negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
14,877 Commits 1 Branch 0 Tags
243e28df4fb087869bc80946a2ad23b5db4b5075
Commit Graph

3595 Commits

Author SHA1 Message Date
Peter Steinberger
f789f880c9 fix(security): harden approval-bound node exec cwd handling 2026-02-26 04:14:11 +01:00
Peter Steinberger
8f8e2b13b4 fix: disable tts tool for voice provider 2026-02-26 04:12:39 +01:00
Peter Steinberger
8a97803474 fix(agents): normalize malformed tool results in adapter (#27007) 2026-02-26 04:11:44 +01:00
Peter Steinberger
b37dc42240 fix(cron): suppress fallback summary after attempted announce delivery 2026-02-26 03:09:14 +00:00
Peter Steinberger
8a006a3260 feat(heartbeat): add directPolicy and restore default direct delivery 2026-02-26 03:57:03 +01:00
Harold Hunt
ee594e2fdb fix(telegram): webhook hang - tests and fix (openclaw#26933) thanks @huntharo 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-25 20:56:53 -06:00
Peter Steinberger
1e7ec8bfd2 fix(routing): preserve explicit cron account and bound message defaults 
Co-authored-by: lbo728 <72309817+lbo728@users.noreply.github.com>
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com>
 2026-02-26 02:56:03 +00:00
Peter Steinberger
75dfb71e4e fix(slack): gate pin/reaction system events by sender auth 2026-02-26 03:48:58 +01:00
Peter Steinberger
04d91d0319 fix(security): block workspace hardlink alias escapes 2026-02-26 03:42:54 +01:00
Peter Steinberger
53fcfdf794 fix(telegram): preserve finalized previews on mixed text+voice turns 2026-02-26 03:42:47 +01:00
Peter Steinberger
03e689fc89 fix(security): bind system.run approvals to argv identity 2026-02-26 03:41:31 +01:00
Peter Steinberger
baf656bc6f fix: block IPv6 multicast SSRF bypass 2026-02-26 03:35:10 +01:00
Ayaan Zaidi
260bec5985 fix: add changelog for chat compose mobile layout (#11167) (thanks @junyiz) 2026-02-26 08:03:57 +05:30
Peter Steinberger
069bbf9741 fix(slack): land #26878 allowlist channel ID case-insensitive match (thanks @lbo728) 
Land contributor PR #26878 from @lbo728; include changelog credit and regression tests.

Co-authored-by: lbo728 <extreme0728@gmail.com>
 2026-02-26 02:21:02 +00:00
Ayaan Zaidi
958cafc54f fix: add changelog note for android startup perf (#26659) (thanks @obviyus) 2026-02-26 07:50:09 +05:30
Peter Steinberger
b8bb8ab3ca docs: clarify personal-by-default onboarding security notice 2026-02-26 02:59:34 +01:00
Peter Steinberger
347f7b9550 fix(msteams): bind file consent invokes to conversation 2026-02-26 02:49:50 +01:00
Ramez
acbb93be48 fix(agents): comprehensive quota fallback fixes - session overrides + surgical cooldown logic (#23816) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e6f2b4742b82b9fe44a7e103170c2f96565b09c5
Co-authored-by: ramezgaberiel <844893+ramezgaberiel@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-25 20:35:40 -05:00
Peter Steinberger
ce8c67c314 fix(slack): gate interactive system events by sender auth 2026-02-26 02:11:50 +01:00
Peter Steinberger
5e1bfb2ce2 docs(changelog): add followup typing fix note (#26881) 2026-02-26 01:07:32 +00:00
Peter Steinberger
3cd3d489f4 docs(changelog): note trusted-proxy control-ui hardening 2026-02-26 01:54:32 +01:00
Aleksandrs Tihenko
c0026274d9 fix(auth): distinguish revoked API keys from transient auth errors (#25754) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 8f9c07a200644284e11adae76368adab40c5fa4e
Co-authored-by: rrenamed <87486610+rrenamed@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-25 19:47:16 -05:00
Peter Steinberger
876018f322 chore(deps): update dependencies and lockfile 2026-02-26 01:31:36 +01:00
Peter Steinberger
4258a3307f refactor(agents): unify subagent announce delivery pipeline 
Co-authored-by: Smith Labs <SmithLabsLLC@users.noreply.github.com>
Co-authored-by: Do Cao Hieu <docaohieu2808@users.noreply.github.com>
 2026-02-26 00:30:44 +00:00
Peter Steinberger
aedf62ac7e fix: harden discord and slack reaction ingress authorization 2026-02-26 01:26:47 +01:00
Peter Steinberger
c736f11a16 fix(gateway): harden browser websocket auth chain 2026-02-26 01:22:49 +01:00
Peter Steinberger
496a76c03b fix(security): harden browser trace/download temp path handling 2026-02-26 01:04:05 +01:00
Peter Steinberger
e56b0cf1a0 fix: enforce telegram reaction authorization 2026-02-26 01:03:03 +01:00
Shakker
f83719937a Changelog: note Discord embed fallback coverage 2026-02-25 23:58:42 +00:00
Peter Steinberger
eb73e87f18 fix(session): prevent silent overflow on parent thread forks (#26912) 
Lands #26912 from @markshields-tl with configurable session.parentForkMaxTokens and docs/tests/changelog updates.

Co-authored-by: Mark Shields <239231357+markshields-tl@users.noreply.github.com>
 2026-02-25 23:54:02 +00:00
Peter Steinberger
8d1481cb4a fix(gateway): require pairing for unpaired operator device auth 2026-02-26 00:52:50 +01:00
Peter Steinberger
2aa7842ade fix(signal): enforce auth before reaction notification enqueue 2026-02-26 00:44:46 +01:00
Peter Steinberger
ef326f5cd0 fix(browser): revalidate upload paths at use time 2026-02-26 00:40:56 +01:00
Youyou972
15cfba7075 fix: cron model fallback to agent defaults when payload.model fails (#26717) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 06454bd55b44ea864c10ad828649b293946cea8d
Co-authored-by: Youyou972 <50808411+Youyou972@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-02-25 23:34:31 +00:00
Peter Steinberger
2011edc9e5 fix(gateway): preserve agentId through gateway send path 
Landed from #23249 by @Sid-Qin.
Includes extra regression tests for agentId precedence + blank fallback.

Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
 2026-02-25 23:31:35 +00:00
Peter Steinberger
125f4071bc fix(gateway): block agents.files symlink escapes 2026-02-26 00:31:08 +01:00
Peter Steinberger
45d59971e6 docs(changelog): clarify macOS beta scope for oauth fix 2026-02-26 00:26:54 +01:00
Peter Steinberger
f60d9591ef docs(changelog): add macOS auth fix note for setup-token path 2026-02-26 00:23:24 +01:00
Peter Steinberger
d512163d68 fix(security): harden nextcloud-talk webhook replay handling 2026-02-26 00:18:38 +01:00
Peter Steinberger
8f3310000a refactor(macos): remove anthropic oauth onboarding flow 2026-02-26 00:17:03 +01:00
Shadow
975c9f4b54 Agents: emphasize config.schema usage 2026-02-25 09:45:39 -06:00
Nimrod Gutman
3607b733cb fix(changelog): add typing firestart guard note (#26325) (thanks @win4r) 2026-02-25 14:49:21 +02:00
Nimrod Gutman
b3f46f0e28 fix(test): stabilize low-mem parallel runner and cron session mock (#26324) 
* fix(test): stabilize low-mem parallel lane and cron session mock

* feat(android): make QR scanning first-class onboarding

* docs(android): update README for native Android workflow

* fix(android): stabilize chat composer ime and tab layout

* fix(android): stabilize chat ime insets and tab bar

* fix(android): remove tab bar gap above system nav

* fix(android): harden scanned setup code parsing

* test(android): cover non-string setupCode QR payload

* fix(test): add changelog note for low-mem test runner (#26324) (thanks @ngutman)

---------

Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
 2026-02-25 12:16:17 +02:00
Nimrod Gutman
56b8c69487 docs(changelog): add discord typing fix entry (#26295) (thanks @ngutman) 2026-02-25 10:21:52 +02:00
Peter Steinberger
b247cd6d65 fix: harden Slack file-only fallback placeholder (#25181) (thanks @justinhuangcode) 2026-02-25 05:36:49 +00:00
byungsker
177386ed73 fix(tui): resolve wrong provider prefix when session has model without modelProvider (#25874) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f0953a72845fb3f9e8745cb6ab476cea7a5cd98b
Co-authored-by: lbo728 <72309817+lbo728@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-25 00:36:27 -05:00
Peter Steinberger
52d933b3a9 refactor: replace bot.molt identifiers with ai.openclaw 2026-02-25 05:03:24 +00:00
Peter Steinberger
b564b72dc9 docs(changelog): add missing security PR entries (#26118 #26116 #26112 #26111 #26095) 2026-02-25 04:59:10 +00:00
bmendonca3
c1964e73a8 fix(discord): gate component command authorization for guild interactions (#26119) 
* Discord: gate component command authorization

* test: cover allowlisted guild component authorization path (#26119) (thanks @bmendonca3)

---------

Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-25 04:57:41 +00:00
David Rudduck
24a60799be fix(hooks): include guildId and channelName in message_received metadata (#26115) 
* fix(hooks): include guildId and channelName in message_received metadata

The message_received hook (both plugin and internal) already exposes
sender identity fields (senderId, senderName, senderUsername, senderE164)
but omits the guild/channel context. Plugins that track per-channel
activity receive NULL values for channel identification.

Add guildId (ctx.GroupSpace) and channelName (ctx.GroupChannel) to the
metadata block in both the plugin hook and internal hook dispatch paths.
These properties are already populated by channel providers (e.g. Discord
sets GroupSpace to the guild ID and GroupChannel to #channel-name) and
used elsewhere in the codebase (channels/conversation-label.ts).

* test: cover guild/channel hook metadata propagation (#26115) (thanks @davidrudduck)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-25 04:56:19 +00:00