7844bc89a1
Security: require Feishu webhook encrypt key ( #44087 )
...
* Feishu: require webhook encrypt key in schema
* Feishu: cover encrypt key webhook validation
* Feishu: enforce encrypt key at startup
* Feishu: add webhook forgery regression test
* Feishu: collect encrypt key during onboarding
* Docs: require Feishu webhook encrypt key
* Changelog: note Feishu webhook hardening
* Docs: clarify Feishu encrypt key screenshot
* Feishu: treat webhook encrypt key as secret input
* Feishu: resolve encrypt key only in webhook mode
2026-03-12 11:01:00 -04:00
3e730c0332
Security: preserve Feishu reaction chat type ( #44088 )
...
* Feishu: preserve looked-up chat type
* Feishu: fail closed on ambiguous reaction chats
* Feishu: cover reaction chat type fallback
* Changelog: note Feishu reaction hardening
* Feishu: fail closed without resolved chat type
* Feishu: normalize reaction chat type at runtime
2026-03-12 10:53:40 -04:00
ce5dd742f8
build: sync versions to 2026.3.11
2026-03-12 04:01:57 +00:00
0e397e62b7
chore: bump version to 2026.3.10
2026-03-11 23:29:53 +00:00
9c81c31232
chore: refresh dependencies except carbon
2026-03-11 20:10:33 +00:00
391f9430ca
fix(feishu): pass mediaLocalRoots in sendText local-image auto-convert shim (openclaw#40623)
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: ayanesakura <40628300+ayanesakura@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-09 22:26:06 -05:00
f6d0712f50
build: sync plugin versions for 2026.3.9
2026-03-09 08:39:52 +00:00
5fca4c0de0
chore: prepare 2026.3.8-beta.1 release
2026-03-09 07:09:37 +00:00
141738f717
refactor: harden browser runtime profile handling
2026-03-09 00:25:43 +00:00
8d7778d1d6
refactor: dedupe plugin runtime stores
2026-03-08 23:38:24 +00:00
05217845a7
build: bump version to 2026.3.8
2026-03-08 05:59:04 +00:00
1b034f08e0
Feishu: scope plugin SDK directory imports
2026-03-07 16:26:59 -08:00
2a5158295e
Feishu: scope plugin SDK channel imports
2026-03-07 16:26:59 -08:00
3800f6700a
Feishu: narrow directory entry types
2026-03-07 16:07:41 -08:00
2b54070526
refactor: share allowlist provider warning resolution
2026-03-08 00:05:24 +00:00
f319ec2dac
refactor: share onboarding allowlist entry parsing
2026-03-08 00:05:24 +00:00
8c15b8600c
refactor: share sender group policy evaluation
2026-03-07 23:27:51 +00:00
556aa8a702
refactor: share config adapter allowFrom and defaultTo helpers
2026-03-07 23:27:51 +00:00
feac26c3b7
refactor: share allowFrom formatter scaffolding
2026-03-07 23:27:51 +00:00
b7d03ea1f5
refactor: centralize open group-policy warning flow collectors
2026-03-07 23:27:51 +00:00
7230b96cc7
refactor: unify extension allowlist resolver and directory scaffolding
2026-03-07 23:27:51 +00:00
8e0e76697a
refactor: unify channel open-group-policy warning builders
2026-03-07 23:27:51 +00:00
5eba663c38
refactor: unify onboarding secret-input prompt state wiring
2026-03-07 23:27:51 +00:00
6b1c82c4f1
refactor: unify onboarding dm/group policy scaffolding
2026-03-07 23:27:51 +00:00
1835d5808f
fix(test): align feishu pairing assertion
2026-03-07 21:36:04 +00:00
2bcd56cfac
refactor: unify DM pairing challenge flows
2026-03-07 20:33:50 +00:00
f966dde476
tests: fix detect-secrets false positives ( #39084 )
...
* Tests: rename gateway status env token fixture
* Tests: allowlist feishu onboarding fixtures
* Tests: allowlist Google Chat private key fixture
* Docs: allowlist Brave API key example
* Tests: allowlist pairing password env fixtures
* Chore: refresh detect-secrets baseline
2026-03-07 13:21:29 -05:00
e4d80ed556
CI: restore main detect-secrets scan ( #38438 )
...
* Tests: stabilize detect-secrets fixtures
* Tests: fix rebased detect-secrets false positives
* Docs: keep snippets valid under detect-secrets
* Tests: finalize detect-secrets false-positive fixes
* Tests: reduce detect-secrets false positives
* Tests: keep detect-secrets pragmas inline
* Tests: remediate next detect-secrets batch
* Tests: tighten detect-secrets allowlists
* Tests: stabilize detect-secrets formatter drift
2026-03-07 10:06:35 -08:00
98ed7f57c6
refactor(feishu): dedupe non-streaming reply dispatcher setup
2026-03-07 17:58:31 +00:00
6b0785028f
refactor(feishu): dedupe accounts env secret-ref checks
2026-03-07 17:58:31 +00:00
7fddb357cb
refactor(feishu): dedupe client timeout assertion scaffolding
2026-03-07 17:58:31 +00:00
ac5f018877
refactor(feishu): dedupe onboarding status env setup tests
2026-03-07 17:58:31 +00:00
a82df52753
refactor(extensions): share secret input schema builder
2026-03-07 17:05:23 +00:00
74912037dc
perf: harden chunking against quadratic scans
2026-03-07 16:50:35 +00:00
addd290f88
fix(ci): stabilize tests and detect-secrets after dep updates
2026-03-07 11:14:04 +00:00
1aa77e4603
refactor(extensions): reuse shared helper primitives
2026-03-07 10:41:05 +00:00
997a9f5b9e
chore: bump version to 2026.3.7
2026-03-07 10:09:02 +00:00
024af2b738
fix(feishu): disable block streaming to prevent silent reply drops (openclaw#38422)
...
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini
Co-authored-by: xinhuagu <562450+xinhuagu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-06 22:33:30 -06:00
42e3d8d693
Secrets: add inline allowlist review set ( #38314 )
...
* Secrets: add inline allowlist review set
* Secrets: narrow detect-secrets file exclusions
* Secrets: exclude Docker fingerprint false positive
* Secrets: allowlist test and docs false positives
* Secrets: refresh baseline after allowlist updates
* Secrets: fix gateway chat fixture pragma
* Secrets: format pre-commit config
* Android: keep talk mode fixture JSON valid
* Feishu: rely on client timeout injection
* Secrets: allowlist provider auth test fixtures
* Secrets: allowlist onboard search fixtures
* Secrets: allowlist onboard mode fixture
* Secrets: allowlist gateway auth mode fixture
* Secrets: allowlist APNS wake test key
* Secrets: allowlist gateway reload fixtures
* Secrets: allowlist moonshot video fixture
* Secrets: allowlist auto audio fixture
* Secrets: allowlist tiny audio fixture
* Secrets: allowlist embeddings fixtures
* Secrets: allowlist resolve fixtures
* Secrets: allowlist target registry pattern fixtures
* Secrets: allowlist gateway chat env fixture
* Secrets: refresh baseline after fixture allowlists
* Secrets: reapply gateway chat env allowlist
* Secrets: reapply gateway chat env allowlist
* Secrets: stabilize gateway chat env allowlist
* Secrets: allowlist runtime snapshot save fixture
* Secrets: allowlist oauth profile fixtures
* Secrets: allowlist compaction identifier fixture
* Secrets: allowlist model auth fixture
* Secrets: allowlist model status fixtures
* Secrets: allowlist custom onboarding fixture
* Secrets: allowlist mattermost token summary fixtures
* Secrets: allowlist gateway auth suite fixtures
* Secrets: allowlist channel summary fixture
* Secrets: allowlist provider usage auth fixtures
* Secrets: allowlist media proxy fixture
* Secrets: allowlist secrets audit fixtures
* Secrets: refresh baseline after final fixture allowlists
* Feishu: prefer explicit client timeout
* Feishu: test direct timeout precedence
2026-03-06 19:35:26 -05:00
110ca23bab
Feishu: update media timeout tests
2026-03-06 17:34:41 -05:00
20db7afd5f
fix(feishu): remove invalid timeout properties from SDK method calls ( #38267 )
...
The `timeout` property is not part of the Lark SDK method signatures,
causing TS2353 errors. The client-level `httpTimeoutMs` already applies
the timeout to all requests.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 15:50:34 -06:00
4ed5febc38
chore(extensions): sync plugin versions
2026-03-06 22:26:15 +05:30
b12733395e
fix(feishu): restore explicit media request timeouts
2026-03-06 22:26:15 +05:30
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
bc66a8fa81
fix(feishu): avoid media regressions from global HTTP timeout ( #36500 )
...
* fix(feishu): avoid media regressions from global http timeout
* fix(feishu): source HTTP timeout from config
* fix(feishu): apply media timeout override to image uploads
* fix(feishu): invalidate cached client when timeout changes
* fix(feishu): clamp timeout values and cover image download
2026-03-05 12:13:40 -06:00
174eeea76c
Feishu: normalize group slash command probing
...
- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: #36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>\nCo-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
2026-03-05 11:56:59 -06:00
995ae73d5f
synthesis: fix Feishu group mention slash parsing
...
## Summary\n\nFeishu group slash command parsing is fixed for mentions and command probes across authorization paths.\n\nThis includes:\n- Normalizing bot mention text in group context for reliable slash detection in message parsing.\n- Adding command-probe normalization for group slash invocations.\n\nCo-authored-by: Sid Qin <sidqin0410@gmail.com>\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 11:34:08 -06:00
2972d6fa79
fix(feishu): accept groupPolicy "allowall" as alias for "open" ( #36358 )
...
* fix(feishu): accept groupPolicy "allowall" as alias for "open"
When users configure groupPolicy: "allowall" in Feishu channel config,
the Zod schema rejects the value and the runtime policy check falls
through to the allowlist path. With an empty allowFrom array, all group
messages are silently dropped despite the intended "allow all" semantics.
Accept "allowall" at the schema level (transform to "open") and add a
runtime guard in isFeishuGroupAllowed so the value is handled even if it
bypasses schema validation.
Closes #36312
Made-with: Cursor
* Feishu: tighten allowall alias handling and coverage
---------
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-03-05 11:32:01 -06:00
627b37e34f
Feishu: honor bot mentions by ID despite aliases ( Fixes #36317 ) ( #36333 )
2026-03-05 11:00:27 -06:00
b9f3f8d737
fix(feishu): use probed botName for mention checks ( #36391 )
2026-03-05 10:55:04 -06:00
Vincent Koc
Peter Steinberger
Ayane
Xinhua Gu
Anton Eicher
Ayaan Zaidi
Josh Avant
Tak Hoffman
Liu Xiaopai
Sid
StingNing