negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
16,759 Commits 1 Branch 0 Tags
e8cb0484ce6c0e43a8e7ce3a6fdfba4c04c4be54
Commit Graph

4196 Commits

Author SHA1 Message Date
Cui Chen
e8cb0484ce fix(security): strip partial API token from status labels (#33262) 
Merged via squash.

Prepared head SHA: 5fe81704e678dc5b18ca9416e5eb0750cfe49fb6
Co-authored-by: cu1ch3n <80438676+cu1ch3n@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 15:11:49 -08:00
Clawdoo
b1a735829d docs: fix Mintlify-incompatible links in security docs (#27698) 
Merged via squash.

Prepared head SHA: 6078cd94ba38b49d17e9680073337885c5f9e781
Co-authored-by: clawdoo <65667097+clawdoo@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 14:51:28 -08:00
Mariano
2a733a8444 fix(ios): harden watch messaging activation concurrency (#33306) 
Merged via squash.

Prepared head SHA: d40f8c4afbd6ddf38548c9b0c6ac6ac4359f2e54
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:38:54 +00:00
Mariano
4c6dec84a6 Telegram/device-pair: auto-arm one-shot notify on /pair qr with manual fallback (#33299) 
Merged via squash.

Prepared head SHA: 0986691fd4d2f37dd2de7ac601b1e5480602c829
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:45 +00:00
Mariano
a36ccf4156 fix(ios): start incremental speech at soft boundaries (#33305) 
Merged via squash.

Prepared head SHA: d1acf723176f8e9d89f8c229610c9400ab661ec7
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:36:40 +00:00
Mariano
22e33ddda9 fix(ios): guard talk TTS callbacks to active utterance (#33304) 
Merged via squash.

Prepared head SHA: dd88886e416e5e6d6c08bf92162a5ff18c1eb229
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 22:34:09 +00:00
wangchunyue
bcd58c26d3 fix(logging ): use local timezone for console log timestamps (#25970) 
Merged via squash.

Prepared head SHA: 30123265b7b910b9208e8c9407c30536e46eb68f
Co-authored-by: openperf <80630709+openperf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-04 00:31:41 +03:00
Sid
3ad3a90db3 fix(gateway): include disk-scanned agent IDs in listConfiguredAgentIds (#32831) 
Merged via squash.

Prepared head SHA: 2aa58f6afd6e7766119575648483de6b5f50da6f
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-03-03 21:19:18 +00:00
scoootscooob
ff96e41c38 fix(discord): align DiscordAccountConfig.token type with SecretInput (#32490) 
Merged via squash.

Prepared head SHA: 233aa032f1d894b7eb6a960247baa1336f8fbc26
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant
 2026-03-03 14:59:57 -06:00
Robin Waslander
44162e7ba5 docs(contributing): require before/after screenshots for UI PRs (#32206) 
Merged via squash.

Prepared head SHA: d7f0914873aec1c3c64c9161771ff0bcbc457c95
Co-authored-by: hydro13 <6640526+hydro13@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-03 23:45:19 +03:00
dorukardahan
2cd3be896d docs(security): document Docker UFW hardening via DOCKER-USER (#27613) 
Merged via squash.

Prepared head SHA: 31ddd433265d8a7efbf932c941678598bf6be30c
Co-authored-by: dorukardahan <35905596+dorukardahan@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-03 12:28:35 -08:00
Shadow
65816657c2 feat(discord): add allowBots mention gating 2026-03-03 12:47:25 -06:00
Shadow
b0bcea03db fix: drop discord opus dependency 2026-03-03 12:23:19 -06:00
Shadow
16ebbd24b5 fix(discord): reset thread sessions on archive 2026-03-03 11:32:59 -06:00
Shadow
b8b1eeb052 fix(discord): harden slash command routing 2026-03-03 11:32:05 -06:00
Shadow
0eef7a367d fix(discord): honor agent media roots in replies 2026-03-03 11:29:58 -06:00
Shadow
548b15d8e0 fix(discord): skip bot messages before debounce 2026-03-03 11:29:58 -06:00
Shadow
e28ff1215c fix: discord auto presence health signal (#33277) (thanks @thewilloftheshadow) (#33277) 2026-03-03 11:20:59 -06:00
Ayaan Zaidi
3d998828b9 fix: stabilize Telegram draft boundaries and suppress NO_REPLY lead leaks (#33169) 
* fix: stabilize telegram draft stream message boundaries

* fix: suppress NO_REPLY lead-fragment leaks

* fix: keep underscore guard for non-NO_REPLY prefixes

* fix: skip assistant-start rotation only after real lane rotation

* fix: preserve finalized state when pre-rotation does not force

* fix: reset finalized preview state on message-start boundary

* fix: document Telegram draft boundary + NO_REPLY reliability updates (#33169) (thanks @obviyus)
 2026-03-03 22:49:33 +05:30
Shadow
a7a9a3d3c8 fix: allowlist Discord CDN hostnames for SSRF media (#33275) (thanks @thewilloftheshadow) (#33275) 2026-03-03 11:17:27 -06:00
Mariano
bf7061092a iOS Security Stack 4/5: TTS PCM->MP3 Fallback (#30885) (#33032) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: f77e3d764425a23ab5d5b55593d9e14622f1ef95
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:33:55 +00:00
Shadow
d493861c16 fix: discord mention handling (#33224) (thanks @thewilloftheshadow) (#33224) 2026-03-03 10:32:22 -06:00
Mariano
a3112d6c5f iOS Security Stack 3/5: Runtime Security Guards (#33031) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 99171654014d1960edcaca8312ef6a47d3c08399
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:30:27 +00:00
Mariano
6df57d9633 iOS Security Stack 2/5: Concurrency Locks (#33241) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: b99ad804fbcc20bfb3042ac1da9050a7175f009c
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:28:27 +00:00
Shadow
3b3738e41e fix(discord): use fetch for voice upload slots 2026-03-03 10:22:28 -06:00
Shadow
66d06beec6 fix(discord): stop typing after silent runs 2026-03-03 10:22:27 -06:00
Shadow
5d16d45b20 fix(discord): default presence online when unconfigured 2026-03-03 10:22:27 -06:00
Shadow
6593a57607 fix: improve discord chunk delivery (#33226) (thanks @thewilloftheshadow) (#33226) 2026-03-03 10:17:33 -06:00
Mariano
ec0eb9f8c3 iOS Security Stack 1/5: Keychain Migrations + Tests (#33029) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: da2f8f614155989345d0d3efd0c0f29ef410c187
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-03-03 16:15:20 +00:00
Jason L. West, Sr.
606cd0d591 feat(tool-truncation): use head+tail strategy to preserve errors during truncation (#20076) 
Merged via squash.

Prepared head SHA: 6edebf22b1666807b1ea5cba5afb614c41dc3dd1
Co-authored-by: jlwestsr <52389+jlwestsr@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-03 08:11:14 -08:00
Mylszd
d89e1e40f9 docs(loop-detection): fix config keys to match schema (#33182) 
Merged via squash.

Prepared head SHA: 612ecc00d36cbbefb0657f0a2ac0898d53a5ed73
Co-authored-by: Mylszd <23611557+Mylszd@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 11:02:30 -05:00
Shadow
ca307c3fdf fix: harden Discord channel resolution (#33142) (thanks @thewilloftheshadow) (#33142) 2026-03-03 09:31:26 -06:00
Shadow
4abf398a17 fix: Discord acp inline actions + bound-thread filter (#33136) (thanks @thewilloftheshadow) (#33136) 2026-03-03 09:30:21 -06:00
Shadow
8e2e4b2ed5 fix: ignore discord wildcard audit keys (#33125) (thanks @thewilloftheshadow) (#33125) 2026-03-03 09:28:30 -06:00
Rodrigo Uroz
c8b45a4c5c Compaction/Safeguard: preserve recent turns verbatim (#25554) 
Merged via squash.

Prepared head SHA: 7fb33c411c4aaea2795e490fcd0e647cf7ea6fb8
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-03 07:00:49 -08:00
chengzhichao-xydt
53727c72f4 fix: substitute YYYY-MM-DD at session startup and post-compaction (#32363) (#32381) 
Merged via squash.

Prepared head SHA: aee998a2c1a911d3fef771aa891ac315a2f7dc53
Co-authored-by: chengzhichao-xydt <264300353+chengzhichao-xydt@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-03-03 06:21:26 -08:00
OpenCils
3fe4c19305 fix(telegram): prevent duplicate messages in DM draft streaming mode (#32118) 
* fix(telegram): prevent duplicate messages in DM draft streaming mode

When using sendMessageDraft for DM streaming (streaming: 'partial'),
the draft bubble auto-converts to the final message. The code was
incorrectly falling through to sendPayload() after the draft was
finalized, causing a duplicate message.

This fix checks if we're in draft preview mode with hasStreamedMessage
and skips the sendPayload call, returning "preview-finalized" directly.

Key changes:
- Use hasStreamedMessage flag instead of previewRevision comparison
- Avoids double stopDraftLane calls by returning early
- Prevents duplicate messages when final text equals last streamed text

Root cause: In lane-delivery.ts, the final message handling logic
did not properly handle the DM draft flow where sendMessageDraft
creates a transient bubble that doesn't need a separate final send.

* fix(telegram): harden DM draft finalization path

* fix(telegram): require emitted draft preview for unchanged finals

* fix(telegram): require final draft text emission before finalize

* fix: update changelog for telegram draft finalization (#32118) (thanks @OpenCils)

---------

Co-authored-by: Ayaan Zaidi <zaidi@uplause.io>
 2026-03-03 17:34:46 +05:30
Altay
627813aba4 fix(heartbeat): scope exec wake dispatch to session key (#32724) 
Merged via squash.

Prepared head SHA: 563fee0e65af07575f3df540cab2e1e5d5589f06
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
 2026-03-03 14:47:40 +03:00
Ayaan Zaidi
5f95f46070 docs: update changelog for telegram message_sent fix (#32649) 2026-03-03 16:56:20 +05:30
Nimrod Gutman
4aa548cf7d macOS: add tailscale serve discovery fallback for remote gateways (#32860) 
* feat(macos): add tailscale serve gateway discovery fallback

* fix: add changelog note for tailscale serve discovery fallback (#32860) (thanks @ngutman)
 2026-03-03 13:25:36 +02:00
Sid
4ffe15c6b2 fix(telegram): warn when accounts.default is missing in multi-account setup (#32544) 
Merged via squash.

Prepared head SHA: 7ebc3f65b21729137d352fa76bc31f2f849934c0
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 03:27:19 -05:00
Gustavo Madeira Santana
2370ea5d1b agents: propagate config for embedded skill loading 2026-03-03 02:44:56 -05:00
Liu Xiaopai
ae29842158 Gateway: fix stale self version in status output (#32655) 
Merged via squash.

Prepared head SHA: b9675d1f90ef0eabb7e68c24a72d4b2fb27def22
Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 02:41:52 -05:00
Muhammed Mukhthar CM
b1b41eb443 feat(mattermost): add native slash command support (refresh) (#32467) 
Merged via squash.

Prepared head SHA: 989126574ead75c0eedc185293659eb0d4fc6844
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Co-authored-by: mukhtharcm <56378562+mukhtharcm@users.noreply.github.com>
Reviewed-by: @mukhtharcm
 2026-03-03 12:39:18 +05:30
Eugene
5341b5c71c Diffs: Migrate tool usage guidance from before_prompt_build to a plugin skill (#32630) 
Merged via squash.

Prepared head SHA: 585697a4e1556baa2cd79a7b449b120c4fd87e17
Co-authored-by: sircrumpet <4436535+sircrumpet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 01:50:59 -05:00
Henry Loenwind
997197c6c9 bug: Workaround for QMD upstream bug (#27028) 
Merged via squash.

Prepared head SHA: 939f9f4574fcfe08762407ab9e8d6c85a77a0899
Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 01:48:43 -05:00
JT
de9031da22 fix: improve compaction summary instructions to preserve active work (#8903) 
fix: improve compaction summary instructions to preserve active work

Expand staged-summary merge instructions to preserve active task status, batch progress, latest user request, and follow-up commitments so compaction handoffs retain in-flight work context.

Co-authored-by: joetomasone <56984887+joetomasone@users.noreply.github.com>
Co-authored-by: Josh Lehman <josh@martian.engineering>
 2026-03-02 22:36:19 -08:00
Henry Loenwind
75775f2fe6 chore: Updated Brave documentation (#26860) 
Merged via squash.

Prepared head SHA: f8fc4bf01e0eacfb01f6ee58eea445680f7eeebd
Co-authored-by: HenryLoenwind <1485873+HenryLoenwind@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-03 01:34:15 -05:00
Tak Hoffman
dbccc73d7a security(line): synthesize strict LINE auth boundary hardening 
LINE auth boundary hardening synthesis for inbound webhook authn/z/authz:
- account-scoped pairing-store access
- strict DM/group allowlist boundary separation
- fail-closed webhook auth/runtime behavior
- replay and duplicate handling with in-flight continuity for concurrent redeliveries

Source PRs: #26701, #26683, #25978, #17593, #16619, #31990, #26047, #30584, #18777
Related continuity context: #21955

Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>
Co-authored-by: davidahmann <46606159+davidahmann@users.noreply.github.com>
Co-authored-by: harshang03 <58983401+harshang03@users.noreply.github.com>
Co-authored-by: haosenwang1018 <167664334+haosenwang1018@users.noreply.github.com>
Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com>
 2026-03-03 00:21:15 -06:00
Tak Hoffman
9a5bfb1fe5 fix(line): synthesize media/auth/routing webhook regressions (openclaw#32546) thanks @Takhoffman 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 23:47:56 -06:00