github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 05:01:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,273 Commits 702 Branches 79 Tags
cf38339f254d489d3c47154735f8d7e985f96570
Commit Graph

2619 Commits

Author SHA1 Message Date
Aether AI
d306fc8ef1 fix(security): OC-07 redact session history credentials and enforce webhook secret (#16928) 
* Security: refresh sessions history redaction patch

* tests: align sessions_history redaction-only truncation expectation

* Changelog: credit sessions history security hardening

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-22 18:29:40 -05:00
Robin Waslander
44727dc3a1 security(web_fetch): strip hidden content to prevent indirect prompt injection (#21074) 
* security(web_fetch): strip hidden content to prevent indirect prompt injection

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* security(web_fetch): address review feedback and credit author

* chore(changelog): credit reporter for web_fetch security fix

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-22 18:10:26 -05:00
Peter Steinberger
84e5ab598a fix: make windows CI path handling deterministic 2026-02-22 22:34:49 +00:00
Peter Steinberger
a30f9c8673 fix(sandbox): fallback docker user to workspace owner uid/gid 
Co-authored-by: LucasAIBuilder <LucasAIBuilder@users.noreply.github.com>
 2026-02-22 23:33:15 +01:00
Peter Steinberger
394a1af70f fix(exec): apply per-agent exec defaults for opaque session keys 
Co-authored-by: brin-tapcart <brin-tapcart@users.noreply.github.com>
 2026-02-22 23:33:14 +01:00
Peter Steinberger
a5917e4ad8 test(exec): resolve rebase artifact in bash-tools test 2026-02-22 22:25:47 +00:00
Peter Steinberger
84303f6a78 test: make exec timeout coverage deterministic 2026-02-22 22:14:01 +00:00
Peter Steinberger
7b229decdd test(perf): dedupe fixtures and reduce flaky waits 2026-02-22 22:06:01 +00:00
Peter Steinberger
c677be9d5f fix(exec): skip default timeout for background sessions 2026-02-22 23:03:44 +01:00
Peter Steinberger
4b0fddc075 fix(test): prevent env leak causing models.json CI flake 2026-02-22 22:00:44 +00:00
Peter Steinberger
1e582dcc6f fix: harden windows path handling in CI tests 2026-02-22 21:52:10 +00:00
Tak Hoffman
556af3f08b fix(cron): cancel timed-out runs before side effects (openclaw#22411) thanks @Takhoffman 
Verified:
- pnpm check
- pnpm vitest run src/memory/qmd-manager.test.ts src/cron/service.issue-regressions.test.ts src/cron/isolated-agent.delivers-response-has-heartbeat-ok-but-includes.test.ts --maxWorkers=1

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-22 15:45:27 -06:00
Peter Steinberger
64b273a71c fix(exec): harden safe-bin trust and add explicit trusted dirs 2026-02-22 22:43:18 +01:00
Vignesh Natarajan
08fb38f729 Fix: resolve pnpm check type regressions 2026-02-22 13:40:51 -08:00
Peter Steinberger
e16f93af0c fix: stabilize ci test typings and mocks 2026-02-22 21:38:47 +00:00
Peter Steinberger
7c109f5737 fix: resolve ci type errors and reconnect test flake 2026-02-22 21:35:20 +00:00
Vignesh Natarajan
d75b594e07 Agents/Replies: scope done fallback to direct sessions 2026-02-22 13:30:30 -08:00
Peter Steinberger
73fab7e445 fix(agents): map container workdir paths in workspace guard 
Co-authored-by: Explorer1092 <32663226+Explorer1092@users.noreply.github.com>
 2026-02-22 22:24:27 +01:00
Peter Steinberger
7bbd597383 fix(media): enforce agent media roots in plugin send actions 
Co-authored-by: Oliver Drobnik <333270+odrobnik@users.noreply.github.com>
Co-authored-by: thisischappy <257418353+thisischappy@users.noreply.github.com>
 2026-02-22 22:24:27 +01:00
Peter Steinberger
2081b3a3c4 refactor(channels): dedupe hook and monitor execution paths 2026-02-22 21:19:09 +00:00
Peter Steinberger
06bdd53658 refactor(agents): dedupe workspace and session tool flows 2026-02-22 21:19:09 +00:00
Peter Steinberger
320cf8eb3e fix(subagents): restore configurable announce timeout 
Co-authored-by: Valadon <20071960+Valadon@users.noreply.github.com>
 2026-02-22 22:11:52 +01:00
Peter Steinberger
13541864e5 refactor: extract telegram lane delivery and e2e harness 2026-02-22 21:33:20 +01:00
Peter Steinberger
3c75bc0e41 refactor(test): dedupe agent and discord test fixtures 2026-02-22 20:04:51 +00:00
Peter Steinberger
5547a2275c fix(security): harden toolsBySender sender-key matching 2026-02-22 21:04:37 +01:00
Peter Steinberger
6f895eb831 fix(sandbox): honor explicit bind mounts over workspace defaults 
Co-authored-by: tasaankaeris <tasaankaeris@users.noreply.github.com>
 2026-02-22 20:37:22 +01:00
Peter Steinberger
eefbf3dc5a fix(sandbox): normalize /workspace media paths to host sandbox root 
Co-authored-by: echo931 <echo931@users.noreply.github.com>
 2026-02-22 20:37:21 +01:00
Peter Steinberger
8eb71cec26 test(agents): add malformed MEDIA prose integration coverage 
Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>
 2026-02-22 19:59:03 +01:00
Peter Steinberger
c3d11d56c3 fix(agents): validate tool-result MEDIA directives with shared parser 
Co-authored-by: Ho Lim <166576253+HOYALIM@users.noreply.github.com>
 2026-02-22 19:52:29 +01:00
Peter Steinberger
53ed7a0f5c test: dedupe repeated test fixtures and assertions 2026-02-22 18:37:25 +00:00
青雲
3dfee78d72 fix: sanitize tool call IDs in agent loop for Mistral strict9 format (#23595) (#23698) 
* fix: sanitize tool call IDs in agent loop for Mistral strict9 format (#23595)

Mistral requires tool call IDs to be exactly 9 alphanumeric characters
([a-zA-Z0-9]{9}). The existing sanitizeToolCallIdsForCloudCodeAssist
mechanism only ran on historical messages at attempt start via
sanitizeSessionHistory, but the pi-agent-core agent loop's internal
tool call → tool result cycles bypassed that path entirely.

Changes:
- Wrap streamFn (like dropThinkingBlocks) so every outbound request
  sees sanitized tool call IDs when the transcript policy requires it
- Replace call_${Date.now()} in pendingToolCalls with a 9-char hex ID
  generated from crypto.randomBytes
- Add Mistral tool call ID error pattern to ERROR_PATTERNS.format so
  the error is correctly classified for retry/rotation

* Changelog: document Mistral strict9 tool-call ID fix

---------

Co-authored-by: echoVic <AkiraVic@outlook.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-22 13:37:12 -05:00
Peter Steinberger
e55ab6fd91 test(ci): harden background abort timing on windows 2026-02-22 18:23:04 +00:00
Peter Steinberger
8801130c5d fix(ci): annotate shared skill-install test mocks 2026-02-22 18:10:56 +00:00
Peter Steinberger
b79c89fc90 fix: stabilize CI type and test harness coverage 2026-02-22 18:06:34 +00:00
Peter Steinberger
568973e5ac perf(test): trim embedded/bash runtime fixture overhead 2026-02-22 17:56:05 +00:00
Peter Steinberger
08431da5d5 refactor(gateway): unify credential precedence across entrypoints 2026-02-22 18:55:44 +01:00
Peter Steinberger
3286791316 refactor(agents): dedupe config and truncation guards 2026-02-22 17:54:51 +00:00
Peter Steinberger
dacb3d1aa2 refactor(queue): share drain helpers across announce and reply 2026-02-22 17:54:51 +00:00
Peter Steinberger
79ec29b150 test: consolidate embedded prompt error scenarios 2026-02-22 17:53:33 +00:00
Peter Steinberger
239f72c582 perf(test): consolidate archive safety cases and cache session manager 2026-02-22 17:53:33 +00:00
Peter Steinberger
b17f677439 test: merge no-op notifyOnExit scenario coverage 2026-02-22 17:53:33 +00:00
Peter Steinberger
5b078c8305 test: consolidate sudo fallback edge-case scenarios 2026-02-22 17:53:12 +00:00
Peter Steinberger
2ed94a08c0 test: merge duplicate bash background session-name coverage 2026-02-22 17:52:12 +00:00
Peter Steinberger
60f3a2a244 perf(test): shorten bash tool timing fixtures 2026-02-22 17:52:12 +00:00
Peter Steinberger
61d0c55a80 perf(test): share workspace fixture in skills download safety suite 2026-02-22 17:52:12 +00:00
Peter Steinberger
1437f371fc test: trim duplicate embedded runner setup cases 2026-02-22 17:52:12 +00:00
Peter Steinberger
924455edb8 perf(test): reuse tar.bz2 workspace in download safety tests 2026-02-22 17:52:12 +00:00
Peter Steinberger
a28464ec59 test: combine duplicate process log tail-window coverage 2026-02-22 17:52:12 +00:00
Peter Steinberger
64ecd3e81c test: merge duplicate targetDir escape cases 2026-02-22 17:51:38 +00:00
Peter Steinberger
0e38505d3d test: collapse duplicate sandbox skill mirroring cases 2026-02-22 17:51:38 +00:00