test.ts src/plugins/manifest-metadata-scan.test.ts src/agents/openai-transport-stream.test.ts src/media-understanding/openai-compatible-audio.test.ts src/agents/schema-normalization-runtime-contract.test.ts src/agents/provider-request-config.test.ts src/plugin-sdk/provider-stream.test.ts src/agents/pi-embedded-runner/run/attempt.spawn-workspace.websocket.test.ts -- --reporter=verbose
- OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_TEST_QUIET=0 OPENCLAW_LIVE_VIDEO_GENERATION_MODELS=openrouter/google/veo-3.1-fast pnpm test:live src/video-generation/video-generation.live.test.ts -- --runInBand

Co-authored-by: notamicrodose <gabrielkripalani@me.com>
 2026-04-28 10:57:31 +01:00
Peter Steinberger
169dba2042 fix(skills): require opt-in for coding-agent 2026-04-28 09:24:24 +01:00
Peter Steinberger
78a12706ec fix(docs): make docs formatter mintlify-safe 2026-04-28 08:13:21 +01:00
Peter Steinberger
424560c6c2 docs: normalize mintlify component closings 2026-04-28 07:54:15 +01:00
Peter Steinberger
ad57a6d616 docs: replace reactions cache bust with prose 2026-04-28 07:37:14 +01:00
Peter Steinberger
e388f289bf docs: refresh reactions source cache key 2026-04-28 07:36:13 +01:00
Peter Steinberger
738f5f7508 fix: prevent channel login exec wedges 2026-04-28 05:16:43 +01:00
Peter Steinberger
ab95812d65 fix: record model fallback steps in trajectories 2026-04-28 05:08:34 +01:00
Peter Steinberger
093dba3806 fix(acpx): bundle Codex ACP adapter 2026-04-28 04:39:41 +01:00
Peter Steinberger
0294aebe6f feat(providers): add DeepInfra provider plugin (#73038) 
* feat(providers): add DeepInfra provider plugin

* feat(deepinfra): add media provider surfaces

* fix(deepinfra): satisfy provider boundary checks

* docs: add gitcrawl maintainer skill

* test: include deepinfra in live media sweeps

* fix: remove stale tts contract import
 2026-04-28 01:12:54 +01:00
Peter Steinberger
32d76e2429 fix(memory): bound lancedb recall embedding queries 2026-04-28 00:58:30 +01:00
Peter Steinberger
2fbbc6e2fa docs: clarify plugin disable doctor behavior 2026-04-28 00:07:02 +01:00
Olamiposi
c51e315f3a docs: clarify messaging vs full tool profiles (#39954) 
* docs: clarify messaging vs full tool profiles

* docs: normalize tools.profile references

* docs: clarify messaging and full tool profiles

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
 2026-04-27 15:44:17 -07:00
Peter Steinberger
d519dc6976 docs(channels): add channel docking concept 2026-04-27 22:37:58 +01:00
Peter Steinberger
582debbec8 docs(channels): explain dock commands 2026-04-27 22:32:44 +01:00
Peter Steinberger
1eea534ddb fix(channels): handle generated dock commands 2026-04-27 21:59:15 +01:00
Peter Steinberger
a2b84e98e9 fix: clean up trajectory sidecars 2026-04-27 20:58:28 +01:00
Peter Steinberger
2f488b7e7a docs: clarify ClawHub plugin discovery 2026-04-27 20:26:49 +01:00
kakahu
d70808433d Add structured Matrix approval metadata (#72432) 
Merged via squash.

Prepared head SHA: 0e06533dff
Co-authored-by: kakahu2015 <17962485+kakahu2015@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-27 14:52:02 -04:00
Val Alexander
f7797ca62b chore: remove coven extension 2026-04-27 13:22:32 -05:00