github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-01 18:46:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,277 Commits 702 Branches 79 Tags
4c2cb73055c8defa4e094c8a861712f390c8a687
Commit Graph

4423 Commits

Author SHA1 Message Date
Peter Steinberger
a909019078 fix: align gateway run auth modes (#27469) (thanks @s1korrrr) 2026-02-26 18:20:27 +00:00
Shakker
b788616d9c fix(cli): add TLS daemon-status probe regression coverage 2026-02-26 18:13:33 +00:00
Shakker
d0d83a2020 docs(changelog): add PR #17017 entry 2026-02-26 17:10:09 +00:00
Peter Steinberger
10481097f8 refactor(security): enforce v1 node exec approval binding 2026-02-26 18:09:01 +01:00
Peter Steinberger
0ec7711bc2 fix(agents): harden compaction and reset safety 
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
 2026-02-26 17:41:24 +01:00
Peter Steinberger
258d615c4d fix: harden plugin route auth path canonicalization 2026-02-26 17:02:06 +01:00
Peter Steinberger
37a138c554 fix: harden typing lifecycle and cross-channel suppression 2026-02-26 17:01:09 +01:00
Ayaan Zaidi
baf1c8ea13 docs: add changelog for android device node commands (#27664) (thanks @obviyus) 2026-02-26 21:26:11 +05:30
riccoyuanft
60bb475355 fix: set authHeader: true by default for MiniMax API provider (#27622) 
* Update onboard-auth.config-minimax.ts

fix issue #27600

* fix(minimax): default authHeader for implicit + onboarding providers (#27600)

Landed from contributor PR #27622 by @riccoyuanft and PR #27631 by @kevinWangSheng.
Includes a small TS nullability guard in lane delivery to keep build green on rebased head.

Co-authored-by: riccoyuanft <riccoyuan@gmail.com>
Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>
 2026-02-26 15:53:51 +00:00
Peter Steinberger
b678308d96 docs: add unreleased security note for msteams ssrf hardening 2026-02-26 16:48:32 +01:00
Peter Steinberger
2e97d0dd95 fix: finalize teams file-consent timeout landing (#27641) (thanks @scz2011) 2026-02-26 15:42:08 +00:00
Peter Steinberger
7d9397099b fix(bluebubbles): allow configured host for attachment SSRF guard 
Co-authored-by: damaozi <1811866786@qq.com>
 2026-02-26 16:40:57 +01:00
Peter Steinberger
c81e9866ff fix(pi): stop history image reinjection token blowup 2026-02-26 16:38:20 +01:00
Peter Steinberger
9a4b2266cc fix(security): bind node system.run approvals to env 2026-02-26 16:38:07 +01:00
Peter Steinberger
7f863e22b0 docs(changelog): unify gateway restart-loop fixes 2026-02-26 15:31:04 +00:00
Peter Steinberger
03d7641b0e feat(agents): default codex transport to websocket-first 2026-02-26 16:22:53 +01:00
Peter Steinberger
fae8de9ae0 fix(browser): land PR #27617 relay reconnect resilience 2026-02-26 15:08:55 +00:00
Peter Steinberger
aa17bdbe4a docs(changelog): reorder all unreleased entries by user impact 2026-02-26 16:05:47 +01:00
Peter Steinberger
45b5c23825 docs(changelog): reorder unreleased changes by user interest 2026-02-26 16:03:29 +01:00
Peter Steinberger
0f9c602591 docs(changelog): highlight external secrets management (#26155) 2026-02-26 16:01:23 +01:00
Peter Steinberger
47fc6a0806 fix: stabilize secrets land + docs note (#26155) (thanks @joshavant) 2026-02-26 14:47:22 +00:00
Peter Steinberger
79659b2b14 fix(browser): land PR #11880 decodeURIComponent guardrails 
Guard malformed percent-encoding in relay target routes and browser dispatcher params, add regression tests, and update changelog.
Landed from contributor @Yida-Dev (PR #11880).

Co-authored-by: Yida-Dev <reyifeijun@gmail.com>
 2026-02-26 14:37:48 +00:00
Ayaan Zaidi
22b0f36350 fix: add changelog entry for telegram webhook updates (#25732) (thanks @huntharo) 2026-02-26 20:01:50 +05:30
Peter Steinberger
5416cabdf8 fix(browser): land PR #21277 dedupe concurrent relay init 
Add shared per-port relay initialization dedupe so concurrent callers await a single startup lifecycle, with regression coverage and changelog entry.
Landed from contributor @HOYALIM (PR #21277).

Co-authored-by: Ho Lim <subhoya@gmail.com>
 2026-02-26 14:30:46 +00:00
Peter Steinberger
65d5a91242 fix(browser): land PR #22571 with safe extension handshake handling 
Bind relay WS message handling before onopen and add non-blocking connect.challenge response support without forcing handshake waits on current relay protocol.
Landed from contributor @pandego (PR #22571).

Co-authored-by: pandego <7780875+pandego@users.noreply.github.com>
 2026-02-26 14:26:14 +00:00
Peter Steinberger
ce833cd6de fix(browser): land PR #24142 flush relay pending timers on stop 
Flush pending extension request timers/rejections during relay shutdown and document in changelog.
Landed from contributor @kevinWangSheng (PR #24142).

Co-authored-by: Shawn <118158941+kevinWangSheng@users.noreply.github.com>
 2026-02-26 14:20:43 +00:00
Peter Steinberger
42cf32c386 fix(browser): land PR #26015 query-token auth for /json relay routes 
Align relay HTTP /json auth with websocket auth by accepting query-param tokens, add regression coverage, and update changelog.
Landed from contributor @Sid-Qin (PR #26015).

Co-authored-by: SidQin-cyber <sidqin0410@gmail.com>
 2026-02-26 14:17:41 +00:00
Peter Steinberger
4c75eca580 fix(browser): land PR #23962 extension relay CORS fix 
Reworks browser relay CORS handling for extension-origin preflight and JSON responses, adds regression tests, and updates changelog.
Landed from contributor @miloudbelarebia (PR #23962).

Co-authored-by: Miloud Belarebia <miloudbelarebia@users.noreply.github.com>
 2026-02-26 14:14:30 +00:00
Peter Steinberger
96aad965ab fix: land NO_REPLY announce suppression and auth scope assertions 
Landed follow-up for #27535 and aligned shared-auth gateway expectations after #27498.

Co-authored-by: kevinWangSheng <118158941+kevinWangSheng@users.noreply.github.com>
 2026-02-26 13:40:58 +00:00
Peter Steinberger
4b259ab81b fix(models): normalize trailing @profile parsing across resolver paths 
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Marcus Castro <mcaxtr@gmail.com>
Co-authored-by: Brandon Wise <brandonawise@gmail.com>
 2026-02-26 14:34:15 +01:00
Peter Steinberger
00e8e88a7c docs(changelog): note auth-profile alias normalization (#26950) (thanks @byungsker) 2026-02-26 13:32:05 +00:00
Nimrod Gutman
85b075d0cc fix: record ios talk voice directive hint removal (#27543) (thanks @ngutman) 2026-02-26 15:19:07 +02:00
Peter Steinberger
473a27470f fix(auto-reply): gate inline directives on resolved auth (#27248) 
Landed from contributor PR #27248 by @kevinWangSheng.

Co-authored-by: shenghui kevin <shenghuikevin@shenghuideMac-mini.local>
 2026-02-26 13:11:39 +00:00
Peter Steinberger
7d8aeaaf06 fix(gateway): pin paired reconnect metadata for node policy 2026-02-26 14:11:04 +01:00
Peter Steinberger
c397a02c9a fix(queue): harden drain/abort/timeout race handling 
- reject new lane enqueues once gateway drain begins
- always reset lane draining state and isolate onWait callback failures
- persist per-session abort cutoff and skip stale queued messages
- avoid false 600s agentTurn timeout in isolated cron jobs

Fixes #27407
Fixes #27332
Fixes #27427

Co-authored-by: Kevin Shenghui <shenghuikevin@github.com>
Co-authored-by: zjmy <zhangjunmengyang@gmail.com>
Co-authored-by: suko <miha.sukic@gmail.com>
 2026-02-26 13:43:39 +01:00
Peter Steinberger
1aef45bc06 fix: harden boundary-path canonical alias handling 2026-02-26 13:43:29 +01:00
Peter Steinberger
2ca2d5ab1c docs: add changelog note for sandbox alias fix 2026-02-26 13:30:45 +01:00
Peter Steinberger
8b5ebff67b fix(cron): prevent isolated hook session-key double-prefixing (land #27333, @MaheshBhushan) 
Co-authored-by: MaheshBhushan <mkoduri73@gmail.com>
 2026-02-26 12:29:10 +00:00
Peter Steinberger
5df9aacf68 fix(podman): default run-openclaw-podman bind to loopback (land #27491, thanks @robbyczgw-cla) 
Co-authored-by: robbyczgw-cla <robbyczgw@gmail.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
a288f3066f fix(gateway): warn on non-loopback bind at startup (land #25397, thanks @let5sne) 
Co-authored-by: let5sne <let5sne@users.noreply.github.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
327f0526d1 fix(gateway): use loopback for CLI status probe when bind=lan (land #26997, thanks @chikko80) 
Co-authored-by: Manuel Seitz <seitzmanuel0@gmail.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
da53015ef5 fix(onboard): seed Control UI origins for non-loopback binds (land #26157, thanks @stakeswky) 
Co-authored-by: 不做了睡大觉 <stakeswky@users.noreply.github.com>
 2026-02-26 12:13:20 +00:00
Peter Steinberger
cf4853e2b8 fix: avoid duplicate feishu permission-error dispatch replies (#27381) (thanks @byungsker) 2026-02-26 12:03:41 +00:00
Peter Steinberger
d671d7a0a2 fix: preserve feishu message_id in agent-visible body (#27253) (thanks @xss925175263) 2026-02-26 12:02:00 +00:00
Peter Steinberger
39b5ffdaa6 fix: route feishu doc tools by agent account context (#27338) (thanks @AaronL725) 2026-02-26 12:00:45 +00:00
Peter Steinberger
8bdda7a651 fix(security): keep DM pairing allowlists out of group auth 2026-02-26 12:58:18 +01:00
Peter Steinberger
0ed675b1df fix(security): harden canonical auth matching for plugin channel routes 2026-02-26 12:55:33 +01:00
Peter Steinberger
0231cac957 feat(typing): add TTL safety-net for stuck indicators (land #27428, thanks @Crpdim) 
Co-authored-by: Crpdim <crpdim@users.noreply.github.com>
 2026-02-26 11:48:50 +00:00
Peter Steinberger
3d30ba18a2 fix(slack): gate member and message subtype system events 2026-02-26 12:48:20 +01:00
Peter Steinberger
da0ba1b73a fix(security): harden channel auth path checks and exec approval routing 2026-02-26 12:46:05 +01:00