nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,197 Commits 733 Branches 79 Tags 2.6 GiB
Commit Graph

160 Commits

Author SHA1 Message Date
边黎安 a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config (#24210) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0f272b1027
Co-authored-by: bianbiandashen <16240681+bianbiandashen@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 03:18:55 -05:00
Peter Steinberger 57b75678d4 test(security): consolidate runtime guardrail scans 2026-02-22 22:06:01 +00:00
Peter Steinberger 8af6d1a186 refactor(test): dedupe repeated fixture setup helpers 2026-02-22 20:04:51 +00:00
Peter Steinberger b79c89fc90 fix: stabilize CI type and test harness coverage 2026-02-22 18:06:34 +00:00
Peter Steinberger 03285465ff perf(test): lazy-load weak-random fallback scanner 2026-02-22 17:52:12 +00:00
Peter Steinberger 90a8ddc3c6 perf(test): replace temp-path guard AST parse with fast scanner 2026-02-22 17:52:12 +00:00
Peter Steinberger 2962e5a383 perf(test): tighten temp-path dynamic prefilter 2026-02-22 17:51:38 +00:00
Peter Steinberger 91cb28ecef perf(test): speed temp-path AST scan 2026-02-22 17:06:35 +00:00
Peter Steinberger dd4495e23a test: optimize temp path guard scan prefilter 2026-02-22 17:06:35 +00:00
Peter Steinberger 7bf719fe85 test: narrow weak-random rg scan globs 2026-02-22 17:06:35 +00:00
Peter Steinberger 07514361d7 test: speed up weak random guardrail scan 2026-02-22 17:06:35 +00:00
Peter Steinberger b6ac0eef5d test: trim gateway fixture sizes and preload message command 2026-02-22 17:06:34 +00:00
Peter Steinberger a0d0104a86 test: speed up signal reconnect and temp path guard scans 2026-02-22 14:44:19 +00:00
Peter Steinberger adfbbcf1f6 chore: merge origin/main into main 2026-02-22 13:42:52 +00:00
Peter Steinberger 7a2b05314a test: speed up onboarding provider auth and temp-path guard scans 2026-02-22 13:24:59 +00:00
Peter Steinberger 0d0f4c6992 refactor(exec): centralize safe-bin policy checks 2026-02-22 13:18:25 +01:00
Peter Steinberger 29cc7f431f test: share runtime scan filters and cached test scans 2026-02-22 12:44:44 +01:00
Peter Steinberger a4607277a9 test: consolidate sessions_spawn and guardrail helpers 2026-02-22 12:34:55 +01:00
Peter Steinberger 401106b963 fix: harden flaky tests and cover native google thought signatures (#23457) (thanks @echoVic) 2026-02-22 12:24:53 +01:00
Peter Steinberger bf52273a58 test: harden flaky timeout-sensitive tests 2026-02-22 12:21:19 +01:00
Peter Steinberger c283f87ab0 refactor: clarify strict loopback proxy audit rules 2026-02-22 11:35:08 +01:00
Peter Steinberger 29e41d4c0a fix: land security audit severity + temp-path guard fixes (#23428) (thanks @bmendonca3) 2026-02-22 11:26:17 +01:00
Brian Mendonca bc78b343ba Security: expand audit checks for mDNS and real-IP fallback 2026-02-22 11:26:17 +01:00
Peter Steinberger bfc9ecf32e test: harden temp path guard detection (#23398) 2026-02-22 11:12:01 +01:00
Peter Steinberger 57ce7214d2 test: stabilize temp-path guard across runtimes (#23398) 2026-02-22 11:12:01 +01:00
Peter Steinberger bd4f670544 refactor: simplify windows ACL parsing and expand coverage 2026-02-22 10:43:03 +01:00
Peter Steinberger 9b9cc44a4e fix: finalize modelByChannel validator landing (#23412) (thanks @ProspectOre) 2026-02-22 10:41:40 +01:00
Vignesh Natarajan 9325418098 chore: fix temp-path guard skip for *.test-helpers.ts 2026-02-22 01:41:06 -08:00
SK Akram 85a3c0c818 fix: use SID-based ACL classification for non-English Windows 2026-02-22 10:37:34 +01:00
Peter Steinberger 6c2e999776 refactor(security): unify secure id paths and guard weak patterns 2026-02-22 10:16:19 +01:00
Peter Steinberger f101d59d57 feat(security): warn on dangerous config flags at startup 2026-02-22 10:11:46 +01:00
Peter Steinberger 265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger 3d718b5c37 test(security): dedupe external marker sanitization assertions 2026-02-22 07:44:57 +00:00
Peter Steinberger 049b8b14bc fix(security): flag open-group runtime/fs exposure in audit 2026-02-22 08:22:51 +01:00
Peter Steinberger fbf0c99d7c test(security): simplify repeated audit finding assertions 2026-02-21 23:09:15 +00:00
Peter Steinberger 0bd9f0d4ac
fix: enforce strict allowlist across pairing stores (#23017) 2026-02-22 00:00:23 +01:00
Peter Steinberger 0608587bc3 test: streamline config, audit, and qmd coverage 2026-02-21 22:23:43 +00:00
Peter Steinberger 302fa03f41 fix(test): skip test-utils files in temp path guard 2026-02-21 20:48:52 +01:00
Peter Steinberger c240104dc3 refactor(test): snapshot gateway auth env in security audit tests 2026-02-21 19:16:21 +00:00
Peter Steinberger 7724abeee0 refactor(test): dedupe env setup across suites 2026-02-21 19:13:46 +00:00
Peter Steinberger 4540790cb6 refactor(bluebubbles): share dm/group access policy checks 2026-02-21 20:08:33 +01:00
Peter Steinberger f97c45c5b5 fix(security): warn on Discord name-based allowlists in audit 2026-02-21 19:45:17 +01:00
Peter Steinberger f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger 8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger 1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Peter Steinberger 14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger 99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Vincent Koc c2f5628915
Fix formatting (#22474) 2026-02-21 01:37:02 -05:00
C.J. Winslow 58f7b7638a
Security: add per-wrapper IDs to untrusted-content markers (#19009) 
Fixes #10927

Adds unique per-wrapper IDs to external-content boundary markers to
prevent spoofing attacks where malicious content could inject fake
marker boundaries.

- Generate random 16-char hex ID per wrap operation
- Start/end markers share the same ID for pairing
- Sanitizer strips markers with or without IDs (handles legacy + spoofed)
- Added test for attacker-injected markers with fake IDs

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-21 01:16:02 -05:00
Coy Geek 40a292619e
fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP (#20684) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad9be4b4d6
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:34:34 +00:00