nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,479 Commits 805 Branches 84 Tags 5.7 GiB
Commit Graph

13707 Commits

Author SHA1 Message Date
scoootscooob 43557668d2 Infra: support shell carrier allow-always approvals 2026-03-23 00:14:58 -07:00
Peter Steinberger fe3663a9fe
refactor: remove embedded runner cwd mutation 2026-03-23 00:11:55 -07:00
Peter Steinberger 4a26f10f68
docs: sync minimax m2.7 references 2026-03-23 00:02:35 -07:00
Peter Steinberger 80cd8cd6be
refactor: unify minimax model and failover live policies 2026-03-23 00:02:35 -07:00
Peter Steinberger a600c72ed7
fix: bind bootstrap setup codes to node profile 2026-03-22 23:57:15 -07:00
scoootscooob 4580d585ff Gateway: resolve fallback plugin context lazily 2026-03-22 23:52:21 -07:00
Peter Steinberger 47186c50a2 fix(ci): restore stale guardrails and baselines 2026-03-23 06:50:23 +00:00
Peter Steinberger 202b588db5
fix: harden plugin docker e2e 2026-03-22 23:42:34 -07:00
Peter Steinberger d2a1b24b83 test: honor env auth in gateway live probes 2026-03-23 06:42:09 +00:00
Peter Steinberger 37c2166f52
test: finish base vitest thread fixture fixes 2026-03-22 23:37:31 -07:00
Peter Steinberger 3fac0d11fa
test: fix base vitest thread regressions 2026-03-22 23:37:31 -07:00
Peter Steinberger c42cb1ca66
refactor: audit synology dangerous name matching 2026-03-22 23:32:22 -07:00
Peter Steinberger 677a821a2f
refactor: centralize synology dangerous name matching 2026-03-22 23:32:21 -07:00
Peter Steinberger cef7d14861
refactor(exec): rename wrapper plans for trust semantics 2026-03-22 23:18:54 -07:00
Peter Steinberger 0b40ec38ab
refactor(exec): share wrapper trust planning 2026-03-22 23:18:54 -07:00
Peter Steinberger 6ba5595004
refactor(exec): make dispatch wrapper semantics spec-driven 2026-03-22 23:18:54 -07:00
Peter Steinberger c041f8587b
refactor(exec): split wrapper resolution modules 2026-03-22 23:18:54 -07:00
Peter Steinberger 55ad5d7bd7
fix(security): harden explicit-proxy SSRF pinning 2026-03-22 23:05:42 -07:00
Peter Steinberger f52eb934d6
fix(security): unify dispatch wrapper approval hardening 2026-03-22 23:01:49 -07:00
Peter Steinberger 72e58ca260
test(models): refresh example model fixtures 2026-03-22 23:00:18 -07:00
Peter Steinberger 4d50084c6e
fix(exec): escape invisible approval filler chars 2026-03-22 22:52:14 -07:00
Peter Steinberger c036e4d176
fix: restrict remote marketplace plugin sources 2026-03-22 22:47:08 -07:00
Peter Steinberger 09faed6bd8
fix(gateway): gate internal command persistence mutations 2026-03-22 22:46:49 -07:00
Peter Steinberger 81445a9010
fix(media): bound remote error-body snippet reads 2026-03-22 22:43:42 -07:00
Vincent Koc fd5555d5be fix(runtime): make dist-runtime staging idempotent 2026-03-22 22:41:27 -07:00
Peter Steinberger a55f371cc5 fix(ci): skip docs-only preflight pnpm audit 2026-03-23 05:29:27 +00:00
Vincent Koc be3a2e2eb6 fix(plugin-sdk): fall back to src root alias files 2026-03-22 22:26:18 -07:00
Peter Steinberger 39409b6a6d
fix(security): unwrap time dispatch wrappers 2026-03-22 22:25:57 -07:00
Peter Steinberger af9de86286 perf: trim vitest hot imports and refresh manifests 2026-03-23 05:25:05 +00:00
Peter Steinberger 7fcbf383d8
fix(ci): write dist build stamp after builds 2026-03-22 22:23:25 -07:00
Peter Steinberger ea579ef858
fix(gateway): preserve async hook ingress provenance 2026-03-22 22:21:49 -07:00
Peter Steinberger c5a941a506
refactor!: remove moltbot state-dir migration fallback 2026-03-22 22:19:35 -07:00
Peter Steinberger 6b9915a106
refactor!: drop legacy CLAWDBOT env compatibility 2026-03-22 22:13:39 -07:00
oliviareid-svg 5ff60cc39f
fix(build): add stable memory-cli dist entry (#51759) 
Co-authored-by: oliviareid-svg <269669958+oliviareid-svg@users.noreply.github.com>
Co-authored-by: Frank <vibespecs@gmail.com>
 2026-03-23 13:11:06 +08:00
Rick_Xu 2fe1ff8ea8
Usage: include reset and deleted session archives (#43215) 
Merged via squash.

Prepared head SHA: 49ed6c2fa3
Co-authored-by: rcrick <23069968+rcrick@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-23 13:10:26 +08:00
Peter Steinberger 30ed4342b3
fix(agents): deny local MEDIA paths for MCP results 2026-03-22 22:10:13 -07:00
Vincent Koc d43e26e399 fix(web-search): mark DuckDuckGo experimental 2026-03-22 22:07:53 -07:00
Peter Steinberger 8791aaae2b
refactor: extract gateway install token helpers 2026-03-22 22:05:56 -07:00
Peter Steinberger c15282062f
refactor: split durable service env helpers 2026-03-22 22:05:56 -07:00
Vincent Koc c6ca11e5a5
feat(web-search): add DuckDuckGo bundled plugin (#52629) 
* feat(web-search): add DuckDuckGo bundled plugin

* chore(changelog): restore main changelog

* fix(web-search): harden DuckDuckGo challenge detection
 2026-03-22 22:05:33 -07:00
Peter Steinberger dc6c22b812 fix: narrow exec exit failure kind typing 2026-03-23 04:58:46 +00:00
Kevin ONeill dd860e76aa fix: normalize env var keys and isolate tests from real .env 
- Apply normalizeEnvVarKey({ portable: true }) before security
  filtering, matching the established pattern in env-vars.ts.
  Rejects non-portable key names (spaces, special chars) that
  would produce invalid plist/systemd syntax.

- Isolate existing tests from the developer's real ~/.openclaw/.env
  by providing a temp HOME directory, preventing flaky failures
  when the test machine has a populated .env file.
 2026-03-22 21:55:58 -07:00
Kevin ONeill 77ec7b4adf fix: include .env file vars in gateway service environment on install 
When building the gateway install plan, read and parse
~/.openclaw/.env (or $OPENCLAW_STATE_DIR/.env) and merge those
key-value pairs into the service environment at the lowest
priority — below config env vars, auth-profile refs, and the
core service environment (HOME, PATH, OPENCLAW_*).

This ensures that user-defined secrets stored in .env (e.g.
BRAVE_API_KEY, OPENROUTER_API_KEY, DISCORD_BOT_TOKEN) are
embedded in the LaunchAgent plist (macOS), systemd unit (Linux),
and Scheduled Task (Windows) at install time, rather than
relying solely on the gateway process loading them via
dotenv.config() at startup.

Previously, on macOS the LaunchAgent plist never included .env
vars, which meant:
- launchctl print did not show user secrets (hard to debug)
- Child processes spawned before dotenv loaded had no access
- If the same key existed in both .env and the plist, the stale
  plist value won via dotenv override:false semantics

Dangerous host env vars (NODE_OPTIONS, LD_PRELOAD, etc.) are
filtered using the same security policy applied to config env
vars.

Fixes #37101
Relates to #22663
 2026-03-22 21:55:58 -07:00
Vincent Koc 3afb6a2b95 fix(exec): accept runtime failure kind in formatter 2026-03-22 21:54:02 -07:00
Peter Steinberger 97e4f37171 fix: keep status --json stdout clean (#52449) (thanks @cgdusek) 2026-03-22 21:51:08 -07:00
Charles Dusek 03c4bacbfb fix(cli): route deferred plugin logs to stderr in status --json 2026-03-22 21:51:08 -07:00
Charles Dusek 0e1da034c2 fix(cli): route plugin logs to stderr during --json output 2026-03-22 21:51:08 -07:00
Peter Steinberger e001e8f2f8 test: isolate exec foreground failure coverage 2026-03-23 04:47:12 +00:00
Peter Steinberger 8e568142f6 refactor: extract exec outcome and tool result helpers 2026-03-23 04:47:12 +00:00
Vincent Koc 5f746422aa fix(plugin-sdk): fast-path root diagnostic subscriptions 2026-03-22 21:07:11 -07:00