openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 08:11:26 +00:00

Author	SHA1	Message	Date
Peter Steinberger	a2ceadcc2a	refactor(gateway): dedupe assistant delta parsing	2026-02-15 19:08:47 +00:00
Peter Steinberger	9e2233da7f	refactor(gateway): dedupe json endpoint prelude	2026-02-15 13:24:37 +00:00
Peter Steinberger	b5c81f732c	refactor(gateway): share bearer auth helper	2026-02-15 04:40:04 +00:00
Peter Steinberger	7fc1026746	refactor(gateway): share agent prompt builder	2026-02-14 15:39:45 +00:00
David Rudduck	f788de30c8	fix(security): sanitize error responses to prevent information leakage (#5 ) * fix(security): sanitize error responses to prevent information leakage Replace raw error messages in HTTP responses with generic messages. Internal error details (stack traces, module paths, error messages) were being returned to clients in 4 gateway endpoints. * fix: sanitize 2 additional error response leaks in openresponses-http Address CodeRabbit feedback: non-stream and streaming error paths in openresponses-http.ts were still returning String(err) to clients. * fix: add server-side error logging to sanitized catch blocks Restore err parameter and add logWarn() calls so errors are still captured server-side for diagnostics while keeping client responses sanitized. Addresses CodeRabbit feedback about silently discarded errors.	2026-02-13 16:58:30 +01:00
Harald Buerbaumer	30b6eccae5	feat(gateway): add auth rate-limiting & brute-force protection (#15035 ) * feat(gateway): add auth rate-limiting & brute-force protection Add a per-IP sliding-window rate limiter to Gateway authentication endpoints (HTTP, WebSocket upgrade, and WS message-level auth). When gateway.auth.rateLimit is configured, failed auth attempts are tracked per client IP. Once the threshold is exceeded within the sliding window, further attempts are blocked with HTTP 429 + Retry-After until the lockout period expires. Loopback addresses are exempt by default so local CLI sessions are never locked out. The limiter is only created when explicitly configured (undefined otherwise), keeping the feature fully opt-in and backward-compatible. * fix(gateway): isolate auth rate-limit scopes and normalize 429 responses --------- Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-02-13 15:32:38 +01:00
cpojer	f06dd8df06	chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.	2026-02-01 10:03:47 +09:00
cpojer	5ceff756e1	chore: Enable "curly" rule to avoid single-statement if confusion/errors.	2026-01-31 16:19:20 +09:00
Peter Steinberger	9a7160786a	refactor: rename to openclaw	2026-01-30 03:16:21 +01:00
Peter Steinberger	6d16a658e5	refactor: rename clawdbot to moltbot with legacy compat	2026-01-27 12:21:02 +00:00
Peter Steinberger	e6e71457e0	fix: honor trusted proxy client IPs (PR #1654 ) Thanks @ndbroadbent. Co-authored-by: Nathan Broadbent <git@ndbroadbent.com>	2026-01-25 01:52:19 +00:00
Peter Steinberger	f06ad4502b	refactor: share responses input handling	2026-01-20 08:21:57 +00:00
Peter Steinberger	bbc67f3754	fix: expand /v1/responses inputs (#1229 ) (thanks @RyanLisse)	2026-01-20 07:37:30 +00:00
Peter Steinberger	436c5fd751	fix(openai-http): reuse history markers for chat prompts Co-authored-by: Andrew Lauppe <andy@t5tele.com>	2026-01-18 06:07:59 +00:00
Peter Steinberger	c379191f80	chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>	2026-01-14 15:02:19 +00:00
Peter Steinberger	90342a4f3a	refactor!: rename chat providers to channels	2026-01-13 08:40:39 +00:00
Peter Steinberger	0d00d6dfd4	style(gateway): format openai-http	2026-01-10 22:11:15 +01:00
Peter Steinberger	6546a1a23a	feat(gateway): allow agent via model	2026-01-10 22:11:12 +01:00
Peter Steinberger	dafa8a2881	feat(gateway): add OpenAI-compatible HTTP endpoint	2026-01-10 22:11:04 +01:00

19 Commits