github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 06:41:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,834 Commits 702 Branches 79 Tags
70e31c6f68b88bcf91f6df827a0ea05bb90ab112
Commit Graph

9394 Commits

Author SHA1 Message Date
Peter Steinberger
89a4695020 test: consolidate shard tests for faster trigger/directive suites 2026-02-23 13:30:47 +00:00
Peter Steinberger
67bccc1fa0 test: merge allow-from trigger shard and dedupe inline cases 2026-02-23 13:18:03 +00:00
Peter Steinberger
f6ee1c99a7 test: merge thinking and queue directive shards 2026-02-23 13:11:39 +00:00
Peter Steinberger
c9fbcf39ee test: merge fuzzy model directive shards 2026-02-23 13:08:30 +00:00
Peter Steinberger
e048ed1efd test: merge elevated allowlist directive shard 2026-02-23 13:05:39 +00:00
Peter Steinberger
706c9ec729 test: consolidate directive behavior suites 2026-02-23 13:02:56 +00:00
Peter Steinberger
fbdb1b3e73 test: merge elevated status directive shards 2026-02-23 12:57:39 +00:00
Peter Steinberger
b11ff9f7dd test: collapse directive behavior shards 2026-02-23 12:54:52 +00:00
Peter Steinberger
be422a9d18 test: merge model picker tests into native command suite 2026-02-23 12:50:08 +00:00
Peter Steinberger
9757d2bb64 fix(agents): normalize strict openai-compatible turn ordering 
Co-authored-by: liuwenyong1985 <48443240+liuwenyong1985@users.noreply.github.com>
 2026-02-23 12:44:23 +00:00
Peter Steinberger
15e32c7341 fix(models): refresh Moonshot Kimi vision capabilities 
Co-authored-by: manikv12 <mac1317@live.missouristate.edu>
 2026-02-23 12:44:23 +00:00
Peter Steinberger
9bd04849ed fix(agents): detect Kimi model-token-limit overflows 
Co-authored-by: Danilo Falcão <danilo@falcao.org>
 2026-02-23 12:44:23 +00:00
Peter Steinberger
3640484e28 fix(agents): map Moonshot developer role compatibility 
Co-authored-by: Sheng-Fu Chuang <sedernet@gmail.com>

# Conflicts:
#	CHANGELOG.md
 2026-02-23 12:44:23 +00:00
Ayaan Zaidi
2247b81219 fix(auto-reply): hide direct-chat metadata without sender-id sentinel (openclaw#24373) thanks @jd316 
Co-authored-by: jd316 <138361777+jd316@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
 2026-02-23 15:25:31 +05:30
边黎安
a4c373935f fix(agents): fall back to agents.defaults.model when agent has no model config (#24210) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0f272b1027
Co-authored-by: bianbiandashen <16240681+bianbiandashen@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 03:18:55 -05:00
taw0002
3c57bf4c85 fix: treat HTTP 502/503/504 as failover-eligible (timeout reason) (#21017) 
* fix: treat HTTP 502/503/504 as failover-eligible (timeout reason)

When a model API returns 502 Bad Gateway, 503 Service Unavailable, or
504 Gateway Timeout, the error object carries the status code directly.
resolveFailoverReasonFromError() only checked 402/429/401/403/408/400,
so 5xx server errors fell through to message-based classification which
requires the status code to appear at the start of the error message.

Many API SDKs (Google, Anthropic) set err.status = 503 without prefixing
the message with '503', so the message classifier never matched and
failover never triggered — the run retried the same broken model.

Add 502/503/504 to the status-code branch, returning 'timeout' (matching
the existing behavior of isTransientHttpError in the message classifier).

Fixes #20999

* Changelog: add failover 502/503/504 note with credits

* Failover: classify HTTP 504 as transient in message parser

* Changelog: credit taw0002 and vincentkoc for failover fix

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-23 03:01:57 -05:00
Frank Yang
f208518cb9 fix(config): keep write inputs immutable when using unsetPaths (#24134) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 951f8480c3
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 02:51:13 -05:00
Vincent Koc
0e28e50b45 fix(security): detect obfuscated commands that bypass allowlist filters (#24287) 
* security(exec): add obfuscated command detector

* test(exec): cover obfuscation detector patterns

* security(exec): enforce obfuscation approval on gateway host

* security(exec): enforce obfuscation approval on node host

* test(exec): prevent obfuscation timeout bypass

* chore(changelog): credit obfuscation security fix
 2026-02-23 02:50:06 -05:00
Glucksberg
36400df086 fix: pass agentDir to /compact command for agent-specific auth (#24133) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 4bb10ca78c
Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 02:33:35 -05:00
Vignesh Natarajan
9ea740afb6 Sessions: canonicalize mixed-case session keys 2026-02-22 23:27:08 -08:00
Vignesh Natarajan
8d9d01447e chore: align plugin versions and harden outbound cross-provider test 2026-02-22 23:04:17 -08:00
Vignesh Natarajan
de96f5fed2 CLI/Sessions: honor default agent for implicit store path 2026-02-22 22:47:10 -08:00
Misha Kolesnik
ec1bc41cf2 fix(openrouter): remove conflicting reasoning_effort from payload (#24120) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: cc8ef4bb05
Co-authored-by: tenequm <22403766+tenequm@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 01:41:29 -05:00
Vignesh Natarajan
5ad5ea53cd Agent: resolve resumed session agent scope before run 2026-02-22 22:38:05 -08:00
brandonwise
7fab4d128a fix(security): redact sensitive data in OTEL log exports (CWE-532) (#18182) 
* fix(security): redact sensitive data in OTEL log exports (CWE-532)

The diagnostics-otel plugin exports ALL application logs to external
OTLP collectors without filtering. This leaks API keys, tokens, and
other sensitive data to third-party observability platforms.

Changes:
- Export redactSensitiveText from plugin-sdk for extension use
- Apply redaction to log messages before OTEL export
- Apply redaction to string attribute values
- Add tests for API key and token redaction

The existing redactSensitiveText function handles common patterns:
- API keys (sk-*, ghp_*, gsk_*, AIza*, etc.)
- Bearer tokens
- PEM private keys
- ENV-style assignments (KEY=value)
- JSON credential fields

Fixes #12542

* fix: also redact error/reason in trace spans

Address Greptile feedback:
- Redact evt.error in webhook.error span attributes and status
- Redact evt.reason in message.processed span attributes
- Redact evt.error in message.processed span status

* fix: handle undefined evt.error in type guard

* fix: redact session.state reason in OTEL metrics

Addresses Greptile feedback - session.state reason field now goes
through redactSensitiveText() like message.processed reason.

* test(diagnostics-otel): update service context for stateDir API change

* OTEL diagnostics: redact sensitive values before export

* OTEL diagnostics tests: cover message, attribute, and session reason redaction

* Changelog: note OTEL sensitive-data redaction fix

* Changelog: move OTEL redaction entry to current unreleased

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-23 01:35:32 -05:00
Ayaan Zaidi
86fcca2352 fix(gateway): annotate connection test mocks 2026-02-23 11:47:27 +05:30
Ayaan Zaidi
d5105ca456 fix(telegram): unify topic target normalization path 2026-02-23 11:45:18 +05:30
Ayaan Zaidi
fddc60d174 fix(telegram): preserve legacy prefixed messaging targets 2026-02-23 11:45:18 +05:30
Ayaan Zaidi
bf732b88e7 test(cron): avoid delivery.mode type widening in isolated announce test 2026-02-23 11:45:18 +05:30
Ayaan Zaidi
118611465c test(gateway): make strict-delivery bestEffort case deterministic 2026-02-23 11:45:18 +05:30
Ayaan Zaidi
d589b3a95c test(gateway): clear agentCommand mock before strict bestEffort assert 2026-02-23 11:45:18 +05:30
Ayaan Zaidi
03122e5933 fix(cron): preserve telegram announce target + delivery truth 2026-02-23 11:45:18 +05:30
Ayaan Zaidi
dcc52850c3 fix: persist resolved telegram delivery targets at runtime 2026-02-23 11:45:18 +05:30
Tak Hoffman
35fbf26d24 Gateway: suppress tools.catalog plugin conflict diagnostics 2026-02-23 00:05:57 -06:00
Tak Hoffman
9e1a13bf4c Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-22 23:55:59 -06:00
Peter Steinberger
1c753ea786 test: dedupe fixtures and test harness setup 2026-02-23 05:45:54 +00:00
Peter Steinberger
8af19ddc5b refactor: extract shared dedupe helpers for runtime paths 2026-02-23 05:43:43 +00:00
Peter Steinberger
9f508056d3 test: collapse remaining trigger command shards 2026-02-23 05:22:24 +00:00
Peter Steinberger
d90e9f561f test: merge overlapping trigger-handling suites 2026-02-23 05:19:23 +00:00
Peter Steinberger
af547ec52c test: consolidate trigger-handling suites 2026-02-23 05:15:35 +00:00
Evgeny Zislis
78f801e243 Validate Telegram delivery targets to reject invalid formats (#21930) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 02c9b1c3dd
Co-authored-by: kesor <7056+kesor@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-23 10:44:46 +05:30
Peter Steinberger
23598e0e3a test: prune redundant abort case and speed stream cap test 2026-02-23 05:06:34 +00:00
Tak Hoffman
77c3b142a9 Web UI: add full cron edit parity, all-jobs run history, and compact filters (openclaw#24155) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-22 23:05:42 -06:00
Peter Steinberger
610863e733 test: speed up long-running async suites 2026-02-23 05:03:15 +00:00
Peter Steinberger
48f327c206 test: consolidate redundant suites and speed attachment tests 2026-02-23 04:55:43 +00:00
Peter Steinberger
86a8b65e9d test: consolidate redundant suites and speed up timers 2026-02-23 04:44:42 +00:00
Peter Steinberger
a6a2a9276e test: reduce exec timer test runtime 2026-02-23 04:25:00 +00:00
Peter Steinberger
384a161bbc test: consolidate media auto-detect coverage 2026-02-23 04:25:00 +00:00
Peter Steinberger
a53062ae3b refactor(test): deduplicate isolated agent cron test helpers 2026-02-23 04:20:41 +00:00
Peter Steinberger
382fe8009a refactor!: remove google-antigravity provider support 2026-02-23 05:20:14 +01:00