vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 15:30:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,713 Commits 682 Branches 76 Tags
efa1204183bf48fdfe8dfaedb5f93d072b6a38d8
Commit Graph

429 Commits

Author SHA1 Message Date
Shrey Pandya
efa1204183 docs: restore direct wss://connect.browserbase.com URL 
Browserbase exposes a direct WebSocket connect endpoint that
auto-creates a session, similar to how Browserless works. Simplified
the section to use this static URL pattern instead of requiring
manual session creation via the API.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-08 18:48:10 +00:00
Shrey Pandya
9a4610c641 docs: fix Browserbase section to match official docs 
Browserbase requires creating a session via their API to get a CDP
connect URL, unlike Browserless which uses a static endpoint. Updated
to show the correct curl-based session creation flow, removed
unverified static WebSocket URL, and added the 5-minute connect
timeout note from official docs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-08 18:48:10 +00:00
Shrey Pandya
c0a988f692 docs: fix duplicate heading lint error 
Rename "Configuration" sub-heading to "Profile setup" to avoid
MD024/no-duplicate-heading conflict with the existing top-level
"Configuration" heading.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-08 18:48:10 +00:00
Shrey Pandya
641e1bacb4 docs: add Browserbase as hosted remote CDP option 
Add Browserbase documentation section alongside the existing Browserless
section in the browser docs. Includes signup instructions, CDP connection
configuration, and environment variable setup.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-08 18:48:10 +00:00
Shrey Pandya
0252bdc837 Revert "docs: add Browserbase as hosted remote CDP option" 
This reverts commit c469657c97848c7a3e1e5135bf4ce735d07d6614.
 2026-03-08 18:48:10 +00:00
Shrey Pandya
885199dcaa docs: add Browserbase as hosted remote CDP option 
Add Browserbase documentation section alongside the existing Browserless
section in the browser docs. Includes signup instructions, CDP connection
configuration, and environment variable setup for both English and Chinese
(zh-CN) translations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-08 18:48:10 +00:00
Vincent Koc
55465d86d9 Docs: use placeholder OpenRouter key in web tool docs 2026-03-08 11:16:03 -07:00
Rémi
2970d72554 docs: update Brave Search API docs for Feb 2026 plan restructuring (#40111) 
Merged via squash.

Prepared head SHA: c651f07855
Co-authored-by: remusao <1299873+remusao@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-08 14:06:21 -04:00
Ayaan Zaidi
28e46d04e5 fix(web-search): restore OpenRouter compatibility for Perplexity (#39937) (#39937) 2026-03-08 20:37:54 +05:30
Peter Steinberger
6dadfaa18c docs: use alphabetical provider ordering 2026-03-08 14:10:36 +00:00
Peter Steinberger
acac7e3132 fix: land Brave llm-context gaps (#33383) (thanks @thirumaleshp) 2026-03-08 13:57:12 +00:00
Peter Steinberger
61000b8e4d fix(acp): block sandboxed slash spawns 2026-03-08 00:23:07 +00:00
Peter Steinberger
c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger
be9ea991de fix(discord): avoid native plugin command collisions 2026-03-07 21:59:44 +00:00
Peter Steinberger
ac86deccee fix(gateway): harden plugin HTTP route auth 2026-03-07 19:55:06 +00:00
Peter Steinberger
253e159700 fix: harden workspace skill path containment 2026-03-07 18:56:15 +00:00
Vincent Koc
f966dde476 tests: fix detect-secrets false positives (#39084) 
* Tests: rename gateway status env token fixture

* Tests: allowlist feishu onboarding fixtures

* Tests: allowlist Google Chat private key fixture

* Docs: allowlist Brave API key example

* Tests: allowlist pairing password env fixtures

* Chore: refresh detect-secrets baseline
 2026-03-07 13:21:29 -05:00
Vincent Koc
5290d97574 Docs: fix web tools MDX links 2026-03-07 10:15:22 -08:00
Vincent Koc
61273c072c Docs: remove MDX-breaking secret markers 2026-03-07 10:09:00 -08:00
Vincent Koc
e4d80ed556 CI: restore main detect-secrets scan (#38438) 
* Tests: stabilize detect-secrets fixtures

* Tests: fix rebased detect-secrets false positives

* Docs: keep snippets valid under detect-secrets

* Tests: finalize detect-secrets false-positive fixes

* Tests: reduce detect-secrets false positives

* Tests: keep detect-secrets pragmas inline

* Tests: remediate next detect-secrets batch

* Tests: tighten detect-secrets allowlists

* Tests: stabilize detect-secrets formatter drift
 2026-03-07 10:06:35 -08:00
Kesku
3d7bc5958d feat(onboarding): add web search to onboarding flow (#34009) 
* add web search to onboarding flow

* remove post onboarding step (now redundant)

* post-onboarding nudge if no web search set up

* address comments

* fix test mocking

* add enabled: false assertion to the no-key test

* --skip-search cli flag

* use provider that a user has a key for

* add assertions, replace the duplicated switch blocks

* test for quickstart fast-path with existing config key

* address comments

* cover quickstart falls through to key test

* bring back key source

* normalize secret inputs instead of direct string trimming

* preserve enabled: false if it's already set

* handle missing API keys in flow

* doc updates

* hasExistingKey to detect both plaintext strings and SecretRef objects

* preserve enabled state only on the "keep current" paths

* add test for preserving

* better gate flows

* guard against invalid provider values in config

* Update src/commands/configure.wizard.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* format fix

* only mentions env var when it's actually available

* search apiKey fields now typed as SecretInput

* if no provider check if any search provider key is detectable

* handle both kimi keys

* remove .filter(Boolean)

* do not disable web_search after user enables it

* update resolveSearchProvider

* fix(onboarding): skip search key prompt in ref mode

* fix: add onboarding web search step (#34009) (thanks @kesku)

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
 2026-03-06 13:09:00 -06:00
Vincent Koc
f392b81e95 Infra: require explicit opt-in for prerelease npm installs (#38117) 
* Infra: tighten npm registry spec parsing

* Infra: block implicit prerelease npm installs

* Plugins: cover prerelease install policy

* Infra: add npm registry spec tests

* Hooks: cover prerelease install policy

* Docs: clarify plugin guide version policy

* Docs: clarify plugin install version policy

* Docs: clarify hooks install version policy

* Docs: clarify hook pack version policy
 2026-03-06 11:13:30 -05:00
Vincent Koc
151f26070b docs: context engine 2026-03-06 08:55:58 -05:00
Vincent Koc
eb2eebae22 docs(plugins): document context engine slots and registration 2026-03-06 08:53:30 -05:00
Vincent Koc
e88f6605ec docs(tools): document slash-delimited config schema lookup paths 2026-03-06 08:53:29 -05:00
Gustavo Madeira Santana
ff97195500 Gateway: add path-scoped config schema lookup (#37266) 
Merged via squash.

Prepared head SHA: 0c4d187f6f
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-06 02:50:48 -05:00
Josh Avant
0e4245063f CLI: make read-only SecretRef status flows degrade safely (#37023) 
* CLI: add read-only SecretRef inspection

* CLI: fix read-only SecretRef status regressions

* CLI: preserve read-only SecretRef status fallbacks

* Docs: document read-only channel inspection hook

* CLI: preserve audit coverage for read-only SecretRefs

* CLI: fix read-only status account selection

* CLI: fix targeted gateway fallback analysis

* CLI: fix Slack HTTP read-only inspection

* CLI: align audit credential status checks

* CLI: restore Telegram read-only fallback semantics
 2026-03-05 23:07:13 -06:00
dorukardahan
5d4b04040d feat(openai): add gpt-5.4 support for API and Codex OAuth (#36590) 
* feat(openai): add gpt-5.4 support and priority processing

* feat(openai-codex): add gpt-5.4 oauth support

* fix(openai): preserve provider overrides in gpt-5.4 fallback

* fix(openai-codex): keep xhigh for gpt-5.4 default

* fix(models): preserve configured overrides in list output

* fix(models): close gpt-5.4 integration gaps

* fix(openai): scope service tier to public api

* fix(openai): complete prep followups for gpt-5.4 support (#36590) (thanks @dorukardahan)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
 2026-03-05 21:01:37 -08:00
Hinata Kaga (samon)
8c85ad540a fix: remove config.schema from agent gateway tool (#7382) 
Merged via squash.

Prepared head SHA: f34a778069
Co-authored-by: kakuteki <61647657+kakuteki@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 23:53:08 -05:00
Tyler Yust
81b93b9ce0 fix(subagents): announce delivery with descendant gating, frozen result refresh, and cron retry (#35080) 
Thanks @tyler6204
 2026-03-05 19:20:24 -08:00
Harold Hunt
d58dafae88 feat(telegram/acp): Topic Binding, Pin Binding Message, Fix Spawn Param Parsing (#36683) 
* fix(acp): normalize unicode flags and Telegram topic binding

* feat(telegram/acp): restore topic-bound ACP and session bindings

* fix(acpx): clarify permission-denied guidance

* feat(telegram/acp): pin spawn bind notice in topics

* docs(telegram): document ACP topic thread binding behavior

* refactor(reply): share Telegram conversation-id resolver

* fix(telegram/acp): preserve bound session routing semantics

* fix(telegram): respect binding persistence and expiry reporting

* refactor(telegram): simplify binding lifecycle persistence

* fix(telegram): bind acp spawns in direct messages

* fix: document telegram ACP topic binding changelog (#36683) (thanks @huntharo)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-06 02:17:50 +01:00
Gustavo Madeira Santana
1a67cf57e3 Diffs: restore system prompt guidance (#36904) 
Merged via squash.

Prepared head SHA: 1b3be3c879
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 19:46:39 -05:00
Gustavo Madeira Santana
688b72e158 plugins: enforce prompt hook policy with runtime validation (#36567) 
Merged via squash.

Prepared head SHA: 6b9d883b6a
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 18:15:54 -05:00
Vincent Koc
98aecab7bd Docs: cover heartbeat, cron, and plugin route updates 2026-03-05 17:05:21 -05:00
maweibin
09c68f8f0e add prependSystemContext and appendSystemContext to before_prompt_build (fixes #35131) (#35177) 
Merged via squash.

Prepared head SHA: d9a2869ad6
Co-authored-by: maweibin <18023423+maweibin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-05 13:06:59 -05:00
Bob
6a705a37f2 ACP: add persistent Discord channel and Telegram topic bindings (#34873) 
* docs: add ACP persistent binding experiment plan

* docs: align ACP persistent binding spec to channel-local config

* docs: scope Telegram ACP bindings to forum topics only

* docs: lock bound /new and /reset behavior to in-place ACP reset

* ACP: add persistent discord/telegram conversation bindings

* ACP: fix persistent binding reuse and discord thread parent context

* docs: document channel-specific persistent ACP bindings

* ACP: split persistent bindings and share conversation id helpers

* ACP: defer configured binding init until preflight passes

* ACP: fix discord thread parent fallback and explicit disable inheritance

* ACP: keep bound /new and /reset in-place

* ACP: honor configured bindings in native command flows

* ACP: avoid configured fallback after runtime bind failure

* docs: refine ACP bindings experiment config examples

* acp: cut over to typed top-level persistent bindings

* ACP bindings: harden reset recovery and native command auth

* Docs: add ACP bound command auth proposal

* Tests: normalize i18n registry zh-CN assertion encoding

* ACP bindings: address review findings for reset and fallback routing

* ACP reset: gate hooks on success and preserve /new arguments

* ACP bindings: fix auth and binding-priority review findings

* Telegram ACP: gate ensure on auth and accepted messages

* ACP bindings: fix session-key precedence and unavailable handling

* ACP reset/native commands: honor fallback targets and abort on bootstrap failure

* Config schema: validate ACP binding channel and Telegram topic IDs

* Discord ACP: apply configured DM bindings to native commands

* ACP reset tails: dispatch through ACP after command handling

* ACP tails/native reset auth: fix target dispatch and restore full auth

* ACP reset detection: fallback to active ACP keys for DM contexts

* Tests: type runTurn mock input in ACP dispatch test

* ACP: dedup binding route bootstrap and reset target resolution

* reply: align ACP reset hooks with bound session key

* docs: replace personal discord ids with placeholders

* fix: add changelog entry for ACP persistent bindings (#34873) (thanks @dutifulbob)

---------

Co-authored-by: Onur <2453968+osolmaz@users.noreply.github.com>
 2026-03-05 09:38:12 +01:00
Bob
257e2f5338 fix: relay ACP sessions_spawn parent streaming (#34310) (thanks @vincentkoc) (#34310) 
Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
 2026-03-04 11:44:20 +01:00
Gustavo Madeira Santana
7a2f5a0098 Plugin SDK: add full bundled subpath wiring 2026-03-04 02:35:12 -05:00
Gustavo Madeira Santana
802b9f6b19 Plugins: add root-alias shim and cache/docs updates 2026-03-04 01:20:48 -05:00
Kesku
230fea1ca6 feat(web-search): switch Perplexity to native Search API (#33822) 
* feat: Add Perplexity Search API as web_search provider

* docs fixes

* domain_filter validation

* address comments

* provider-specific options in cache key

* add validation for unsupported date filters

* legacy fields

* unsupported_language guard

* cache key matches the request's precedence order

* conflicting_time_filters guard

* unsupported_country guard

* invalid_date_range guard

* pplx validate for ISO 639-1 format

* docs: add Perplexity Search API changelog entry

* unsupported_domain_filter guard

---------

Co-authored-by: Shadow <hi@shadowing.dev>
 2026-03-03 22:57:19 -06:00
Gustavo Madeira Santana
1278ee9248 plugin-sdk: add channel subpaths and migrate bundled plugins 2026-03-03 22:07:03 -05:00
Mylszd
d89e1e40f9 docs(loop-detection): fix config keys to match schema (#33182) 
Merged via squash.

Prepared head SHA: 612ecc00d3
Co-authored-by: Mylszd <23611557+Mylszd@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 11:02:30 -05:00
Eugene
5341b5c71c Diffs: Migrate tool usage guidance from before_prompt_build to a plugin skill (#32630) 
Merged via squash.

Prepared head SHA: 585697a4e1
Co-authored-by: sircrumpet <4436535+sircrumpet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 01:50:59 -05:00
Henry Loenwind
75775f2fe6 chore: Updated Brave documentation (#26860) 
Merged via squash.

Prepared head SHA: f8fc4bf01e
Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 01:34:15 -05:00
Peter Steinberger
d9d604c6ad docs: add dedicated pdf tool docs page 2026-03-03 04:07:04 +00:00
Josh Avant
806803b7ef feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580) 
* feat(secrets): expand secret target coverage and gateway tooling

* docs(secrets): align gateway and CLI secret docs

* chore(protocol): regenerate swift gateway models for secrets methods

* fix(config): restore talk apiKey fallback and stabilize runner test

* ci(windows): reduce test worker count for shard stability

* ci(windows): raise node heap for test shard stability

* test(feishu): make proxy env precedence assertion windows-safe

* fix(gateway): resolve auth password SecretInput refs for clients

* fix(gateway): resolve remote SecretInput credentials for clients

* fix(secrets): skip inactive refs in command snapshot assignments

* fix(secrets): scope gateway.remote refs to effective auth surfaces

* fix(secrets): ignore memory defaults when enabled agents disable search

* fix(secrets): honor Google Chat serviceAccountRef inheritance

* fix(secrets): address tsgo errors in command and gateway collectors

* fix(secrets): avoid auth-store load in providers-only configure

* fix(gateway): defer local password ref resolution by precedence

* fix(secrets): gate telegram webhook secret refs by webhook mode

* fix(secrets): gate slack signing secret refs to http mode

* fix(secrets): skip telegram botToken refs when tokenFile is set

* fix(secrets): gate discord pluralkit refs by enabled flag

* fix(secrets): gate discord voice tts refs by voice enabled

* test(secrets): make runtime fixture modes explicit

* fix(cli): resolve local qr password secret refs

* fix(cli): fail when gateway leaves command refs unresolved

* fix(gateway): fail when local password SecretRef is unresolved

* fix(gateway): fail when required remote SecretRefs are unresolved

* fix(gateway): resolve local password refs only when password can win

* fix(cli): skip local password SecretRef resolution on qr token override

* test(gateway): cast SecretRef fixtures to OpenClawConfig

* test(secrets): activate mode-gated targets in runtime coverage fixture

* fix(cron): support SecretInput webhook tokens safely

* fix(bluebubbles): support SecretInput passwords across config paths

* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths

* fix(bluebubbles): align SecretInput schema helper typing

* fix(cli): clarify secrets.resolve version-skew errors

* refactor(secrets): return structured inactive paths from secrets.resolve

* refactor(gateway): type onboarding secret writes as SecretInput

* chore(protocol): regenerate swift models for secrets.resolve

* feat(secrets): expand extension credential secretref support

* fix(secrets): gate web-search refs by active provider

* fix(onboarding): detect SecretRef credentials in extension status

* fix(onboarding): allow keeping existing ref in secret prompt

* fix(onboarding): resolve gateway password SecretRefs for probe and tui

* fix(onboarding): honor secret-input-mode for local gateway auth

* fix(acp): resolve gateway SecretInput credentials

* fix(secrets): gate gateway.remote refs to remote surfaces

* test(secrets): cover pattern matching and inactive array refs

* docs(secrets): clarify secrets.resolve and remote active surfaces

* fix(bluebubbles): keep existing SecretRef during onboarding

* fix(tests): resolve CI type errors in new SecretRef coverage

* fix(extensions): replace raw fetch with SSRF-guarded fetch

* test(secrets): mark gateway remote targets active in runtime coverage

* test(infra): normalize home-prefix expectation across platforms

* fix(cli): only resolve local qr password refs in password mode

* test(cli): cover local qr token mode with unresolved password ref

* docs(cli): clarify local qr password ref resolution behavior

* refactor(extensions): reuse sdk SecretInput helpers

* fix(wizard): resolve onboarding env-template secrets before plaintext

* fix(cli): surface secrets.resolve diagnostics in memory and qr

* test(secrets): repair post-rebase runtime and fixtures

* fix(gateway): skip remote password ref resolution when token wins

* fix(secrets): treat tailscale remote gateway refs as active

* fix(gateway): allow remote password fallback when token ref is unresolved

* fix(gateway): ignore stale local password refs for none and trusted-proxy

* fix(gateway): skip remote secret ref resolution on local call paths

* test(cli): cover qr remote tailscale secret ref resolution

* fix(secrets): align gateway password active-surface with auth inference

* fix(cli): resolve inferred local gateway password refs in qr

* fix(gateway): prefer resolvable remote password over token ref pre-resolution

* test(gateway): cover none and trusted-proxy stale password refs

* docs(secrets): sync qr and gateway active-surface behavior

* fix: restore stability blockers from pre-release audit

* Secrets: fix collector/runtime precedence contradictions

* docs: align secrets and web credential docs

* fix(rebase): resolve integration regressions after main rebase

* fix(node-host): resolve gateway secret refs for auth

* fix(secrets): harden secretinput runtime readers

* gateway: skip inactive auth secretref resolution

* cli: avoid gateway preflight for inactive secret refs

* extensions: allow unresolved refs in onboarding status

* tests: fix qr-cli module mock hoist ordering

* Security: align audit checks with SecretInput resolution

* Gateway: resolve local-mode remote fallback secret refs

* Node host: avoid resolving inactive password secret refs

* Secrets runtime: mark Slack appToken inactive for HTTP mode

* secrets: keep inactive gateway remote refs non-blocking

* cli: include agent memory secret targets in runtime resolution

* docs(secrets): sync docs with active-surface and web search behavior

* fix(secrets): keep telegram top-level token refs active for blank account tokens

* fix(daemon): resolve gateway password secret refs for probe auth

* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled

* fix(secrets): align token inheritance and exec timeout defaults

* docs(secrets): clarify active-surface notes in cli docs

* cli: require secrets.resolve gateway capability

* gateway: log auth secret surface diagnostics

* secrets: remove dead provider resolver module

* fix(secrets): restore gateway auth precedence and fallback resolution

* fix(tests): align plugin runtime mock typings

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-03 02:58:20 +00:00
Peter Steinberger
fa4ff5f3d2 refactor(acp): extract install hint resolver 2026-03-03 02:51:24 +00:00
john
04ac688dff fix(acp): use publishable acpx install hint 2026-03-03 02:34:07 +00:00
Peter Steinberger
42626648d7 docs(models): clarify moonshot thinking and failover stop-reason errors 2026-03-03 01:11:29 +00:00
Peter Steinberger
287606e445 feat(acp): add kimi harness support surfaces 2026-03-03 01:05:24 +00:00