negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
17,500 Commits 1 Branch 0 Tags
2c7fb549560c01d928e34396c65d3b781d3ccb9b
Commit Graph

4498 Commits

Author SHA1 Message Date
Vincent Koc
2c7fb54956 Config: fail closed invalid config loads (#39071) 
* Config: fail closed invalid config loads

* CLI: keep diagnostics on explicit best-effort config

* Tests: cover invalid config best-effort diagnostics

* Changelog: note invalid config fail-closed fix

* Status: pass best-effort config through status-all gateway RPCs

* CLI: pass config through gateway secret RPC

* CLI: skip plugin loading from invalid config

* Tests: align daemon token drift env precedence
 2026-03-07 17:48:13 -08:00
Vincent Koc
7e946b3c6c fix(ollama): register custom api for compaction and summarization (#39332) 
* fix(agents): add custom api registry helper

* fix(ollama): register native api for embedded runs

* fix(ollama): register custom api before compaction

* fix(tts): register custom api before summarization

* changelog: note ollama compaction registration fix

* fix(ollama): honor resolved base urls in custom api paths
 2026-03-07 17:40:34 -08:00
lidamao633
01833c5111 fix(acp): avoid inline delivery for oneshot run spawns (#39014) 
* fix(acp): scope inline delivery to session spawns

* test(acp): cover run and session delivery behavior

* Changelog: add ACP run delivery bootstrap fix

---------

Co-authored-by: 徐善 <samxu633@gmail.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 17:37:22 -08:00
Vincent Koc
5b30c9d3d7 Changelog: move #39328 credit to section end 2026-03-07 17:36:11 -08:00
Vincent Koc
2ec478cf68 Changelog: credit #39328 to @vincentkoc 2026-03-07 17:35:29 -08:00
Vincent Koc
556a74d259 Daemon: handle degraded systemd status checks (#39325) 
* Daemon: handle degraded systemd status checks

* Changelog: note systemd status handling

* Update src/commands/status.service-summary.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-07 17:30:48 -08:00
Vincent Koc
c22a4450ee fix(telegram): honor commands.allowFrom in native command auth (#39310) 
* telegram: honor commands.allowFrom in native auth

* test(telegram): cover native commands.allowFrom precedence

* changelog: note telegram native commands allowFrom fix

* Update CHANGELOG.md

* telegram: preserve group policy in native command auth

* test(telegram): keep commands.allowFrom under group gating
 2026-03-07 17:28:47 -08:00
Peter Steinberger
ad052d661b docs: note gateway auth follow-up hardening 2026-03-08 01:13:28 +00:00
Peter Steinberger
99cfd271d0 fix(sandbox): pin fs bridge readfile handles 2026-03-08 01:09:05 +00:00
Peter Steinberger
bc91ae9ca0 fix(discord): preserve native command session keys 2026-03-08 01:06:09 +00:00
Peter Steinberger
cf1c2cc208 fix(discord): normalize DM session keys 2026-03-08 01:06:09 +00:00
Peter Steinberger
6337666ac0 fix(telegram): restore named-account DM fallback routing (from #32426) 
Rebased and landed contributor work from @chengzhichao-xydt for the
Telegram multi-account DM regression in #32351.

Co-authored-by: Zhichao Cheng <cheng.zhichao@xydigit.com>
 2026-03-08 01:05:08 +00:00
Peter Steinberger
eb09d8dd71 fix(telegram): land #34238 from @hal-crackbot 
Landed from contributor PR #34238 by @hal-crackbot.

Co-authored-by: Hal Crackbot <hal@crackbot.dev>
 2026-03-08 00:56:58 +00:00
Peter Steinberger
09cfcf9dd5 fix(sandbox): anchor fs-bridge mkdirp 2026-03-08 00:55:34 +00:00
Peter Steinberger
a505be78ab fix(telegram): land #38906 from @gambletan 
Landed from contributor PR #38906 by @gambletan.

Co-authored-by: gambletan <ethanchang32@gmail.com>
 2026-03-08 00:54:49 +00:00
Peter Steinberger
4869e24915 fix(telegram): land #34983 from @HOYALIM 
Landed from contributor PR #34983 by @HOYALIM.

Co-authored-by: Ho Lim <subhoya@gmail.com>
 2026-03-08 00:53:19 +00:00
Vincent Koc
d6d04f361e fix(ollama): preserve local limits and native thinking fallback (#39292) 
* fix(ollama): support thinking field fallback in native stream

* fix(models): honor explicit lower token limits in merge mode

* fix(ollama): prefer streamed content over fallback thinking

* changelog: note Ollama local model fixes
 2026-03-07 16:53:02 -08:00
Peter Steinberger
5edcab2eee fix(queue): land #33168 from @rylena 
Landed from contributor PR #33168 by @rylena.

Co-authored-by: Rylen Anil <rylen.anil@gmail.com>
 2026-03-08 00:51:11 +00:00
Edward
02eef1d45a fix(telegram): use group allowlist for native command auth in groups (#39267) 
* fix(telegram): use group allowlist for native command auth in groups

Native slash commands (/status, /model, etc.) in Telegram supergroups
and forum topics reject authorized senders with "not authorized" even
when the sender is in groupAllowFrom.

The bug is in resolveTelegramCommandAuth — the final commandAuthorized
check only passes DM allowFrom as an authorizer, so senders who are
authorized via groupAllowFrom get rejected. Regular messages don't have
this problem because they go through evaluateTelegramGroupPolicyAccess
which correctly uses effectiveGroupAllow.

Add effectiveGroupAllow as a second authorizer when the message comes
from a group. resolveCommandAuthorizedFromAuthorizers uses .some(), so
either DM or group allowlist matching is sufficient.

Fixes #28216
Fixes #29135
Fixes #30234

* fix(test): resolve TS2769 type errors in group-auth test

Remove explicit tuple type annotations on mock.calls.filter() callbacks
that conflicted with vitest's mock call types.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test(telegram): cover topic auth rejection routing

* changelog: note telegram native group command auth fix

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-07 16:47:57 -08:00
Vincent Koc
a56841b98c Daemon: harden WSL2 systemctl install checks (#39294) 
* Daemon: harden WSL2 systemctl install checks

* Changelog: note WSL2 daemon install hardening

* Daemon: tighten systemctl failure classification
 2026-03-07 16:43:19 -08:00
Peter Steinberger
f195af0b22 fix(sandbox): anchor fs-bridge destructive ops 2026-03-08 00:41:12 +00:00
Peter Steinberger
9d2b292998 fix(exec-approvals): honor allow-always for bash script invocations 
Landed from contributor PR #35137 by @yuweuii.

Co-authored-by: yuweuii <82372187+yuweuii@users.noreply.github.com>
 2026-03-08 00:39:54 +00:00
Vincent Koc
ca37a4e82e changelog: note telegram groupAllowFrom sender validation fix 2026-03-07 16:36:16 -08:00
Peter Steinberger
c6575891c7 fix(exec): inherit ask from exec-approvals.json when tools.exec.ask unset 
Landed from contributor PR #29187 by @Bartok9.

Co-authored-by: Bartok9 <259807879+Bartok9@users.noreply.github.com>
 2026-03-08 00:35:50 +00:00
Peter Steinberger
173132165d fix(exec): honor exec-approvals ask=off for gateway/node runs 
Landed from contributor PR #26789 by @pandego.

Co-authored-by: Miguel Miranda Dias <7780875+pandego@users.noreply.github.com>
 2026-03-08 00:29:34 +00:00
Josh Avant
25252ab5ab gateway: harden shared auth resolution across systemd, discord, and node host 2026-03-07 18:28:32 -06:00
Peter Steinberger
61000b8e4d fix(acp): block sandboxed slash spawns 2026-03-08 00:23:07 +00:00
Peter Steinberger
ab54532c8f fix(agents): land #39247 from @jasonQin6 (subagent workspace inheritance) 
Propagate parent workspace directories into spawned subagent runs, keep workspace override internal-only, and add regression tests for forwarding boundaries.

Co-authored-by: jasonQin6 <991262382@qq.com>
 2026-03-07 23:56:37 +00:00
Peter Steinberger
eeba93d63d fix(discord): pass gateway auth to exec approvals 
Pass resolved gateway token/password into the Discord exec approvals GatewayClient startup path so token-auth installs stop failing approvals with gateway token mismatch.

Fixes #38179
Adjacent investigation: #35147 by @0riginal-claw
Co-authored-by: 0riginal-claw <0rginal_claw@0rginal-claws-Mac-mini.local>
 2026-03-07 23:47:48 +00:00
Peter Steinberger
f304ca09b1 fix(agents): sanitize strict openai-compatible turn ordering from #39252 (thanks @scoootscooob) 
Co-authored-by: scoootscooob <zhentongfan@gmail.com>
 2026-03-07 23:42:19 +00:00
Peter Steinberger
ada4ee08d9 fix(docker): land #33097 from @chengzhichao-xydt 
Landed from contributor PR #33097 by @chengzhichao-xydt.

Co-authored-by: Zhichao Cheng <cheng.zhichao@xydigit.com>
 2026-03-07 23:41:57 +00:00
Peter Steinberger
2fc95a7cfc fix(exec): close dispatch-wrapper boundary drift 2026-03-07 23:40:38 +00:00
Peter Steinberger
adf4eb487b fix(signal): forward all inbound attachments from #39212 (thanks @joeykrug) 
Co-authored-by: Joey Krug <joeykrug@gmail.com>
 2026-03-07 23:35:55 +00:00
Peter Steinberger
939b18475d fix(exec): honor shell comments in allow-always analysis 2026-03-07 23:31:25 +00:00
Peter Steinberger
1aaca517e3 fix(media): harden unknown mime handling from #39199 (thanks @nicolasgrasset) 
Co-authored-by: Nicolas Grasset <nicolas.grasset@gmail.com>
 2026-03-07 23:30:32 +00:00
Peter Steinberger
5f26970200 fix(ui): land #28608 from @KimGLee 
Landed from contributor PR #28608 by @KimGLee.

Co-authored-by: Kim <150593189+KimGLee@users.noreply.github.com>
 2026-03-07 23:26:09 +00:00
Peter Steinberger
1d1757b16f fix(exec): recognize PowerShell encoded commands 2026-03-07 23:15:46 +00:00
Peter Steinberger
c76d29208b fix(node-host): bind approved script operands 2026-03-07 23:04:00 +00:00
Peter Steinberger
708187f28c fix(outbound): prevent replay after ack crash windows (#38668, thanks @Gundam98) 
Co-authored-by: Gundam98 <huhanwen98@gmail.com>
 2026-03-07 22:53:27 +00:00
Peter Steinberger
265367d99b fix(gateway): land #28428 from @l0cka 
Landed from contributor PR #28428 by @l0cka.

Co-authored-by: Daniel Alkurdi <danielalkurdi@gmail.com>
 2026-03-07 22:51:08 +00:00
Peter Steinberger
e83094e63f fix(agents): warn clearly on unresolved model ids (#39215, thanks @ademczuk) 
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:50:27 +00:00
Peter Steinberger
3a761fbcf8 fix(agents): strip unsupported responses store payloads (#39219, thanks @ademczuk) 
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:47:41 +00:00
Peter Steinberger
ab704b7aca fix(gateway): explain provider-object password bootstrap errors (#39230, thanks @ademczuk) 
Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:44:44 +00:00
Peter Steinberger
e45d62ba26 fix(memory): preserve BM25 relevance ordering (#33757, thanks @lsdcc01) 
Land #33757 by @lsdcc01 without the unrelated dependency bump. Preserve negative FTS5 BM25 ordering in hybrid scoring and add changelog coverage for #5767.

Co-authored-by: 丁春才0668000523 <ding.chuncai1@xydigit.com>
 2026-03-07 22:41:48 +00:00
Peter Steinberger
99de6515a0 fix(telegram): surface fallback on dispatch failures (#39209, thanks @riftzen-bit) 
Co-authored-by: riftzen-bit <binb53339@gmail.com>
 2026-03-07 22:41:09 +00:00
Peter Steinberger
f53e10e3fd fix(config): fail closed on invalid config load (#9040, thanks @joetomasone) 
Land #9040 by @joetomasone. Add fail-closed config loading, compat coverage, and changelog entry for #5052.

Co-authored-by: Joe Tomasone <joe@tomasone.com>
 2026-03-07 22:39:26 +00:00
Peter Steinberger
3a74dc00bf fix(gateway): land #38725 from @ademczuk 
Source: #38725 / 533ff3e70bdb9fd184392935e8b2f5043b176fca by @ademczuk.
Thanks @ademczuk.

Co-authored-by: ademczuk <andrew.demczuk@gmail.com>
 2026-03-07 22:35:38 +00:00
Peter Steinberger
8ca326caa9 fix(ui): land #37382 from @FradSer 
Separate shared gateway auth from cached device-token signing in Control UI browser auth. Preserves shared-token validation while keeping cached device tokens scoped to signed device payloads.

Co-authored-by: Frad LEE <fradser@gmail.com>
 2026-03-07 22:33:24 +00:00
Peter Steinberger
b4bac484e3 fix(gateway): stop webchat route inheritance on channel sessions (#39175, thanks @widingmarcus-cyber) 
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-03-07 22:22:23 +00:00
Peter Steinberger
3a2fdc5136 fix(memory): restore sqlite busy_timeout on reopen (#39183, thanks @MumuTW) 
Co-authored-by: MumuTW <clothl47364@gmail.com>
 2026-03-07 22:17:55 +00:00