github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 09:57:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,774 Commits 702 Branches 79 Tags
87e6ce7c3a2f166eb1abec967ae20682e0d37ced
Commit Graph

16774 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tak Hoffman
87e6ce7c3a fix(extensions): synthesize mediaLocalRoots propagation across sendMedia adapters 
Restore deterministic mediaLocalRoots propagation through extension sendMedia adapters and add coverage for local/remote media handling in Google Chat.

Synthesis of #33581, #33545, #33540, #33536, #33528.

Co-authored-by: bmendonca3 <bmendonca3@users.noreply.github.com>
 2026-03-03 21:30:41 -06:00
Tak Hoffman
9889c6da53 Runtime: stabilize tool/run state transitions under compaction and backpressure 
Synthesize runtime state transition fixes for compaction tool-use integrity and long-running handler backpressure.

Sources: #33630, #33583

Co-authored-by: Kevin Shenghui <shenghuikevin@gmail.com>
Co-authored-by: Theo Tarr <theodore@tarr.com>
 2026-03-03 21:25:32 -06:00
Ayaan Zaidi
575bd77196 fix: stabilize telegram draft boundary previews (#33842) (thanks @ngutman) 2026-03-04 08:55:27 +05:30
Gustavo Madeira Santana
5ce53095c5 fix(tlon): use HTTPS git URL for api-beta 2026-03-03 22:14:37 -05:00
Gustavo Madeira Santana
1278ee9248 plugin-sdk: add channel subpaths and migrate bundled plugins 2026-03-03 22:07:03 -05:00
Josh Avant
1c200ca7ae follow-up: align ingress, atomic paths, and channel tests with credential semantics (#33733) 
Merged via squash.

Prepared head SHA: c290c2ab6a
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 20:29:46 -06:00
Gustavo Madeira Santana
6842877b2e build: prevent mixed static/dynamic pi-model-discovery imports 2026-03-03 21:27:14 -05:00
Gustavo Madeira Santana
b10f438221 Config: harden legacy heartbeat key migration 2026-03-03 20:42:35 -05:00
wan.xi
caa748b969 fix(config): detect top-level heartbeat as invalid config path (#30894) (#32706) 
Merged via squash.

Prepared head SHA: 1714ffe6fc
Co-authored-by: xiwan <931632+xiwan@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 20:27:04 -05:00
LiaoyuanNing
b7589b32a8 fix(feishu): support SecretRef-style env credentials in account resolver (#30903) 
Merged via squash.

Prepared head SHA: d3d0a18f17
Co-authored-by: LiaoyuanNing <259494737+LiaoyuanNing@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 19:22:50 -06:00
Gustavo Madeira Santana
21e8d88c1d build: fix ineffective dynamic imports with lazy boundaries (#33690) 
Merged via squash.

Prepared head SHA: 38b3c23d6f
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 20:14:41 -05:00
Igal Tabachnik
a4850b1b8f fix(plugins): lazily initialize runtime and split plugin-sdk startup imports (#28620) 
Merged via squash.

Prepared head SHA: 8bd7d6c13b
Co-authored-by: hmemcpy <601206+hmemcpy@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 19:58:48 -05:00
habakan
4b17d6d882 feat(gateway): add Permissions-Policy header to default security headers (#30186) 
Merged via squash.

Prepared head SHA: 0dac89283f
Co-authored-by: habakan <12531644+habakan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 16:25:39 -08:00
Gustavo Madeira Santana
0d97101665 Agents: preserve bootstrap warning dedupe across followup runs 2026-03-03 18:56:11 -05:00
liquidhorizon88-bot
d95cf256e7 Security audit: suggest valid gateway.nodes.denyCommands entries (#29713) 
Merged via squash.

Prepared head SHA: db23298f98
Co-authored-by: liquidhorizon88-bot <257047709+liquidhorizon88-bot@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:47:57 -08:00
Cui Chen
e8cb0484ce fix(security): strip partial API token from status labels (#33262) 
Merged via squash.

Prepared head SHA: 5fe81704e6
Co-authored-by: cu1ch3n <80438676+cu1ch3n@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:11:49 -08:00
Clawdoo
b1a735829d docs: fix Mintlify-incompatible links in security docs (#27698) 
Merged via squash.

Prepared head SHA: 6078cd94ba
Co-authored-by: clawdoo <65667097+clawdoo@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 14:51:28 -08:00
Mariano
2a733a8444 fix(ios): harden watch messaging activation concurrency (#33306) 
Merged via squash.

Prepared head SHA: d40f8c4afb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:38:54 +00:00
Mariano
4c6dec84a6 Telegram/device-pair: auto-arm one-shot notify on /pair qr with manual fallback (#33299) 
Merged via squash.

Prepared head SHA: 0986691fd4
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:45 +00:00
Mariano
a36ccf4156 fix(ios): start incremental speech at soft boundaries (#33305) 
Merged via squash.

Prepared head SHA: d1acf72317
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:40 +00:00
Mariano
22e33ddda9 fix(ios): guard talk TTS callbacks to active utterance (#33304) 
Merged via squash.

Prepared head SHA: dd88886e41
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:34:09 +00:00
13otKmdr
a8dd9ffea1 security: add X-Content-Type-Options nosniff header to media route (#30356) 
Merged via squash.

Prepared head SHA: b14f9ad7ca
Co-authored-by: 13otKmdr <154699144+13otKmdr@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 13:35:46 -08:00
wangchunyue
bcd58c26d3 fix(logging ): use local timezone for console log timestamps (#25970) 
Merged via squash.

Prepared head SHA: 30123265b7
Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-04 00:31:41 +03:00
Gustavo Madeira Santana
e4b4486a96 Agent: unify bootstrap truncation warning handling (#32769) 
Merged via squash.

Prepared head SHA: 5d6d4ddfa6
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 16:28:38 -05:00
Sid
3ad3a90db3 fix(gateway): include disk-scanned agent IDs in listConfiguredAgentIds (#32831) 
Merged via squash.

Prepared head SHA: 2aa58f6afd
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-03 21:19:18 +00:00
Shakker
b02a07655d fix: harden pr review artifact validation 2026-03-03 21:14:37 +00:00
joshavant
a9969e641a docs: fix secretref marker rendering in credential surface 2026-03-03 15:08:41 -06:00
scoootscooob
ff96e41c38 fix(discord): align DiscordAccountConfig.token type with SecretInput (#32490) 
Merged via squash.

Prepared head SHA: 233aa032f1
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 14:59:57 -06:00
Robin Waslander
44162e7ba5 docs(contributing): require before/after screenshots for UI PRs (#32206) 
Merged via squash.

Prepared head SHA: d7f0914873
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-03 23:45:19 +03:00
dorukardahan
2cd3be896d docs(security): document Docker UFW hardening via DOCKER-USER (#27613) 
Merged via squash.

Prepared head SHA: 31ddd43326
Co-authored-by: dorukardahan <35905596+dorukardahan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 12:28:35 -08:00
joshavant
490670128b fix(docs): avoid MDX regex markers in secretref page 2026-03-03 14:00:09 -06:00
joshavant
70c6bc8581 fix(docs): use MDX-safe secretref markers 2026-03-03 13:54:03 -06:00
Shadow
65816657c2 feat(discord): add allowBots mention gating 2026-03-03 12:47:25 -06:00
Shadow
b0bcea03db fix: drop discord opus dependency 2026-03-03 12:23:19 -06:00
Shadow
16ebbd24b5 fix(discord): reset thread sessions on archive 2026-03-03 11:32:59 -06:00
Shadow
b8b1eeb052 fix(discord): harden slash command routing 2026-03-03 11:32:05 -06:00
Shadow
0eef7a367d fix(discord): honor agent media roots in replies 2026-03-03 11:29:58 -06:00
Shadow
548b15d8e0 fix(discord): skip bot messages before debounce 2026-03-03 11:29:58 -06:00
Shadow
05446d6b6b docs: document discord ignoreOtherMentions 2026-03-03 11:26:20 -06:00
Shadow
e28ff1215c fix: discord auto presence health signal (#33277) (thanks @thewilloftheshadow) (#33277) 2026-03-03 11:20:59 -06:00
Ayaan Zaidi
3d998828b9 fix: stabilize Telegram draft boundaries and suppress NO_REPLY lead leaks (#33169) 
* fix: stabilize telegram draft stream message boundaries

* fix: suppress NO_REPLY lead-fragment leaks

* fix: keep underscore guard for non-NO_REPLY prefixes

* fix: skip assistant-start rotation only after real lane rotation

* fix: preserve finalized state when pre-rotation does not force

* fix: reset finalized preview state on message-start boundary

* fix: document Telegram draft boundary + NO_REPLY reliability updates (#33169) (thanks @obviyus)
 2026-03-03 22:49:33 +05:30
Shadow
a7a9a3d3c8 fix: allowlist Discord CDN hostnames for SSRF media (#33275) (thanks @thewilloftheshadow) (#33275) 2026-03-03 11:17:27 -06:00
Mariano
bf7061092a iOS Security Stack 4/5: TTS PCM->MP3 Fallback (#30885) (#33032) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f77e3d7644
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:33:55 +00:00
Shadow
d493861c16 fix: discord mention handling (#33224) (thanks @thewilloftheshadow) (#33224) 2026-03-03 10:32:22 -06:00
Mariano
a3112d6c5f iOS Security Stack 3/5: Runtime Security Guards (#33031) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9917165401
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:30:27 +00:00
Mariano
6df57d9633 iOS Security Stack 2/5: Concurrency Locks (#33241) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b99ad804fb
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:28:27 +00:00
Shadow
3ee8528b17 test(discord): align bound-thread target kind 2026-03-03 10:22:52 -06:00
Shadow
3b3738e41e fix(discord): use fetch for voice upload slots 2026-03-03 10:22:28 -06:00
Shadow
66d06beec6 fix(discord): stop typing after silent runs 2026-03-03 10:22:27 -06:00
Shadow
5d16d45b20 fix(discord): default presence online when unconfigured 2026-03-03 10:22:27 -06:00