openclaw

Author	SHA1	Message	Date
Yuzuru Suzuki	6f7e5f92c3	fix: add operator.read and operator.write to default CLI scopes (#22582 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 8569fc88c970e75934617c200ebfe117e9d5ae88 Co-authored-by: YuzuruS <1485195+YuzuruS@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 16:36:18 +05:30
Peter Steinberger	37f12eb7ee	fix: align BlueBubbles private-api null fallback + warning (#23459 ) (thanks @echoVic)	2026-02-22 11:47:57 +01:00
Peter Steinberger	812bf7c8e1	fix: add bindings comment regression test (#23458 ) (thanks @echoVic)	2026-02-22 11:47:11 +01:00
Glucksberg	2739328508	fix(telegram): classify undici fetch errors as recoverable for retry (#16699 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 67b5bce44f7014c8cbefc00eed0731e61d6300b9 Co-authored-by: Glucksberg <80581902+Glucksberg@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 16:16:11 +05:30
Peter Steinberger	38f02c7a32	fix(session): resolve agent session path with configured sessions dir Co-authored-by: David Rudduck <david@rudduck.org.au>	2026-02-22 11:35:55 +01:00
Peter Steinberger	5c57a45a59	fix: add non-streaming directive-tag regression tests (#23298 ) (thanks @SidQin-cyber)	2026-02-22 11:31:23 +01:00
Peter Steinberger	29e41d4c0a	fix: land security audit severity + temp-path guard fixes (#23428 ) (thanks @bmendonca3)	2026-02-22 11:26:17 +01:00
Peter Steinberger	1cd3b30907	fix: stop hardcoded channel fallback and auto-pick sole configured channel (#23357 ) (thanks @lbo728) Co-authored-by: lbo728 <extreme0728@gmail.com>	2026-02-22 11:21:43 +01:00
Frank Yang	e33d7fcd13	fix(telegram): prevent update offset skipping queued updates (#23284 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 92efaf956bf906a176d1e6c5488ddcb02d89b4e1 Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 15:50:33 +05:30
Peter Steinberger	bf56196de3	fix: tighten feishu dedupe boundary (#23377 ) (thanks @SidQin-cyber)	2026-02-22 11:13:40 +01:00
Peter Steinberger	1b327da6e3	fix: harden exec sandbox fallback semantics (#23398 ) (thanks @bmendonca3)	2026-02-22 11:12:01 +01:00
Peter Steinberger	602a1ebd55	fix: handle intentional signal daemon shutdown on abort (#23379 ) (thanks @frankekn)	2026-02-22 10:59:34 +01:00
Vignesh Natarajan	99a2f5379e	Memory/QMD: normalize Han-script BM25 search queries	2026-02-22 01:53:00 -08:00
Peter Steinberger	9f0b6a8c92	fix: harden ACP gateway startup sequencing (#23390 ) (thanks @janckerchen)	2026-02-22 10:47:38 +01:00
Peter Steinberger	59807efa31	refactor(plugin-sdk): unify channel dedupe primitives	2026-02-22 10:46:34 +01:00
Peter Steinberger	9b9cc44a4e	fix: finalize modelByChannel validator landing (#23412 ) (thanks @ProspectOre)	2026-02-22 10:41:40 +01:00
Peter Steinberger	dd07c06d00	fix: tighten gateway restart loop handling (#23416 ) (thanks @jeffwnli)	2026-02-22 10:38:32 +01:00
Vignesh Natarajan	b4cdffc7a4	TUI: make Ctrl+C exit behavior reliably responsive	2026-02-22 01:28:55 -08:00
Peter Steinberger	f4dd0577b0	fix(security): block hook transform symlink escapes	2026-02-22 10:18:05 +01:00
Peter Steinberger	6c2e999776	refactor(security): unify secure id paths and guard weak patterns	2026-02-22 10:16:19 +01:00
Peter Steinberger	ae8d4a8eec	fix(security): harden channel token and id generation	2026-02-22 10:16:02 +01:00
Peter Steinberger	de2e5c7b74	docs(security): clarify dangerous control-ui bypass policy	2026-02-22 10:11:46 +01:00
Vignesh Natarajan	b9e9fbc97c	TUI: preserve RTL text order in terminal output	2026-02-22 01:10:03 -08:00
Peter Steinberger	2b63592be5	fix: harden exec allowlist wrapper resolution	2026-02-22 09:52:02 +01:00
Peter Steinberger	8e7d8c3d8e	docs(changelog): add shell startup env override fix note	2026-02-22 09:50:21 +01:00
Vignesh Natarajan	2a66c8d676	Agents/Subagents: honor subagent alsoAllow grants	2026-02-22 00:39:27 -08:00
Peter Steinberger	c99e7696e6	fix: decouple owner display secret from gateway auth token	2026-02-22 09:35:07 +01:00
Peter Steinberger	8887f41d7d	refactor(gateway)!: remove legacy v1 device-auth handshake	2026-02-22 09:27:03 +01:00
Vignesh Natarajan	6ceadaa41f	Agents: add fallback reply for tool-only completions	2026-02-22 00:23:31 -08:00
Peter Steinberger	3d03375043	fix(gateway): block avatar symlink escapes	2026-02-22 08:51:17 +01:00
Peter Steinberger	cd7faea93b	docs(changelog): note next npm release for hook auth fix	2026-02-22 08:48:13 +01:00
Vignesh Natarajan	6bf5e76be6	Agents: drop stale pre-compaction usage snapshots	2026-02-21 23:47:15 -08:00
Peter Steinberger	265da4dd2a	fix(security): harden gateway command/audit guardrails	2026-02-22 08:45:48 +01:00
Peter Steinberger	3284d2eb22	fix(security): normalize hook auth rate-limit client keys	2026-02-22 08:40:49 +01:00
Vignesh Natarajan	aab20e58d7	Sessions: persist prompt-token totals without usage	2026-02-21 23:37:42 -08:00
Peter Steinberger	e0db04a50d	fix(security): harden avatar validation and size limits	2026-02-22 08:35:32 +01:00
Peter Steinberger	049b8b14bc	fix(security): flag open-group runtime/fs exposure in audit	2026-02-22 08:22:51 +01:00
Vignesh Natarajan	cdfe45eeb8	Agents: validate persisted tool-call names	2026-02-21 23:06:44 -08:00
Vignesh Natarajan	29a782b9cd	Models/Config: default missing Anthropic model api fields	2026-02-21 22:50:43 -08:00
Vignesh Natarajan	542fc169d2	Plugins/Hooks: avoid duplicate before_agent_start executions	2026-02-21 22:31:51 -08:00
Vignesh Natarajan	96c985400d	BlueBubbles: accept webhook payloads with missing handles	2026-02-21 22:10:30 -08:00
Pierre	4f700e96af	Fix Telegram DM last-route metadata leakage (#19491 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 16b025b3aa13c91fe3aab8a0eaac4987dddc574e Co-authored-by: guirguispierre <22091706+guirguispierre@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 11:29:59 +05:30
Vignesh Natarajan	54e5f80424	Browser: accept canonical upload paths for symlinked roots	2026-02-21 21:54:57 -08:00
Vignesh Natarajan	98b2b16ac3	Security/Exec: persist inner commands for shell-wrapper approvals	2026-02-21 21:26:20 -08:00
miz-cha	2f023a4775	fix(telegram): disable autoSelectFamily by default on WSL2 (#21916 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 431fd966706e300a378b177b25b00af952eddc8b Co-authored-by: MizukiMachine <185313792+MizukiMachine@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 10:54:49 +05:30
Vignesh Natarajan	73b4330d4c	CLI/Config: keep explicitly unset keys removed	2026-02-21 21:08:04 -08:00
Robin Waslander	daf036a4f6	fix(slash): persist channel metadata from slash command sessions (#23065 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 29fa20c7d773b2aac62dea912e00e438ce8ba9f6 Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 10:29:06 +05:30
Vignesh Natarajan	6d11b46994	Media: preserve PDF MIME classification in file extraction	2026-02-21 20:50:25 -08:00
Ayaan Zaidi	63b4c500d9	fix: prevent Telegram preview stream cross-edit race (#23202 ) Merged via /review-pr -> /prepare-pr -> /merge-pr. Prepared head SHA: 529abf209d56d9f991a7d308f4ecce78ac992e94 Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com> Reviewed-by: @obviyus	2026-02-22 10:04:33 +05:30
Vignesh Natarajan	413f81b856	Memory/QMD: migrate legacy unscoped collections	2026-02-21 20:31:12 -08:00

1 2 3 4 5 ...

3182 Commits