github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-30 10:05:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,931 Commits 702 Branches 79 Tags
e1691fdfe64f475ff410bb305cc94e2fae9c6af1
Commit Graph

124 Commits

Author SHA1 Message Date
Tony Dehnke
e1691fdfe6 fix(mattermost): add SSRF policy for media downloads 
Allow fetching attachments from the Mattermost server host, which may
be localhost or a private IP. Without this, SSRF guards block inbound
media downloads silently.

Credit: @webclerk (#22594) for identifying this gap.
 2026-03-05 14:33:35 +00:00
Tony Dehnke
970b62b676 fix(mattermost): restore normalize.ts fixes, add button click dispatch, show button name 
- normalize.ts: Restore #channel-name → undefined (directory lookup) fix
  that was lost during PR consolidation. Also restore strict ID matching
  in looksLikeMattermostTargetId (26-char alnum only, not loose 3+ regex).
- interactions.ts: Add dispatchButtonClick callback so the agent responds
  immediately to button clicks. Show the clicked button's display name
  (not raw action ID) in the "selected by" confirmation message.
- monitor.ts: Wire up dispatchButtonClick with full reply pipeline
  (routing, typing indicator, chunking, dispatchReplyFromConfig).
- interactions.test.ts: Update test to expect sanitized action IDs.
 2026-03-05 14:33:35 +00:00
Tony Dehnke
e85bda87be fix(mattermost): restore 2D→1D button flattening and empty-name filter 
The core sends buttons as Array<Array<Button>> (2D for Telegram row
layout). The consolidation from #18151 into #19957 lost the flatMap
that flattens to 1D and the .filter() that drops malformed buttons.

Without flatMap, each "button" is actually a row array — btn.text is
undefined, producing empty-name buttons that render as white boxes
with a blue left border in Mattermost.
 2026-03-05 14:33:35 +00:00
Tony Dehnke
921a8aaa50 fix(mattermost): sanitize button action IDs for Mattermost routing 
Mattermost uses action IDs in URL paths for server-side routing
(/api/v4/posts/{id}/actions/{actionId}). IDs containing hyphens or
underscores break this routing silently — buttons render but clicks
do nothing.

Strip hyphens and underscores from action IDs before sending.

Ref: https://github.com/mattermost/mattermost/issues/25747
 2026-03-05 14:33:35 +00:00
Tony Dehnke
1d7c05fe67 fix: use ChannelMessageActionName[] type in listActions 
Fixes TS2322 where string[] was not assignable to the expected
ChannelMessageActionName[] return type.
 2026-03-05 14:33:34 +00:00
Tony Dehnke
5b69954070 feat(mattermost): add directory adapter, config schema, and channel tests 
Port missing pieces from PR #18151:
- Directory adapter for channel/user name resolution (listGroups, listPeers)
- Config schema validation for interactions.callbackBaseUrl
- TypeScript types for interactions config
- Channel-level tests for send/buttons action support
- Fix listActions to include "send" alongside "react"
 2026-03-05 14:33:34 +00:00
Tony Dehnke
68fe16e053 fix(mattermost): sort context keys in HMAC token generation 
Mattermost reorders context keys when storing and returning interactive
message payloads. Without stable key ordering, JSON.stringify produces
different output for the same context, causing HMAC verification to fail
on button clicks.

Sort keys before serialization in generateInteractionToken so tokens
remain valid regardless of key order. Add tests covering key reordering.
 2026-03-05 14:33:34 +00:00
Tony Dehnke
e3509678dc feat(mattermost): add interactive buttons support (rebased, reactions now upstream via #18608) 
Add interactive message buttons and emoji reactions to the Mattermost
extension, enabling agents to send messages with clickable action buttons
and react to posts with emoji.

Interactive buttons:
- HMAC-SHA256 token verification for secure button callbacks
- HTTP callback handler registered via registerPluginHttpRoute
- Button click completion: replaces buttons with confirmation text
- Localhost-only validation for callback requests
- Stable HMAC secret derived from bot token (works across CLI/gateway)

Reactions:
- Add/remove emoji reactions via Mattermost REST API
- Bot user ID caching with TTL for reaction requests
- Reaction event handling in WebSocket monitor with DM/group policy enforcement

Channel actions adapter:
- supportsButtons, handleAction, listActions for the ChannelPlugin interface
- Send action with optional button attachments
- React action with add/remove support and emoji colon stripping

Also includes:
- updateMattermostPost for modifying existing posts (button completion)
- props passthrough in createMattermostPost for attachments
- parseMattermostTarget with channel-name and isMattermostId support
- Comprehensive test coverage (58 new tests across 4 test files)
 2026-03-05 14:33:34 +00:00
Joseph Turian
e5b6a4e19d Mattermost: honor onmessage mention override and add gating diagnostics tests (#27160) 
Merged via squash.

Prepared head SHA: 6cefb1d5bf
Co-authored-by: turian <65918+turian@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-05 17:59:54 +05:30
Gustavo Madeira Santana
b192276283 Plugins/mattermost: migrate to scoped plugin-sdk imports 2026-03-04 02:35:12 -05:00
Gustavo Madeira Santana
009d4d115a Extensions: migrate mattermost plugin-sdk imports 2026-03-04 01:21:21 -05:00
Josh Avant
646817dd80 fix(outbound): unify resolved cfg threading across send paths (#33987) 2026-03-04 00:20:44 -06:00
Gustavo Madeira Santana
1278ee9248 plugin-sdk: add channel subpaths and migrate bundled plugins 2026-03-03 22:07:03 -05:00
Muhammed Mukhthar CM
b1b41eb443 feat(mattermost): add native slash command support (refresh) (#32467) 
Merged via squash.

Prepared head SHA: 989126574e
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-03 12:39:18 +05:30
Peter Steinberger
e1503349c3 fix: scope extension runtime deps to plugin manifests 2026-03-03 05:33:12 +00:00
Josh Avant
806803b7ef feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580) 
* feat(secrets): expand secret target coverage and gateway tooling

* docs(secrets): align gateway and CLI secret docs

* chore(protocol): regenerate swift gateway models for secrets methods

* fix(config): restore talk apiKey fallback and stabilize runner test

* ci(windows): reduce test worker count for shard stability

* ci(windows): raise node heap for test shard stability

* test(feishu): make proxy env precedence assertion windows-safe

* fix(gateway): resolve auth password SecretInput refs for clients

* fix(gateway): resolve remote SecretInput credentials for clients

* fix(secrets): skip inactive refs in command snapshot assignments

* fix(secrets): scope gateway.remote refs to effective auth surfaces

* fix(secrets): ignore memory defaults when enabled agents disable search

* fix(secrets): honor Google Chat serviceAccountRef inheritance

* fix(secrets): address tsgo errors in command and gateway collectors

* fix(secrets): avoid auth-store load in providers-only configure

* fix(gateway): defer local password ref resolution by precedence

* fix(secrets): gate telegram webhook secret refs by webhook mode

* fix(secrets): gate slack signing secret refs to http mode

* fix(secrets): skip telegram botToken refs when tokenFile is set

* fix(secrets): gate discord pluralkit refs by enabled flag

* fix(secrets): gate discord voice tts refs by voice enabled

* test(secrets): make runtime fixture modes explicit

* fix(cli): resolve local qr password secret refs

* fix(cli): fail when gateway leaves command refs unresolved

* fix(gateway): fail when local password SecretRef is unresolved

* fix(gateway): fail when required remote SecretRefs are unresolved

* fix(gateway): resolve local password refs only when password can win

* fix(cli): skip local password SecretRef resolution on qr token override

* test(gateway): cast SecretRef fixtures to OpenClawConfig

* test(secrets): activate mode-gated targets in runtime coverage fixture

* fix(cron): support SecretInput webhook tokens safely

* fix(bluebubbles): support SecretInput passwords across config paths

* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths

* fix(bluebubbles): align SecretInput schema helper typing

* fix(cli): clarify secrets.resolve version-skew errors

* refactor(secrets): return structured inactive paths from secrets.resolve

* refactor(gateway): type onboarding secret writes as SecretInput

* chore(protocol): regenerate swift models for secrets.resolve

* feat(secrets): expand extension credential secretref support

* fix(secrets): gate web-search refs by active provider

* fix(onboarding): detect SecretRef credentials in extension status

* fix(onboarding): allow keeping existing ref in secret prompt

* fix(onboarding): resolve gateway password SecretRefs for probe and tui

* fix(onboarding): honor secret-input-mode for local gateway auth

* fix(acp): resolve gateway SecretInput credentials

* fix(secrets): gate gateway.remote refs to remote surfaces

* test(secrets): cover pattern matching and inactive array refs

* docs(secrets): clarify secrets.resolve and remote active surfaces

* fix(bluebubbles): keep existing SecretRef during onboarding

* fix(tests): resolve CI type errors in new SecretRef coverage

* fix(extensions): replace raw fetch with SSRF-guarded fetch

* test(secrets): mark gateway remote targets active in runtime coverage

* test(infra): normalize home-prefix expectation across platforms

* fix(cli): only resolve local qr password refs in password mode

* test(cli): cover local qr token mode with unresolved password ref

* docs(cli): clarify local qr password ref resolution behavior

* refactor(extensions): reuse sdk SecretInput helpers

* fix(wizard): resolve onboarding env-template secrets before plaintext

* fix(cli): surface secrets.resolve diagnostics in memory and qr

* test(secrets): repair post-rebase runtime and fixtures

* fix(gateway): skip remote password ref resolution when token wins

* fix(secrets): treat tailscale remote gateway refs as active

* fix(gateway): allow remote password fallback when token ref is unresolved

* fix(gateway): ignore stale local password refs for none and trusted-proxy

* fix(gateway): skip remote secret ref resolution on local call paths

* test(cli): cover qr remote tailscale secret ref resolution

* fix(secrets): align gateway password active-surface with auth inference

* fix(cli): resolve inferred local gateway password refs in qr

* fix(gateway): prefer resolvable remote password over token ref pre-resolution

* test(gateway): cover none and trusted-proxy stale password refs

* docs(secrets): sync qr and gateway active-surface behavior

* fix: restore stability blockers from pre-release audit

* Secrets: fix collector/runtime precedence contradictions

* docs: align secrets and web credential docs

* fix(rebase): resolve integration regressions after main rebase

* fix(node-host): resolve gateway secret refs for auth

* fix(secrets): harden secretinput runtime readers

* gateway: skip inactive auth secretref resolution

* cli: avoid gateway preflight for inactive secret refs

* extensions: allow unresolved refs in onboarding status

* tests: fix qr-cli module mock hoist ordering

* Security: align audit checks with SecretInput resolution

* Gateway: resolve local-mode remote fallback secret refs

* Node host: avoid resolving inactive password secret refs

* Secrets runtime: mark Slack appToken inactive for HTTP mode

* secrets: keep inactive gateway remote refs non-blocking

* cli: include agent memory secret targets in runtime resolution

* docs(secrets): sync docs with active-surface and web search behavior

* fix(secrets): keep telegram top-level token refs active for blank account tokens

* fix(daemon): resolve gateway password secret refs for probe auth

* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled

* fix(secrets): align token inheritance and exec timeout defaults

* docs(secrets): clarify active-surface notes in cli docs

* cli: require secrets.resolve gateway capability

* gateway: log auth secret surface diagnostics

* secrets: remove dead provider resolver module

* fix(secrets): restore gateway auth precedence and fallback resolution

* fix(tests): align plugin runtime mock typings

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-03-03 02:58:20 +00:00
Peter Steinberger
6ba7238ac6 build: bump versions to 2026.3.2 2026-03-02 04:55:53 +00:00
Peter Steinberger
e1f3ded033 refactor: split telegram delivery and unify media/frontmatter/i18n pipelines 2026-03-02 04:14:06 +00:00
Peter Steinberger
c0bf42f2a8 refactor: centralize delivery/path/media/version lifecycle 2026-03-02 04:04:36 +00:00
Peter Steinberger
f4f094fc3b test(mattermost): cover defaultAccount resolution 2026-03-02 04:03:55 +00:00
Peter Steinberger
41537e9303 fix(channels): add optional defaultAccount routing 2026-03-02 04:03:46 +00:00
Peter Steinberger
355b4c62bc fix(mattermost): land #30891 route private channels as group (@BlueBirdBack) 
Landed from contributor PR #30891 by @BlueBirdBack.

Co-authored-by: BlueBirdBack <BlueBirdBack@users.noreply.github.com>
 2026-03-02 03:14:17 +00:00
Peter Steinberger
8e48520d74 fix(channels): align command-body parsing sources 2026-03-01 23:11:48 +00:00
Agent
e7cafed424 chore(release): bump version to 2026.3.1 2026-03-01 21:14:17 +00:00
Peter Steinberger
fe807e4bed chore(release): bump 2026.2.27 and split changelog 2026-02-27 16:09:28 +01:00
Peter Steinberger
a0c5e28f3b refactor(extensions): use scoped pairing helper 2026-02-26 21:57:52 +01:00
Peter Steinberger
dc6e4a5b13 fix: harden dm command authorization in open mode 2026-02-26 19:49:36 +01:00
Peter Steinberger
64de4b6d6a fix: enforce explicit group auth boundaries across channels 2026-02-26 18:49:16 +01:00
Peter Steinberger
cd80c7e7ff refactor: unify dm policy store reads and reason codes 2026-02-26 17:47:57 +01:00
Peter Steinberger
273973d374 refactor: unify typing dispatch lifecycle and policy boundaries 2026-02-26 17:36:16 +01:00
Shakker
b044c149c1 Mattermost: avoid raw fetch in monitor media download 2026-02-26 16:03:39 +00:00
Peter Steinberger
37a138c554 fix: harden typing lifecycle and cross-channel suppression 2026-02-26 17:01:09 +01:00
Peter Steinberger
051fdcc428 fix(security): centralize dm/group allowlist auth composition 2026-02-26 16:35:33 +01:00
Peter Steinberger
892a9c24b0 refactor(security): centralize channel allowlist auth policy 2026-02-26 13:06:33 +01:00
Peter Steinberger
8bdda7a651 fix(security): keep DM pairing allowlists out of group auth 2026-02-26 12:58:18 +01:00
Peter Steinberger
caace61ba1 chore: bump versions to 2026.2.26 2026-02-26 12:11:02 +01:00
Peter Steinberger
8f8e46d898 refactor: unify reaction ingress policy guards across channels 2026-02-26 01:34:47 +01:00
Shakker
2652bb1d7d Release: sync plugin versions to 2026.2.25 2026-02-25 04:19:59 +00:00
Peter Steinberger
d42ef2ac62 refactor: consolidate typing lifecycle and queue policy 2026-02-25 02:16:03 +00:00
Peter Steinberger
e0201c2774 fix: keep channel typing active during long inference (#25886, thanks @stakeswky) 
Co-authored-by: stakeswky <stakeswky@users.noreply.github.com>
 2026-02-25 02:03:27 +00:00
Shakker
955cc9029f chore: sync plugin versions to 2026.2.24 2026-02-24 22:45:46 +00:00
Peter Steinberger
161d9841dc refactor(security): unify dangerous name matching handling 2026-02-24 01:33:08 +00:00
Peter Steinberger
cfa44ea6b4 fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907) 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
 2026-02-24 01:01:51 +00:00
Peter Steinberger
0183610db3 refactor: de-duplicate channel runtime and payload helpers 2026-02-23 21:25:28 +00:00
Vignesh Natarajan
8d9d01447e chore: align plugin versions and harden outbound cross-provider test 2026-02-22 23:04:17 -08:00
Peter Steinberger
6dd36a6b77 refactor(channels): reuse runtime group policy helpers 2026-02-22 12:44:23 +01:00
Peter Steinberger
85e5ed3f78 refactor(channels): centralize runtime group policy handling 2026-02-22 12:35:41 +01:00
Peter Steinberger
e80c66a571 fix(mattermost): refine probe and onboarding flows 2026-02-22 11:29:31 +00:00
Peter Steinberger
777817392d fix: fail closed missing provider group policy across message channels (#23367) (thanks @bmendonca3) 2026-02-22 12:21:04 +01:00
Peter Steinberger
0bd9f0d4ac fix: enforce strict allowlist across pairing stores (#23017) 2026-02-22 00:00:23 +01:00