nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,105 Commits 712 Branches 79 Tags 2.1 GiB
Commit Graph

266 Commits

Author SHA1 Message Date
Luke bed661609e
fix(macos): align minimum Node.js version with runtime guard (22.16.0) (#45640) 
* macOS: align minimum Node.js version with runtime guard

* macOS: add boundary and failure-message coverage for RuntimeLocator

* docs: add changelog note for the macOS runtime locator fix

* credit: original fix direction from @sumleo, cleaned up and rebased in #45640 by @ImLukeF
 2026-03-14 13:43:21 +11:00
ImLukeF 66cb015bb4
fix(voicewake): avoid crash on foreign transcript ranges 2026-03-14 12:48:12 +11:00
Jaehoon You 2bfe188510
fix(macos): prevent PortGuard from killing Docker Desktop in remote mode (#13798) 
fix(macos): prevent PortGuardian from killing Docker Desktop in remote mode (#6755)

PortGuardian.sweep() was killing non-SSH processes holding the gateway
port in remote mode. When the gateway runs in a Docker container,
`com.docker.backend` owns the port-forward, so this could shut down
Docker Desktop entirely.

Changes:
- accept any process on the gateway port in remote mode
- add a defense-in-depth guard to skip kills in remote mode
- update remote-mode port diagnostics/reporting to match
- add regression coverage for Docker and local-mode behavior
- add a changelog entry for the fix

Co-Authored-By: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
 2026-03-14 12:26:09 +11:00
Steven 25f458a907
macOS: respect exec-approvals.json settings in gateway prompter (#13707) 
Fix macOS gateway exec approvals to respect exec-approvals.json.

This updates the macOS gateway prompter to resolve per-agent exec approval policy before deciding whether to show UI, use agentId for policy lookup, honor askFallback when prompts cannot be presented, and resolve no-prompt decisions from the configured security policy instead of hardcoded allow-once behavior. It also adds regression coverage for ask-policy and allowlist-fallback behavior, plus a changelog entry for the fix.

Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
 2026-03-14 12:00:15 +11:00
Peter Steinberger 4d686b47f0
fix: bind macOS skill trust to resolved paths 2026-03-13 21:00:59 +00:00
Peter Steinberger 6b49a604b4
fix: harden macos shell continuation parsing 2026-03-13 20:54:10 +00:00
Peter Steinberger e1fedd4388
fix: harden macos env wrapper resolution 2026-03-13 20:49:17 +00:00
Peter Steinberger bf89947a8e
fix: switch pairing setup codes to bootstrap tokens 2026-03-12 22:23:07 +00:00
Nimrod Gutman 144c1b802b
macOS/onboarding: prompt for remote gateway auth tokens (#43100) 
Merged via squash.

Prepared head SHA: 00e2ad847b
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman
 2026-03-11 13:53:19 +02:00
Luke f063e57d4b
fix(macos): use foundationValue when serializing browser proxy POST body (#43069) 
Merged via squash.

Prepared head SHA: 04c33fa061
Co-authored-by: ImLukeF <1272861+Effet@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-11 19:14:01 +08:00
Nimrod Gutman dadd7f99cd fix(ci): scope secrets scan to branch changes 2026-03-08 22:21:49 +02:00
Nimrod Gutman a6131438ea
fix(macos): improve tailscale gateway discovery (#40167) 
Sanitized test tailnet hostnames and re-ran the targeted macOS gateway discovery test suite before merge.
 2026-03-08 21:49:42 +02:00
Nimrod Gutman 3d3e8fe78c fix(macos): preserve unsupported remote gateway tokens 2026-03-08 21:28:17 +02:00
Charles Dusek 3b7a72bffb tests: document remote token persistence across mode toggle 2026-03-08 21:28:17 +02:00
Charles Dusek 37e0b01684 macos: add mode-toggle remote token sync coverage 2026-03-08 21:28:17 +02:00
Charles Dusek 6b338dd283 macos: add remote gateway token field for remote mode 2026-03-08 21:28:17 +02:00
Peter Steinberger 8d3d742c6a refactor: require canonical talk resolved payload 2026-03-08 16:22:48 +00:00
Peter Steinberger b4c8950417 refactor: centralize talk silence timeout defaults 2026-03-08 14:58:29 +00:00
dano does design 6ff7e8f42e talk: add configurable silence timeout 2026-03-08 14:30:25 +00:00
Peter Steinberger d5b305b250 fix: follow up #39321 and #38445 landings 2026-03-08 13:58:13 +00:00
Peter Steinberger 53fb317e7f fix(macos): clean swiftformat pass and sendable warning 2026-03-08 13:22:46 +00:00
Peter Steinberger d15b6af77b fix: land contributor PR #39516 from @Imhermes1 
macOS app/chat/browser/cron/permissions fixes.

Co-authored-by: ImHermes1 <lukeforn@gmail.com>
 2026-03-08 06:11:20 +00:00
Peter Steinberger e3c21c913d fix(ci): refresh secret baseline and UI state types 2026-03-07 21:17:57 +00:00
Peter Steinberger 10d0e3f3ca fix(dashboard): keep gateway tokens out of URL storage 2026-03-07 18:33:30 +00:00
Nimrod Gutman 4aa548cf7d
macOS: add tailscale serve discovery fallback for remote gateways (#32860) 
* feat(macos): add tailscale serve gateway discovery fallback

* fix: add changelog note for tailscale serve discovery fallback (#32860) (thanks @ngutman)
 2026-03-03 13:25:36 +02:00
Peter Steinberger fc692d82fd refactor(tests): dedupe macos ipc smoke setup blocks 2026-03-02 09:55:46 +00:00
Peter Steinberger fd7774a79e refactor(tests): dedupe swift gateway and chat fixtures 2026-03-02 09:39:45 +00:00
Peter Steinberger 7b3f506e64 style(swift): apply swiftformat and swiftlint fixes 2026-03-02 04:15:43 +00:00
Peter Steinberger 912ddba81e fix(macos): harden exec approvals socket path and permissions 2026-03-01 23:37:11 +00:00
Peter Steinberger 8f3310000a refactor(macos): remove anthropic oauth onboarding flow 2026-02-26 00:17:03 +01:00
Peter Steinberger 3c95f89662 refactor(exec): split system.run phases and align ts/swift validator contracts 2026-02-25 00:35:06 +00:00
Peter Steinberger ce1dbeb986 fix(macos): clean warnings and harden gateway/talk config parsing 2026-02-25 00:27:36 +00:00
Peter Steinberger 11a0495d5f fix(macos): default voice wake forwarding to webchat (#25440) 
Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com>
 2026-02-25 00:12:44 +00:00
Peter Steinberger 31e6d18538 fix(macos): prefer openclaw binary while keeping pnpm fallback (#25512) 
Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com>
 2026-02-25 00:11:53 +00:00
Peter Steinberger 236b22b6a2 fix(macos): guard voice audio paths with no input device (#25817) 
Co-authored-by: Stefan Förster <103369858+sfo2001@users.noreply.github.com>
 2026-02-25 00:10:14 +00:00
Peter Steinberger 55cf92578d fix(security): harden system.run companion command binding 2026-02-25 00:02:03 +00:00
Nimrod Gutman d58f71571a feat(talk): add provider-agnostic config with legacy compatibility 2026-02-24 15:02:52 +00:00
Peter Steinberger 7c99a733a9 fix: harden macOS usage cost submenu recursion guard (#25341) (thanks @yingchunbai) 2026-02-24 13:48:59 +00:00
Peter Steinberger e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger a96d89f343 refactor: unify exec wrapper resolution and parity fixtures 2026-02-22 10:26:44 +01:00
Peter Steinberger 2b63592be5 fix: harden exec allowlist wrapper resolution 2026-02-22 09:52:02 +01:00
Peter Steinberger bfe016fa29 fix: clear stale remote discovery endpoints (#21618) (thanks @bmendonca3) 2026-02-22 00:04:36 +01:00
Brian Mendonca 617e38cec0 Security/macos: enforce wss for non-loopback direct gateway 2026-02-21 23:57:34 +01:00
Brian Mendonca 8942ac04a8 fix(security): fail closed on unauthenticated discovery routing 2026-02-21 23:57:34 +01:00
Peter Steinberger 1bc5c2a7e9 refactor: unify exec shell parser parity and gateway websocket test helpers 2026-02-21 23:17:12 +01:00
Peter Steinberger 2028ca4428 fix(macos): unify exec allowlist validation pipeline 2026-02-21 23:09:07 +01:00
Peter Steinberger dd41fadcaf fix(macos): enforce path-only exec allowlist patterns 2026-02-21 22:58:40 +01:00
Peter Steinberger 90a378ca3a fix(macos): block quoted shell substitution in allowlist checks 2026-02-21 22:57:53 +01:00
Peter Steinberger 5da03e6221 fix(macos): harden exec allowlist shell-chain checks 2026-02-21 16:27:18 +01:00
Mariano 774d73b458
fix(macos): reject insecure non-loopback ws remote gateway urls (#21971) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9e8cdbf095
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 16:34:00 +00:00