Glucksberg
53adae9cec
fix(telegram): add dnsResultOrder=ipv4first default on Node 22+ to fix fetch failures ( #5405 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 71366e953280581902+Glucksberg@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-02-22 20:07:51 +05:30
Peter Steinberger
9f2b25426b
test(core): increase coverage for sessions, auth choice, and model listing
2026-02-22 14:08:51 +00:00
Peter Steinberger
d116bcfb14
refactor(runtime): consolidate followup, gateway, and provider dedupe paths
2026-02-22 14:08:51 +00:00
Peter Steinberger
adfbbcf1f6
chore: merge origin/main into main
2026-02-22 13:42:52 +00:00
Peter Steinberger
0d0f4c6992
refactor(exec): centralize safe-bin policy checks
2026-02-22 13:18:25 +01:00
Peter Steinberger
d2542d9d37
chore(gateway): cover denied notifyOnExit path and clarify help
2026-02-22 13:14:08 +01:00
Peter Steinberger
47c3f742b6
fix(exec): require explicit safe-bin profiles
2026-02-22 12:58:55 +01:00
Peter Steinberger
6dd36a6b77
refactor(channels): reuse runtime group policy helpers
2026-02-22 12:44:23 +01:00
Peter Steinberger
85e5ed3f78
refactor(channels): centralize runtime group policy handling
2026-02-22 12:35:41 +01:00
Peter Steinberger
42f62821db
fix: include shared runtime group-policy helper and coverage ( #23367 ) (thanks @bmendonca3)
2026-02-22 12:21:04 +01:00
Peter Steinberger
585a143f21
test: reclassify config and channel monitor behavior suites
2026-02-22 11:04:58 +00:00
Peter Steinberger
1ad284a85f
test: move local cli and config scenario suites out of e2e
2026-02-22 10:58:04 +00:00
Peter Steinberger
812bf7c8e1
fix: add bindings comment regression test ( #23458 ) (thanks @echoVic)
2026-02-22 11:47:11 +01:00
echoVic
56f01bc493
fix(config): add missing comment field to BindingsSchema
...
Strict validation (added in d1e9490f9Fixes #23385
2026-02-22 11:47:11 +01:00
Peter Steinberger
1b327da6e3
fix: harden exec sandbox fallback semantics ( #23398 ) (thanks @bmendonca3)
2026-02-22 11:12:01 +01:00
Frank Yang
1051f42f96
fix(stability): patch regex retries and timeout abort handling
2026-02-22 10:59:34 +01:00
Peter Steinberger
6dad6a8cd0
fix: cover channels.modelByChannel validation/auto-enable
2026-02-22 10:41:40 +01:00
pickaxe
d79f10297f
also skip modelByChannel in plugin-auto-enable channel iteration
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-22 10:41:40 +01:00
pickaxe
0d93c9f759
fix: include modelByChannel in config validator allowedChannels
...
The hand-written config validator rejects `channels.modelByChannel` as
"unknown channel id: modelByChannel" even though the Zod schema, TypeScript
types, runtime code, and CLI docs all treat it as valid. The `defaults`
meta-key was already whitelisted but `modelByChannel` was missed when
the feature was added in 2026.2.21.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-22 10:41:40 +01:00
Vignesh Natarajan
2a66c8d676
Agents/Subagents: honor subagent alsoAllow grants
2026-02-22 00:39:27 -08:00
Peter Steinberger
c99e7696e6
fix: decouple owner display secret from gateway auth token
2026-02-22 09:35:07 +01:00
Peter Steinberger
ce09fe2bb7
test(config): use lightweight clear in session pruning e2e setup
2026-02-22 08:30:47 +00:00
Peter Steinberger
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
Peter Steinberger
b109fa53ea
refactor(core): dedupe gateway runtime and config tests
2026-02-22 07:44:57 +00:00
Peter Steinberger
271999d42a
test(config): dedupe nested redaction round-trip assertions
2026-02-22 07:44:57 +00:00
Peter Steinberger
71c17da2ba
test(config): dedupe traversal include assertions
2026-02-22 07:44:57 +00:00
Peter Steinberger
44a272ef67
refactor(config): dedupe legacy stream-mode migration paths
2026-02-22 07:44:57 +00:00
Peter Steinberger
e0db04a50d
fix(security): harden avatar validation and size limits
2026-02-22 08:35:32 +01:00
Vignesh Natarajan
29a782b9cd
Models/Config: default missing Anthropic model api fields
2026-02-21 22:50:43 -08:00
Vignesh Natarajan
73b4330d4c
CLI/Config: keep explicitly unset keys removed
2026-02-21 21:08:04 -08:00
Vignesh
3317b49d3b
feat(memory): allow QMD searches via mcporter keep-alive (openclaw#19617) thanks @vignesh07
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: vignesh07 <1436853+vignesh07@users.noreply.github.com >
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com >
2026-02-21 18:54:33 -06:00
Peter Steinberger
98790339ef
test: dedupe repeated validation and throw assertions
2026-02-21 23:28:07 +00:00
Peter Steinberger
b97691f3a7
test(config): avoid duplicate include resolution in throw assertions
2026-02-21 23:28:06 +00:00
Peter Steinberger
95dab6e019
fix: harden config prototype-key guards ( #22968 ) (thanks @Clawborn)
2026-02-22 00:25:22 +01:00
Clawborn
e23c08b5f4
Fix prototype pollution in applyMergePatch via blocked key filter
...
applyMergePatch in merge-patch.ts iterates Object.entries(patch) without
filtering dangerous keys. When a caller passes a JSON-parsed object with
a "__proto__" key, the loop assigns result["__proto__"] = value, which
replaces the prototype of result and pollutes Object.prototype for the
entire process.
Add a BLOCKED_KEYS set ({"__proto__", "constructor", "prototype"}) and
skip those keys during iteration, matching the guard already present in
deepMerge (includes.ts) via isBlockedObjectKey.
Adds four tests covering __proto__, constructor, prototype, and nested
__proto__ injection.
Co-authored-by: Clawborn <tianrun.yang103@gmail.com >
2026-02-22 00:25:22 +01:00
Peter Steinberger
8752203f59
refactor(test): stabilize case tables and readonly helper inputs
2026-02-22 00:10:07 +01:00
Peter Steinberger
5164822cd5
test: table-drive status reactions and session key cases
2026-02-21 23:02:44 +00:00
Brian Mendonca
21087c5c70
test: fix rebase-introduced tsgo regressions
2026-02-21 23:57:34 +01:00
Brian Mendonca
a186036814
test: fix latest tsgo inference regressions in test suites
2026-02-21 23:57:34 +01:00
Brian Mendonca
c7c047287e
test: fix readonly typing regressions in check baseline
2026-02-21 23:57:34 +01:00
Gustavo Madeira Santana
0e1aa77928
chore(tsgo/format): fix CI errors
2026-02-21 17:51:56 -05:00
Gustavo Madeira Santana
2f46308d5a
refactor(logging): migrate non-agent internal console calls to subsystem logger ( #22964 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b4a5b124225599352+gumadeiras@users.noreply.github.com >
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com >
Reviewed-by: @gumadeiras
2026-02-21 17:44:00 -05:00
Peter Steinberger
0608587bc3
test: streamline config, audit, and qmd coverage
2026-02-21 22:23:43 +00:00
Peter Steinberger
861718e4dc
test: group remaining suite cleanups
2026-02-21 21:44:57 +00:00
Peter Steinberger
5d9e7c942c
test: consolidate agent command and config scenarios
2026-02-21 21:44:01 +00:00
Peter Steinberger
1794f42ac0
test(config): dedupe io fixture wiring and cover legacy config-path override
2026-02-21 21:40:39 +00:00
Peter Steinberger
7036352d94
test(config): dedupe temp roots and cover legacy state-dir fallback
2026-02-21 21:40:39 +00:00
Peter Steinberger
194ebd9e30
refactor(test): dedupe env setup in envelope and config tests
2026-02-21 19:13:47 +00:00
Peter Steinberger
7724abeee0
refactor(test): dedupe env setup across suites
2026-02-21 19:13:46 +00:00
Peter Steinberger
25e89cc863
fix(security): harden shell env fallback
2026-02-21 20:01:08 +01:00
