github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 03:51:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,211 Commits 702 Branches 79 Tags
6a361685abb217844bf771f580c2695e83b610a6
Commit Graph

688 Commits

Author SHA1 Message Date
Peter Steinberger
6a361685ab perf(test): speed up control-ui-assets suite 2026-02-14 21:20:15 +00:00
Peter Steinberger
c5406e1d24 fix(security): prevent gatewayUrl SSRF 2026-02-14 22:01:11 +01:00
Peter Steinberger
9c5404d95e refactor(test): dedupe telegram heartbeat test setup 2026-02-14 19:59:58 +00:00
Peter Steinberger
24d2c6292e refactor(security): refine safeBins hardening 2026-02-14 19:59:13 +01:00
Peter Steinberger
013e8f6b3b fix: harden exec PATH handling 2026-02-14 19:53:04 +01:00
Peter Steinberger
77b89719d5 fix(security): block safeBins shell expansion 2026-02-14 19:44:14 +01:00
Peter Steinberger
4b9cb46c6e refactor(outbound): dedupe poll threading + tighten duration semantics 2026-02-14 19:03:46 +01:00
Peter Steinberger
cb3290fca3 fix(node-host): enforce system.run rawCommand/argv consistency 2026-02-14 18:53:23 +01:00
Robby
8e5689a84d feat(telegram): add sendPoll support (#16193) (#16209) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b58492cfed
Co-authored-by: robbyczgw-cla <239660374+robbyczgw-cla@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 18:34:30 +01:00
Peter Steinberger
571c195c54 fix: support moltbot legacy state dir 2026-02-14 17:14:21 +00:00
Peter Steinberger
9fb48f4dff refactor(scripts): make run-node main testable 2026-02-14 16:36:15 +00:00
Peter Steinberger
50645b905b refactor(outbound): centralize outbound identity 2026-02-14 16:44:43 +01:00
Peter Steinberger
64df787448 refactor(channels): share account summary helpers 2026-02-14 15:39:46 +00:00
Peter Steinberger
cc233da373 refactor(pairing): share json state helpers 2026-02-14 15:39:46 +00:00
Peter Steinberger
e9de242159 refactor(exec-approvals): share request event types 2026-02-14 15:39:46 +00:00
Peter Steinberger
4caeb203a6 refactor(install): share package dir install 2026-02-14 15:39:46 +00:00
Peter Steinberger
e1e05e57cb refactor(utils): share shell argv tokenizer 2026-02-14 15:39:46 +00:00
Robby
09e1cbc35d fix(cron): pass agent identity through delivery path (#16218) (#16242) 
* fix(cron): pass agent identity through delivery path

Cron delivery messages now include agent identity (name, avatar) in
outbound messages. Identity fields are passed best-effort for Slack
(graceful fallback if chat:write.customize scope is missing).

Fixes #16218

* fix: fix Slack cron delivery identity (#16242) (thanks @robbyczgw-cla)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 16:08:51 +01:00
Peter Steinberger
abf6b4997e test(archive): accept drive-path absolute tar errors 2026-02-14 15:52:38 +01:00
Peter Steinberger
4c7838e3cf refactor(archive): centralize limits and budgets 2026-02-14 15:43:44 +01:00
Peter Steinberger
5f4b29145c test(archive): cover archive size and absolute tar paths 2026-02-14 15:36:41 +01:00
Peter Steinberger
d3ee5deb87 fix(archive): enforce extraction resource limits 2026-02-14 15:36:41 +01:00
Peter Steinberger
3aa94afcfd fix(security): harden archive extraction (#16203) 
* fix(browser): confine upload paths for file chooser

* fix(browser): sanitize suggested download filenames

* chore(lint): avoid control regex in download sanitizer

* test(browser): cover absolute escape paths

* docs(browser): update upload example path

* refactor(browser): centralize upload path confinement

* fix(infra): harden tmp dir selection

* fix(security): harden archive extraction

* fix(infra): harden tar extraction filter
 2026-02-14 14:42:08 +01:00
Peter Steinberger
6f7d31c426 fix(security): harden plugin/hook npm installs 2026-02-14 14:07:14 +01:00
Peter Steinberger
eb4215d570 perf(test): speed up Vitest bootstrap 2026-02-14 12:13:27 +00:00
Peter Steinberger
e6d5b5fb11 perf(test): remove slow port inspection and reconnect sleeps 2026-02-14 04:57:28 +00:00
Peter Steinberger
7f227fc8cc perf(test): avoid heavy browser barrels in pw-ai tests 2026-02-14 03:13:32 +00:00
Artale
7f0d6b1fcb fix(heartbeat): exempt wake and hook reasons from empty-heartbeat skip (openclaw#14532) thanks @arosstale 
Verified:
- pnpm build
- pnpm check
- pnpm test

Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-13 19:05:02 -06:00
Peter Steinberger
ad57e561c6 refactor: unify gateway restart deferral and dispatcher cleanup 2026-02-14 00:38:18 +01:00
Peter Steinberger
e794ef0478 perf(test): reduce hot-suite setup and duplicate test work 2026-02-13 23:30:41 +00:00
Bridgerz
ab4a08a82a fix: defer gateway restart until all replies are sent (#12970) 
* fix: defer gateway restart until all replies are sent

Fixes a race condition where gateway config changes (e.g., enabling
plugins via iMessage) trigger an immediate SIGUSR1 restart, killing the
iMessage RPC connection before replies are delivered.

Both restart paths (config watcher and RPC-triggered) now defer until
all queued operations, pending replies, and embedded agent runs complete
(polling every 500ms, 30s timeout). A shared emitGatewayRestart() guard
prevents double SIGUSR1 when both paths fire simultaneously.

Key changes:
- Dispatcher registry tracks active reply dispatchers globally
- markComplete() called in finally block for guaranteed cleanup
- Pre-restart deferral hook registered at gateway startup
- Centralized extractDeliveryInfo() for session key parsing
- Post-restart sentinel messages delivered directly (not via agent)
- config-patch distinguished from config-apply in sentinel kind

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: single-source gateway restart authorization

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 00:29:29 +01:00
Peter Steinberger
dc507f3dec perf(test): reduce memory and port probe overhead 2026-02-13 23:22:30 +00:00
Peter Steinberger
dac8f5ba3f perf(test): trim fixture and import overhead in hot suites 2026-02-13 23:16:41 +00:00
nabbilkhan
207e2c5aff fix: add outbound delivery crash recovery (#15636) (thanks @nabbilkhan) (#15636) 
Co-authored-by: Shadow <hi@shadowing.dev>
 2026-02-13 15:54:07 -06:00
Joseph Krug
4e9f933e88 fix: reset stale execution state after SIGUSR1 in-process restart (#15195) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 676f9ec451
Co-authored-by: joeykrug <5925937+joeykrug@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-13 15:30:09 -05:00
Peter Steinberger
83bc73f4ea refactor(exec-approvals): split allowlist evaluation module 2026-02-13 19:08:37 +00:00
Peter Steinberger
81fbfa06ee refactor(exec-approvals): extract command analysis module 2026-02-13 19:08:37 +00:00
Peter Steinberger
39af215c31 refactor(outbound): extract message action param helpers 2026-02-13 19:08:37 +00:00
Peter Steinberger
c256503ea1 refactor(infra): extract session cost usage types 2026-02-13 19:08:37 +00:00
Peter Steinberger
5a431f57fc refactor(infra): split heartbeat event filters 2026-02-13 19:08:37 +00:00
nyanjou
77df8b1104 feat(discord): add silent message support (SUPPRESS_NOTIFICATIONS flag) 
- Add silent option to message tool for Discord
- Passes SUPPRESS_NOTIFICATIONS flag (4096) to Discord API
- Threads silent param through entire outbound chain:
  - message-action-runner.ts
  - outbound-send-service.ts
  - message.ts
  - deliver.ts
  - discord outbound adapter
  - send.outbound.ts
  - send.shared.ts

Usage: message tool with silent=true suppresses push/desktop notifications
 2026-02-13 12:44:14 -06:00
Peter Steinberger
3cbcba10cf fix(security): enforce bounded webhook body handling 2026-02-13 19:14:54 +01:00
Peter Steinberger
201ac2b72a perf: replace proper-lockfile with lightweight file locks 2026-02-13 17:57:30 +00:00
Marcus Castro
7ec60d6449 fix: use relayAbort helper for addEventListener to preserve AbortError reason 2026-02-13 18:13:18 +01:00
Marcus Castro
5ac8d1d2bb test: add abort .bind() behavioral tests (#7174) 2026-02-13 18:13:18 +01:00
Marcus Castro
d9c582627c perf: use .abort.bind() instead of arrow closures to prevent memory leaks (#7174) 2026-02-13 18:13:18 +01:00
Omair Afzal
59733a02c8 fix(configure): reject literal "undefined" and "null" gateway auth tokens (#13767) 
* fix(configure): reject literal "undefined" and "null" gateway auth tokens

* fix(configure): reject literal "undefined" and "null" gateway auth tokens

* fix(configure): validate gateway password prompt and harden token coercion (#13767) (thanks @omair445)

* test: remove unused vitest imports in baseline lint fixtures (#13767)

---------

Co-authored-by: Luna AI <luna@coredirection.ai>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 17:04:41 +01:00
Peter Steinberger
de7d94d9e2 perf(test): remove resetModules from config/sandbox/message suites 2026-02-13 15:58:08 +00:00
Peter Steinberger
41f2f359a5 perf(test): reduce module reload overhead in key suites 2026-02-13 15:45:19 +00:00
Peter Steinberger
9131b22a28 test: migrate suites to e2e coverage layout 2026-02-13 14:28:22 +00:00