nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,508 Commits 736 Branches 79 Tags 2.7 GiB
Commit Graph

391 Commits

Author SHA1 Message Date
Seb Slight abcaa8c7a9
Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
Josh Palmer 7a6c40872d
Agents: add system prompt safety guardrails (#5445) 
* 🤖 agents: add system prompt safety guardrails

What:
- add safety guardrails to system prompt
- update system prompt docs
- update prompt tests

Why:
- discourage power-seeking or self-modification behavior
- clarify safety/oversight priority when conflicts arise

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 agents: tighten safety wording for prompt guardrails

What:
- scope safety wording to system prompts/safety/tool policy changes
- document Safety inclusion in minimal prompt mode
- update safety prompt tests

Why:
- avoid blocking normal code changes or PR workflows
- keep prompt mode docs consistent with implementation

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)

* 🤖 docs: note safety guardrails are soft

What:
- document system prompt safety guardrails as advisory
- add security note on prompt guardrails vs hard controls

Why:
- clarify threat model and operator expectations
- avoid implying prompt text is an enforcement layer

Tests:
- pnpm lint (pass)
- pnpm build (fails: DefaultResourceLoader missing in pi-coding-agent)
- pnpm test (not run; build failed)
 2026-01-31 15:50:15 +01:00
cpojer 8cab78abbc
chore: Run `pnpm format:fix`. 2026-01-31 21:13:13 +09:00
Mario Zechner bf15d0a3f5 Auth: switch Kimi Coding to built-in provider 2026-01-31 06:04:10 +01:00
Peter Steinberger 9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Gustavo Madeira Santana a44da67069 fix: local updates for PR #3600 
Co-authored-by: kira-ariaki <kira-ariaki@users.noreply.github.com>
 2026-01-28 22:00:11 -05:00
Ayaan Zaidi b6a3a91edf fix: wire per-account dm scope guidance (#3095) (thanks @jarvis-sam) 2026-01-28 11:42:33 +05:30
Boran Cui 394308076a Update Moonshot Kimi model references from kimi-k2-0905-preview to the latest kimi-k2.5 2026-01-27 21:10:59 -06:00
vignesh07 0b2b501856 docs: clarify v1++ claims (not just target lists) 2026-01-27 15:35:24 -08:00
vignesh07 ead73f86f0 docs: add v1++ formal model targets (pairing/ingress/routing) 2026-01-27 15:32:37 -08:00
Vignesh f7a014228d
Update permalink for formal verification document 2026-01-27 15:30:42 -08:00
vignesh07 90a6bbdbda docs: restore gateway/security formal verification redirect copy 2026-01-27 15:29:35 -08:00
Vignesh 2bcd7655e4
Replace 'clawdbot' with 'moltbot' in security documentation 
Updated references from 'clawdbot' to 'moltbot' throughout the document, including security settings, file paths, and command usage.
 2026-01-27 15:25:04 -08:00
vignesh07 98b136541b docs: fix Moltbot naming in security + formal verification pages 2026-01-27 15:15:18 -08:00
vignesh07 8198e826da docs: update security + formal verification pages for Moltbot rename 2026-01-27 15:12:26 -08:00
Shadow f7a0b0934d
Branding: update bot.molt bundle IDs + launchd labels 2026-01-27 14:46:50 -06:00
Peter Steinberger 6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger 83460df96f chore: update molt.bot domains 2026-01-27 12:21:01 +00:00
Vignesh d3a6333ef7
docs: allow nested gateway security pages (#2641) 2026-01-26 23:41:35 -08:00
Vignesh 9a2be717b7
docs: redirect gateway/security/formal-verification (#2594) 2026-01-26 21:28:45 -08:00
Peter Steinberger 78f0bc3ec0 fix(browser): gate evaluate behind config flag 2026-01-27 05:00:39 +00:00
Vignesh f72b881276
docs: fix formal verification route (#2583) 2026-01-26 20:50:11 -08:00
vignesh07 39260e7055 docs(security): publish formal verification page under gateway/security 2026-01-26 20:32:12 -08:00
Peter Steinberger e7fdccce39 refactor: route browser control via gateway/node 2026-01-27 03:24:54 +00:00
Gustavo Madeira Santana b861a0bd73 Telegram: harden network retries and config 
Co-authored-by: techboss <techboss@users.noreply.github.com>
 2026-01-26 19:36:43 -05:00
Peter Steinberger 0f8f0fb9d7 docs: clarify command authorization for exec directives 2026-01-26 22:18:41 +00:00
Peter Steinberger 820ab8765a docs: clarify exec defaults 2026-01-26 21:37:56 +00:00
Peter Steinberger 1371e95e57 docs: clarify onboarding + credentials 2026-01-26 20:26:30 +00:00
Peter Steinberger 320b45c051 docs: note sandbox opt-in in gateway security 2026-01-26 20:13:10 +00:00
Peter Steinberger 000d5508aa docs(auth): remove external CLI OAuth reuse 2026-01-26 19:05:00 +00:00
Peter Steinberger b9098f3401 fix: remove unsupported gateway auth off option 2026-01-26 17:44:23 +00:00
Peter Steinberger e6bdffe568 feat: add control ui device auth bypass 2026-01-26 17:40:28 +00:00
Peter Steinberger ded366d9ab docs: expand security guidance for prompt injection and browser control 2026-01-26 15:20:14 +00:00
Jamieson O'Reilly a1f9825d63
security: add mDNS discovery config to reduce information disclosure (#1882) 
* security: add mDNS discovery config to reduce information disclosure

mDNS broadcasts can expose sensitive operational details like filesystem
paths (cliPath) and SSH availability (sshPort) to anyone on the local
network. This information aids reconnaissance and should be minimized
for gateways exposed beyond trusted networks.

Changes:
- Add discovery.mdns.enabled config option to disable mDNS entirely
- Add discovery.mdns.minimal option to omit cliPath/sshPort from TXT records
- Update security docs with operational security guidance

Minimal mode still broadcasts enough for device discovery (role, gatewayPort,
transport) while omitting details that help map the host environment.
Apps that need CLI path can fetch it via the authenticated WebSocket.

* fix: default mDNS discovery mode to minimal (#1882) (thanks @orlyjamie)

---------

Co-authored-by: theonejvo <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-26 13:32:11 +00:00
Peter Steinberger c4a80f4edb fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
Peter Steinberger fd9be79be1 fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
Ross Morsali ffaeee4c39 fix: preserve CLI session IDs for session resume 
- Add resumeArgs to DEFAULT_CLAUDE_BACKEND for proper --resume flag usage
- Fix gateway not preserving cliSessionIds/claudeCliSessionId in nextEntry
- Add test for CLI session ID preservation in gateway agent handler
- Update docs with new resumeArgs default
 2026-01-25 21:09:04 +00:00
Jamieson O'Reilly 6aec34bc60
fix(gateway): prevent auth bypass when behind unconfigured reverse proxy (#1795) 
* fix(gateway): prevent auth bypass when behind unconfigured reverse proxy

When proxy headers (X-Forwarded-For, X-Real-IP) are present but
gateway.trustedProxies is not configured, the gateway now treats
connections as non-local. This prevents a scenario where all proxied
requests appear to come from localhost and receive automatic trust.

Previously, running behind nginx/Caddy without configuring trustedProxies
would cause isLocalClient=true for all external connections, potentially
bypassing authentication and auto-approving device pairing.

The gateway now logs a warning when this condition is detected, guiding
operators to configure trustedProxies for proper client IP detection.

Also adds documentation for reverse proxy security configuration.

* fix: harden reverse proxy auth (#1795) (thanks @orlyjamie)

---------

Co-authored-by: orlyjamie <orlyjamie@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 15:08:03 +00:00
Peter Steinberger 0130ecd800 fix: paragraph-aware newline chunking (#1726) 
Thanks @tyler6204

Co-authored-by: Tyler Yust <64381258+tyler6204@users.noreply.github.com>
 2026-01-25 13:24:19 +00:00
Peter Steinberger 8f3da653b0 fix: allow control ui token auth without pairing 2026-01-25 12:47:17 +00:00
Peter Steinberger 653401774d
fix(telegram): honor linkPreview on fallback (#1730) 
* feat: add notice directive parsing

* fix: honor telegram linkPreview config (#1700) (thanks @zerone0x)
 2026-01-25 07:55:39 +00:00
Seb Slight d4f60bf16a
TTS: gate auto audio on inbound voice notes (#1667) 
Co-authored-by: Sebastian <sebslight@gmail.com>
 2026-01-25 04:35:20 +00:00
Peter Steinberger ede5145191 docs: sweep support troubleshooting updates 2026-01-25 04:33:14 +00:00
Peter Steinberger 458e731f8b fix: newline chunking across channels 2026-01-25 04:11:36 +00:00
Peter Steinberger 629ce4454d docs: add tips + clawd-to-clawd faq 2026-01-25 04:04:18 +00:00
Peter Steinberger e6e71457e0 fix: honor trusted proxy client IPs (PR #1654) 
Thanks @ndbroadbent.

Co-authored-by: Nathan Broadbent <git@ndbroadbent.com>
 2026-01-25 01:52:19 +00:00
Peter Steinberger ce89bc2b40 docs: add anthropic auth error troubleshooting 2026-01-25 00:07:19 +00:00
Peter Steinberger 8e159ab0b7
fix: follow up config.patch restarts/docs/tests (#1653) 
* fix: land config.patch restarts/docs/tests (#1624) (thanks @Glucksberg)

* docs: update changelog entry for config.patch follow-up (#1653) (thanks @Glucksberg)
 2026-01-24 23:33:13 +00:00
Peter Steinberger 5570e1a946 fix: polish Google Chat plugin (#1635) (thanks @iHildy) 
Co-authored-by: Ian Hildebrand <ian@jedi.net>
 2026-01-24 23:30:45 +00:00
iHildy b76cd6695d feat: add beta googlechat channel 2026-01-24 23:30:45 +00:00