vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 08:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1c35795fce9acb429a7598633e863d1e312dcf68
openclaw/extensions
History
Agustin Rivera 1c35795fce fix(slack): align interaction auth with allowlists (#66028) 
* fix(slack): align interaction auth with allowlists

* fix(slack): address review followups

* fix(slack): preserve explicit owners with wildcard

* chore: append Claude comments resolution worklog

* fix(slack): harden interaction auth with default-deny, mandatory actor binding, and channel type validation

- Add interactiveEvent flag to authorizeSlackSystemEventSender for stricter
  interactive control authorization
- Default-deny when no allowFrom or channel users are configured for
  interactive events (block actions, modals)
- Require expectedSenderId for all interactive event types; block actions
  pass Slack-verified userId, modals pass metadata-embedded userId
- Reject ambiguous channel types for interactive events to prevent DM
  authorization bypass via channel-type fallback
- Add comprehensive test coverage for all new behaviors

* fix(slack): scope interactive owner/allowFrom enforcement to interactive paths only

* fix(slack): preserve no-channel interactive default

* Update context-engine-maintenance test

* chore: remove USER.md worklog artifact

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* changelog: note Slack interactive auth allowlist alignment (#66028)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-13 20:38:11 -06:00
..
acpx
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
active-memory
fix(active-memory): Move active memory recall into the hidden prompt prefix (#66144)
2026-04-13 16:05:43 -05:00
alibaba
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
amazon-bedrock
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
amazon-bedrock-mantle
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
anthropic
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
anthropic-vertex
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
arcee
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
bluebubbles
fix(bluebubbles): lazy-refresh Private API status on send (#43764) (#65447)
2026-04-13 11:03:47 -07:00
brave
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
browser
fix(browser): enforce SSRF policy on snapshot, screenshot, and tab routes [AI] (#66040)
2026-04-13 23:56:39 +05:30
byteplus
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
chutes
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
cloudflare-ai-gateway
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
codex
fix: include apiKey in codex provider catalog to unblock models.json loading (#66180)
2026-04-13 19:22:09 -07:00
comfy
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
copilot-proxy
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
deepgram
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
deepseek
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
device-pair
fix: disambiguate device-pair notify subscribers
2026-04-10 19:46:23 -05:00
diagnostics-otel
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
diffs
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
discord
fix(ci): unblock discord boundary typing
2026-04-13 22:37:24 +01:00
duckduckgo
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
elevenlabs
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
exa
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
fal
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
feishu
Feishu: tighten allowlist target canonicalization (#66021)
2026-04-13 16:59:07 -06:00
firecrawl
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
fireworks
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
github-copilot
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
google
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
googlechat
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
groq
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
huggingface
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
image-generation-core
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
imessage
fix: repair CI type checks
2026-04-12 12:04:59 -07:00
irc
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
kilocode
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
kimi-coding
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
line
fix(line): make webhook replay retries explicit
2026-04-13 16:05:50 +01:00
litellm
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
llm-task
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
lmstudio
[codex] Fix LM Studio header-auth follow-ups (#65806)
2026-04-13 17:45:06 +08:00
lobster
Lobster: import published core runtime (#64755)
2026-04-13 20:38:46 +02:00
matrix
plugins: trim staged runtime cargo
2026-04-13 18:10:40 -04:00
mattermost
fix(mattermost): dedupe repeated model picker selects
2026-04-13 17:47:29 +01:00
media-understanding-core
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
memory-core
fix(memory): unify default root memory handling (#66141)
2026-04-13 23:59:57 +02:00
memory-lancedb
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
memory-wiki
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
microsoft
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
microsoft-foundry
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
minimax
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
mistral
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
moonshot
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
msteams
fix(msteams): enforce sender allowlist checks on SSO signin invokes [AI] (#66033)
2026-04-13 23:52:30 +05:30
nextcloud-talk
fix(ci): repair extension boundary contracts
2026-04-13 22:37:25 +01:00
nostr
fix(nostr): dedupe deterministic rejected events
2026-04-13 18:07:23 +01:00
nvidia
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
ollama
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
open-prose
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
openai
agents: split GPT-5 prompt and retry behavior (#65597)
2026-04-12 18:52:22 -07:00
opencode
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
opencode-go
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
openrouter
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
openshell
test(e2e): repair OpenShell prerelease smoke
2026-04-13 00:20:51 +01:00
perplexity
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
phone-control
test: remove redundant phone control conversions
2026-04-10 21:55:28 +01:00
qa-channel
fix(ci): refresh qa-lab lockfile
2026-04-12 19:45:46 -07:00
qa-lab
test(qa-lab): cover GPT-style broken turns
2026-04-14 01:39:49 +01:00
qianfan
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
qqbot
Feat/fix qq ssrf url list (#65788)
2026-04-13 15:49:32 +08:00
qwen
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
runway
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
searxng
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
sglang
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
shared
test: trim whatsapp channel test barrels
2026-04-03 16:39:47 +01:00
signal
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
slack
fix(slack): align interaction auth with allowlists (#66028)
2026-04-13 20:38:11 -06:00
speech-core
fix(tts): correct tagged TTS syntax guidance (#65573)
2026-04-12 19:41:13 -03:00
stepfun
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
synology-chat
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
synthetic
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
talk-voice
chore: enable no-floating-promises
2026-04-10 20:14:49 +01:00
tavily
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
telegram
fix(ci): repair telegram ui and watch regressions
2026-04-13 23:49:59 +01:00
thread-ownership
refactor: simplify extension conversions
2026-04-11 01:37:23 +01:00
tlon
fix(tlon): release replay claims after handler failures
2026-04-13 16:45:58 +01:00
together
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
twitch
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
venice
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
vercel-ai-gateway
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
video-generation-core
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
vllm
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
voice-call
fix(stream): tighten voice stream ingress guards (#66027)
2026-04-13 16:51:16 -06:00
volcengine
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
vydra
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
webhooks
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
whatsapp
fix(ci): repair extension boundary contracts
2026-04-13 22:37:25 +01:00
xai
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
xiaomi
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
zai
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
zalo
fix(zalo): make replay retries explicit
2026-04-13 15:36:35 +01:00
zalouser
chore: bump version to 2026.4.12
2026-04-12 10:37:18 -07:00
.npmignore
AGENTS.md
docs(agents): split scoped workflow guidance (#65241)
2026-04-12 09:09:50 +01:00
CLAUDE.md
Docs: add boundary AGENTS guides (#56647)
2026-03-28 20:22:03 -04:00
music-generation-providers.live.test.ts
fix: stabilize media live provider coverage
2026-04-06 19:15:31 +01:00
tsconfig.package-boundary.base.json
refactor(cli): normalize route boundaries
2026-04-06 15:38:04 +01:00
tsconfig.package-boundary.paths.json
fix(ci): sync package boundary paths config
2026-04-09 23:59:00 +01:00
video-generation-providers.live.test.ts
test(video): narrow buffered live asset helper
2026-04-11 12:03:16 +01:00