negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
16,446 Commits 1 Branch 0 Tags
fd3ca8a34c72ee74b58873007b8dd72de63754bb
Commit Graph

34 Commits

Author SHA1 Message Date
Gustavo Madeira Santana
5f49a5da3c Diffs: extend image quality configs and add PDF as a format option (#31342) 
Merged via squash.

Prepared head SHA: cc12097851d7b63f1f5f2f754c23cfb1c3faff9b
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-02 04:38:50 -05:00
Sahil Satralkar
28d658e178 Tests: verify tools invoke propagates route headers for subagent spawn context 2026-02-24 04:12:25 +00:00
Peter Steinberger
b109fa53ea refactor(core): dedupe gateway runtime and config tests 2026-02-22 07:44:57 +00:00
Peter Steinberger
10b8839a82 fix(security): centralize WhatsApp outbound auth and return 403 tool auth errors 2026-02-21 14:31:01 +01:00
Peter Steinberger
36a0df423d refactor(gateway): make ws and http auth surfaces explicit 2026-02-21 13:33:09 +01:00
Peter Steinberger
a69e7682c1 refactor(test): dedupe channel and monitor action suites 2026-02-18 04:49:22 +00:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger
b1dd23f61d perf(test): mock config stack in tools invoke http tests 2026-02-14 18:46:24 +00:00
Peter Steinberger
4d4296cae5 perf(test): speed up gateway tools invoke HTTP tests 2026-02-14 18:46:24 +00:00
Peter Steinberger
a7a08b6650 test(gateway): cover tools allow/deny precedence 2026-02-14 13:18:49 +01:00
Peter Steinberger
4bef423d83 perf(test): reduce gateway reload waits and trim duplicate invoke coverage 2026-02-13 23:50:08 +00:00
Peter Steinberger
6442512954 perf: reduce hotspot test startup and timeout costs 2026-02-13 20:03:01 +00:00
Peter Steinberger
767fd9f222 fix: classify /tools/invoke errors and sanitize 500s (#13185) (thanks @davidrudduck) 2026-02-13 16:58:30 +01:00
Peter Steinberger
ee31cd47b4 fix: close OC-02 gaps in ACP permission + gateway HTTP deny config (#15390) (thanks @aether-ai-agent) 2026-02-13 14:30:06 +01:00
aether-ai-agent
749e28dec7 fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02) 
Two critical RCE vectors patched:

Vector 1 - Gateway HTTP /tools/invoke:
- Add DEFAULT_GATEWAY_HTTP_TOOL_DENY blocking sessions_spawn,
  sessions_send, gateway, whatsapp_login from HTTP invocation
- Apply deny filter after existing policy cascade, before tool lookup
- Add gateway.tools.{allow,deny} config override in GatewayConfig

Vector 2 - ACP client auto-approval:
- Replace blind allow_once selection with danger-aware permission handler
- Dangerous tools (exec, sessions_spawn, etc.) require interactive confirmation
- Safe tools retain auto-approve behavior (backward compatible)
- Empty options array now denied (was hardcoded "allow")
- 30s timeout auto-denies to prevent hung sessions

CWE-78 | CVSS:3.1 9.8 Critical
 2026-02-13 14:30:06 +01:00
Peter Steinberger
8899f9e94a perf(test): optimize heavy suites and stabilize lock timing 2026-02-13 13:29:07 +00:00
cpojer
935a0e5708 chore: Enable typescript/no-explicit-any rule. 2026-02-02 16:18:09 +09:00
Tyler Yust
476f367cf1 Gateway: avoid writing host config in tools invoke test 2026-02-01 17:19:23 -08:00
cpojer
f06dd8df06 chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
cpojer
5ceff756e1 chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
Josh Palmer
6522de6ce0 Tests: use agents_list in tools invoke gateway test 
What: swap sessions_list for agents_list in /tools/invoke tests
Why: avoid nested gateway calls that can hang under CI; still validates tool invocation + allowlist
Tests: not run (CI should cover)
 2026-01-30 18:17:12 +01:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
fb14146033 fix: harden ssh target handling 2026-01-26 21:11:48 +00:00
Vignesh Natarajan
d62b7c0d1e fix: treat tools.alsoAllow as implicit allow-all when no allowlist 2026-01-26 10:05:31 -08:00
Vignesh Natarajan
2ad3508a33 feat(config): add tools.alsoAllow additive allowlist 2026-01-26 10:05:31 -08:00
Peter Steinberger
c4a80f4edb fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
plum-dawg
c96ffa7186 feat: Add Line plugin (#1630) 
* feat: add LINE plugin (#1630) (thanks @plum-dawg)

* feat: complete LINE plugin (#1630) (thanks @plum-dawg)

* chore: drop line plugin node_modules (#1630) (thanks @plum-dawg)

* test: mock /context report in commands test (#1630) (thanks @plum-dawg)

* test: limit macOS CI workers to avoid OOM (#1630) (thanks @plum-dawg)

* test: reduce macOS CI vitest workers (#1630) (thanks @plum-dawg)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 12:22:36 +00:00
Peter Steinberger
d73e8ecca3 fix: document tools invoke + honor main session key (#1575) (thanks @vignesh07) 2026-01-24 09:29:32 +00:00
Vignesh Natarajan
f1083cd52c gateway: add /tools/invoke HTTP endpoint 2026-01-24 09:29:32 +00:00