openclaw

Commit Graph

Author	SHA1	Message	Date
Peter Steinberger	a12cbf8994	docs: refresh CLI and trusted-proxy docs	2026-02-25 02:40:12 +00:00
Mariano Belinky	b114c82701	CLI: approve latest pending device request	2026-02-17 14:08:04 +00:00
Gustavo Madeira Santana	a13ff55bd9	Security: Prevent gateway credential exfiltration via URL override (#9179 ) * Gateway: require explicit auth for url overrides * Gateway: scope credential blocking to non-local URLs only Address review feedback: the previous fix blocked credential fallback for ALL URL overrides, which was overly strict and could break workflows that use --url to switch between loopback/tailnet without passing credentials. Now credential fallback is only blocked for non-local URLs (public IPs, external hostnames). Local addresses (127.0.0.1, localhost, private IPs like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential fallback as before. This maintains the security fix (preventing credential exfiltration to attacker-controlled URLs) while preserving backward compatibility for legitimate local URL overrides. * Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier) * Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier) * Tests: format gateway chat test (#8113) (thanks @victormier) * Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier) --------- Co-authored-by: Victor Mier <victormier@gmail.com>	2026-02-04 18:59:44 -05:00
Seb Slight	abcaa8c7a9	Docs: add nav titles across docs (#5689 )	2026-01-31 15:04:03 -06:00
Peter Steinberger	9a7160786a	refactor: rename to openclaw	2026-01-30 03:16:21 +01:00
Peter Steinberger	6d16a658e5	refactor: rename clawdbot to moltbot with legacy compat	2026-01-27 12:21:02 +00:00
Peter Steinberger	d88b239d3c	feat: add device token auth and devices cli	2026-01-20 10:30:53 +00:00

7 Commits