nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,860 Commits 899 Branches 93 Tags 5.7 GiB
Commit Graph

23860 Commits

Author SHA1 Message Date
Jacob Tomlinson 17d0be02f2
fix(gateway): bind OpenResponses HTTP ingress as non-owner (#57778) 
* fix(gateway): bind OpenResponses HTTP ingress as non-owner

Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>

* test(gateway): cover streaming OpenResponses non-owner ingress

---------

Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>
 2026-03-30 17:05:29 +01:00
Jacob Tomlinson 1a75906a6f
Exec approvals: prevent interpreter allow-always persistence (#57772) 
* Exec approvals: block interpreter allow-always persistence

* Exec approvals: normalize interpreter allowlist formatting

* Exec approvals: normalize interpreter allowlist wrapping

* Exec approvals: tighten awk regression coverage

* Exec approvals: harden awk interpreter coverage
 2026-03-30 17:03:54 +01:00
pgondhi987 b7b46ad185
fix(skills): replace readFileSync with symlink-safe, root-confined skill file loader (#57519) 
* fix: replace readFileSync with symlink-safe, root-confined skill file loader

* fix(skills): preserve directory-name fallback when frontmatter omits name

* fix: harden skill loader path containment

---------

Co-authored-by: Jacob Tomlinson <jacobtomlinson@users.noreply.github.com>
 2026-03-30 17:03:05 +01:00
Jacob Tomlinson 7a5c5f33d0
Infra: block auth env vars from workspace dotenv (#57767) 
* Infra: block auth env vars from workspace dotenv

* Infra: block workspace dotenv auth key variants

* Infra: block workspace dotenv live auth keys
 2026-03-30 17:01:22 +01:00
Jacob Tomlinson 29cb1e3c7e
Gateway: tighten HTTP tool invoke authorization (#57773) 
* Gateway: harden HTTP tool invoke access

* Gateway: strengthen HTTP tools invoke regression coverage

* Gateway: keep owner-only tools off HTTP
 2026-03-30 16:59:40 +01:00
Jacob Tomlinson ae703ab0e7
infra: harden identifier entropy and delay jitter (#57744) 
* infra: harden identifier entropy and delay jitter

* test: make randomness hardening deterministic in CI
 2026-03-30 16:57:30 +01:00
Jacob Tomlinson 32a4a47d60
Agents: pin apply-patch workspace mutations (#56016) 
* Agents: pin apply-patch file ops to workspace

* Agents: resolve apply-patch review feedback

* Infra: fallback pinned path helper spawn failures
 2026-03-30 16:49:49 +01:00
pgondhi987 6d341cf366
fix(auto-reply): thread per-agent tools.exec defaults into reply directives (#57689) 
* fix(auto-reply): thread per-agent tools.exec defaults into exec overrides

* test(auto-reply): add session-override and inline-directive priority tests for exec agent defaults
 2026-03-30 16:46:54 +01:00
samzong 09bb93c6e0
fix(subagents): correct duration display showing 5-6x inflated runtime (#57739) 
Merged via squash.

Prepared head SHA: 018bbbca4d
Co-authored-by: samzong <13782141+samzong@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-30 23:44:36 +08:00
Jacob Tomlinson f011d0be28
fix(gateway): treat OpenAI HTTP ingress as non-owner (#57769) 
Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
 2026-03-30 16:26:53 +01:00
Sean c6f2db1506
fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 
* feat(gateway): implement claim check pattern to prevent OOM on large attachments

* fix: sanitize mediaId, refine trimEnd, remove warn log, add threshold and absolute path

* fix: enforce maxBytes before decoding and use dynamic path from saveMediaBuffer

* fix: enforce absolute maxBytes limit before Buffer allocation and preserve file extensions

* fix: align saveMediaBuffer arguments and satisfy oxfmt linter

* chore: strictly enforce linting rules (curly braces, unused vars, and error typing)

* fix: restrict offload to mainstream mimes to avoid extension-loss bug in store.ts for BMP/TIFF

* fix: restrict offload to mainstream mimes to bypass store.ts extension-loss bug

* chore: document bmp/tiff exclusion from offload whitelist in MIME_TO_EXT

* feat: implement agent-side resolver for opaque media URIs and finalize contract

* fix: support unicode media URIs and allow consecutive dots in safe IDs based on Codex review

* fix(gateway): enforce strict fail-fast for oversized media to prevent OOM bypass

* refactor(gateway): harden media offload with performance and security optimizations

This update refines the Claim Check pattern with industrial-grade guards:

- Performance: Implemented sampled Base64 validation for large payloads (>4KB) to prevent event loop blocking.
- Security: Added null-byte (\u0000) detection and reinforced path traversal guards.
- I18n: Updated media-uri regex to a blacklist-based character class for Unicode/Chinese filename support, with oxlint bypass for intentional control regex.
- Robustness: Enhanced error diagnostics with JSON-serialized IDs.

* fix: add HEIC/HEIF to offload allowlist and pass maxBytes to saveMediaBuffer

* fix(gateway): clean up offloaded media files on attachment parse failure

Address Codex review feedback: track saved media IDs and implement best-effort cleanup via deleteMediaBuffer if subsequent attachments fail validation, preventing orphaned files on disk.

* fix(gateway): enforce full base64 validation to prevent whitespace padding bypass

Address Codex review feedback: remove early return in isValidBase64 so padded payloads cannot bypass offload thresholds and reintroduce memory pressure. Updated related comments.

* fix(gateway): preserve offloaded media metadata and fix validation error mapping

Address Codex review feedback:
- Add \offloadedRefs\ to \ParsedMessageWithImages\ to expose structured metadata for offloaded attachments, preventing transcript media loss.
- Move \erifyDecodedSize\ outside the storage try-catch block to correctly surface client base64 validation failures as 4xx errors instead of 5xx \MediaOffloadError\.
- Add JSDoc TODOs indicating that upstream callers (chat.ts, agent.ts, server-node-events.ts) must explicitly pass the \supportsImages\ flag.

* fix(agents): explicitly allow media store dir when loading offloaded images

Address Codex review feedback: Pass getMediaDir() to loadWebMedia's localRoots for media-uri refs to prevent legacy path resolution mismatches from silently dropping large attachments.

* fix(gateway): resolve attachment offload regressions and error mapping

Address Codex review feedback:
- Pass \supportsImages\ dynamically in \chat.ts\ and \gent.ts\ based on model catalog, and explicitly in \server-node-events.ts\.
- Persist \offloadedRefs\ into the transcript pipeline in \chat.ts\ to preserve media metadata for >2MB attachments.
- Correctly map \MediaOffloadError\ to 5xx (UNAVAILABLE) to differentiate server storage faults from 4xx client validation errors.

* fix(gateway): dynamically compute supportsImages for overrides and node events

Address follow-up Codex review feedback:

- Use effective model (including overrides) to compute \supportsImages\ in \gent.ts\.

- Move session load earlier in \server-node-events.ts\ to dynamically compute \supportsImages\ rather than hardcoding true.

* fix(gateway): resolve capability edge cases reported by codex

Address final Codex edge cases:
- Refactor \gent.ts\ to compute \supportsImages\ even when no session key is present, ensuring text-only override requests without sessions safely drop attachments.
- Update catalog lookups in \chat.ts\, \gent.ts\, and \server-node-events.ts\ to strictly match both \id\ and \provider\ to prevent cross-provider model collisions.

* fix(agents): restore before_install hook for skill installs

Restore the plugin scanner security hook that was accidentally dropped during merge conflict resolution.

* fix: resolve attachment pathing, defer parsing after auth gates, and clean up node-event mocks

* fix: resolve syntax errors in test-env, fix missing helper imports, and optimize parsing sequence in node events

* fix(gateway): re-enforce message length limit after attachment parsing

Adds a secondary check to ensure the 20,000-char cap remains effective even after media markers are appended during the offload flow.

* fix(gateway): prevent dropping valid small images and clean up orphaned media on size rejection

* fix(gateway): share attachment image capability checks

* fix(gateway): preserve mixed attachment order

* fix: fail closed on unknown image capability (#55513) (thanks @Syysean)

* fix: classify offloaded attachment refs explicitly (#55513) (thanks @Syysean)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-30 20:54:40 +05:30
Shakker 3ad747e25f style: apply formatter cleanups 2026-03-30 16:20:27 +01:00
Shakker ab141df4b5 Skills: tighten env path guidance 2026-03-30 16:10:13 +01:00
Shakker a3de1f5f55 Skills: prefer active OpenClaw paths 2026-03-30 16:10:13 +01:00
Ayaan Zaidi 08d365f481
test: pin android explicit setup auth selection 2026-03-30 20:39:20 +05:30
Ayaan Zaidi fa150f8828
fix: use explicit setup auth for android gateway connect 2026-03-30 20:39:20 +05:30
Ayaan Zaidi deead11dcd
fix(android): restore setup-code operator bootstrap connect 2026-03-30 20:39:19 +05:30
Ayaan Zaidi 2dced6b4a0
fix: allow setup-code bootstrap auth for operator pairing 2026-03-30 20:39:19 +05:30
Ayaan Zaidi e0281849c0
fix: unblock android onboarding after bootstrap pairing 2026-03-30 20:39:19 +05:30
Ayaan Zaidi fec329ce8d
fix: handle android bootstrap-only setup codes 2026-03-30 20:39:19 +05:30
Robin Waslander 4d369a3400
harden session-status tool visibility guard for all callers 2026-03-30 16:48:12 +02:00
Jacob Tomlinson 5cca380840
msteams: filter thread history by sender allowlist (#57723) 
* msteams: filter thread history by sender allowlist

* tests: merge msteams thread authz coverage

* msteams: preserve thread allowlist fallback matching
 2026-03-30 15:38:26 +01:00
Jacob Tomlinson 7e08669715
synology-chat: add webhook in-flight guard (#57722) 
* synology-chat: add webhook in-flight guard

* tests: clarify synology in-flight limit assertion

* synology-chat: scope webhook in-flight budget per account
 2026-03-30 15:37:02 +01:00
Jacob Tomlinson 7a953a5227
Plugins: block install when source scan fails (#57729) 
* Plugins: block unsafe install scan fallthrough

* Tests: normalize install scanner formatting

* Plugins: avoid duplicate scan failure messaging

* Plugins: preserve hook install block codes
 2026-03-30 15:36:08 +01:00
Jacob Tomlinson 8db20c1965
sandbox: block sensitive external bind sources (#56024) 
* sandbox: block sensitive external bind sources

* sandbox: cache blocked bind paths

* sandbox: harden blocked bind path aliases

* sandbox: block os-home bind secrets

* sandbox: refresh blocked bind path aliases
 2026-03-30 15:34:53 +01:00
Jacob Tomlinson 3216df7923
gateway: enforce embeddings HTTP write scope (#57721) 2026-03-30 15:32:03 +01:00
Robin Waslander 85647949a4
tighten phone-control scope helper extraction 2026-03-30 16:17:17 +02:00
Jacob Tomlinson c5c10adc02
gateway: trim control UI bootstrap payload (#57727) 2026-03-30 15:08:19 +01:00
Robin Waslander 847912f3e2
harden phone-control command scope checks 2026-03-30 15:52:55 +02:00
Jacob Tomlinson 3b9dab0ece
OpenShell: harden mirror sync boundaries (#57693) 
* OpenShell: harden mirror sync boundaries

* OpenShell: polish mirror hardening tests

* OpenShell: preserve trusted mirror symlinks

* OpenShell: bound mirror fs work globally
 2026-03-30 14:51:44 +01:00
Robin Waslander a4e447a16e
harden talk-voice config persistence scope checks 2026-03-30 15:38:37 +02:00
Jacob Tomlinson ee52f64226
Discord: gate audio preflight on member access (#57695) 
* Discord: gate audio preflight on member access

* Discord: trim unauthorized sender logging

* CI: retrigger after review follow-up

* Discord: document blocked-sender log privacy
 2026-03-30 14:38:22 +01:00
Jacob Tomlinson a77928b108
Gateway: harden node event trust boundaries (#57691) 
* Gateway: harden node event trust boundaries

* Gateway: preserve trusted summary prefixes

* Gateway: prefix multiline channel summaries
 2026-03-30 14:22:15 +01:00
Ayaan Zaidi 9d5c5230c5 fix: restore default HTTP operator scopes (#57596) (thanks @openperf) 2026-03-30 18:51:13 +05:30
openperf 3d659fd356 refactor(gateway ): remove unreachable null check in resolveGatewayRequestedOperatorScopes 2026-03-30 18:51:13 +05:30
openperf fe2eb185ff fix(gateway ): restore default operator scopes for pure HTTP token auth 2026-03-30 18:51:13 +05:30
Jacob Tomlinson 8b88b927cb
gateway: clear unbound scopes for trusted-proxy auth (#57692) 
* gateway: clear unbound scopes for trusted-proxy auth

* gateway: isolate trusted-proxy scope test branch
 2026-03-30 14:19:00 +01:00
Jacob Tomlinson 566fb73d9d
reply: enforce ACP attachment roots (#57690) 
* reply: enforce ACP attachment roots

* media: harden local attachment cache reads

* reply: clarify ACP attachment skip logs

* reply: keep ACP attachments path-only
 2026-03-30 14:04:02 +01:00
Jacob Tomlinson 3834d47099
MS Teams: validate webhook auth before JSON parsing (#57686) 2026-03-30 13:46:40 +01:00
pgondhi987 bc3b05dce4
fix(infra): block BROWSER, GIT_EDITOR, GIT_SEQUENCE_EDITOR from inherited host env (#57559) 2026-03-30 12:31:04 +01:00
pgondhi987 c4fa8635d0
fix(telegram): gate audio preflight transcription on sender authorization (#57566) 
* Telegram: gate audio preflight transcription on sender authorization

* fix: honor telegram audio preflight command auth
 2026-03-30 12:19:31 +01:00
Vincent Koc 348b094fe8 fix(test): satisfy telegram pairing seam 2026-03-30 20:05:29 +09:00
Kunal Karmakar 34b0a19a16
fix: use azure-openai-responses for Azure custom providers (#50851) (thanks @kunalk16) 
* Add azure-openai-responses

* Unit tests update for updated API

* Add entry for PR #50851

* Add comma to address PR comment

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* Address PR comment on sanitization of output

* Address review comment

* Revert commits

* Revert commit

* Update changelog stating Azure OpenAI only

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* Add references

* Address PR comment on sanitization of output

* Address review comment

* Revert commits

* Revert commit

* Address PR comment on sanitization of output

* Address review comment

* Revert commits

* Revert commit

* Fix generated file

* Add azure openai responses to OPENAI_RESPONSES_APIS

* Add azure openai responses to createParallelToolCallsWrapper

* Adding azure openai responses to attempt.ts

* Add azure openai responses to google.ts

* Address PR comment on sanitization of output

* Revert commit

* Address PR comment on sanitization of output

* Revert commit

* Address PR comment on sanitization of output

* Revert commit

* Fix changelog

* Fix linting

* fix: cover azure responses wrapper path (#50851) (thanks @kunalk16)

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-30 16:17:03 +05:30
Vincent Koc 2fbd5e3f5f fix(test): trim telegram command registry imports 2026-03-30 19:34:47 +09:00
Vincent Koc 69916e8082 fix(twitch): align markdown table mode type 2026-03-30 19:32:14 +09:00
Vincent Koc b7de04f23f
fix(memory): preserve shared qmd collection names (#57628) 
* fix(memory): preserve shared qmd collection names

* fix(memory): canonicalize qmd path containment
 2026-03-30 19:29:35 +09:00
Vincent Koc 85f3136cfc fix(test): use plugin public surfaces in reply command tests 2026-03-30 19:28:10 +09:00
Vincent Koc 54f7221465
fix(slack): restore table block mode seam (#57591) 
* fix(slack): restore table block mode seam

Restore the shared markdown/config seam needed for Slack Block Kit table support, while coercing non-Slack block mode back to code.

* fix(slack): narrow table block seam defaults

Keep Slack table block mode opt-in in this seam-only PR, clamp collected placeholder offsets, and align fallback-table rendering with Slack block limits.

* fix(slack): bound table fallback rendering

Avoid spread-based maxima and bound Slack table fallback rendering by row, column, cell-width, and total-output limits to prevent resource exhaustion.

* fix(slack): keep block mode inactive in seam PR

Keep markdown table block mode schema-valid but runtime-resolved to code until the Slack send path is wired to emit table attachments.

* fix(slack): normalize configured block mode safely

Accept configured markdown table block mode at parse time, then normalize it back to code during runtime resolution so seam-only branches do not drop table content.
 2026-03-30 19:25:01 +09:00
Vincent Koc 56be744a7a docs: simplify automation decision flowchart to linear path 2026-03-30 19:22:56 +09:00
Vincent Koc b0738210ff docs: replace ASCII decision tree with mermaid flowchart on automation hub 2026-03-30 19:20:13 +09:00