Mirrors/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 15:23:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
29,912 Commits 1,068 Branches 110 Tags
a736b6eededaafdcfa3e4d30fe216fa5fc449593
Commit Graph

18556 Commits

Author SHA1 Message Date
Peter Steinberger
a736b6eede test: remove redundant subagent allowlist conversions 2026-04-10 22:04:06 +01:00
Peter Steinberger
1a83731ea1 fix: label embedded harness config 2026-04-10 22:03:47 +01:00
EronFan
5e2136c6ae fix: include memory plugins in gateway startup (openclaw#64423) 
Verified:
- pnpm build
- pnpm check
- pnpm test -- src/plugins/channel-plugin-ids.test.ts

Co-authored-by: EronFan <50734013+EronFan@users.noreply.github.com>
 2026-04-10 16:02:44 -05:00
Peter Steinberger
241c63c7e0 refactor: remove redundant tool handler conversions 2026-04-10 22:01:48 +01:00
Peter Steinberger
a8bb0ab255 refactor: remove redundant model selection conversions 2026-04-10 22:00:02 +01:00
Davanum Srinivas
fbf11ebdb7 fix(sandbox): enforce CDP source-range restriction by default (#61404) 
* fix(sandbox): enforce CDP source-range restriction by default

Auto-derive CDP_SOURCE_RANGE from Docker network gateway IP when not
explicitly configured. The entrypoint script refuses to start the socat
CDP relay without a source range (fail-closed).

- readDockerNetworkGateway: use Go template println, filter <no value>
  sentinel, prefer IPv4 gateway on dual-stack networks
- Reject IPv6-only gateways for auto-derivation (relay binds IPv4)
- Remove stale browser_cdp_bridge_unrestricted audit check (runtime
  auto-derives range for all bridge-like networks)
- Bump SANDBOX_BROWSER_SECURITY_HASH_EPOCH to force container recreation

* chore(changelog): add sandbox CDP source-range entry

* fix(sandbox): gate CDP source-range derivation to bridge-style networks

Only auto-derive OPENCLAW_BROWSER_CDP_SOURCE_RANGE from the Docker
gateway IP for bridge networks (or when driver is unknown). Non-bridge
drivers (macvlan, ipvlan, overlay) may route traffic from different
source IPs, so they require explicit cdpSourceRange config.

Adds readDockerNetworkDriver helper and a regression test for macvlan.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:59:25 -06:00
Peter Steinberger
67ae576b9e test: remove redundant launchd conversions 2026-04-10 21:58:40 +01:00
Peter Steinberger
fc50e23262 refactor: remove redundant model picker conversions 2026-04-10 21:57:01 +01:00
Peter Steinberger
9470b616c9 refactor: remove redundant camera CLI conversions 2026-04-10 21:53:47 +01:00
Peter Steinberger
b8554128b4 refactor: remove redundant model auth conversions 2026-04-10 21:42:10 +01:00
Peter Steinberger
972ed139a7 fix: make docs anchor audit use Mintlify CLI 2026-04-10 21:39:52 +01:00
Peter Steinberger
75823947ae test: remove redundant loader message conversions 2026-04-10 21:30:48 +01:00
Peter Steinberger
cb3fbe7e50 refactor: remove redundant session patch conversions 2026-04-10 21:29:27 +01:00
Peter Steinberger
277028f1f5 test: remove redundant doctor string conversions 2026-04-10 21:27:33 +01:00
Peter Steinberger
c16b1b7433 docs: document harness fallback policy 2026-04-10 21:27:26 +01:00
Peter Steinberger
d236cb4680 chore: enable redundant type constituent checks 2026-04-10 21:23:40 +01:00
Peter Steinberger
8bc157c304 fix: prefer manifest evidence in install scanner 2026-04-10 21:22:16 +01:00
Peter Steinberger
ba55a81a32 fix: close landing test gaps 2026-04-10 21:22:16 +01:00
Peter Steinberger
c9067b6520 fix: preserve scoped plugin symlink installs 2026-04-10 21:22:16 +01:00
Peter Steinberger
3198c10fba fix: stabilize Codex harness landing checks 2026-04-10 21:22:16 +01:00
Peter Steinberger
2d80bbc43d feat(agents): allow disabling PI harness fallback 2026-04-10 21:22:16 +01:00
Peter Steinberger
84098a2267 fix: keep Codex harness opt-in by default 2026-04-10 21:22:16 +01:00
Peter Steinberger
106256d896 fix: address Codex harness review regressions 2026-04-10 21:22:16 +01:00
Peter Steinberger
bfc0889776 docs: document Codex harness plugin workflow 2026-04-10 21:22:16 +01:00
Peter Steinberger
44ec4d05de feat: add pluggable agent harness registry 2026-04-10 21:22:16 +01:00
Peter Steinberger
fa97004ee1 test: remove duplicate gateway server coverage 2026-04-10 21:15:57 +01:00
Agustin Rivera
851294126b Redact Gmail watcher startup args from log tail (#62661) 
* fix(logging): redact gmail watcher startup args

* fix(logging): normalize redaction formatting

* fix(logging): harden gmail watcher log redaction

* fix(logging): honor configured log tail redaction

* fix(logging): skip redact pattern resolution when off

* fix(logging): reuse compiled redact regexes

* chore: untrack USER.md (covered by .gitignore)

* chore: untrack USER.md (covered by .gitignore)

* fix(logging): avoid double-resolution in log-tail redaction

* fix(logging): redact across line boundaries for multiline patterns

* fix(logging): guard redactSensitiveLines against empty input

* chore(changelog): add Gmail watcher log redaction entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:07:28 -06:00
Peter Steinberger
733137615f test: trim agents shard waits 2026-04-10 21:07:12 +01:00
Agustin Rivera
eab6fcedaa Ensure ACPX plugin-tools bridge honors before_tool_call (#63886) 
* fix(acpx): honor tool hook on plugin bridge

Co-authored-by: smaeljaish771 <smaeljaish771@gmail.com>

* chore(changelog): add ACPX plugin-tools before_tool_call entry

---------

Co-authored-by: smaeljaish771 <smaeljaish771@gmail.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 14:05:34 -06:00
Extra Small
abb4736267 fix(skills): add missing opening --- to taskflow and taskflow-inbox-triage SKILL.md frontmatter (openclaw#64469) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test src/agents/skills.bundled-frontmatter.test.ts

Co-authored-by: extrasmall0 <"258180677"+extrasmall0@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-04-10 14:59:55 -05:00
Peter Steinberger
0ebeee8b0d chore: enable consistent-return 2026-04-10 20:56:43 +01:00
Agustin Rivera
121c452d66 fix(browser): tighten strict browser hostname navigation (#64367) 
* fix(browser): tighten strict browser hostname navigation

* fix(browser): address review follow-ups

* chore(changelog): add strict browser hostname navigation entry

* fix(browser): remove stale state prop from SelectionDeps call site

The PR's SelectionDeps uses getSsrFPolicy instead of the full state
object; the state property was leftover from an earlier iteration.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 13:18:53 -06:00
Peter Steinberger
4164d6fc4c test: narrow auto-reply command imports 2026-04-10 20:16:54 +01:00
Peter Steinberger
04c8026d03 chore: enable no-unnecessary-type-arguments 2026-04-10 20:14:49 +01:00
Peter Steinberger
dfe4c2d16d chore: enable no-floating-promises 2026-04-10 20:14:49 +01:00
Peter Steinberger
01113566fd chore: enable await-thenable 2026-04-10 20:14:49 +01:00
Peter Steinberger
cdb944ef0a chore: enable no-misused-spread 2026-04-10 20:14:49 +01:00
Peter Steinberger
1088904a47 test: skip provider runtime hints in config test 2026-04-10 20:12:16 +01:00
Agustin Rivera
c949af9fab fix(media): honor sender policy for host media reads (#64459) 
* fix(media): honor sender policy for host media reads

* fix(media): clarify host read group policy gating

* fix(media): forward sender identity for outbound reads

* fix(media): propagate non-id sender fields through outbound session for e164/username/name policy matching

* fix(media): preserve requester provider for host read policy

* fix(media): forward full sender identity through followup and core send paths

* fix(media): forward requester session/account context through core send fallback

* fix(media): preserve account policy fallback for requester-scoped host reads

* chore(changelog): add outbound media sender-policy entry

* fix(media): align test call shape with production — omit messageProvider when sessionKey is set

Addresses P2 review: production call sites pass messageProvider: undefined
when sessionKey is present; tests should mirror that so regressions in
the precedence order are caught.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 13:07:56 -06:00
Peter Steinberger
5df7771d0c test: keep browser subpath test import-only 2026-04-10 20:06:00 +01:00
Peter Steinberger
a96b97979d test: align browser subpath ssrf default 2026-04-10 20:03:28 +01:00
Peter Steinberger
8640b89158 test: trim provider contract slow paths 2026-04-10 20:00:48 +01:00
Agustin Rivera
e3a845bde5 Normalize agent hook system event trust handling (#64372) 
* fix(hooks): sanitize agent hook system events

Co-authored-by: zsx <git@zsxsoft.com>

* chore(changelog): add agent hook trust normalization entry

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 12:56:00 -06:00
Peter Steinberger
a6edccad3d test: align plugin install denylist expectations 2026-04-10 19:42:38 +01:00
Agustin Rivera
905f19230a Align external marker span mapping (#63885) 
* fix(markers): align external marker spans

* fix(browser): ssrfPolicy defaults fail-closed for unconfigured installs (GHSA-53vx-pmqw-863c)

* fix(browser): enforce strict default SSRF policy

* chore(changelog): add browser SSRF default + marker alignment entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-10 12:35:20 -06:00
Peter Steinberger
a52d38275e test: remove duplicate agent reset e2e 2026-04-10 19:30:24 +01:00
Peter Steinberger
cbce38d78c style: format post-rebase files 2026-04-10 19:28:42 +01:00
Peter Steinberger
59925c1a74 chore: update dependencies and oxc tooling 2026-04-10 19:28:42 +01:00
Peter Steinberger
e7db987ce6 test: trim heavy imports and harden ci checks 2026-04-10 19:23:10 +01:00
Peter Steinberger
d9b33205dc test: move disabled compat routes to http harness 2026-04-10 19:21:55 +01:00