github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 11:20:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,170 Commits 702 Branches 79 Tags
f7fef07725e788630155ad31a7db89ba0e7c5184
Commit Graph

10879 Commits

Author SHA1 Message Date
Bill Cropper
588ad7fb38 fix: respect agent model config in slug generator (#24776) 
The slug generator was using hardcoded DEFAULT_PROVIDER and DEFAULT_MODEL
instead of resolving from agent config. This caused it to fall back to
anthropic/claude-opus-4-6 even when a cloud model was configured.

Now uses resolveAgentModelPrimary() to get the configured model, with
fallback to defaults if not configured.

Fixes issue where session memory filenames would fail to generate
when using cloud models that require special backends.
 2026-02-24 03:22:48 +00:00
David Murray
e2e10b3da4 fix(slack): map threadId to replyToId for restart sentinel notifications (#24885) 
The restart sentinel wake path passes threadId to deliverOutboundPayloads,
but Slack requires replyToId (mapped to thread_ts) for threading. The agent
reply path already does this conversion but the sentinel path did not,
causing post-restart notifications to land as top-level DMs.

Fixes #17716
 2026-02-24 03:22:45 +00:00
Omair Afzal
19c43eade2 fix(memory): strip null bytes from workspace paths causing ENOTDIR (#24876) 
Add stripNullBytes() helper and apply it to all return paths in
resolveAgentWorkspaceDir() including configured, default, and
state-dir-derived paths. Null bytes in paths cause ENOTDIR errors
when Node tries to resolve them as directories.
 2026-02-24 03:22:42 +00:00
Omair Afzal
177f167eab fix: guard .trim() calls on potentially undefined workspaceDir (#24875) 
Change workspaceDir param type from string to string | undefined in
resolvePluginSkillDirs and use nullish coalescing before .trim() to
prevent TypeError when workspaceDir is undefined.
 2026-02-24 03:22:39 +00:00
Peter Steinberger
7b2b86c60a fix(exec): add approval race changelog and regressions 2026-02-24 03:22:05 +00:00
Peter Steinberger
6f0dd61795 fix(exec): restore two-phase approval registration flow 2026-02-24 03:16:36 +00:00
Peter Steinberger
ffd63b7a2c fix(security): trust resolved skill-bin paths in allowlist auto-allow 2026-02-24 03:12:43 +00:00
Peter Steinberger
204d9fb404 refactor(security): dedupe shell env probe and add path regression test 2026-02-24 03:11:33 +00:00
Peter Steinberger
64aab80201 test(exec): add regressions for safe-bin metadata and chain semantics 2026-02-24 03:10:19 +00:00
Peter Steinberger
a67689a7e3 fix: harden allow-always shell multiplexer wrapper handling 2026-02-24 03:06:51 +00:00
Peter Steinberger
4a3f8438e5 fix(gateway): bind node exec approvals to nodeId 2026-02-24 03:05:58 +00:00
Peter Steinberger
9530c01085 refactor(exec): split safe-bin policy modules and dedupe allowlist flow 2026-02-24 03:05:03 +00:00
Peter Steinberger
60f1d1959a test: stabilize invoke-system-run env-wrapper assertion on Windows 2026-02-24 03:02:38 +00:00
Peter Steinberger
ff10fe8b91 fix(security): require /etc/shells for shell env fallback 2026-02-24 02:58:24 +00:00
Peter Steinberger
90383e00e9 fix(security): harden autoAllowSkills exec matching 2026-02-24 02:53:47 +00:00
Peter Steinberger
e578521ef4 fix(security): harden session export image data-url handling 2026-02-24 02:53:39 +00:00
Peter Steinberger
fefc414576 fix(security): harden structural session path fallback 2026-02-24 02:52:48 +00:00
Peter Steinberger
f8524ec77a fix(security): harden exported session html rendering 2026-02-24 02:40:29 +00:00
Gustavo Madeira Santana
4663d68384 Tests: make model-catalog fixtures type-valid 2026-02-23 21:36:34 -05:00
Peter Steinberger
ce02ad9643 refactor(agents): centralize sandbox media and fs policy helpers 2026-02-24 02:32:01 +00:00
Gustavo Madeira Santana
207ec7cfae chore(provider): remove unused pruning functions 2026-02-23 21:31:12 -05:00
Peter Steinberger
3f923e8313 test: add env -S allowlist bypass regressions 2026-02-24 02:28:00 +00:00
Peter Steinberger
6634030be3 fix: enforce apply_patch workspaceOnly in sandbox mounts 2026-02-24 02:23:56 +00:00
Peter Steinberger
c070be1bc4 fix(sandbox): harden fs bridge path checks and bind mount policy 2026-02-24 02:21:43 +00:00
Peter Steinberger
dd9d9c1c60 fix(security): enforce workspaceOnly for sandbox image tool 2026-02-24 02:17:55 +00:00
Peter Steinberger
0026255def refactor(security): harden system.run wrapper enforcement 2026-02-24 02:17:41 +00:00
Gustavo Madeira Santana
5239b55c0a Config: expand Kilo catalog and persist selected Kilo models (#24921) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f5a7e1a385
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 21:17:37 -05:00
Peter Steinberger
6c441ea797 fix: support legacy and beta prerelease version formats 2026-02-24 02:05:37 +00:00
Peter Steinberger
08e2aa44e7 fix(commands): restrict commands.allowFrom to sender principals 2026-02-24 02:01:01 +00:00
Peter Steinberger
223d7dc23d feat(gateway)!: require explicit non-loopback control-ui origins 2026-02-24 01:57:11 +00:00
Peter Steinberger
a1c4bf07c6 fix(security): harden exec wrapper allowlist execution parity 2026-02-24 01:52:17 +00:00
Peter Steinberger
5eb72ab769 fix(security): harden browser SSRF defaults and migrate legacy key 2026-02-24 01:52:01 +00:00
Peter Steinberger
8779b523dc test(sandbox): speed up agent-config coverage with pure resolvers 2026-02-24 01:46:12 +00:00
Peter Steinberger
467666adc7 test(sandbox): use focused modules in lightweight suites 2026-02-24 01:46:12 +00:00
Peter Steinberger
161d9841dc refactor(security): unify dangerous name matching handling 2026-02-24 01:33:08 +00:00
Peter Steinberger
22467902ea fix(doctor): inherit dangerous name-matching flag in mutable allowlist scan 2026-02-24 01:18:38 +00:00
Peter Steinberger
e5931554bf test: tighten slow test timeouts and cleanup 2026-02-24 01:16:53 +00:00
Peter Steinberger
6c43d0a08e test(gateway): move sessions_send error paths to unit tests 2026-02-24 01:16:53 +00:00
Peter Steinberger
63dcd28ae0 fix(acp): harden permission tool-name validation 2026-02-24 01:11:34 +00:00
Peter Steinberger
f97c0922e1 fix(security): harden account-key handling against prototype pollution 2026-02-24 01:09:31 +00:00
Peter Steinberger
12cc754332 fix(acp): harden permission auto-approval policy 2026-02-24 01:03:30 +00:00
Peter Steinberger
cfa44ea6b4 fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907) 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
 2026-02-24 01:01:51 +00:00
Peter Steinberger
0cc327546b test(gateway): speed up slow e2e test setup 2026-02-24 00:59:52 +00:00
Peter Steinberger
13478cc79a refactor(config): harden catchall hint mapping and array fallback 2026-02-24 00:59:44 +00:00
Vincent Koc
30c622554f Providers: disable developer role for DashScope-compatible endpoints (#24675) 
* Agents: disable developer role for DashScope-compatible endpoints

* Agents: test DashScope developer-role compatibility

* Gateway: test allowlisted sessions.patch model selection

* Changelog: add DashScope role-compat fix note
 2026-02-23 19:51:16 -05:00
Peter Steinberger
a430e1722b test(channels): reduce media test runtime and polling 2026-02-24 00:31:58 +00:00
Peter Steinberger
663f784e4e test(core): trim redundant setup and tighten waits 2026-02-24 00:31:58 +00:00
Peter Steinberger
f58c1ef34e test(gateway): speed up contract and polling suites 2026-02-24 00:31:58 +00:00
Peter Steinberger
f0c3c8b6a3 fix(config): redact dynamic catchall secret keys 2026-02-24 00:21:29 +00:00
Peter Steinberger
8dfa33d373 test(sandbox): add root bind mount regression 2026-02-24 00:17:21 +00:00