25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host
2026-03-07 18:28:32 -06:00
e3c21c913d
fix(ci): refresh secret baseline and UI state types
2026-03-07 21:17:57 +00:00
e27bbe4982
fix(exec): block dangerous override-only env pivots
2026-03-07 19:18:05 +00:00
10d0e3f3ca
fix(dashboard): keep gateway tokens out of URL storage
2026-03-07 18:33:30 +00:00
997a9f5b9e
chore: bump version to 2026.3.7
2026-03-07 10:09:02 +00:00
ee6f7b1bf0
fix(ci): restore protocol and schema checks ( #37470 )
2026-03-06 11:46:17 +03:00
4aa548cf7d
macOS: add tailscale serve discovery fallback for remote gateways ( #32860 )
...
* feat(macos): add tailscale serve gateway discovery fallback
* fix: add changelog note for tailscale serve discovery fallback (#32860 ) (thanks @ngutman)
2026-03-03 13:25:36 +02:00
46b62c53f0
fix(ci): restore scope-test require import and sync host policy
2026-03-03 03:18:45 +00:00
80efcb75c7
style(swift): apply lint and format cleanup
2026-03-03 03:07:55 +00:00
ba50dfaae3
refactor(macos): simplify pairing alert and host helper paths
2026-03-03 03:07:54 +00:00
04a8f97c57
fix(swift): align async helper callsites across iOS and macOS
2026-03-03 03:07:54 +00:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
f1cd3ea531
fix(app:macos): 【 OpenClaw ⇄ clawdbot 】- Peekaboo Bridge discovery after the OpenClaw rename ( #6033 )
...
* fix(mac): keep OpenClaw bridge socket and harden legacy symlink
* fix(mac): add clawdis legacy Peekaboo bridge symlink
* macos: include moltbot in PeekabooBridge legacy socket paths
* changelog: note peekaboo legacy socket compatibility paths
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-02 07:00:30 -08:00
87316e07d8
refactor(macos): share pairing and ui dedupe utilities
2026-03-02 12:13:45 +00:00
cf67e374c0
refactor(macos): dedupe UI, pairing, and runtime helpers
2026-03-02 11:32:20 +00:00
fc692d82fd
refactor(tests): dedupe macos ipc smoke setup blocks
2026-03-02 09:55:46 +00:00
fd7774a79e
refactor(tests): dedupe swift gateway and chat fixtures
2026-03-02 09:39:45 +00:00
6ba7238ac6
build: bump versions to 2026.3.2
2026-03-02 04:55:53 +00:00
1c0d36eed0
fix(ci): resolve i18n typing and generated-policy drift
2026-03-02 04:29:18 +00:00
7b3f506e64
style(swift): apply swiftformat and swiftlint fixes
2026-03-02 04:15:43 +00:00
155118751f
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:53 +00:00
ed86252aa5
fix: handle CLI session expired errors gracefully instead of crashing gateway ( #31090 )
...
* fix: handle CLI session expired errors gracefully
- Add session_expired to FailoverReason type
- Add isCliSessionExpiredErrorMessage to detect expired CLI sessions
- Modify runCliAgent to retry with new session when session expires
- Update agentCommand to clear expired session IDs from session store
- Add proper error handling to prevent gateway crashes on expired sessions
Fixes #30986
* fix: add session_expired to AuthProfileFailureReason and missing log import
* fix: type cli-runner usage field to match EmbeddedPiAgentMeta
* fix: harden CLI session-expiry recovery handling
* build: regenerate host env security policy swift
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-02 01:11:05 +00:00
ac3e1e769b
chore(format): swiftformat host env and exec approvals ( #31115 )
2026-03-01 17:00:17 -08:00
81d600d55e
fix(protocol): regenerate swift gateway models for internalEvents
2026-03-02 00:55:35 +00:00
912ddba81e
fix(macos): harden exec approvals socket path and permissions
2026-03-01 23:37:11 +00:00
e7cafed424
chore(release): bump version to 2026.3.1
2026-03-01 21:14:17 +00:00
0d672e43b9
chore(protocol): sync generated swift models
2026-03-01 20:32:14 +05:30
fe807e4bed
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:28 +01:00
5b62d5603d
fix: unblock CI minimatch audit and host policy check
2026-02-26 22:48:09 +00:00
c35368c6dd
fix(ios): eliminate Swift warnings and clean build logs
2026-02-26 22:42:23 +00:00
a29b18c003
Protocol: regenerate Swift models for systemRunPlanV2
2026-02-26 23:05:23 +01:00
10481097f8
refactor(security): enforce v1 node exec approval binding
2026-02-26 18:09:01 +01:00
15e3e63705
protocol: regenerate Swift models for exec env field
2026-02-26 16:19:44 +00:00
4894d907fa
refactor(exec-approvals): unify system.run binding and generate host env policy
2026-02-26 16:58:01 +01:00
9a4b2266cc
fix(security): bind node system.run approvals to env
2026-02-26 16:38:07 +01:00
62a248eb99
core(protocol): pnpm protocol:check
2026-02-26 20:03:25 +05:30
081b1aa1ed
refactor(gateway): unify v3 auth payload builders and vectors
2026-02-26 15:08:50 +01:00
490cb5174d
fix(apps): sign gateway device auth with v3 payload
2026-02-26 14:16:49 +01:00
f53e4e9ffb
chore: Fix broken build protocol:check
2026-02-26 18:22:38 +05:30
caace61ba1
chore: bump versions to 2026.2.26
2026-02-26 12:11:02 +01:00
5500000492
chore(protocol): regenerate Swift gateway models
2026-02-26 04:43:27 +01:00
2011edc9e5
fix(gateway): preserve agentId through gateway send path
...
Landed from #23249 by @Sid-Qin.
Includes extra regression tests for agentId precedence + blank fallback.
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
2026-02-25 23:31:35 +00:00
8f3310000a
refactor(macos): remove anthropic oauth onboarding flow
2026-02-26 00:17:03 +01:00
480cc4b85c
chore: roll to 2026.2.25 unreleased
2026-02-25 03:35:33 +00:00
3c95f89662
refactor(exec): split system.run phases and align ts/swift validator contracts
2026-02-25 00:35:06 +00:00
ce1dbeb986
fix(macos): clean warnings and harden gateway/talk config parsing
2026-02-25 00:27:36 +00:00
16b228e4a6
fix(macos): resolve webchat panel corner clipping ( #22458 )
...
Co-authored-by: apethree <3081182+apethree@users.noreply.github.com>
Co-authored-by: agisilaos <3073709+agisilaos@users.noreply.github.com>
2026-02-25 00:14:56 +00:00
1970a1e9e5
fix(macos): keep Return for IME marked text commit ( #25178 )
...
Co-authored-by: jft0m <9837901+bottotl@users.noreply.github.com>
2026-02-25 00:14:00 +00:00
11a0495d5f
fix(macos): default voice wake forwarding to webchat ( #25440 )
...
Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com>
2026-02-25 00:12:44 +00:00
31e6d18538
fix(macos): prefer openclaw binary while keeping pnpm fallback ( #25512 )
...
Co-authored-by: Peter Machona <7957943+chilu18@users.noreply.github.com>
2026-02-25 00:11:53 +00:00
236b22b6a2
fix(macos): guard voice audio paths with no input device ( #25817 )
...
Co-authored-by: Stefan Förster <103369858+sfo2001@users.noreply.github.com>
2026-02-25 00:10:14 +00:00
55cf92578d
fix(security): harden system.run companion command binding
2026-02-25 00:02:03 +00:00
d58f71571a
feat(talk): add provider-agnostic config with legacy compatibility
2026-02-24 15:02:52 +00:00
7c99a733a9
fix: harden macOS usage cost submenu recursion guard ( #25341 ) (thanks @yingchunbai)
2026-02-24 13:48:59 +00:00
96b21f4823
fix(macos): remove self-delegate on cost usage submenu to prevent recursive dropdown
...
The cost usage submenu set `menu.delegate = self` (the MenuSessionsInjector),
which caused `menuWillOpen(_:)` to call `inject(into:)` on the submenu when
it opened. This re-inserted the "Usage cost (30 days)" item into the submenu,
creating an infinite recursive dropdown.
Fix: remove the delegate assignment from the submenu — it does not need
the injector's delegate behavior since it only contains a static chart view.
Closes #25167
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 13:48:59 +00:00
2bad30b4d3
chore(release): bump version to 2026.2.24
2026-02-24 13:42:43 +00:00
19d0ddc679
fix: regenerate protocol swift models for nodeId ( #24991 ) (thanks @stakeswky)
2026-02-24 04:34:49 +00:00
61db3d4a16
fix(protocol): regenerate swift gateway models
2026-02-23 11:52:42 +05:30
9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
558a0137bb
chore(release): bump versions to 2026.2.23
2026-02-23 05:13:46 +01:00
f8171ffcdc
Config UI: tag filters and complete schema help/labels coverage ( #23796 )
...
* Config UI: add tag filters and complete schema help/labels
* Config UI: finalize tags/help polish and unblock test suite
* Protocol: regenerate Swift gateway models
2026-02-22 15:17:07 -06:00
e80c803fa8
fix(security): block shell env allowlist bypass in system.run
2026-02-22 12:47:05 +01:00
6f7e5f92c3
fix: add operator.read and operator.write to default CLI scopes ( #22582 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 8569fc88c9
2026-02-22 16:36:18 +05:30
a96d89f343
refactor: unify exec wrapper resolution and parity fixtures
2026-02-22 10:26:44 +01:00
2b63592be5
fix: harden exec allowlist wrapper resolution
2026-02-22 09:52:02 +01:00
c2c7114ed3
fix(security): block HOME and ZDOTDIR env override injection
2026-02-22 09:42:55 +01:00
8887f41d7d
refactor(gateway)!: remove legacy v1 device-auth handshake
2026-02-22 09:27:03 +01:00
bfe016fa29
fix: clear stale remote discovery endpoints ( #21618 ) (thanks @bmendonca3)
2026-02-22 00:04:36 +01:00
617e38cec0
Security/macos: enforce wss for non-loopback direct gateway
2026-02-21 23:57:34 +01:00
8942ac04a8
fix(security): fail closed on unauthenticated discovery routing
2026-02-21 23:57:34 +01:00
1bc5c2a7e9
refactor: unify exec shell parser parity and gateway websocket test helpers
2026-02-21 23:17:12 +01:00
2028ca4428
fix(macos): unify exec allowlist validation pipeline
2026-02-21 23:09:07 +01:00
dd41fadcaf
fix(macos): enforce path-only exec allowlist patterns
2026-02-21 22:58:40 +01:00
90a378ca3a
fix(macos): block quoted shell substitution in allowlist checks
2026-02-21 22:57:53 +01:00
25e89cc863
fix(security): harden shell env fallback
2026-02-21 20:01:08 +01:00
e371da38aa
fix(macos): consolidate exec approval evaluation
2026-02-21 19:30:35 +01:00
fa89ae8e9e
fix: stabilize swift protocol generation and flaky tests
2026-02-21 16:53:46 +01:00
5da03e6221
fix(macos): harden exec allowlist shell-chain checks
2026-02-21 16:27:18 +01:00
8178ea472d
feat: thread-bound subagents on Discord ( #21805 )
...
* docs: thread-bound subagents plan
* docs: add exact thread-bound subagent implementation touchpoints
* Docs: prioritize auto thread-bound subagent flow
* Docs: add ACP harness thread-binding extensions
* Discord: add thread-bound session routing and auto-bind spawn flow
* Subagents: add focus commands and ACP/session binding lifecycle hooks
* Tests: cover thread bindings, focus commands, and ACP unbind hooks
* Docs: add plugin-hook appendix for thread-bound subagents
* Plugins: add subagent lifecycle hook events
* Core: emit subagent lifecycle hooks and decouple Discord bindings
* Discord: handle subagent bind lifecycle via plugin hooks
* Subagents: unify completion finalizer and split registry modules
* Add subagent lifecycle events module
* Hooks: fix subagent ended context key
* Discord: share thread bindings across ESM and Jiti
* Subagents: add persistent sessions_spawn mode for thread-bound sessions
* Subagents: clarify thread intro and persistent completion copy
* test(subagents): stabilize sessions_spawn lifecycle cleanup assertions
* Discord: add thread-bound session TTL with auto-unfocus
* Subagents: fail session spawns when thread bind fails
* Subagents: cover thread session failure cleanup paths
* Session: add thread binding TTL config and /session ttl controls
* Tests: align discord reaction expectations
* Agent: persist sessionFile for keyed subagent sessions
* Discord: normalize imports after conflict resolution
* Sessions: centralize sessionFile resolve/persist helper
* Discord: harden thread-bound subagent session routing
* Rebase: resolve upstream/main conflicts
* Subagents: move thread binding into hooks and split bindings modules
* Docs: add channel-agnostic subagent routing hook plan
* Agents: decouple subagent routing from Discord
* Discord: refactor thread-bound subagent flows
* Subagents: prevent duplicate end hooks and orphaned failed sessions
* Refactor: split subagent command and provider phases
* Subagents: honor hook delivery target overrides
* Discord: add thread binding kill switches and refresh plan doc
* Discord: fix thread bind channel resolution
* Routing: centralize account id normalization
* Discord: clean up thread bindings on startup failures
* Discord: add startup cleanup regression tests
* Docs: add long-term thread-bound subagent architecture
* Docs: split session binding plan and dedupe thread-bound doc
* Subagents: add channel-agnostic session binding routing
* Subagents: stabilize announce completion routing tests
* Subagents: cover multi-bound completion routing
* Subagents: suppress lifecycle hooks on failed thread bind
* tests: fix discord provider mock typing regressions
* docs/protocol: sync slash command aliases and delete param models
* fix: add changelog entry for Discord thread-bound subagents (#21805 ) (thanks @onutc)
---------
Co-authored-by: Shadow <hi@shadowing.dev>
2026-02-21 16:14:55 +01:00
f202e73077
refactor(security): centralize host env policy and harden env ingestion
2026-02-21 13:04:39 +01:00
2cdbadee1f
fix(security): block startup-file env injection across host execution paths
2026-02-21 11:44:20 +01:00
9231d7d30f
chore: bump version to 2026.2.21
2026-02-21 11:02:30 +01:00
844d84a7f5
Issue 17774 - Usage - Local - Show data from midnight to midnight of selected dates for browser time zone (AI assisted) (openclaw#19357) thanks @huntharo
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini (override approved by Tak for this run; local baseline failures outside PR scope)
Co-authored-by: huntharo <5617868+huntharo@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-20 20:09:03 -06:00
774d73b458
fix(macos): reject insecure non-loopback ws remote gateway urls ( #21971 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 9e8cdbf095
2026-02-20 16:34:00 +00:00
f66b23de75
chore(release): bump versions to 2026.2.20
2026-02-20 00:02:53 +01:00
b0e55283d5
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
4344699574
build: regenerate swift protocol models for updateAvailable
2026-02-19 08:54:30 +00:00
750276fa36
fix(protocol): regenerate Swift models for push.test ( #20325 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 9281e7ad03
2026-02-18 20:04:03 +00:00
168d24526e
chore(protocol): regenerate Swift models for device pair remove params
2026-02-18 14:01:34 +00:00
114736ed1a
Doctor/Security: fix telegram numeric ID + symlink config permission warnings ( #19844 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: e42bf1e48d
2026-02-18 00:09:51 -08:00
8278903f0a
fix: update deep links handling
2026-02-18 04:40:42 +01:00
4bf3338834
chore: bump version to 2026.2.18 unreleased
2026-02-18 04:40:06 +01:00
5bd95bef5a
fix(protocol): regenerate swift gateway models
2026-02-18 01:37:34 +00:00
9a2c39419e
chore(release): bump version to 2026.2.17
2026-02-17 23:08:55 +01:00
a7c25f203a
Protocol: regenerate cron Swift models
2026-02-17 01:54:59 +01:00
8c241449f5
fix(protocol): sync generated gateway swift models
2026-02-16 23:33:05 +00:00
bc67af6ad8
cron: separate webhook POST delivery from announce ( #17901 )
...
* cron: split webhook delivery from announce mode
* cron: validate webhook delivery target
* cron: remove legacy webhook fallback config
* fix: finalize cron webhook delivery prep (#17901 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-16 02:36:00 -08:00
39fa81dc96
chore: bump version to 2026.2.16
2026-02-16 06:08:47 +01:00
115cfb4430
gateway: add cron finished-run webhook ( #14535 )
...
* gateway: add cron finished webhook delivery
* config: allow cron webhook in runtime schema
* cron: require notify flag for webhook posts
* ui/docs: add cron notify toggle and webhook docs
* fix: harden cron webhook auth and fill notify coverage (#14535 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:14:17 -08:00
3cd786cc2d
refactor(swift): share discovery status text
2026-02-15 20:40:47 +00:00
Josh Avant
Peter Steinberger
Altay
Nimrod Gutman
Felix Lu
Frank Yang
Vincent Koc
Shakker
Agent
Ayaan Zaidi
Philipp Spiess
Harold Hunt
yingchunbai
Tak Hoffman
Yuzuru Suzuki
Brian Mendonca
Onur
Harold Hunt
Mariano
the sun gif man
Vignesh Natarajan
Advait Paliwal