github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 18:27:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,468 Commits 702 Branches 79 Tags
ad052d661bd0c260a30822c1cce25e4ff43c7d90
Commit Graph

4491 Commits

Author SHA1 Message Date
Peter Steinberger
ad052d661b docs: note gateway auth follow-up hardening 2026-03-08 01:13:28 +00:00
Peter Steinberger
99cfd271d0 fix(sandbox): pin fs bridge readfile handles 2026-03-08 01:09:05 +00:00
Peter Steinberger
bc91ae9ca0 fix(discord): preserve native command session keys 2026-03-08 01:06:09 +00:00
Peter Steinberger
cf1c2cc208 fix(discord): normalize DM session keys 2026-03-08 01:06:09 +00:00
Peter Steinberger
6337666ac0 fix(telegram): restore named-account DM fallback routing (from #32426) 
Rebased and landed contributor work from @chengzhichao-xydt for the
Telegram multi-account DM regression in #32351.

Co-authored-by: Zhichao Cheng <cheng.zhichao@xydigit.com>
 2026-03-08 01:05:08 +00:00
Peter Steinberger
eb09d8dd71 fix(telegram): land #34238 from @hal-crackbot 
Landed from contributor PR #34238 by @hal-crackbot.

Co-authored-by: Hal Crackbot <hal@crackbot.dev>
 2026-03-08 00:56:58 +00:00
Peter Steinberger
09cfcf9dd5 fix(sandbox): anchor fs-bridge mkdirp 2026-03-08 00:55:34 +00:00
Peter Steinberger
a505be78ab fix(telegram): land #38906 from @gambletan 
Landed from contributor PR #38906 by @gambletan.

Co-authored-by: gambletan <ethanchang32@gmail.com>
 2026-03-08 00:54:49 +00:00
Peter Steinberger
4869e24915 fix(telegram): land #34983 from @HOYALIM 
Landed from contributor PR #34983 by @HOYALIM.

Co-authored-by: Ho Lim <subhoya@gmail.com>
 2026-03-08 00:53:19 +00:00
Vincent Koc
d6d04f361e fix(ollama): preserve local limits and native thinking fallback (#39292) 
* fix(ollama): support thinking field fallback in native stream

* fix(models): honor explicit lower token limits in merge mode

* fix(ollama): prefer streamed content over fallback thinking

* changelog: note Ollama local model fixes
 2026-03-07 16:53:02 -08:00
Peter Steinberger
5edcab2eee fix(queue): land #33168 from @rylena 
Landed from contributor PR #33168 by @rylena.

Co-authored-by: Rylen Anil <rylen.anil@gmail.com>
 2026-03-08 00:51:11 +00:00
Edward
02eef1d45a fix(telegram): use group allowlist for native command auth in groups (#39267) 
* fix(telegram): use group allowlist for native command auth in groups

Native slash commands (/status, /model, etc.) in Telegram supergroups
and forum topics reject authorized senders with "not authorized" even
when the sender is in groupAllowFrom.

The bug is in resolveTelegramCommandAuth — the final commandAuthorized
check only passes DM allowFrom as an authorizer, so senders who are
authorized via groupAllowFrom get rejected. Regular messages don't have
this problem because they go through evaluateTelegramGroupPolicyAccess
which correctly uses effectiveGroupAllow.

Add effectiveGroupAllow as a second authorizer when the message comes
from a group. resolveCommandAuthorizedFromAuthorizers uses .some(), so
either DM or group allowlist matching is sufficient.

Fixes #28216
Fixes #29135
Fixes #30234

* fix(test): resolve TS2769 type errors in group-auth test

Remove explicit tuple type annotations on mock.calls.filter() callbacks
that conflicted with vitest's mock call types.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test(telegram): cover topic auth rejection routing

* changelog: note telegram native group command auth fix

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 16:47:57 -08:00
Vincent Koc
a56841b98c Daemon: harden WSL2 systemctl install checks (#39294) 
* Daemon: harden WSL2 systemctl install checks

* Changelog: note WSL2 daemon install hardening

* Daemon: tighten systemctl failure classification
 2026-03-07 16:43:19 -08:00
Peter Steinberger
f195af0b22 fix(sandbox): anchor fs-bridge destructive ops 2026-03-08 00:41:12 +00:00
Peter Steinberger
9d2b292998 fix(exec-approvals): honor allow-always for bash script invocations 
Landed from contributor PR #35137 by @yuweuii.

Co-authored-by: yuweuii <82372187+yuweuii@users.noreply.github.com>
 2026-03-08 00:39:54 +00:00
Vincent Koc
ca37a4e82e changelog: note telegram groupAllowFrom sender validation fix 2026-03-07 16:36:16 -08:00
Peter Steinberger
c6575891c7 fix(exec): inherit ask from exec-approvals.json when tools.exec.ask unset 
Landed from contributor PR #29187 by @Bartok9.

Co-authored-by: Bartok9 <259807879+Bartok9@users.noreply.github.com>
 2026-03-08 00:35:50 +00:00
Peter Steinberger
173132165d fix(exec): honor exec-approvals ask=off for gateway/node runs 
Landed from contributor PR #26789 by @pandego.

Co-authored-by: Miguel Miranda Dias <7780875+pandego@users.noreply.github.com>
 2026-03-08 00:29:34 +00:00
Josh Avant
25252ab5ab gateway: harden shared auth resolution across systemd, discord, and node host 2026-03-07 18:28:32 -06:00
Peter Steinberger
61000b8e4d fix(acp): block sandboxed slash spawns 2026-03-08 00:23:07 +00:00
Peter Steinberger
ab54532c8f fix(agents): land #39247 from @jasonQin6 (subagent workspace inheritance) 
Propagate parent workspace directories into spawned subagent runs, keep workspace override internal-only, and add regression tests for forwarding boundaries.

Co-authored-by: jasonQin6 <991262382@qq.com>
 2026-03-07 23:56:37 +00:00
Peter Steinberger
eeba93d63d fix(discord): pass gateway auth to exec approvals 
Pass resolved gateway token/password into the Discord exec approvals GatewayClient startup path so token-auth installs stop failing approvals with gateway token mismatch.

Fixes #38179
Adjacent investigation: #35147 by @0riginal-claw
Co-authored-by: 0riginal-claw <0rginal_claw@0rginal-claws-Mac-mini.local>
 2026-03-07 23:47:48 +00:00
Peter Steinberger
f304ca09b1 fix(agents): sanitize strict openai-compatible turn ordering from #39252 (thanks @scoootscooob) 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-07 23:42:19 +00:00
Peter Steinberger
ada4ee08d9 fix(docker): land #33097 from @chengzhichao-xydt 
Landed from contributor PR #33097 by @chengzhichao-xydt.

Co-authored-by: Zhichao Cheng <cheng.zhichao@xydigit.com>
 2026-03-07 23:41:57 +00:00
Peter Steinberger
2fc95a7cfc fix(exec): close dispatch-wrapper boundary drift 2026-03-07 23:40:38 +00:00
Peter Steinberger
adf4eb487b fix(signal): forward all inbound attachments from #39212 (thanks @joeykrug) 
Co-authored-by: Joey Krug <joeykrug@gmail.com>
 2026-03-07 23:35:55 +00:00
Peter Steinberger
939b18475d fix(exec): honor shell comments in allow-always analysis 2026-03-07 23:31:25 +00:00
Peter Steinberger
1aaca517e3 fix(media): harden unknown mime handling from #39199 (thanks @nicolasgrasset) 
Co-authored-by: Nicolas Grasset <nicolas.grasset@gmail.com>
 2026-03-07 23:30:32 +00:00
Peter Steinberger
5f26970200 fix(ui): land #28608 from @KimGLee 
Landed from contributor PR #28608 by @KimGLee.

Co-authored-by: Kim <150593189+KimGLee@users.noreply.github.com>
 2026-03-07 23:26:09 +00:00
Peter Steinberger
1d1757b16f fix(exec): recognize PowerShell encoded commands 2026-03-07 23:15:46 +00:00
Peter Steinberger
c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger
708187f28c fix(outbound): prevent replay after ack crash windows (#38668, thanks @Gundam98) 
Co-authored-by: Gundam98 <huhanwen98@gmail.com>
 2026-03-07 22:53:27 +00:00
Peter Steinberger
265367d99b fix(gateway): land #28428 from @l0cka 
Landed from contributor PR #28428 by @l0cka.

Co-authored-by: Daniel Alkurdi <danielalkurdi@gmail.com>
 2026-03-07 22:51:08 +00:00
Peter Steinberger
e83094e63f fix(agents): warn clearly on unresolved model ids (#39215, thanks @ademczuk) 
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:50:27 +00:00
Peter Steinberger
3a761fbcf8 fix(agents): strip unsupported responses store payloads (#39219, thanks @ademczuk) 
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:47:41 +00:00
Peter Steinberger
ab704b7aca fix(gateway): explain provider-object password bootstrap errors (#39230, thanks @ademczuk) 
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:44:44 +00:00
Peter Steinberger
e45d62ba26 fix(memory): preserve BM25 relevance ordering (#33757, thanks @lsdcc01) 
Land #33757 by @lsdcc01 without the unrelated dependency bump. Preserve negative FTS5 BM25 ordering in hybrid scoring and add changelog coverage for #5767.

Co-authored-by: 丁春才0668000523 <ding.chuncai1@xydigit.com>
 2026-03-07 22:41:48 +00:00
Peter Steinberger
99de6515a0 fix(telegram): surface fallback on dispatch failures (#39209, thanks @riftzen-bit) 
Co-authored-by: riftzen-bit <binb53339@gmail.com>
 2026-03-07 22:41:09 +00:00
Peter Steinberger
f53e10e3fd fix(config): fail closed on invalid config load (#9040, thanks @joetomasone) 
Land #9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for #5052.

Co-authored-by: Joe Tomasone <joe@tomasone.com>
 2026-03-07 22:39:26 +00:00
Peter Steinberger
3a74dc00bf fix(gateway): land #38725 from @ademczuk 
Source: #38725 / 533ff3e70b by @ademczuk.
Thanks @ademczuk.

Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:35:38 +00:00
Peter Steinberger
8ca326caa9 fix(ui): land #37382 from @FradSer 
Separate shared gateway auth from cached device-token signing in Control UI browser auth. Preserves shared-token validation while keeping cached device tokens scoped to signed device payloads.

Co-authored-by: Frad LEE <fradser@gmail.com>
 2026-03-07 22:33:24 +00:00
Peter Steinberger
b4bac484e3 fix(gateway): stop webchat route inheritance on channel sessions (#39175, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-03-07 22:22:23 +00:00
Peter Steinberger
3a2fdc5136 fix(memory): restore sqlite busy_timeout on reopen (#39183, thanks @MumuTW) 
Co-authored-by: MumuTW <clothl47364@gmail.com>
 2026-03-07 22:17:55 +00:00
Peter Steinberger
733f7af92b fix(heartbeat): keep requests-in-flight retries from drifting schedule (#39182, thanks @MumuTW) 
Co-authored-by: MumuTW <clothl47364@gmail.com>
 2026-03-07 22:10:51 +00:00
Peter Steinberger
42bf4998d3 fix(telegram): reset webhook cleanup latch after polling 409 conflicts (#39205, thanks @amittell) 
Co-authored-by: amittell <mittell@me.com>
 2026-03-07 22:08:41 +00:00
Peter Steinberger
c934dd51c0 fix(daemon): normalize schtasks runtime from numeric result only (#39153, thanks @scoootscooob) 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-07 22:06:20 +00:00
Peter Steinberger
be9ea991de fix(discord): avoid native plugin command collisions 2026-03-07 21:59:44 +00:00
Peter Steinberger
e20f445099 fix(supervisor): keep service-managed children attached (#38463, thanks @spirittechie) 
Co-authored-by: Jesse Paul <drzin69@gmail.com>
 2026-03-07 21:36:24 +00:00
Peter Steinberger
b9dd6e99b6 fix(daemon): avoid freezing Windows PATH in task scripts (#39139, thanks @Narcooo) 
Co-authored-by: majx_mac <mjxnarco@pku.edu.cn>
 2026-03-07 21:15:01 +00:00
Peter Steinberger
f51cac277c fix(discord): make message listener non-blocking (#39154, thanks @yaseenkadlemakki) 
Co-authored-by: Yaseen Kadlemakki <yaseen82@gmail.com>
 2026-03-07 21:13:47 +00:00