vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 09:41:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,838 Commits 1,233 Branches 104 Tags
fe05983d9151eef42065fb5e445c41c3bc6a80e7
Commit Graph

276 Commits

Author SHA1 Message Date
Peter Steinberger
fe05983d91 chore: enable no-unnecessary-type-assertion 2026-04-10 20:14:48 +01:00
Peter Steinberger
c077af987f perf: add narrow inbound roots sdk surface 2026-04-10 17:34:41 +01:00
Peter Steinberger
be9bef32df perf: cache local tsgo checks 2026-04-10 17:06:28 +01:00
Peter Steinberger
e9fb4c7f93 perf: skip tsgo declaration transforms 2026-04-10 15:52:07 +01:00
Peter Steinberger
2ccb5cff22 test: move Vitest configs under test 2026-04-10 13:44:51 +01:00
Peter Steinberger
0b0c062e97 fix: avoid Claude CLI subscription prompt classifier 2026-04-10 10:52:35 +01:00
Altay
8cf02e7c47 fix(ci): clear check-additional follow-up regressions (#63934) 
* fix(ci): route messaging temp files through openclaw tmp dir

* fix(ci): clear qa-lab follow-up guardrails

* fix(ci): own-check ACP fallback resolvers

* fix(ci): preserve memory-core write error causes

* fix(ci): narrow qa-channel boundary alias

* fix(test): type memory-core dreaming api stubs
 2026-04-09 23:47:59 +01:00
Davanum Srinivas
08ae021d1f fix(qqbot): guard image-size probe against SSRF (#63495) 
* fix(qqbot): replace raw fetch in image-size probe with SSRF-guarded fetchRemoteMedia

Replace the bare fetch() in getImageSizeFromUrl() with fetchRemoteMedia()
from the plugin SDK, closing the blind SSRF via markdown image dimension
probing (GHSA-2767-2q9v-9326).

fetchRemoteMedia options: maxBytes 65536, maxRedirects 0, generic
public-network-only SSRF policy (no hostname allowlist, blocks
private/reserved/loopback/link-local/metadata IPs after DNS resolution).

Also fixes the repo-root resolution in scripts/lib/ts-guard-utils.mjs
which caused lint:tmp:no-raw-channel-fetch to miss extension files
entirely. The guard now walks up to .git instead of hardcoding two parent
traversals, and the allowlist is refreshed with all pre-existing raw
fetch callsites that became visible.

* fix(qqbot): guard image-size probe against SSRF (#63495) (thanks @dims)

---------

Co-authored-by: sliverp <870080352@qq.com>
 2026-04-09 16:48:04 +08:00
Mason Huang
aa15de8fdc plugin-sdk: split command status surface 2026-04-09 01:35:15 +01:00
Peter Steinberger
aa79b9fb7d test(docker): quiet success-path e2e logs 2026-04-09 00:29:24 +01:00
Peter Steinberger
edf6b490a6 fix: harden bundled plugin dependency release checks 2026-04-08 15:15:44 +01:00
Nimrod Gutman
6681878339 feat(ios): pin calver release versioning (#63001) 
* feat(ios): decouple app versioning from gateway

* feat(ios): pin calver release versioning

* refactor(ios): drop prerelease version helper fields

* docs(changelog): note pinned ios release versioning (#63001) (thanks @ngutman)
 2026-04-08 11:25:35 +03:00
Vincent Koc
45542fa726 fix(test): stabilize windows tooling assertions 2026-04-08 09:12:08 +01:00
Vincent Koc
be530f085d refactor(plugin-sdk): share tool payload extraction 2026-04-08 09:07:28 +01:00
Vincent Koc
490c9c80ef perf(plugin-sdk): split web search config contract 2026-04-08 09:03:07 +01:00
Peter Steinberger
f180474c2d ci: prepare extension lint artifacts 2026-04-08 03:54:03 +01:00
Gustavo Madeira Santana
cfe71e2e44 Docs: document approval adapter subpaths 2026-04-07 16:06:02 -04:00
Gustavo Madeira Santana
d78512b09d Refactor: centralize native approval lifecycle assembly (#62135) 
Merged via squash.

Prepared head SHA: b7c20a7398
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-07 14:40:26 -04:00
Peter Steinberger
e973275fd0 fix: harden claude-cli live switch smoke 2026-04-07 16:05:54 +01:00
Peter Steinberger
b96155e4e7 test(boundary): align package path invariants 2026-04-07 13:41:00 +01:00
Vincent Koc
dfb6c9c920 perf(plugin-sdk): split channel secret runtime helpers 2026-04-07 13:09:12 +01:00
Peter Steinberger
5390eadc4e Tests: fix boundary and late-run drift 2026-04-07 19:59:51 +08:00
Vincent Koc
29732c1459 test(plugins): lock xai boundary path drift 2026-04-07 11:21:04 +01:00
Peter Steinberger
e3cb19d162 test(boundary): unify package sdk type paths 2026-04-07 10:26:35 +01:00
Vincent Koc
fb64ba7bf7 refactor(plugins): harden package boundary sdk prep 2026-04-07 09:44:43 +01:00
Peter Steinberger
d56831f81b fix: align gemini cli live backend runs 2026-04-07 09:06:09 +01:00
Peter Steinberger
fd6d3f270d fix: repair ci lockfile and boundary drift 2026-04-07 09:02:26 +01:00
Vincent Koc
d5ed6d26e9 chore(plugins): bulk add package boundary tsconfig rollout 2026-04-07 08:48:23 +01:00
Peter Steinberger
86361f4fca fix: restore ci after rebase drift 2026-04-07 08:40:35 +01:00
Peter Steinberger
424b65b697 refactor: dedupe bluebubbles and zalouser readers 2026-04-07 08:40:34 +01:00
Vincent Koc
49fbecbf16 perf(plugin-sdk): add web fetch contract artifacts 2026-04-07 08:35:27 +01:00
Vincent Koc
55eb9841d9 fix(plugins): use canonical sdk dts for boundaries 2026-04-07 08:09:59 +01:00
Vincent Koc
fb10773a38 fix(plugins): repair package boundary sdk paths 2026-04-07 08:09:59 +01:00
Peter Steinberger
37dccb52ed test: add gemini acp bind docker coverage 2026-04-07 07:59:45 +01:00
Vincent Koc
e318f48ff2 perf(secrets): narrow channel secret-ref imports 2026-04-07 07:38:34 +01:00
Peter Steinberger
b7be963501 refactor: dedupe record guards 2026-04-07 05:06:54 +01:00
Peter Steinberger
7dc085890e refactor: dedupe script error formatting 2026-04-07 05:06:54 +01:00
Vincent Koc
2a6e8dca47 fix(plugin-sdk): add web-search contract subpath 2026-04-06 23:30:56 +01:00
Peter Steinberger
80c8567f9d fix: resolve merge conflicts and preserve runtime test fixes 2026-04-06 22:46:33 +01:00
Peter Steinberger
7a3497c8bd refactor: dedupe image generation runtime surface 2026-04-06 22:21:00 +01:00
Vincent Koc
78639eff76 perf(secrets): narrow channel secret sdk seam 2026-04-06 20:40:11 +01:00
Peter Steinberger
06d57e5107 fix: stabilize docker live tests 2026-04-06 19:31:16 +01:00
Peter Steinberger
b4785525df refactor: dedupe video generation runtime surface 2026-04-06 18:15:53 +01:00
Peter Steinberger
4610ceb2a5 refactor: dedupe media understanding runtime surface 2026-04-06 18:15:53 +01:00
Vincent Koc
8301ddfa84 fix(test): clean up vitest child process groups 2026-04-06 18:10:44 +01:00
Peter Steinberger
f1d7e9b569 refactor: dedupe volc model catalog helpers 2026-04-06 17:56:41 +01:00
Peter Steinberger
a4223f836d refactor: dedupe plugin release package scanning 2026-04-06 17:56:41 +01:00
Peter Steinberger
c7cc89904e fix: unblock claude docker live lanes 2026-04-06 17:31:11 +01:00
Peter Steinberger
e70168212d refactor: dedupe script and matrix send helpers 2026-04-06 17:21:52 +01:00
Peter Steinberger
d25491aa6d refactor: dedupe release git range helpers 2026-04-06 17:18:36 +01:00