Peter Steinberger
0768b4f2ad
test: dedupe tools invoke mock reads
2026-05-12 23:05:20 +01:00
Peter Steinberger
067666df90
test: guard gateway call assertions
2026-05-12 10:53:58 +01:00
Peter Steinberger
a644d5dd46
test: guard gateway helper assertions
2026-05-11 20:13:19 +01:00
Peter Steinberger
a2b36587dd
test: guard gateway mock call helpers
2026-05-11 19:05:19 +01:00
brokemac79
a67753cc25
fix(agents): clarify subagent spawn wait guidance ( #79051 )
...
Summary:
- Replace the subagent spawn accepted-note yield guidance with push-based completion-event guidance.
- Cover the prompt with regression assertions that keep sessions_yield out of the note.
- Keep current rebased lint/type test helpers green.
Verification:
- pnpm lint
- pnpm check:test-types
- env -u OPENCLAW_TESTBOX -u OPENCLAW_TESTBOX_ID pnpm check:changed
Co-authored-by: brokemac79 <martin_cleary@yahoo.co.uk >
2026-05-10 17:11:32 +01:00
Peter Steinberger
7ef587b264
test: clear latest gateway mock lint
2026-05-10 17:06:15 +01:00
Peter Steinberger
147bf4807b
test: clear gateway tools invoke broad matchers
2026-05-10 16:49:01 +01:00
Eva
cb38535875
[plugin sdk] Project session extension slots ( #75609 )
...
Merged via squash.
Prepared head SHA: d9b670a867239388517+100yenadmin@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-05-04 08:04:27 -07:00
Peter Steinberger
e5ec14a06a
fix(plugins): discover alsoAllow plugin tools
...
Summary:
- Discover optional plugin tools named in tools.alsoAllow without treating additive alsoAllow as a restrictive plugin-tool allowlist.
- Preserve explicit alsoAllow wildcards and keep default non-optional plugin tools visible.
- Document llm-task and lobster enablement and add changelog coverage.
Verification:
- pnpm test src/agents/tool-policy.test.ts src/gateway/tools-invoke-http.test.ts src/agents/pi-tools.create-openclaw-coding-tools.test.ts src/plugins/tools.optional.test.ts
- pnpm exec oxfmt --check --threads=1 src/agents/sandbox-tool-policy.ts src/agents/tool-policy.ts src/agents/tool-policy.test.ts src/agents/pi-tools.create-openclaw-coding-tools.test.ts src/gateway/tools-invoke-http.test.ts src/plugins/tools.ts src/plugins/tools.optional.test.ts
- git diff --check
- Blacksmith Testbox tbx_01kqr05924hz9kw50myxrqmsf9: pnpm check:changed
Fixes #76616
2026-05-03 23:46:14 +01:00
Val Alexander
57d6e63f30
fix(gateway): keep requested plugin tools invokable ( #76285 ) thanks @BunsDev
...
Keep directly requested plugin tools invokable under restrictive profiles, with the changelog update included on the verified branch.
2026-05-02 17:48:11 -05:00
NVIDIAN
ef0eb12615
feat(gateway): add SDK-facing tools.invoke RPC
...
Adds the SDK-facing tools.invoke Gateway RPC for #74705 .
Reuses the /tools/invoke policy path for tool policy, deny-list, owner filtering, before-tool-call hooks, session/agent scoping, and plugin approval handling. Returns typed SDK approval/refusal/success results while preserving HTTP compatibility and uses idempotencyKey as the stable tool-call id.
Includes protocol schema exports, method scope/list registration, SDK helper/types, docs, generated Swift models, tests, and changelog credit.
2026-05-01 03:16:53 -05:00
Peter Steinberger
161b722303
test(gateway): mock split config modules
2026-04-27 20:54:23 +01:00
Peter Steinberger
7f3f108521
refactor(config): migrate plugin config access
2026-04-27 12:35:58 +01:00
Peter Steinberger
98a99765af
fix(gateway): invoke plugin-backed catalog tools
...
Co-authored-by: chat2way <chat2way@users.noreply.github.com >
2026-04-25 05:28:03 +01:00
Vincent Koc
a5aceebc01
test(gateway): share bearer agents list invoke
2026-04-12 18:20:39 +01:00
Peter Steinberger
6710358eda
test: simplify tools invoke session keys
2026-04-11 00:19:43 +01:00
Agustin Rivera
fe0f686c92
Gate Matrix profile updates for non-owner message tool runs ( #62662 )
...
Merged via squash.
Prepared head SHA: 602b16a67631522568+eleqtrizit@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-04-10 12:56:17 -04:00
Peter Steinberger
cad1b89b26
fix: keep core gateway tool invokes on shipped tools
2026-04-05 12:03:30 +09:00
Peter Steinberger
3de09fbe74
fix: restore claude cli loopback mcp bridge ( #35676 ) (thanks @mylukin)
2026-04-04 15:16:20 +09:00
Peter Steinberger
cbfeecfab4
fix(gateway): restore shared-secret HTTP tool invoke auth
2026-03-31 22:55:15 +09:00
Jacob Tomlinson
f0af186726
gateway: ignore bearer-declared HTTP operator scopes ( #57783 )
...
* gateway: ignore bearer-declared HTTP operator scopes
* gateway: key HTTP bearer guards to auth mode
* gateway: refresh rebased HTTP regression expectations
* gateway: honor resolved HTTP auth method
* gateway: remove duplicate openresponses owner flags
2026-03-30 20:04:33 +01:00
Jacob Tomlinson
29cb1e3c7e
Gateway: tighten HTTP tool invoke authorization ( #57773 )
...
* Gateway: harden HTTP tool invoke access
* Gateway: strengthen HTTP tools invoke regression coverage
* Gateway: keep owner-only tools off HTTP
2026-03-30 16:59:40 +01:00
Josh Lehman
eeb140b4f0
fix(plugins): late-binding subagent runtime for non-gateway load paths ( #46648 )
...
Merged via squash.
Prepared head SHA: 44742652c9550978+jalehman@users.noreply.github.com >
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com >
Reviewed-by: @jalehman
2026-03-16 14:27:54 -07:00
Nimrod Gutman
b77b7485e0
feat(push): add iOS APNs relay gateway ( #43369 )
...
* feat(push): add ios apns relay gateway
* fix(shared): avoid oslog string concatenation
# Conflicts:
# apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayChannel.swift
* fix(push): harden relay validation and invalidation
* fix(push): persist app attest state before relay registration
* fix(push): harden relay invalidation and url handling
* feat(push): use scoped relay send grants
* feat(push): configure ios relay through gateway config
* feat(push): bind relay registration to gateway identity
* fix(push): tighten ios relay trust flow
* fix(push): bound APNs registration fields (#43369 ) (thanks @ngutman)
2026-03-12 18:15:35 +02:00
Altay
4eccea9f7f
test(gateway): widen before tool hook mock typing ( #43476 )
...
* test(gateway): widen before tool hook mock typing
* chore: update pnpm.lock
2026-03-12 00:17:03 +03:00
Peter Steinberger
8cc0c9baf2
fix(gateway): run before_tool_call for HTTP tools
2026-03-11 20:18:24 +00:00
Ayaan Zaidi
7b5e64ef2e
fix: preserve raw media invoke for HTTP tool clients ( #34365 )
2026-03-04 17:17:39 +05:30
Peter Steinberger
4ba5937ef9
refactor(tests): dedupe tools invoke http request helpers
2026-03-03 01:54:28 +00:00
Gustavo Madeira Santana
5f49a5da3c
Diffs: extend image quality configs and add PDF as a format option ( #31342 )
...
Merged via squash.
Prepared head SHA: cc120978515599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-03-02 04:38:50 -05:00
Sahil Satralkar
28d658e178
Tests: verify tools invoke propagates route headers for subagent spawn context
2026-02-24 04:12:25 +00:00
Peter Steinberger
b109fa53ea
refactor(core): dedupe gateway runtime and config tests
2026-02-22 07:44:57 +00:00
Peter Steinberger
10b8839a82
fix(security): centralize WhatsApp outbound auth and return 403 tool auth errors
2026-02-21 14:31:01 +01:00
Peter Steinberger
36a0df423d
refactor(gateway): make ws and http auth surfaces explicit
2026-02-21 13:33:09 +01:00
Peter Steinberger
a69e7682c1
refactor(test): dedupe channel and monitor action suites
2026-02-18 04:49:22 +00:00
Peter Steinberger
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
Peter Steinberger
b1dd23f61d
perf(test): mock config stack in tools invoke http tests
2026-02-14 18:46:24 +00:00
Peter Steinberger
4d4296cae5
perf(test): speed up gateway tools invoke HTTP tests
2026-02-14 18:46:24 +00:00
Peter Steinberger
a7a08b6650
test(gateway): cover tools allow/deny precedence
2026-02-14 13:18:49 +01:00
Peter Steinberger
4bef423d83
perf(test): reduce gateway reload waits and trim duplicate invoke coverage
2026-02-13 23:50:08 +00:00
Peter Steinberger
6442512954
perf: reduce hotspot test startup and timeout costs
2026-02-13 20:03:01 +00:00
Peter Steinberger
767fd9f222
fix: classify /tools/invoke errors and sanitize 500s ( #13185 ) (thanks @davidrudduck)
2026-02-13 16:58:30 +01:00
Peter Steinberger
ee31cd47b4
fix: close OC-02 gaps in ACP permission + gateway HTTP deny config ( #15390 ) (thanks @aether-ai-agent)
2026-02-13 14:30:06 +01:00
aether-ai-agent
749e28dec7
fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02)
...
Two critical RCE vectors patched:
Vector 1 - Gateway HTTP /tools/invoke:
- Add DEFAULT_GATEWAY_HTTP_TOOL_DENY blocking sessions_spawn,
sessions_send, gateway, whatsapp_login from HTTP invocation
- Apply deny filter after existing policy cascade, before tool lookup
- Add gateway.tools.{allow,deny} config override in GatewayConfig
Vector 2 - ACP client auto-approval:
- Replace blind allow_once selection with danger-aware permission handler
- Dangerous tools (exec, sessions_spawn, etc.) require interactive confirmation
- Safe tools retain auto-approve behavior (backward compatible)
- Empty options array now denied (was hardcoded "allow")
- 30s timeout auto-denies to prevent hung sessions
CWE-78 | CVSS:3.1 9.8 Critical
2026-02-13 14:30:06 +01:00
Peter Steinberger
8899f9e94a
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
cpojer
935a0e5708
chore: Enable typescript/no-explicit-any rule.
2026-02-02 16:18:09 +09:00
Tyler Yust
476f367cf1
Gateway: avoid writing host config in tools invoke test
2026-02-01 17:19:23 -08:00
