e1503349c3
fix: scope extension runtime deps to plugin manifests
2026-03-03 05:33:12 +00:00
da6e6fb900
test: fix strict runtime mock types in channel tests
2026-03-03 03:06:22 +00:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
0750fc2de1
test: consolidate extension runtime mocks and split bluebubbles webhook auth suite
2026-03-03 02:37:23 +00:00
0fd77c9856
refactor: modularize plugin runtime and test hooks
2026-03-03 02:06:58 +00:00
3b9877dee7
fix: add requestHeartbeatNow to bluebubbles test mock
2026-03-03 01:40:31 +00:00
53ada1e9b9
fix: add missing events property to bluebubbles PluginRuntime mock
2026-03-03 01:37:56 +00:00
faa4ffec03
Add runtime.stt.transcribeAudioFile for plugin STT access
...
Expose audio transcription through the PluginRuntime so external
plugins (e.g. marmot) can use openclaw's media-understanding provider
framework without importing unexported internal modules.
The new transcribeAudioFile() wraps runCapability({capability: "audio"})
and reads provider/model/apiKey from tools.media.audio in the config,
matching the pattern used by the Discord VC implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-02 21:43:01 +00:00
1c9deeda97
refactor: split webhook ingress and policy guards
2026-03-02 18:02:21 +00:00
d3e8b17aa6
fix: harden webhook auth-before-body handling
2026-03-02 17:21:09 +00:00
7a7eee920a
refactor(gateway): harden plugin http route contracts
2026-03-02 16:48:00 +00:00
2fd8264ab0
refactor(gateway): hard-break plugin wildcard http handlers
2026-03-02 16:24:06 +00:00
b13d48987c
refactor(gateway): unify control-ui and plugin webhook routing
2026-03-02 16:18:12 +00:00
741e74972b
refactor(plugin-sdk): share boolean action param parsing
2026-03-02 14:36:41 +00:00
ad8d766f65
refactor(extensions): dedupe channel config, onboarding, and monitors
2026-03-02 08:54:20 +00:00
f918b336d1
fix: agent-only announce path, BB message IDs, sender identity, SSRF allowlist ( #23970 )
...
* fix(agents): defer announces until descendant cleanup settles
* fix(bluebubbles): harden message metadata extraction
* feat(contributors): rank by composite score (commits, PRs, LOC, tenure)
* refactor(control-ui): move method guard after path checks to improve request handling
* fix subagent completion announce when only current run is pending
* fix(subagents): keep orchestrator runs active until descendants finish
* fix: prepare PR feedback follow-ups (#23970 ) (thanks @tyler6204)
2026-03-01 22:52:11 -08:00
6ba7238ac6
build: bump versions to 2026.3.2
2026-03-02 04:55:53 +00:00
41537e9303
fix(channels): add optional defaultAccount routing
2026-03-02 04:03:46 +00:00
8e48520d74
fix(channels): align command-body parsing sources
2026-03-01 23:11:48 +00:00
e7cafed424
chore(release): bump version to 2026.3.1
2026-03-01 21:14:17 +00:00
fe807e4bed
chore(release): bump 2026.2.27 and split changelog
2026-02-27 16:09:28 +01:00
a0c5e28f3b
refactor(extensions): use scoped pairing helper
2026-02-26 21:57:52 +01:00
dc6e4a5b13
fix: harden dm command authorization in open mode
2026-02-26 19:49:36 +01:00
64de4b6d6a
fix: enforce explicit group auth boundaries across channels
2026-02-26 18:49:16 +01:00
cd80c7e7ff
refactor: unify dm policy store reads and reason codes
2026-02-26 17:47:57 +01:00
273973d374
refactor: unify typing dispatch lifecycle and policy boundaries
2026-02-26 17:36:16 +01:00
7d9397099b
fix(bluebubbles): allow configured host for attachment SSRF guard
...
Co-authored-by: damaozi <1811866786@qq.com>
2026-02-26 16:40:57 +01:00
caace61ba1
chore: bump versions to 2026.2.26
2026-02-26 12:11:02 +01:00
8f8e46d898
refactor: unify reaction ingress policy guards across channels
2026-02-26 01:34:47 +01:00
2652bb1d7d
Release: sync plugin versions to 2026.2.25
2026-02-25 04:19:59 +00:00
955cc9029f
chore: sync plugin versions to 2026.2.24
2026-02-24 22:45:46 +00:00
dd41a78458
fix(bluebubbles): pass SSRF policy for localhost attachment downloads ( #24457 )
...
(cherry picked from commit aff64567c7
2026-02-24 04:06:57 +00:00
0183610db3
refactor: de-duplicate channel runtime and payload helpers
2026-02-23 21:25:28 +00:00
75423a00d6
refactor: deduplicate shared helpers and test setup
2026-02-23 20:40:44 +00:00
8d9d01447e
chore: align plugin versions and harden outbound cross-provider test
2026-02-22 23:04:17 -08:00
1c753ea786
test: dedupe fixtures and test harness setup
2026-02-23 05:45:54 +00:00
5056f4e142
fix(bluebubbles): tighten chat target handling
2026-02-22 11:29:31 +00:00
26763d1910
fix: resolve extension type errors and harden probe mocks
2026-02-22 12:25:58 +01:00
296b3f49ef
refactor(bluebubbles): centralize private-api status handling
2026-02-22 12:08:41 +01:00
37f12eb7ee
fix: align BlueBubbles private-api null fallback + warning ( #23459 ) (thanks @echoVic)
2026-02-22 11:47:57 +01:00
888b6bc948
fix(bluebubbles): treat null privateApiStatus as disabled, not enabled
...
Bug: privateApiStatus cache expires after 10 minutes, returning null.
The check '!== false' treats null as truthy, causing 500 errors when
trying to use Private API features that aren't actually available.
Root cause: In JavaScript, null !== false evaluates to true.
Fix: Changed all checks from '!== false' to '=== true', so null (cache
expired/unknown) is treated as disabled (safe default).
Files changed:
- extensions/bluebubbles/src/send.ts (line 376)
- extensions/bluebubbles/src/monitor-processing.ts (line 423)
- extensions/bluebubbles/src/attachments.ts (lines 210, 220)
Fixes #23393
2026-02-22 11:47:57 +01:00
96c985400d
BlueBubbles: accept webhook payloads with missing handles
2026-02-21 22:10:30 -08:00
75a9ea004b
Fix BlueBubbles DM history backfill bug ( #20302 )
...
* feat: implement DM history backfill for BlueBubbles
- Add fetchBlueBubblesHistory function to fetch message history from API
- Modify processMessage to fetch history for both groups and DMs
- Use dmHistoryLimit for DMs and historyLimit for groups
- Add InboundHistory field to finalizeInboundContext call
Fixes #20296
* style: format with oxfmt
* address review: in-memory history cache, resolveAccount try/catch, include is_from_me
- Wrap resolveAccount in try/catch instead of unreachable guard (it throws)
- Include is_from_me messages with 'me' sender label for full conversation context
- Add in-memory rolling history map (chatHistories) matching other channel patterns
- API backfill only on first message per chat, not every incoming message
- Remove unused buildInboundHistoryFromEntries import
* chore: remove unused buildInboundHistoryFromEntries helper
Dead code flagged by Greptile — mapping is done inline in
monitor-processing.ts.
* BlueBubbles: harden DM history backfill state handling
* BlueBubbles: add bounded exponential backoff and history payload guards
* BlueBubbles: evict merged history keys
* Update extensions/bluebubbles/src/monitor-processing.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: Ryan Mac Mini <ryanmacmini@ryans-mac-mini.tailf78f8b.ts.net>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-02-21 20:00:09 -05:00
0bd9f0d4ac
fix: enforce strict allowlist across pairing stores ( #23017 )
2026-02-22 00:00:23 +01:00
61dc7ac679
refactor(msteams,bluebubbles): dedupe inbound media download helpers
2026-02-21 23:08:07 +01:00
73d93dee64
fix: enforce inbound media max-bytes during remote fetch
2026-02-21 23:02:29 +01:00
549549f6a0
fix(ci): sync plugin versions and harden install smoke
2026-02-21 20:18:37 +01:00
4540790cb6
refactor(bluebubbles): share dm/group access policy checks
2026-02-21 20:08:33 +01:00
2ba6de7eaa
refactor(security): make empty allowlist behavior explicit
2026-02-21 19:54:59 +01:00
9632b9bcf0
fix(security): fail closed parsed chat allowlist
2026-02-21 19:51:36 +01:00
283029bdea
refactor(security): unify webhook auth matching paths
2026-02-21 11:52:34 +01:00
6b2f2811dc
fix(security): require BlueBubbles webhook auth
2026-02-21 11:41:50 +01:00
9231d7d30f
chore: bump version to 2026.2.21
2026-02-21 11:02:30 +01:00
f66b23de75
chore(release): bump versions to 2026.2.20
2026-02-20 00:02:53 +01:00
b0e55283d5
chore: bump release metadata to 2026.2.19
2026-02-19 16:17:34 +01:00
53aecf7a8e
test(bluebubbles): merge typing start stop method checks
2026-02-19 10:09:34 +00:00
32ba62dc69
test(bluebubbles): merge setGroupIcon credential checks
2026-02-19 09:51:35 +00:00
0c1d3b866c
test(bluebubbles): collapse duplicate credential and chatGuid cases
2026-02-19 09:48:47 +00:00
4bf3338834
chore: bump version to 2026.2.18 unreleased
2026-02-18 04:40:06 +01:00
b8b43175c5
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
31f9be126c
style: run oxfmt and fix gate failures
2026-02-18 01:29:02 +00:00
9a2c39419e
chore(release): bump version to 2026.2.17
2026-02-17 23:08:55 +01:00
e1015a5197
fix(bluebubbles): recover outbound message IDs and include sender metadata
2026-02-17 11:39:58 -08:00
d0cb8c19b2
chore: wtf.
2026-02-17 13:36:48 +09:00
ed11e93cf2
chore(format)
2026-02-16 23:20:16 -05:00
ca19745fa2
Revert "channels: migrate extension account listing to factory"
...
This reverts commit d24340d75b
2026-02-16 23:17:13 -05:00
0158e41298
Revert "fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies"
...
This reverts commit e179d453c7
2026-02-16 21:11:53 -05:00
b3d9ecf4e4
chore: Fix types that were broken due to reverts.
2026-02-17 10:57:31 +09:00
889f221ed1
chore: Fix type errors in `extensions/bluebubbles` tests.
2026-02-17 10:14:00 +09:00
90ef2d6bdf
chore: Update formatting.
2026-02-17 09:18:40 +09:00
7632e60d70
refactor(onboarding): reuse allowFrom merge helper in extensions
2026-02-16 23:47:57 +00:00
d24340d75b
channels: migrate extension account listing to factory
2026-02-16 23:53:19 +01:00
e179d453c7
fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies
2026-02-16 23:50:14 +01:00
1d37389490
test: annotate harness mocks to avoid TS2742 in CI
2026-02-16 15:19:11 +00:00
544ffbcf7b
refactor(extensions): dedupe connector helper usage
2026-02-16 14:59:30 +00:00
39fa81dc96
chore: bump version to 2026.2.16
2026-02-16 06:08:47 +01:00
88548784ce
fix(bluebubbles): use Buffer for multipart body
2026-02-15 19:25:11 +00:00
719280d737
refactor(bluebubbles): share multipart helpers
2026-02-15 19:24:03 +00:00
c6b3736fe7
fix: dedupe probe/token base types ( #16986 ) (thanks @iyoda)
2026-02-15 11:36:54 -06:00
379b445582
chore: bump version to 2026.2.15
2026-02-15 04:50:31 +01:00
1ff15e60d3
chore(release): bump versions to 2026.2.14
2026-02-15 02:53:35 +01:00
811e0c5797
refactor(bluebubbles): share send helpers
2026-02-15 01:15:43 +00:00
461ead8ceb
refactor(imessage): share target parsing helpers
2026-02-15 01:15:43 +00:00
a8e4ab3ebe
refactor(bluebubbles): dedupe webhook normalization
2026-02-15 00:26:46 +00:00
743f4b2849
fix(security): harden BlueBubbles webhook auth behind proxies
2026-02-14 19:47:51 +01:00
df7464ddf6
fix(bluebubbles): include sender identity in group chat envelopes ( #16326 )
...
* fix(bluebubbles): include sender identity in group chat envelopes
Use formatInboundEnvelope (matching iMessage/Signal pattern) so group
messages show the group label in the envelope header and include the
sender name in the message body. ConversationLabel now resolves to the
group name for groups instead of being undefined.
Fixes #16210
Co-authored-by: zerone0x <hi@trine.dev>
* fix(bluebubbles): use finalizeInboundContext and set BodyForAgent to raw text
Wrap ctxPayload with finalizeInboundContext (matching iMessage/Signal/
every other channel) so field normalization, ChatType, ConversationLabel
fallback, and MediaType alignment are applied consistently.
Change BodyForAgent from the envelope-formatted body to rawBody so the
agent prompt receives clean message text instead of the [BlueBubbles ...]
envelope wrapper.
Co-authored-by: zerone0x <hi@trine.dev>
* docs: add changelog entry for BlueBubbles group sender fix (#16326 )
* fix(bluebubbles): include id in fromLabel matching formatInboundFromLabel
Align fromLabel output with the shared formatInboundFromLabel pattern:
groups get 'GroupName id:peerId', DMs get 'Name id:senderId' when the
name differs from the id. Addresses PR review feedback.
Co-authored-by: zerone0x <hi@trine.dev>
---------
Co-authored-by: zerone0x <hi@trine.dev>
2026-02-14 18:17:26 +00:00
71f357d949
bluebubbles: harden local media path handling against LFI ( #16322 )
...
* bluebubbles: harden local media path handling
* bluebubbles: remove racy post-open symlink lstat
* fix: bluebubbles mediaLocalRoots docs + typing fix (#16322 ) (thanks @mbelinky)
2026-02-14 17:43:44 +00:00
188c4cd076
fix(security): reject ambiguous webhook target matches
2026-02-14 17:28:28 +01:00
6543ce717c
perf(test): avoid plugin-sdk barrel imports
2026-02-14 12:42:19 +00:00
45e12d2388
bluebubbles: gracefully handle disabled private API with action/tool filtering and fallbacks ( #16002 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 243cc0cc9a
2026-02-13 21:15:56 -08:00
f02247b6c5
fix(ci): fix discord proxy websocket binding and bluebubbles timeout status
2026-02-13 19:35:55 +00:00
7f0489e473
Security/Browser: constrain trace and download output paths to OpenClaw temp roots ( #15652 )
...
* Browser/Security: constrain trace and download output paths to temp roots
* Changelog: remove advisory ID from pre-public security note
* Browser/Security: constrain trace and download output paths to temp roots
* Changelog: remove advisory ID from pre-public security note
* test(bluebubbles): align timeout status expectation to 408
* test(discord): remove unused race-condition counter in threading test
* test(bluebubbles): align timeout status expectation to 408
2026-02-13 19:24:33 +00:00
a1df0939db
refactor(bluebubbles): split monitor parsing and processing modules
2026-02-13 19:08:37 +00:00
3cbcba10cf
fix(security): enforce bounded webhook body handling
2026-02-13 19:14:54 +01:00
67251e97bd
fix(ci): sync extension versions to root release ( #15199 )
2026-02-13 05:54:03 +01:00
7695b4842b
chore: bump version to 2026.2.12
2026-02-12 18:20:46 +01:00
f836c385ff
fix: BlueBubbles webhook auth bypass via loopback proxy trust ( #13787 )
...
* fix(an-08): apply security fix
Generated by staged fix workflow.
* fix(an-08): apply security fix
Generated by staged fix workflow.
* fix(an-08): stabilize bluebubbles auth fixture for security patch
Restore the default test password in createMockAccount and add a
fallback password query in createMockRequest when auth is omitted.
This keeps the AN-08 loopback-auth regression tests strict while
preserving existing monitor behavior tests that assume authenticated
webhook fixtures.
2026-02-12 07:12:17 -06:00
1872d0c592
chore: bump version to 2026.2.10
2026-02-11 11:27:23 +01:00
40b11db80e
TypeScript: add extensions to tsconfig and fix type errors ( #12781 )
...
* TypeScript: add extensions to tsconfig and fix type errors
- Add extensions/**/* to tsconfig.json includes
- Export ProviderAuthResult, AnyAgentTool from plugin-sdk
- Fix optional chaining for messageActions across channels
- Add missing type imports (MSTeamsConfig, GroupPolicy, etc.)
- Add type annotations for provider auth handlers
- Fix undici/fetch type compatibility in zalo proxy
- Correct ChannelAccountSnapshot property usage
- Add type casts for tool registrations
- Extract usage view styles and types to separate files
* TypeScript: fix optional debug calls and handleAction guards
2026-02-09 10:05:38 -08:00
fb8c653f53
chore(release): 2026.2.9
2026-02-09 11:19:07 -06:00
Peter Steinberger
Josh Avant
Austin Eral
SciFantastic
benthecarman
Tyler Yust
Agent
Shakker
Marcus Castro
Vignesh Natarajan
echoVic
Ryan Haines
Peter Steinberger
Tyler Yust
cpojer
Sebastian
yinghaosang
Jean Carlos Nunez
Shadow
Christian Klotz
Mariano
Coy Geek
max