nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,813 Commits 953 Branches 97 Tags 6.4 GiB
Commit Graph

3398 Commits

Author SHA1 Message Date
Gustavo Madeira Santana 0fdb55c4e4 Docs: refresh diffs plugin docs 2026-04-02 21:47:55 -04:00
Gustavo Madeira Santana 78a842d055 fix(matrix): align IDB snapshot lock timing 2026-04-02 21:44:08 -04:00
Gustavo Madeira Santana 1efa923ab8
Matrix: add native exec approvals (#58635) 
Merged via squash.

Prepared head SHA: d9f048e827
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-02 21:08:54 -04:00
Alejandro Martinez 3a91a4f8d4
fix(matrix): add advisory file locking to IDB crypto persistence (#59851) 
Merged via squash.

Prepared head SHA: 392e411ffd
Co-authored-by: al3mart <11448715+al3mart@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-02 20:19:40 -04:00
Alejandro Martinez b894ca6702
fix(matrix): allow secret storage recreation during repair bootstrap (#59846) 
Merged via squash.

Prepared head SHA: 06b10f61eb
Co-authored-by: al3mart <11448715+al3mart@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-02 20:11:58 -04:00
Hyojin Kwak 739ed1bf29
fix(msteams): preserve channel reply threading in proactive fallback (#55198) 
When a thread reply's turn context is revoked and falls back to proactive messaging, the normalized conversation ID lost the thread suffix, causing replies to land in the channel root instead of the original thread.

Reconstructs the threaded conversation ID (`;messageid=<activityId>`) for channel conversations in the proactive fallback path, while correctly leaving group chat conversations flat.

Fixes #27189

Thanks @hyojin
 2026-04-02 18:27:13 -05:00
Josh Lehman ed8d5b3797
fix: add Telegram native progress placeholder opt-in for plugin commands (#59300) 
Merged via squash.

Prepared head SHA: 4f5bc22a89
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-02 15:55:46 -07:00
Peter Steinberger bff6025bde
test: refresh generated baselines 2026-04-03 04:54:59 +09:00
Peter Steinberger 04cf29f613
refactor: speed up whatsapp inbound dispatch tests 2026-04-03 04:34:58 +09:00
Peter Steinberger 694d12a90b
refactor: apply context visibility across channels 2026-04-03 04:34:57 +09:00
Peter Steinberger d74a12264a
fix: mirror bedrock runtime dep in root package 2026-04-02 19:26:56 +01:00
Peter Steinberger 9f3a26caa6
fix(discord): quiet Carbon reconcile log 2026-04-02 18:55:34 +01:00
Peter Steinberger d56415e353
fix(openai): support reference-image edits 2026-04-03 02:26:33 +09:00
Peter Steinberger 2ea0ca08f6 test: add cross-provider approval availability coverage (#59776) (thanks @joelnishanth) 2026-04-03 02:21:17 +09:00
pgondhi987 7eb094a00d
fix(infra): align env key normalization in approval binding path (#59182) 
* fix: address issue

* fix: address PR review feedback

* fix: address review feedback

* fix: address review feedback

* chore: add changelog for Windows env approval binding

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:14:33 -06:00
pgondhi987 8aceaf5d0f
fix(security): close fail-open bypass in exec script preflight [AI] (#59398) 
* fix: address issue

* fix: finalize issue changes

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* chore: add changelog for exec preflight fail-closed hardening

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:00:39 -06:00
Agustin Rivera a26f4d0f3e
Separate Gemini OAuth state from PKCE verifier (#59116) 
* fix(google): separate oauth state from pkce verifier

* fix(google): drop unused oauth callback state arg

* docs(changelog): add #59116 google oauth state fix

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 09:51:11 -07:00
Vincent Koc 367969759c perf(memory): trim matrix host validation imports 2026-04-03 01:48:09 +09:00
pgondhi987 7cea7c2970
fix(zalo): scope replay dedupe cache key to path and account [AI] (#59387) 
* fix: address issue #139

* changelog: add zalo replay dedupe fix entry

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 09:36:35 -07:00
Peter Steinberger d5b6bfc48c
test(discord): align native approval fixture with auto mode 2026-04-02 17:33:35 +01:00
Peter Steinberger 17f6626ffe
feat(approvals): auto-enable native chat approvals 2026-04-02 17:30:40 +01:00
pgondhi987 462b4020bc
fix(browser): block SSRF redirect bypass via real-time route interception (#58771) 
Install a Playwright route handler before `page.goto()` so navigations
to private/internal IPs are intercepted and aborted mid-redirect instead
of being checked post-hoc after the request already reached the internal
host. Blocked targets are permanently marked and rejected for subsequent
tool calls.

Thanks @pgondhi987
 2026-04-02 09:07:57 -07:00
Gustavo Madeira Santana b5161042b7 Diffs: validate viewerBaseUrl in manifest schema 
Reject invalid diffs viewerBaseUrl values during manifest config validation,
not later during plugin registration.

Keep runtime normalization intact and add manifest-level coverage so bad
protocols and query/hash values fail fast.
 2026-04-02 11:55:05 -04:00
Peter Steinberger 047b701859
refactor(telegram): unify callback-data byte limit checks 2026-04-03 00:38:44 +09:00
Vincent Koc 0ad2dbd307
fix(providers): route image generation through shared transport (#59729) 
* fix(providers): route image generation through shared transport

* fix(providers): use normalized minimax image base url

* fix(providers): fail closed on image private routes

* fix(providers): bound shared HTTP fetches
 2026-04-03 00:32:37 +09:00
Peter Steinberger 988f7627de refactor(telegram): centralize approval callback shaping 2026-04-03 00:26:27 +09:00
Vincent Koc 3872a866a1
fix(xai): make x_search auth plugin-owned (#59691) 
* fix(xai): make x_search auth plugin-owned

* fix(xai): restore x_search runtime migration fallback

* fix(xai): narrow legacy x_search auth migration

* fix(secrets): drop legacy x_search target registry entry

* fix(xai): no-op knob-only x_search migration fallback
 2026-04-02 23:54:07 +09:00
Peter Steinberger 52866656c3 fix(telegram): preserve allow-always callback alias 2026-04-02 23:41:12 +09:00
Vincent Koc 4251ad6638 fix(telegram): allow trusted explicit proxy media fetches 2026-04-02 23:36:17 +09:00
James Cowan 7fea8250fb fix(approvals): use canonical decision values in interactive button payloads 2026-04-02 23:35:23 +09:00
Vincent Koc b0f94a227b
refactor(providers): normalize transport policy wiring (#59682) 
* refactor(providers): normalize transport policy wiring

* fix(providers): address transport policy review

* fix(providers): harden transport overrides

* fix(providers): keep env proxy tls separate

* fix(changelog): note provider transport policy hardening
 2026-04-02 22:54:34 +09:00
Peter Steinberger 1ecd92af89
chore: refresh deps and backfill changelog 2026-04-02 14:49:47 +01:00
Agustin Rivera b21c9840c2
OpenShell: constrain mirror sync roots (#58515) 
* fix(openshell): constrain mirror sync roots

* fix(openshell): restore config test types

* fix(openshell): simplify managed root sync
 2026-04-02 06:21:30 -07:00
Vincent Koc 3e4de956c0
!refactor(xai): move x_search config behind plugin boundary (#59674) 
* refactor(xai): move x_search config behind plugin boundary

* chore(changelog): note x_search config migration

* fix(xai): include x_search migration helpers
 2026-04-02 22:08:59 +09:00
Agustin Rivera ef7c553dd1
fix(zalo): scope webhook replay dedupe (#58444) 
* fix(zalo): scope webhook replay dedupe

* fix(zalo): harden replay metadata reads

* docs(changelog): add Zalo replay scope fix entry

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 06:07:14 -07:00
Agustin Rivera be10ecef77
fix(compare): reuse shared secret comparison helper (#58432) 
* fix(compare): reuse shared secret comparison helper

* fix(compare): reject empty bluebubbles auth tokens

* docs: add changelog entry for shared secret comparison fix

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 13:53:19 +01:00
mappel-nv 9c22d63669
Browser: normalize localhost absolute-form CDP hosts (#59236) 
* Browser: normalize localhost absolute-form CDP hosts

* CHANGELOG: note localhost absolute-form CDP fix

---------

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>
 2026-04-02 13:34:55 +01:00
Vincent Koc 6eca1949d5
refactor(plugins): tighten web fetch provider boundary (#59646) 
* refactor(plugins): tighten web fetch provider boundary

* fix(config): sync fetch secret parity and baseline

* fix(ci): enforce web fetch boundary guard
 2026-04-02 20:53:57 +09:00
Vincent Koc c405bcfa98
refactor(providers): centralize request capabilities (#59636) 
* refactor(providers): centralize request capabilities

* fix(providers): harden comparable base url parsing
 2026-04-02 20:26:22 +09:00
Vincent Koc 38d2faee20
!feat(plugins): add web fetch provider boundary (#59465) 
* feat(plugins): add web fetch provider boundary

* feat(plugins): add web fetch provider modules

* refactor(web-fetch): remove remaining core firecrawl fetch config

* fix(web-fetch): address review follow-ups

* fix(web-fetch): harden provider runtime boundaries

* fix(web-fetch): restore firecrawl compare helper

* fix(web-fetch): restore env-based provider autodetect

* fix(web-fetch): tighten provider hardening

* fix(web-fetch): restore fetch autodetect and compat args

* chore(changelog): note firecrawl fetch config break
 2026-04-02 20:25:19 +09:00
Vincent Koc d49460b417
fix(providers): centralize Anthropic endpoint classification (#59608) 
* fix(providers): centralize Anthropic endpoint classification

* fix(agents): share Anthropic thinking recovery gating
 2026-04-02 19:54:43 +09:00
Vincent Koc 0e9a9dae84
fix(providers): centralize Google endpoint classification (#59556) 
* fix(providers): centralize Google endpoint classification

* fix(providers): tighten Google endpoint fallback parsing

* fix(security): harden provider endpoint fallback parsing
 2026-04-02 19:21:31 +09:00
Jacob Tomlinson ac5bc4fb37
Slack: filter thread context by allowlist (#58380) 
* Slack: filter thread context by allowlist

* Slack: honor room thread allowlists

* Slack: keep open-room thread context

* Slack: keep non-room thread context

* Changelog: add Slack thread context fix
 2026-04-02 11:01:11 +01:00
mappel-nv 2eaf5a695e
Mattermost: guard probe fetches (#58529) 2026-04-02 10:30:33 +01:00
Jacob Tomlinson 2c45b06afd
fix(qqbot): restrict structured payload local paths (#58453) 
* fix(qqbot): restrict structured payload local paths

* fix(qqbot): narrow structured payload file access

* test(qqbot): cover payload path traversal guards

* fix(qqbot): reduce structured payload log exposure

* fix(qqbot): preserve inline image payload URLs
 2026-04-02 10:20:52 +01:00
Ayaan Zaidi b441cd2f4f
fix: normalize kimi anthropic tool payloads (#59440) 
* fix: normalize kimi anthropic tool payloads

* fix: normalize kimi anthropic tool payloads (#59440)
 2026-04-02 13:39:51 +05:30
Gustavo Madeira Santana 68bb76519a Matrix: fix delayed draft block boundaries 2026-04-02 03:47:57 -04:00
Gustavo Madeira Santana 8748b7c54c
Matrix: keep partial previews aligned with block streaming (#59384) 
Merged via squash.

Prepared head SHA: 981aa35a7c
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-02 03:39:27 -04:00
wittam-01 ce0ff42ff5
fix: harden Feishu comment-thread delivery (#59129) 
* fix: harden Feishu comment-thread delivery

* fix: harden Feishu comment-thread delivery (#59129) (thanks @wittam-01)

---------

Co-authored-by: George Zhang <georgezhangtj97@gmail.com>
 2026-04-02 00:31:52 -07:00
Gustavo Madeira Santana a5cd921053 revert: remove TinyFish bundled plugin 2026-04-02 03:07:33 -04:00