Mirrors/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-30 05:56:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,732 Commits 864 Branches 89 Tags
c384fe456c77550b5f07bbca18388ca6a69fd2f3
Commit Graph

13874 Commits

Author SHA1 Message Date
Vincent Koc
ddfdbdb03c fix(gateway): require token for local trusted-proxy fallback 2026-03-25 08:23:49 -07:00
“zhangning”
11373a3d2d fix(auth): improve local request and trusted proxy handling 2026-03-25 00:26:59 +08:00
Peter Steinberger
e28e520379 refactor: simplify provider inference and zoned parsing helpers 2026-03-23 21:22:30 -07:00
Peter Steinberger
26365f7daf fix: hash inline scripts with data-src attributes 2026-03-23 21:14:55 -07:00
Peter Steinberger
0857447a5d fix: reject nonexistent zoned cron at-times 2026-03-23 21:14:55 -07:00
Peter Steinberger
69a317995d fix: fail closed when provider inference drops errored allowlists 2026-03-23 21:14:55 -07:00
Peter Steinberger
dc4d2ca263 build: prepare 2026.3.24 2026-03-23 21:05:59 -07:00
Peter Steinberger
ce49d8bca9 fix: verify global npm correction installs 2026-03-23 21:04:08 -07:00
Tak Hoffman
50d996a6ec tests: cron coverage and NO_REPLY delivery fixes (#53366) 
* tools: extend seam audit inventory

* tools: audit cron seam coverage gaps

* test: add cron seam coverage tests

* fix: avoid marking NO_REPLY cron deliveries as delivered

* fix: clean up delete-after-run NO_REPLY cron sessions
 2026-03-23 22:52:13 -05:00
Peter Steinberger
483dc90f05 test: harden linux runtime smoke guards 2026-03-24 03:23:52 +00:00
Ayaan Zaidi
17c1ee7716 fix: preserve command auth resolution errors on empty inferred allowlists 2026-03-24 08:38:27 +05:30
Peter Steinberger
38137b0cf8 refactor: split tracked ClawHub update flows 2026-03-23 20:01:51 -07:00
Taras Lukavyi
7ffe7e4822 fix: populate currentThreadTs in threading tool context fallback for Telegram DM topics (#52217) 
When a channel plugin lacks a custom buildToolContext (e.g. Telegram),
the fallback path in buildThreadingToolContext did not set currentThreadTs
from the inbound MessageThreadId. This caused resolveTelegramAutoThreadId
to return undefined, so message tool sends without explicit threadId
would route to the main chat instead of the originating DM topic.

Fixes #52217
 2026-03-24 08:27:03 +05:30
Peter Steinberger
3ae5d33799 refactor: extract cron schedule and test runner helpers 2026-03-23 19:53:43 -07:00
Taras Lukavyi
d4e3babdcc fix: command auth SecretRef resolution (#52791) (thanks @Lukavyi) 
* fix(command-auth): handle unresolved SecretRef in resolveAllowFrom

* fix(command-auth): fall back to config allowlists

* fix(command-auth): avoid duplicate resolution fallback

* fix(command-auth): fail closed on invalid allowlists

* fix(command-auth): isolate fallback resolution errors

* fix: record command auth SecretRef landing notes (#52791) (thanks @Lukavyi)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-24 08:21:30 +05:30
Peter Steinberger
0cbf6d5fed fix: land cron tz one-shot handling and prerelease config warnings (#53224) (thanks @RolfHegr) 2026-03-23 19:38:04 -07:00
Rolfy
9aac5582d6 fix(cron): make --tz work with --at for one-shot jobs 
Previously, `--at` with an offset-less ISO datetime (e.g. `2026-03-23T23:00:00`)
was always interpreted as UTC, even when `--tz` was provided. This caused one-shot
jobs to fire at the wrong time.

Changes:
- `parseAt()` now accepts an optional `tz` parameter
- When `--tz` is provided with `--at`, offset-less datetimes are interpreted in
  that IANA timezone using Intl.DateTimeFormat
- Datetimes with explicit offsets (e.g. `+01:00`, `Z`) are unaffected
- Removed the guard in cron-edit that blocked `--tz` with `--at`
- Updated `--at` help text to mention `--tz` support
- Added 2 tests verifying timezone resolution and offset preservation
 2026-03-23 19:38:04 -07:00
Peter Steinberger
7f373823b0 refactor: separate exec policy and execution targets 2026-03-23 19:36:44 -07:00
Val Alexander
a96eded4a0 feat(csp): support inline script hashes in Control UI CSP (#53307) thanks @BunsDev 
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com>
Co-authored-by: Nova <nova@openknot.ai>
 2026-03-23 21:35:33 -05:00
Peter Steinberger
e530865274 fix: preserve legacy clawhub skill updates (#53206) (thanks @drobison00) 2026-03-23 19:34:05 -07:00
Devin Robison
003752b9b3 Remove lower casing -- preserving prior behavior 2026-03-23 19:34:05 -07:00
Devin Robison
a339d706c1 Formatting fixes and remove trailing dash acceptance 2026-03-23 19:34:05 -07:00
Devin Robison
40071ea23e fix: tighten skill slug validation to ASCII-only 2026-03-23 19:34:05 -07:00
Peter Steinberger
462a7a9ae6 test: allow realpath in shell planner assertions 2026-03-24 02:15:14 +00:00
Peter Steinberger
d8cef14eb1 fix: split exec and policy resolution for wrapper trust (#53134) (thanks @vincentkoc) 2026-03-23 19:04:04 -07:00
Peter Steinberger
21d480ed92 fix(infra): preserve blocked dispatch policy target 
# Conflicts:
#	CHANGELOG.md
 2026-03-23 19:04:04 -07:00
Vincent Koc
32e89b4687 Infra: preserve wrapper executable for multiplexer trust 2026-03-23 19:04:04 -07:00
Peter Steinberger
2d5f822ca1 fix: warn on same-base prerelease configs 2026-03-24 02:02:31 +00:00
Peter Steinberger
85ed1a8986 refactor: clean up ClawHub compatibility validation 2026-03-23 18:52:37 -07:00
Peter Steinberger
5b4fd6bf31 fix: use runtime version for ClawHub plugin API checks (#53157) (thanks @futhgar) 2026-03-23 18:41:18 -07:00
futhgar
447e074bf4 fix(plugins): use runtime version for plugin API compatibility check 
OPENCLAW_PLUGIN_API_VERSION was hardcoded to "1.2.0" while ClawHub-published
plugins require >=2026.3.22, making all plugin installs via ClawHub fail with
"requires plugin API >=2026.3.22, but this OpenClaw runtime exposes 1.2.0".

Use resolveRuntimeServiceVersion() (already imported) to read the actual
version from package.json at runtime.

Fixes #53038
 2026-03-23 18:41:18 -07:00
Peter Steinberger
d25ad66069 fix: resolve catalog-backed channel login 2026-03-23 18:25:44 -07:00
Peter Steinberger
69390daa51 test: cover config correction version warnings 2026-03-23 18:23:50 -07:00
Peter Steinberger
b4bda479a4 fix: normalize bundled plugin version reporting 2026-03-23 18:23:50 -07:00
Peter Steinberger
e9905fd696 fix: avoid fd warnings in lock exit cleanup 2026-03-24 01:01:59 +00:00
Val Alexander
6c44b2ea50 fix(cli): guard channel-auth against prototype-chain pollution and control-char injection 
- Use hasOwnProperty + isBlockedObjectKey in isConfiguredAuthPlugin to
  prevent __proto__/constructor/prototype keys from matching config
- Sanitize plugin IDs with sanitizeForLog in ambiguity error messages
- Add regression test for __proto__ plugin ID
 2026-03-23 19:58:16 -05:00
Val Alexander
c8f4b8533d fix(cli): auto-select login-capable auth channels (#53254) thanks @BunsDev 
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com>
Co-authored-by: Nova <nova@openknot.ai>
 2026-03-23 19:54:46 -05:00
Peter Steinberger
00d586b2ce test: reduce flaky gemini live probe coverage 2026-03-24 00:40:17 +00:00
Peter Steinberger
dc02a7520f test: stabilize moonshot and minimax live probes 2026-03-24 00:40:17 +00:00
Peter Steinberger
9334015262 fix: ship bundled plugin runtime sidecars 2026-03-23 17:38:08 -07:00
Peter Steinberger
ce75f60ae9 fix: canonicalize malformed assistant replay content 2026-03-23 17:37:51 -07:00
Peter Steinberger
90fab48416 ci: stabilize sharded channel lanes 2026-03-24 00:21:50 +00:00
Peter Steinberger
a921b5bdff test: fix update-cli default path assertion 2026-03-23 23:05:25 +00:00
Peter Steinberger
725a2cc2ca test: expand gemini live transcript stripping 2026-03-23 23:01:22 +00:00
Peter Steinberger
67dbb1ad42 test: update command coverage 2026-03-23 23:01:22 +00:00
Peter Steinberger
d67efbfbd3 test: stabilize test isolation 2026-03-23 23:01:22 +00:00
Sally O'Malley
ae336d1602 Doctor: prune stale plugin allowlist and entry refs (#53187) 
Signed-off-by: sallyom <somalley@redhat.com>
 2026-03-23 18:58:54 -04:00
Vincent Koc
03231c0633 fix(auth): prevent stale auth store reverts (#53211) 2026-03-23 15:56:46 -07:00
Peter Steinberger
47bdc36831 test: make update-cli checkout path assertion platform-safe 2026-03-23 22:54:32 +00:00
Robin Waslander
fb6588cb99 fix(diagnostics): redact credentials from cache-trace diagnostic output 
Refs #53103
 2026-03-23 22:59:09 +01:00