github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-23 10:08:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,277 Commits 702 Branches 79 Tags
4c2cb73055c8defa4e094c8a861712f390c8a687
Commit Graph

4423 Commits

Author SHA1 Message Date
Peter Steinberger
4c2cb73055 fix(config): sanitize validation log output to prevent control character injection (#39116) 
Co-authored-by: Bill <gsamzn@gmail.com>
 2026-03-07 19:41:59 +00:00
Peter Steinberger
0e4603ac71 fix(agents): respect compat.supportsStore in WebSocket stream path (#39113) 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-07 19:40:34 +00:00
Peter Steinberger
5f8f58ae25 fix(gateway): require admin for chat config writes 2026-03-07 19:38:49 +00:00
Peter Steinberger
724d2d58fa fix(discord): avoid false model picker mismatch warning (#39105) 
Land #39105 by @akropp.

Co-authored-by: Adam Kropp <adam@thekropp.com>
 2026-03-07 19:32:35 +00:00
Peter Steinberger
17ab46aedd fix(models): prevent plaintext apiKey writes to models state (#38889) 
Land #38889 by @gambletan.

Co-authored-by: gambletan <ethanchang32@gmail.com>
 2026-03-07 19:29:46 +00:00
Peter Steinberger
de2ccffec1 fix(ui): stream tool events live in control chat (#39104) 
Land #39104 by @jakepresent.

Co-authored-by: Jake Present <jakepresent@microsoft.com>
 2026-03-07 19:27:17 +00:00
Sally O'Malley
499c1ee6e3 reduce image size, offer slim image (#38479) 
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 14:26:29 -05:00
Peter Steinberger
c06014d50c fix(agents): respect explicit provider baseUrl in merge mode (#39103) 
Land #39103 by @BigUncle.

Co-authored-by: BigUncle <biguncle2017@gmail.com>
 2026-03-07 19:22:21 +00:00
Peter Steinberger
537c97cce9 fix(agents): apply contextTokens cap for compaction threshold (#39099) 
Land #39099 by @MumuTW.

Co-authored-by: MumuTW <clothl47364@gmail.com>
 2026-03-07 19:19:03 +00:00
Peter Steinberger
e27bbe4982 fix(exec): block dangerous override-only env pivots 2026-03-07 19:18:05 +00:00
Peter Steinberger
6aa80844b8 fix(security): stage installs before publish 2026-03-07 19:11:07 +00:00
Peter Steinberger
31acad4e8f fix: harden zip extraction writes 2026-03-07 19:01:35 +00:00
Peter Steinberger
0f53177971 fix(tests): stabilize diffs localReq headers (supersedes #39063) 
Co-authored-by: Shennng <Shennng@users.noreply.github.com>
 2026-03-07 18:57:35 +00:00
Peter Steinberger
253e159700 fix: harden workspace skill path containment 2026-03-07 18:56:15 +00:00
Peter Steinberger
5effa6043e fix(agents): land #38935 from @MumuTW 
Co-authored-by: MumuTW <MumuTW@users.noreply.github.com>
 2026-03-07 18:55:49 +00:00
Peter Steinberger
231c1fa37a fix(models): land #38947 from @davidemanuelDEV 
Co-authored-by: davidemanuelDEV <davidemanuelDEV@users.noreply.github.com>
 2026-03-07 18:54:12 +00:00
Peter Steinberger
2f59a3cff3 fix(gateway): land #39064 from @Narcooo 
Co-authored-by: Narcooo <Narcooo@users.noreply.github.com>
 2026-03-07 18:52:42 +00:00
Peter Steinberger
2ada1b71b6 fix(models-auth): land #38951 from @MumuTW 
Co-authored-by: MumuTW <MumuTW@users.noreply.github.com>
 2026-03-07 18:51:17 +00:00
Peter Steinberger
8bd0eb5424 fix(outbound): land #38944 from @Narcooo 
Co-authored-by: Narcooo <Narcooo@users.noreply.github.com>
 2026-03-07 18:46:48 +00:00
Peter Steinberger
10d0e3f3ca fix(dashboard): keep gateway tokens out of URL storage 2026-03-07 18:33:30 +00:00
Peter Steinberger
46e324e269 docs(changelog): credit hook auth throttling report 2026-03-07 18:05:11 +00:00
Peter Steinberger
44820dcead fix(hooks): gate methods before auth lockout accounting 2026-03-07 18:05:09 +00:00
jsk
262fef6ac8 fix(discord): honor commands.allowFrom in guild slash auth (#38794) 
* fix(discord): honor commands.allowFrom in guild slash auth

* Update native-command.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update native-command.commands-allowfrom.test.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(discord): address slash auth review feedback

* test(discord): add slash auth coverage for allowFrom variants

* fix: add changelog entry for discord slash auth fix (#38794) (thanks @jskoiz)

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Shadow <hi@shadowing.dev>
 2026-03-07 12:03:52 -06:00
Peter Steinberger
c6472c189f chore: land #39056 Node version hint sync (thanks @onstash) 
Land contributor change from #39056 and append changelog credit for @onstash.

Co-authored-by: Santosh Venkatraman <santosh.venk@gmail.com>
 2026-03-07 17:51:54 +00:00
Peter Steinberger
46715371b0 fix(security): strip custom auth headers on cross-origin redirects 2026-03-07 17:34:42 +00:00
Josh Avant
8e20dd22d8 Secrets: harden SecretRef-safe models.json persistence (#38955) 2026-03-07 11:28:39 -06:00
Peter Steinberger
b08337b902 docs(changelog): credit allowlist scoping report 2026-03-07 17:09:28 +00:00
Vincent Koc
70da80bcb5 Auto-reply: scope allowlist store writes by account (#39015) 
* Auto-reply: scope allowlist store writes

* Tests: cover allowlist store account scoping

* Changelog: note allowlist store scoping hardening
 2026-03-07 08:51:20 -08:00
Peter Steinberger
3a50e46cbf fix(nostr): harden profile mutation proxy guards 2026-03-07 16:44:21 +00:00
Peter Steinberger
1dd4f92ea2 fix: default local onboarding tools profile to coding 2026-03-07 16:41:27 +00:00
Muhammed Mukhthar CM
4f08dcccfd Mattermost: add interactive model picker (#38767) 
Merged via squash.

Prepared head SHA: 0883654e88
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-07 21:45:29 +05:30
Florian Hines
33e7394861 fix(providers): make all models available in kilocode provider (#32352) 
* kilocode: dynamic model discovery, kilo/auto default, cooldown exemption

- Replace 9-model hardcoded catalog with dynamic discovery from
  GET /api/gateway/models (Venice-like pattern with static fallback)
- Default model changed from anthropic/claude-opus-4.6 to kilo/auto
  (smart routing model)
- Add createKilocodeWrapper for X-KILOCODE-FEATURE header injection
  and reasoning.effort handling (skip for kilo/auto)
- Add kilocode to cooldown-exempt providers (proxy like OpenRouter)
- Keep sync buildKilocodeProvider for onboarding, add async
  buildKilocodeProviderWithDiscovery for implicit provider resolution
- Per-token gateway pricing converted to per-1M-token for cost fields

* kilocode: skip reasoning injection for x-ai models, harden discovery loop

* fix(kilocode): keep valid discovered duplicates (openclaw#32352, thanks @pandemicsyn)

* refactor(proxy): normalize reasoning payload guards (openclaw#32352, thanks @pandemicsyn)

* chore(changelog): note kilocode hardening (openclaw#32352, thanks @pandemicsyn and @vincentkoc)

* chore(changelog): fix kilocode note format (openclaw#32352, thanks @pandemicsyn and @vincentkoc)

* test(kilocode): support auto-model override cases (openclaw#32352, thanks @pandemicsyn)

* Update CHANGELOG.md

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 08:14:06 -08:00
Jason
786ec21b5a docs(cli): improve memory command examples (#31803) 
Merged via squash.

Prepared head SHA: 15dcda3027
Co-authored-by: JasonOA888 <101583541+JasonOA888@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-07 19:03:23 +03:00
Nimrod Gutman
1eb7198bad fix(ios): skip quick setup when a gateway is configured (#38964) 
* fix(ios): hide quick setup when gateway is configured

* fix: note ios quick setup gating for configured gateways (#38964) (thanks @ngutman)
 2026-03-07 17:46:16 +02:00
Nimrod Gutman
0bac6e4d67 fix: add changelog note for ios app store connect release prep (#38936) (thanks @ngutman) 2026-03-07 17:21:07 +02:00
Rodrigo Uroz
4c0b873a4d Config/Compaction: expose safeguard preserve and quality settings (#25557) 
Merged via squash.

Prepared head SHA: ea9904039a
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-07 07:13:13 -08:00
Ayaan Zaidi
bdd0f74188 docs: add changelog for markdown image hardening (#38895) 2026-03-07 19:46:41 +05:30
Ayaan Zaidi
9e1de97a69 fix(telegram): route native topic commands to the active session (#38871) 
* fix(telegram): resolve session entry for /stop in forum topics

Fixes #38675

- Export normalizeStoreSessionKey from store.ts for reuse
- Use it in resolveSessionEntryForKey so topic session keys (lowercase
  in store) are found when handling /stop
- Add test for forum topic session key lookup

* fix(telegram): share native topic routing with inbound messages

* fix: land telegram topic routing follow-up (#38871)

---------

Co-authored-by: xialonglee <li.xialong@xydigit.com>
 2026-03-07 19:01:16 +05:30
Ayaan Zaidi
05c240fad6 fix: restart Windows gateway via Scheduled Task (#38825) (#38825) 2026-03-07 18:00:38 +05:30
Ayaan Zaidi
26c9796736 fix: check managed systemd unit before is-enabled (#38819) 2026-03-07 17:11:07 +05:30
Peter Steinberger
f358c6f2fb docs: reorder 2026.3.7 changelog highlights 2026-03-07 10:10:42 +00:00
Peter Steinberger
997a9f5b9e chore: bump version to 2026.3.7 2026-03-07 10:09:02 +00:00
Ayaan Zaidi
2018d8aa99 docs: add changelog entry for Android package rename (#38712) 2026-03-07 14:51:03 +05:30
Tak Hoffman
8873e13f1e fix(gateway): stop stale-socket restarts before first event (#38643) 
* fix(gateway): guard stale-socket restarts by event liveness

* fix(gateway): centralize connect-time liveness tracking

* fix(web): apply connected status patch atomically

* fix(gateway): require active socket for stale checks

* fix(gateway): ignore inherited stale event timestamps
 2026-03-07 00:58:08 -06:00
ql-wade
a5c07fa115 fix(gateway): skip stale-socket restarts for Telegram polling (openclaw#38405) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: ql-wade <262266039+ql-wade@users.noreply.github.com>
 2026-03-07 00:20:34 -06:00
拐爷&&老拐瘦
2e31aead39 fix(gateway): invalidate bootstrap cache on session rollover (openclaw#38535) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: yfge <1186273+yfge@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 23:46:02 -06:00
Ayaan Zaidi
e802840b62 docs: update changelog for reply media delivery (#38572) 2026-03-07 10:52:16 +05:30
Xinhua Gu
024af2b738 fix(feishu): disable block streaming to prevent silent reply drops (openclaw#38422) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 22:33:30 -06:00
ql-wade
e309a15d73 fix: suppress ACP NO_REPLY fragments in console output (#38436) 2026-03-07 09:34:45 +05:30
Xinhua Gu
1a022a31de fix(gateway): classify wrapped "fetch failed" messages as transient network errors (openclaw#38530) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-06 21:47:32 -06:00