vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 13:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
42,165 Commits 1,843 Branches 149 Tags
fc065b2693bfaeff795a88d080ff5cf30fe8addf
Commit Graph

25277 Commits

Author SHA1 Message Date
Pavan Kumar Gondhi
fc065b2693 Harden macOS shell wrapper allowlist parsing [AI] (#78518) 
* fix: harden shell wrapper allowlist parsing

* fix: harden shell wrapper approval binding

* docs: add changelog entry for PR merge

---------

Co-authored-by: Ishaan <ishaan@Ishaans-Mac-mini.local>
 2026-05-08 10:18:41 +05:30
Peter Steinberger
eabae023eb perf: lazy load memory embedding runtime 2026-05-08 05:39:13 +01:00
Peter Steinberger
1f88cb2ce5 fix(gateway): persist macOS stop disable after bootout 
Summary:
- carry forward #78412's macOS LaunchAgent bootout-by-default stop behavior and repair guard
- fix the remaining `gateway stop --disable` tail when the service is already not loaded after bootout
- add lifecycle regressions, docs, and changelog

Verification:
- pnpm install
- pnpm test src/cli/daemon-cli/lifecycle-core.test.ts src/cli/daemon-cli/lifecycle.test.ts src/daemon/launchd.test.ts
- pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/cli/daemon-cli/lifecycle-core.ts src/cli/daemon-cli/lifecycle.ts src/cli/daemon-cli/lifecycle-core.test.ts src/cli/daemon-cli/lifecycle.test.ts docs/cli/gateway.md docs/gateway/index.md src/daemon/launchd.ts src/daemon/launchd.test.ts src/cli/daemon-cli/register-service-commands.ts src/cli/daemon-cli/types.ts src/daemon/service-types.ts
- git diff --check origin/main...HEAD
- pnpm build
- Parallels macOS Tahoe VM reproduce/fix proof in PR body
- PR checks green: Real behavior proof, auto-response, dispatch, label, label-issues

Co-authored-by: wdeveloper16 <25180374+wdeveloper16@users.noreply.github.com>
 2026-05-08 05:35:21 +01:00
Peter Steinberger
fe79d85ae0 feat(imessage): add native imsg message actions 
Adds native iMessage private-API message actions, lightweight message-tool discovery, bridge capability cache sharing, execution-time action gates, target alias coverage, and regression tests.
 2026-05-08 05:34:22 +01:00
samzong
1819e41d26 fix(gateway): preserve node reconnect state (#78351) 
Preserve node registry ownership across same-node WebSocket reconnect races so stale old-socket closes cannot clear the replacement session or complete the wrong pending invoke.

Thanks @samzong.
 2026-05-08 12:32:18 +08:00
Peter Steinberger
9ef37d1907 test: tighten assertions and harness coverage 2026-05-08 05:28:12 +01:00
Alex Knight
b1eedb2fc8 Add ACP session load event ledger (#79093) 
* Add ACP session load event ledger

* Record ACP prompts after send acceptance

* Support ACP ledger replay by session key

* Harden ACP ledger replay completeness

* Harden ACP ledger review gaps

* Fix ACP canonical session key handling

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
 2026-05-08 13:54:08 +10:00
Val Alexander
d12c92c216 fix(usage): roll up session lineage history 
Summary:
- Roll up transcript-backed session usage across logical session lineage.
- Preserve lineage through /new and /reset rotations.
- Add Control UI usage scope controls with legacy gateway fallback.
- Refresh generated protocol and Control UI locale fallback surfaces.

Verification:
- pnpm test src/auto-reply/reply/session.test.ts ui/src/ui/controllers/usage.node.test.ts src/gateway/server-methods/usage.sessions-usage.test.ts
- pnpm protocol:check
- pnpm ui:i18n:check
- pnpm ui:build
- git diff --check
- PR CI green on 10f10850ee

Closes #50701.
 2026-05-07 22:38:11 -05:00
Jerry-Xin
6ec4e5cf4a fix: check effective UID (geteuid) in root guard 
assertNotRoot only checked process.getuid(), so the guard was bypassed
when the CLI was launched with a non-root real UID but an effective UID
of 0 (e.g. via a setuid-root wrapper). In that context the process still
has root write privileges and can cause the same state/config corruption
the guard was added to prevent.

Now checks both getuid() and geteuid() — either being 0 triggers the
guard. Added three tests covering setuid-root scenarios.
 2026-05-07 23:31:03 -04:00
Jerry-Xin
ad461c74cc fix: narrow container bypass to require container hint 
OPENCLAW_CLI_CONTAINER_BYPASS alone is an internal recursion sentinel,
not a user-facing opt-in. Require OPENCLAW_CONTAINER_HINT to also be
present — this combination only occurs in the container-forwarding flow
(container-target.ts), so inherited or accidental env vars can no
longer silently skip the root guard.
 2026-05-07 23:31:03 -04:00
Jerry-Xin
5986c2d013 fix: enforce root guard unconditionally on legacy entrypoint 
Remove the --help/--version exemption from the legacy entrypoint
(src/index.ts). Unlike src/entry.ts which has fast-path exits before
startup work, the legacy path always calls runCli() which runs dotenv
loading and debug capture initialization before rendering output. The
assertNotRoot() error message already shows the OPENCLAW_ALLOW_ROOT=1
escape hatch, so users can still discover the override.
 2026-05-07 23:31:03 -04:00
Jerry-Xin
690c7aa263 fix: apply root guard to legacy CLI entrypoint in src/index.ts 
runLegacyCliEntry now calls assertNotRoot() before runCli, matching
the protection already present in src/entry.ts. Help and version
invocations are exempted so users can still discover OPENCLAW_ALLOW_ROOT.
 2026-05-07 23:31:03 -04:00
Jerry-Xin
a5f6668a5c fix: skip root guard for container-forwarded CLI 
The container forwarder sets OPENCLAW_CLI_CONTAINER_BYPASS=1 but not
OPENCLAW_ALLOW_ROOT. When the child CLI inside a root-based container
hits assertNotRoot(), it would exit before command handling. Exempt
container-forwarded invocations from the root guard.
 2026-05-07 23:31:03 -04:00
Jerry-Xin
225339abc8 test: use static import in root-guard tests 
Replace dynamic import helper with a static import since root-guard.ts
has no module-level mutable state and vi.resetModules() is not used,
making the dynamic import unnecessary.
 2026-05-07 23:31:03 -04:00
忻役
ca8121d22b fix: add root guard to prevent CLI execution as root (#67478) 
Block openclaw CLI from running as root (uid 0) to prevent:
- Separate state directory at /root/.openclaw/
- Conflicting systemd user services racing on port 18789
- Root-owned files in the service user state dir (EACCES)

The guard runs early in src/entry.ts before any state/config operations.
Root-level --help and --version bypass the guard so users can discover
the OPENCLAW_ALLOW_ROOT=1 override. Subcommand help paths still enforce
the guard since they enter runCli() and resolve state directories.

Closes #67478
 2026-05-07 23:31:03 -04:00
Val Alexander
4e983aa57b fix: hide retired google gemini chat models 
Summary:
- Hide retired and non-public Google Gemini model IDs from Control UI/chat model catalogs.
- Route the bare gemini-3-pro alias to gemini-3.1-pro-preview.
- Keep models.list fallback rows filtered by manifest suppressions and update stale pricing-cache expectations.

Verification:
- pnpm test src/commands/models/list.list-command.forward-compat.test.ts src/commands/models/list.rows.test.ts extensions/google/manifest.test.ts extensions/google/model-id.test.ts extensions/google/provider-models.test.ts extensions/google/provider-policy-api.test.ts extensions/google/media-understanding-provider.video.test.ts src/plugin-sdk/provider-model-id-normalize.test.ts src/plugins/manifest-model-suppression.test.ts src/gateway/server-methods/models.test.ts ui/src/ui/chat-model-select-state.test.ts ui/src/ui/chat-model-ref.test.ts
- pnpm test src/gateway/model-pricing-cache.test.ts
- pnpm --silent openclaw models list --all --json --provider google / google-vertex hidden-row probe
- Testbox pnpm check:changed: https://github.com/openclaw/openclaw/actions/runs/25534551033
 2026-05-07 22:20:07 -05:00
pashpashpash
fb106fb9ae fix codex harness service tiers (#79152) 2026-05-08 12:10:41 +09:00
sallyom
cbc69d9a96 fix: surface gateway version skew 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-05-07 22:58:14 -04:00
Daev Mithran
9e1e59717f feat(plugin-sdk): add LLM completion API to plugin (#64294) 2026-05-07 19:27:48 -07:00
Omar Shahine
e259751ec9 feat(imessage): private-API support via imsg JSON-RPC [AI-assisted] (#78317) 
Merged via squash.

Prepared head SHA: b7d336b296
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Co-authored-by: omarshahine <10343873+omarshahine@users.noreply.github.com>
Reviewed-by: @omarshahine
 2026-05-07 19:20:18 -07:00
Peter Steinberger
bee3a7372e fix(cli): dispose agent harnesses on exit 2026-05-08 02:58:12 +01:00
Peter Steinberger
22657861c8 fix(agents): enable codex for openai overrides 2026-05-08 02:57:55 +01:00
Peter Steinberger
f463d471d3 fix(gateway): scope explicit live model registry 2026-05-08 02:57:30 +01:00
Josh Avant
83aad863fd Clarify exec filesystem policy drift (#79153) 
* docs: clarify exec filesystem policy

* fix: warn on exec filesystem policy drift

* docs: clarify exec filesystem mutation surface
 2026-05-07 20:05:19 -05:00
Peter Steinberger
e0cc5c0eee fix: preserve progress draft tool titles 2026-05-08 02:03:12 +01:00
Peter Steinberger
164ecfd7c8 fix: show web search queries in progress drafts 2026-05-08 02:03:12 +01:00
Peter Steinberger
accf774591 fix: make channel progress labels rolling 2026-05-08 02:03:12 +01:00
Peter Steinberger
ef29c85a48 fix: improve Discord progress draft rendering 2026-05-08 02:03:12 +01:00
Patrick Erichsen
31a710c5a6 Fix Telegram model status Codex auth label (#79135) 2026-05-07 20:43:31 -04:00
Kevin Lin
a1ac559ed7 feat(codex): enable native plugin app support (#78733) 
* feat(codex): add native plugin config schema

* feat(codex): add native plugin inventory activation

* feat(codex): configure native plugin apps for threads

* feat(codex): enforce plugin elicitation policy

* feat(codex): migrate native plugins

* docs(codex): document native plugin support

* fix(codex): harden plugin migration refresh

* fix(codex): satisfy plugin activation lint

* fix: stabilize codex plugin app config

* fix: address codex plugin review feedback

* fix: key codex plugin app cache by websocket credentials

* fix: keep codex plugin app fingerprints stable

* fix: refresh codex plugin cache test fixtures

* fix: refresh plugin app readiness after activation

* fix: support remote codex plugin activation

* fix: recover plugin app bindings after cache refresh

* fix: force codex app refresh after plugin activation

* fix: recover partial codex plugin app bindings

* fix: sync codex plugin selection config

* fix: keep codex plugin activation fail closed

* fix: align codex plugin protocol types with main

* fix: refresh partial codex plugin app bindings

* fix: key codex app cache by env api key

* fix: skip failed codex plugin migration config

* test: update codex prompt snapshots

* fix: fail closed on missing codex app inventory entries

* fix(codex): enforce native plugin policy gates

* fix(codex): normalize native plugin policy types

* fix(codex): fail closed on plugin refresh errors

* fix(codex): use native plugin destructive policy

* fix(codex): key plugin cache by api-key profiles

* fix(codex): drop unshipped plugin fingerprint compat

* fix(codex): let native app policy gate plugin tools

* fix(codex): allow open-world plugin app tools

* fix(codex): revalidate native plugin app bindings

* fix(codex): preserve plugin binding on recheck failure

* docs(codex): clarify plugin harness scope

* fix(codex): return activation report state exhaustively

* test(codex): refresh prompt snapshots after rebase

* fix(codex): match namespaced plugin ids
 2026-05-07 17:20:28 -07:00
Peter Steinberger
63ec912786 fix(openai): use GA realtime bridge for gpt-realtime-2 
Summary:
- switch OpenAI realtime voice default to gpt-realtime-2
- migrate backend OpenAI WebSocket bridge to the GA session shape and drop the beta header
- keep Azure deployment realtime bridges on the deployment-compatible shape
- extend live Talk smoke coverage and align npm Telegram package-runtime assertions

Verification:
- pnpm test extensions/openai/realtime-voice-provider.test.ts src/gateway/protocol/index.test.ts src/gateway/talk-handoff.test.ts extensions/google-meet/index.test.ts -- --reporter=dot
- pnpm test test/scripts/npm-telegram-live.test.ts -- --reporter=dot
- pnpm check:docs
- env OPENCLAW_TESTBOX=0 pnpm check:changed
- OPENCLAW_REALTIME_OPENAI_MODEL=gpt-realtime-2 node --import tsx scripts/dev/realtime-talk-live-smoke.ts
 2026-05-08 00:47:25 +01:00
pashpashpash
3f217964d1 Defer Codex dynamic tools behind search 
Defer OpenClaw Codex dynamic tools behind Codex tool_search, keep required turn-control tools direct, pin the managed Codex harness to 0.129.0-alpha.15, and document the real behavior/token impact from the live dev-agent watch.
 2026-05-07 16:40:37 -07:00
Kevin Lin
e984a99c7e fix: keep gateway watch sync tracing opt-in (#79110) 2026-05-07 16:40:35 -07:00
Mert Başar
029ca8c268 feat(agents): implement state-aware failover and lane suspension 
Summary:
- Persist quota-suspension state transitions and reload fresh suspension state before failover handoff injection.
- Restore suspended lanes to configured concurrency and share failover-to-suspension reason mapping across fallback and embedded runner paths.
- Export model.failover diagnostics via OTLP and cover queueing/resume behavior with regressions.

Verification:
- pnpm test src/config/sessions/store.pruning.integration.test.ts src/process/command-queue.test.ts src/agents/session-suspension.test.ts src/agents/model-fallback.test.ts extensions/diagnostics-otel/src/service.test.ts
- git diff --check
- pnpm exec oxfmt --check --threads=1 on changed TypeScript files
- GitHub checks: 92 successful, 0 pending, 0 failed on head 962146be88
- Review threads: none unresolved
 2026-05-07 18:34:05 -05:00
Peter Steinberger
6a4069dead fix: share plugin runtime helpers 
Consolidate shared plugin runtime MIME/schema helpers, preserve canonical runtime behavior, and guard QQBot STT fetches.
 2026-05-08 00:28:43 +01:00
Peter Steinberger
f3c9203631 fix(mistral): normalize structured completion content 2026-05-08 00:21:55 +01:00
Peter Steinberger
84dd9c7395 fix(gateway): fail closed for trusted-proxy auth 2026-05-08 00:21:08 +01:00
Peter Steinberger
97d2d40fb7 fix: allow safe exec secret passEnv inheritance 2026-05-08 00:00:40 +01:00
Peter Steinberger
3adce8fac1 fix: show active model in session status 2026-05-08 00:00:40 +01:00
sallyom
244c2b5b23 fix: bound skills watcher traversal 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-05-07 18:12:08 -04:00
Marcus Castro
5df08201ff refactor(runtime): add prepared runtime foundation (#78248) 
* docs(runtime): document prepared runtime guidance

* refactor(provider-runtime): thread prepared provider handles

* refactor(runtime-plan): add prepared runtime foundation

* refactor(outbound): add prepared channel runtime facts

* refactor(models): add scoped model reference helpers

* refactor(plugin-sdk): expose prepared runtime helper surfaces
 2026-05-07 18:49:42 -03:00
Shakker
70eabd3b08 fix: satisfy cron model selection checks 2026-05-07 22:47:04 +01:00
Peter Steinberger
6f4272bd04 fix(providers): preserve streaming error bodies 2026-05-07 22:36:31 +01:00
Peter Steinberger
830a72d2ee fix(chat): reset model override with default 2026-05-07 22:36:31 +01:00
Peter Steinberger
139122f655 fix(cron): show rejected model allowlist 2026-05-07 22:36:31 +01:00
Peter Steinberger
e74347bbe7 fix(agents): retry overloaded subagent announces 2026-05-07 22:36:31 +01:00
Peter Steinberger
a95d7ab1c8 fix(providers): honor cidr no_proxy entries 2026-05-07 22:36:31 +01:00
Peter Steinberger
70717c50fc fix(agents): clamp compaction reserve tokens 2026-05-07 22:05:45 +01:00
Alex Knight
6a8b4e422e Implement ACP bridge lifecycle handlers (#78880) 
* Implement ACP bridge lifecycle handlers

* docs: add acp smoke evidence example

* docs: trim acp smoke example

* docs: remove acp pr plan file

* fix: tighten acp session list filters

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
 2026-05-08 06:26:36 +10:00
Vincent Koc
2597723dfc fix(test): align main channel assumptions 2026-05-07 13:03:49 -07:00