vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-30 01:33:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
70e0fd4d8b91c81a982aaed2ddde4d178675a017
openclaw/extensions
History
Alix-007 25e184aeab fix(minimax): bound video control response reads (#96889) 
* fix(minimax): bound image/video success response reads

MiniMax image generation and video generation (task submit + status poll)
read their success responses through unbounded `await response.json()`, so
a misbehaving or hostile endpoint could stream an arbitrarily large body
into memory before parsing and exhaust the process. Read those success
bodies through the shared bounded reader (16 MiB cap, the same limit other
bundled providers and the sibling MiniMax web-search provider already use)
and cancel the stream on overflow. The error-body path is already bounded
via assertOkOrThrowHttpError; this closes the matching success-JSON gap.
MiniMax TTS is already bounded and is left unchanged.

AI-assisted.

* fix(minimax): bound video metadata response reads

* fix(minimax): leave image response sizing to image hardening

* fix(minimax): bound image/video success response reads

MiniMax image generation and video generation (task submit + status poll)
read their success responses through unbounded `await response.json()`, so
a misbehaving or hostile endpoint could stream an arbitrarily large body
into memory before parsing and exhaust the process. Read those success
bodies through the shared bounded reader (16 MiB cap, the same limit other
bundled providers and the sibling MiniMax web-search provider already use)
and cancel the stream on overflow. The error-body path is already bounded
via assertOkOrThrowHttpError; this closes the matching success-JSON gap.
MiniMax TTS is already bounded and is left unchanged.

AI-assisted.

* fix(minimax): bound video metadata response reads
2026-06-28 10:52:33 -04:00
..
acpx
Scope agent cron operations to the calling agent (#96883)
2026-06-26 21:41:14 -05:00
active-memory
test(active-memory): isolate empty recall mock
2026-06-22 19:33:21 +02:00
admin-http-rpc
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
alibaba
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
amazon-bedrock
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
amazon-bedrock-mantle
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
anthropic
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
anthropic-vertex
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
arcee
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
azure-speech
fix(speech): bound TTS/STT voice-list and transcription JSON response reads (#96496)
2026-06-25 14:32:53 -04:00
bonjour
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
brave
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
browser
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
byteplus
fix(byteplus): bound video-generation success response (#96606)
2026-06-25 13:47:07 -04:00
canvas
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
cerebras
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
chutes
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
clickclack
fix(clickclack): bound REST success JSON response reads (#96970)
2026-06-27 07:30:32 -07:00
cloudflare-ai-gateway
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
codex
fix(imessage): stage remote media for plugin claims (#91803)
2026-06-27 19:36:21 -07:00
codex-supervisor
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
cohere
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
comfy
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
copilot
feat(copilot): add BYOK provider parity
2026-06-24 18:29:56 +08:00
copilot-proxy
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
deepgram
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
deepinfra
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
deepseek
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
device-pair
refactor(extensions): remove unused helper exports
2026-06-19 00:33:04 +08:00
diagnostics-otel
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
diagnostics-prometheus
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
diffs
fix: reset diff viewer controllers on rehydrate (#96138)
2026-06-25 16:19:30 -07:00
diffs-language-pack
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
discord
fix(discord): bound REST response body to prevent OOM flood (#95412)
2026-06-28 10:20:37 -04:00
document-extract
fix(document-extract): render PDF image fallback per page so multi-page scans don't starve later pages (#96390)
2026-06-25 16:37:47 +08:00
duckduckgo
fix(duckduckgo): guard out-of-range numeric HTML entities (#96583)
2026-06-27 09:37:58 -07:00
elevenlabs
fix(speech): bound TTS/STT voice-list and transcription JSON response reads (#96496)
2026-06-25 14:32:53 -04:00
exa
fix(exa): bound untrusted search JSON response reads (#96038)
2026-06-24 10:57:37 -04:00
fal
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
feishu
fix feishu login qr rendering (#97087)
2026-06-26 12:09:38 -07:00
file-transfer
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
firecrawl
Bound successful provider response reads
2026-06-24 19:08:22 -05:00
fireworks
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
github-copilot
fix(github-copilot): bound model discovery and embeddings JSON response (#96499)
2026-06-25 14:46:09 -04:00
gmi
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
google
fix(google): bound TTS success JSON response reads (#96984)
2026-06-27 07:00:36 -07:00
google-meet
Stabilize Google Meet chrome-node launch config (#96908)
2026-06-25 22:11:57 -05:00
googlechat
fix(googlechat): truncate approval card text on UTF-16 boundary (#96573)
2026-06-27 09:31:26 -07:00
gradium
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
groq
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
huggingface
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
image-generation-core
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
imessage
fix(imessage): only strip standalone role-turn markers, not prose ending in a role word (#96392)
2026-06-25 16:05:36 +08:00
inworld
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
irc
fix(irc): sanitize internal tool-trace lines from outbound text (#97214)
2026-06-27 08:34:38 -07:00
kilocode
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
kimi-coding
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
line
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
litellm
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
llama-cpp
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
llm-task
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
lmstudio
test(lmstudio): fix model load response mocks
2026-06-24 21:14:28 +08:00
lobster
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
matrix
fix(matrix): truncate thread starter body on code-point boundaries (#97121)
2026-06-27 07:27:38 +08:00
mattermost
fix(mattermost): bound successful REST JSON/text response reads (#96033)
2026-06-28 10:40:32 -04:00
media-understanding-core
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
memory-core
perf(memory): add QMD search diagnostics and runtime cache (#96655)
2026-06-26 16:16:12 -04:00
memory-lancedb
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
memory-wiki
fix(wiki): wiki_get and wiki compile miss nested source files (#96022)
2026-06-24 16:19:14 +08:00
microsoft
fix(speech): bound TTS/STT voice-list and transcription JSON response reads (#96496)
2026-06-25 14:32:53 -04:00
microsoft-foundry
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
migrate-claude
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
migrate-hermes
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
minimax
fix(minimax): bound video control response reads (#96889)
2026-06-28 10:52:33 -04:00
mistral
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
moonshot
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
msteams
fix(msteams): truncate reflection prompt on UTF-16 boundary (#96578)
2026-06-27 09:30:26 -07:00
nextcloud-talk
fix(nextcloud-talk): bound external send/reaction response reads to prevent OOM (#96031)
2026-06-28 10:30:17 -04:00
nostr
fix(nostr): bound seen tracker timer options (#97133)
2026-06-27 07:40:36 -07:00
novita
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
nvidia
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
oc-path
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
ollama
fix(agent-core): ignore truncated tool calls (#97140)
2026-06-27 03:31:42 +01:00
open-prose
docs: require OpenProse remote import consent
2026-06-24 16:36:48 -05:00
openai
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
opencode
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
opencode-go
fix(opencode-go): re-arm idle timer on block-boundary events to prevent false stalled-stream abort (#97128)
2026-06-27 09:48:42 +08:00
openrouter
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
openshell
fix(exec): fail invalid explicit workdir before running (#94441)
2026-06-26 08:02:00 +10:00
parallel
Bound successful provider response reads
2026-06-24 19:08:22 -05:00
perplexity
Bound successful provider response reads
2026-06-24 19:08:22 -05:00
phone-control
pixverse
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
policy
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
qa-channel
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
qa-lab
test: promote OpenAI HTTP QA coverage (#97369)
2026-06-27 22:28:31 -07:00
qa-matrix
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
qianfan
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
qqbot
fix(qqbot): truncate reminder job name on code-point boundary (#96575)
2026-06-27 09:30:52 -07:00
qwen
fix(qwen): bound video success response (#96604)
2026-06-25 13:40:07 -04:00
raft
test(plugins): review channel daemon spawn findings
2026-06-25 03:42:44 +02:00
runway
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
searxng
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
senseaudio
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
sglang
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
signal
fix(signal): avoid duplicate cli missing note (#96932)
2026-06-25 21:30:44 -07:00
slack
fix: seed Slack thread context after reset (#97100)
2026-06-28 02:36:53 -04:00
sms
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
stepfun
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
synology-chat
fix(synology-chat): truncate sanitized input on UTF-16 boundary (#96574)
2026-06-27 09:31:33 -07:00
synthetic
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
talk-voice
tavily
Bound successful provider response reads
2026-06-24 19:08:22 -05:00
telegram
test(telegram): cover retained preview chunk gaps
2026-06-27 12:30:57 -07:00
tencent
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
test-support
Bound successful provider response reads
2026-06-24 19:08:22 -05:00
thread-ownership
tlon
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
together
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
tokenjuice
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
tts-local-cli
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
twitch
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
venice
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
vercel-ai-gateway
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
video-generation-core
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
vllm
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
voice-call
fix(voice-call): emit canonical session keys (#89884)
2026-06-27 01:29:58 +01:00
volcengine
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
voyage
fix(voyage): bound embedding-batch status, error, and non-OK responses (#96608)
2026-06-25 13:52:36 -04:00
vydra
fix(image-gen): bound image generation provider JSON response reads (#96495)
2026-06-26 07:08:30 -04:00
web-readability
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
webhooks
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
whatsapp
fix(whatsapp): elide auto-reply text on UTF-16 boundary (#96580)
2026-06-27 09:31:16 -07:00
workboard
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
xai
feat(xai): route OAuth login through device-code flow (#97249)
2026-06-27 10:02:57 -06:00
xiaomi
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
zai
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
zalo
Fix/zalo bound api json response reads (#97277)
2026-06-28 02:04:22 -07:00
zalouser
chore(release): close out 2026.6.10 on main (#96271)
2026-06-24 11:51:14 +08:00
.npmignore
AGENTS.md
CLAUDE.md
music-generation-providers.live.test.ts
tsconfig.package-boundary.base.json
tsconfig.package-boundary.paths.json
fix(ci): align sqlite refactor checks
2026-06-19 01:20:06 +08:00
video-generation-providers.live.test.ts