github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 16:53:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,859 Commits 702 Branches 79 Tags
5f90883ad378920249160fe2d9c610c362be765c
Commit Graph

4606 Commits

Author SHA1 Message Date
Peter Steinberger
f442a3539f feat(update): add core auto-updater and dry-run preview 2026-02-22 17:11:36 +01:00
Nikolay Petrov
13690d406a Telegram: coalesce forwarded text+media bursts into one inbound turn (#19476) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 09e0b4e9bd
Co-authored-by: napetrov <18015221+napetrov@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 21:41:09 +05:30
Marcus Castro
337eef55d7 fix(telegram): link forwarded messages with comments (#9720) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 5f81061b5f
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 21:23:56 +05:30
Marcus Castro
ace8357149 fix(telegram): skip failed photo downloads in media group instead of dropping entire group (#20598) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4a9c5f7af7
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 20:57:06 +05:30
Peter Steinberger
9363c320d8 fix(security): harden shell env fallback startup env handling 2026-02-22 16:06:27 +01:00
Peter Steinberger
ab1840b881 docs(changelog): credit SSRF report in unreleased notes 2026-02-22 16:02:49 +01:00
Glucksberg
53adae9cec fix(telegram): add dnsResultOrder=ipv4first default on Node 22+ to fix fetch failures (#5405) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 71366e9532
Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 20:07:51 +05:30
Peter Steinberger
4e65e61612 fix: retry missing config snapshots before skip (#23343) (thanks @lbo728) 2026-02-22 15:34:46 +01:00
Peter Steinberger
3e2849c578 fix: align timeout cooldown behavior docs/tests (#22622) (thanks @vageeshkumar) 2026-02-22 15:34:20 +01:00
Peter Steinberger
a5e2bd4eaa docs: document verbose-gated tool error details 2026-02-22 15:26:48 +01:00
Peter Steinberger
184844e50c fix: add signal rpc malformed-json regression test (#22995) (thanks @adhitShet) 2026-02-22 15:23:37 +01:00
Peter Steinberger
7abae052f9 chore(skills): remove bundled food-order skill 2026-02-22 15:06:27 +01:00
Onur Solmaz
f39a66de27 docs: make subagents thread guidance channel-first (#23589) (thanks @osolmaz) 2026-02-22 14:39:40 +01:00
Peter Steinberger
1152b25866 fix(gateway): guard trim crashes in subagent flow 2026-02-22 13:21:26 +01:00
Peter Steinberger
eec3182cbb fix(utils): guard resolveUserPath for missing workspace input 2026-02-22 13:19:25 +01:00
Artale
51e9c54f09 fix(agents): skip bootstrap files with undefined path (#22698) 
* fix(agents): skip bootstrap files with undefined path

buildBootstrapContextFiles() called file.path.replace() without checking
that path was defined. If a hook pushed a bootstrap file using 'filePath'
instead of 'path', the function threw TypeError and crashed every agent
session — not just the misconfigured hook.

Fix: add a null-guard before the path.replace() call. Files with undefined
path are skipped with a warning so one bad hook can't take down all agents.

Also adds a test covering the undefined-path case.

Fixes #22693

* fix: harden bootstrap path validation and report guards (#22698) (thanks @arosstale)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-22 13:17:07 +01:00
Peter Steinberger
7c3c406a35 fix: keep auth-profile cooldown windows immutable in-window (#23536) (thanks @arosstale) 2026-02-22 13:14:02 +01:00
artale
dc69610d51 fix(auth-profiles): never shorten cooldown deadline on retry 
When the backoff saturates at 60 min and retries fire every 30 min
(e.g. cron jobs), each failed request was resetting cooldownUntil to
now+60m.  Because now+60m < existing deadline, the window kept getting
renewed and the profile never recovered without manually clearing
usageStats in auth-profiles.json.

Fix: only write a new cooldownUntil (or disabledUntil for billing) when
the new deadline is strictly later than the existing one.  This lets the
original window expire naturally while still allowing genuine backoff
extension when error counts climb further.

Fixes #23516

[AI-assisted]
 2026-02-22 13:14:02 +01:00
Peter Steinberger
376eb6e99b docs(changelog): note safe-bin profile hardening 2026-02-22 13:03:05 +01:00
Peter Steinberger
e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger
d5bb9f026e fix: add changelog entry for remote ws onboarding hardening (#23476) (thanks @bmendonca3) 2026-02-22 12:46:20 +01:00
Peter Steinberger
65dccbdb4b fix: document onboarding dmScope default as breaking change (#23468) (thanks @bmendonca3) 2026-02-22 12:36:49 +01:00
Peter Steinberger
401106b963 fix: harden flaky tests and cover native google thought signatures (#23457) (thanks @echoVic) 2026-02-22 12:24:53 +01:00
Peter Steinberger
777817392d fix: fail closed missing provider group policy across message channels (#23367) (thanks @bmendonca3) 2026-02-22 12:21:04 +01:00
Yuzuru Suzuki
6f7e5f92c3 fix: add operator.read and operator.write to default CLI scopes (#22582) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8569fc88c9
Co-authored-by: YuzuruS <1485195+YuzuruS@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 16:36:18 +05:30
Peter Steinberger
37f12eb7ee fix: align BlueBubbles private-api null fallback + warning (#23459) (thanks @echoVic) 2026-02-22 11:47:57 +01:00
Peter Steinberger
812bf7c8e1 fix: add bindings comment regression test (#23458) (thanks @echoVic) 2026-02-22 11:47:11 +01:00
Glucksberg
2739328508 fix(telegram): classify undici fetch errors as recoverable for retry (#16699) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 67b5bce44f
Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 16:16:11 +05:30
Peter Steinberger
38f02c7a32 fix(session): resolve agent session path with configured sessions dir 
Co-authored-by: David Rudduck <david@rudduck.org.au>
 2026-02-22 11:35:55 +01:00
Peter Steinberger
5c57a45a59 fix: add non-streaming directive-tag regression tests (#23298) (thanks @SidQin-cyber) 2026-02-22 11:31:23 +01:00
Peter Steinberger
29e41d4c0a fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3) 2026-02-22 11:26:17 +01:00
Peter Steinberger
1cd3b30907 fix: stop hardcoded channel fallback and auto-pick sole configured channel (#23357) (thanks @lbo728) 
Co-authored-by: lbo728 <extreme0728@gmail.com>
 2026-02-22 11:21:43 +01:00
Frank Yang
e33d7fcd13 fix(telegram): prevent update offset skipping queued updates (#23284) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 92efaf956b
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-22 15:50:33 +05:30
Peter Steinberger
bf56196de3 fix: tighten feishu dedupe boundary (#23377) (thanks @SidQin-cyber) 2026-02-22 11:13:40 +01:00
Peter Steinberger
1b327da6e3 fix: harden exec sandbox fallback semantics (#23398) (thanks @bmendonca3) 2026-02-22 11:12:01 +01:00
Peter Steinberger
602a1ebd55 fix: handle intentional signal daemon shutdown on abort (#23379) (thanks @frankekn) 2026-02-22 10:59:34 +01:00
Vignesh Natarajan
99a2f5379e Memory/QMD: normalize Han-script BM25 search queries 2026-02-22 01:53:00 -08:00
Peter Steinberger
9f0b6a8c92 fix: harden ACP gateway startup sequencing (#23390) (thanks @janckerchen) 2026-02-22 10:47:38 +01:00
Peter Steinberger
59807efa31 refactor(plugin-sdk): unify channel dedupe primitives 2026-02-22 10:46:34 +01:00
Peter Steinberger
9b9cc44a4e fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre) 2026-02-22 10:41:40 +01:00
Peter Steinberger
dd07c06d00 fix: tighten gateway restart loop handling (#23416) (thanks @jeffwnli) 2026-02-22 10:38:32 +01:00
Vignesh Natarajan
b4cdffc7a4 TUI: make Ctrl+C exit behavior reliably responsive 2026-02-22 01:28:55 -08:00
Peter Steinberger
f4dd0577b0 fix(security): block hook transform symlink escapes 2026-02-22 10:18:05 +01:00
Peter Steinberger
6c2e999776 refactor(security): unify secure id paths and guard weak patterns 2026-02-22 10:16:19 +01:00
Peter Steinberger
ae8d4a8eec fix(security): harden channel token and id generation 2026-02-22 10:16:02 +01:00
Peter Steinberger
de2e5c7b74 docs(security): clarify dangerous control-ui bypass policy 2026-02-22 10:11:46 +01:00
Vignesh Natarajan
b9e9fbc97c TUI: preserve RTL text order in terminal output 2026-02-22 01:10:03 -08:00
Peter Steinberger
2b63592be5 fix: harden exec allowlist wrapper resolution 2026-02-22 09:52:02 +01:00
Peter Steinberger
8e7d8c3d8e docs(changelog): add shell startup env override fix note 2026-02-22 09:50:21 +01:00
Vignesh Natarajan
2a66c8d676 Agents/Subagents: honor subagent alsoAllow grants 2026-02-22 00:39:27 -08:00