github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 22:08:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,255 Commits 702 Branches 79 Tags
6c813bd32bab1fd8113ab78887843a70038cdcd0
Commit Graph

14 Commits

Author SHA1 Message Date
Peter Steinberger
f25bbbc37e feat: switch anthropic onboarding defaults to sonnet 2026-02-18 04:37:58 +01:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Marcus Castro
ec44e262be fix(security): prevent String(undefined) coercion in credential inputs (#12287) 
* fix(security): prevent String(undefined) coercion in credential inputs

When a prompter returns undefined (due to cancel, timeout, or bug),
String(undefined).trim() produces the literal string "undefined" instead
of "". This truthy string prevents secure fallbacks from triggering,
allowing predictable credential values (e.g., gateway password = "undefined").

Fix all 8 occurrences by using String(value ?? "").trim(), which correctly
yields "" for null/undefined inputs and triggers downstream validation or
fallback logic.

Fixes #8054

* fix(security): also fix String(undefined) in api-provider credential inputs

Address codex review feedback: 4 additional occurrences of the unsafe
String(variable).trim() pattern in auth-choice.apply.api-providers.ts
(Cloudflare Account ID, Gateway ID, synthetic API key inputs + validators).

* fix(test): strengthen password coercion test per review feedback

* fix(security): harden credential prompt coercion

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-13 04:25:05 +01:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
Peter Steinberger
526303d9a2 refactor(auth)!: remove external CLI OAuth reuse 2026-01-26 19:05:00 +00:00
Ian Hildebrand
ff78e9a564 fix: support direct token and provider in auth apply commands (#1485) 2026-01-23 07:27:52 +00:00
Peter Steinberger
2fb2035dbf fix: normalize Claude CLI auth mode to oauth (#855) 
Thanks @sebslight.

Co-authored-by: Sebastian <sebslight@gmail.com>
 2026-01-15 02:29:43 +00:00
Peter Steinberger
fe974f420d chore: standardize Claude Code CLI naming (#915) 
Follow-up to #915.
 2026-01-14 20:07:35 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00
Peter Steinberger
a58ff1ac63 refactor(commands): split CLI commands 2026-01-14 05:39:47 +00:00