negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
15,408 Commits 1 Branch 0 Tags
fb92a91ef7b40d2b20d97a9b7c6ccd4d3d4d26bb
Commit Graph

28 Commits

Author SHA1 Message Date
Peter Steinberger
4d124e4a9b feat(security): warn on likely multi-user trust-model mismatch 2026-02-24 14:03:19 +00:00
Peter Steinberger
265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger
1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Peter Steinberger
e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger
887b209db4 fix(security): harden sandbox docker config validation 2026-02-16 03:04:06 +01:00
Nick Taylor
1fb52b4d7b feat(gateway): add trusted-proxy auth mode (#15940) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279d4b304f83186fda44dfe63a729406a835dafa
Co-authored-by: nickytonline <833231+nickytonline@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 12:32:17 +01:00
Peter Steinberger
1def8c5448 fix(security): extend audit hardening checks 2026-02-13 16:26:58 +01:00
max
f17c978f5c refactor(security,config): split oversized files (#13182) 
refactor(security,config): split oversized files using dot-naming convention

- audit-extra.ts (1,199 LOC) -> barrel (31) + sync (559) + async (668)
- schema.ts (1,114 LOC) -> schema (353) + field-metadata (729)
- Add tmp-refactoring-strategy.md documenting Wave 1-4 plan

PR #13182
 2026-02-09 22:22:29 -08:00
Shailesh
bccdc95a9b Cap sessions_history payloads to prevent context overflow (#10000) 
* Cap sessions_history payloads to prevent context overflow

* fix: harden sessions_history payload caps

* fix: cap sessions_history payloads to prevent context overflow (#10000) (thanks @gut-puncture)

---------

Co-authored-by: Shailesh Rana <shaileshrana@ShaileshMM.local>
Co-authored-by: George Pickett <gpickett00@gmail.com>
 2026-02-05 17:50:57 -08:00
Abdel Sy Fane
bc88e58fcf security: add skill/plugin code safety scanner (#9806) 
* security: add skill/plugin code safety scanner module

* security: integrate skill scanner into security audit

* security: add pre-install code safety scan for plugins

* style: fix curly brace lint errors in skill-scanner.ts

* docs: add changelog entry for skill code safety scanner

* style: append ellipsis to truncated evidence strings

* fix(security): harden plugin code safety scanning

* fix: scan skills on install and report code-safety details

* fix: dedupe audit-extra import

* fix(security): make code safety scan failures observable

* fix(test): stabilize smoke + gateway timeouts (#9806) (thanks @abdelsfane)

---------

Co-authored-by: Darshil <ddhameliya@mail.sfsu.edu>
Co-authored-by: Darshil <81693876+dvrshil@users.noreply.github.com>
Co-authored-by: George Pickett <gpickett00@gmail.com>
 2026-02-05 16:06:11 -08:00
Gustavo Madeira Santana
4629054403 chore: apply local workspace updates (#9911) 
* chore: apply local workspace updates

* fix: resolve prep findings after rebase (#9898) (thanks @gumadeiras)

* refactor: centralize model allowlist normalization (#9898) (thanks @gumadeiras)

* fix: guard model allowlist initialization (#9911)

* docs: update changelog scope for #9911

* docs: remove model names from changelog entry (#9911)

* fix: satisfy type-aware lint in model allowlist (#9911)
 2026-02-05 16:54:44 -05:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
cpojer
15792b153f chore: Enable more lint rules, disable some that trigger a lot. Will clean up later. 2026-01-31 16:04:04 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Vignesh
1d37815443 fix(models): recognize Venice-style claude-opus-45 as claude-opus-4-5 thanks @jonisjongithub 2026-01-27 12:40:06 -08:00
jonisjongithub
60873a1ed1 fix(security): recognize Venice-style claude-opus-45 as top-tier model 
The security audit was incorrectly flagging venice/claude-opus-45 as
'Below Claude 4.5' because the regex expected -4-5 (with dash) but
Venice uses -45 (without dash between 4 and 5).

Updated isClaude45OrHigher() regex to match both formats.
Added test case to prevent regression.
 2026-01-27 12:20:40 -08:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
e7fdccce39 refactor: route browser control via gateway/node 2026-01-27 03:24:54 +00:00
Peter Steinberger
ab73aceb27 fix: use Windows ACLs for security audit 2026-01-26 18:19:58 +00:00
Peter Steinberger
ec2c69c230 fix: honor gateway env token for doctor/security 
Co-authored-by: azade-c <azade-c@users.noreply.github.com>
 2026-01-23 03:16:52 +00:00
Peter Steinberger
51dfd6efdb fix: tighten small-model audit guardrails 2026-01-20 23:52:26 +00:00
Peter Steinberger
6d5195c890 refactor: normalize cli command hints 2026-01-20 07:43:00 +00:00
Peter Steinberger
e59d8c5436 style: oxfmt format 2026-01-17 05:48:56 +00:00
Peter Steinberger
a624878973 fix(security): gate slash commands by sender 2026-01-17 05:25:42 +00:00
Peter Steinberger
d0c986c4f0 feat: warn on weak model tiers 2026-01-16 09:34:37 +00:00
Peter Steinberger
9c1122def0 test: fix Windows security audit perms 2026-01-15 06:04:39 +00:00
Peter Steinberger
ca1902fb4e feat(security): expand audit and safe --fix 2026-01-15 05:31:43 +00:00