0125ce1f44
Gateway: fail closed unresolved local auth SecretRefs ( #42672 )
...
* Gateway: fail closed unresolved local auth SecretRefs
* Docs: align node-host gateway auth precedence
* CI: resolve rebase breakages in checks lanes
* Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state
* Gateway: remove stale remote.enabled auth-surface semantics
* Changelog: note gateway SecretRef fail-closed fix
2026-03-10 21:41:56 -05:00
a76e810193
fix(gateway): harden token fallback/reconnect behavior and docs ( #42507 )
...
* fix(gateway): harden token fallback and auth reconnect handling
* docs(gateway): clarify auth retry and token-drift recovery
* fix(gateway): tighten auth reconnect gating across clients
* fix: harden gateway token retry (#42507 ) (thanks @joshavant)
2026-03-10 17:05:57 -05:00
8e3f3bc3cf
acp: enrich streaming updates for ide clients ( #41442 )
...
Merged via squash.
Prepared head SHA: 0764368e80
2026-03-09 22:26:46 +01:00
d346f2d9ce
acp: restore session context and controls ( #41425 )
...
Merged via squash.
Prepared head SHA: fcabdf7c31
2026-03-09 22:17:19 +01:00
e6e4169e82
acp: fail honestly in bridge mode ( #41424 )
...
Merged via squash.
Prepared head SHA: b5e6e13afe
2026-03-09 22:01:30 +01:00
d4e59a3666
Cron: enforce cron-owned delivery contract ( #40998 )
...
Merged via squash.
Prepared head SHA: 5877389e33
2026-03-09 20:12:37 +01:00
e3df94365b
ACP: add optional ingress provenance receipts ( #40473 )
...
Merged via squash.
Prepared head SHA: b63e46dd94
2026-03-09 04:19:03 +01:00
38543d8196
fix(cron): consolidate announce delivery, fire-and-forget trigger, and minimal prompt mode ( #40204 )
...
* fix(cron): consolidate announce delivery and detach manual runs
* fix: queue detached cron runs (#40204 )
2026-03-08 14:46:33 -07:00
0ecfd37b44
feat: add local backup CLI ( #40163 )
...
Merged via squash.
Prepared head SHA: ed46625ae2
2026-03-08 16:21:20 -04:00
492fe679a7
feat(tui): infer workspace agent when launching TUI ( #39591 )
...
Merged via squash.
Prepared head SHA: 23533e24c4
2026-03-08 13:31:11 +03:00
4062aa5e5d
Gateway: add safer password-file input for gateway run ( #39067 )
...
* CLI: add gateway password-file option
* Docs: document safer gateway password input
* Update src/cli/gateway-cli/run.ts
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Tests: clean up gateway password temp dirs
* CLI: restore gateway password warning flow
* Security: harden secret file reads
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-07 18:20:17 -08:00
25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host
2026-03-07 18:28:32 -06:00
8e20dd22d8
Secrets: harden SecretRef-safe models.json persistence ( #38955 )
2026-03-07 11:28:39 -06:00
786ec21b5a
docs(cli): improve memory command examples ( #31803 )
...
Merged via squash.
Prepared head SHA: 15dcda3027
2026-03-07 19:03:23 +03:00
f392b81e95
Infra: require explicit opt-in for prerelease npm installs ( #38117 )
...
* Infra: tighten npm registry spec parsing
* Infra: block implicit prerelease npm installs
* Plugins: cover prerelease install policy
* Infra: add npm registry spec tests
* Hooks: cover prerelease install policy
* Docs: clarify plugin guide version policy
* Docs: clarify plugin install version policy
* Docs: clarify hooks install version policy
* Docs: clarify hook pack version policy
2026-03-06 11:13:30 -05:00
0e4245063f
CLI: make read-only SecretRef status flows degrade safely ( #37023 )
...
* CLI: add read-only SecretRef inspection
* CLI: fix read-only SecretRef status regressions
* CLI: preserve read-only SecretRef status fallbacks
* Docs: document read-only channel inspection hook
* CLI: preserve audit coverage for read-only SecretRefs
* CLI: fix read-only status account selection
* CLI: fix targeted gateway fallback analysis
* CLI: fix Slack HTTP read-only inspection
* CLI: align audit credential status checks
* CLI: restore Telegram read-only fallback semantics
2026-03-05 23:07:13 -06:00
98aecab7bd
Docs: cover heartbeat, cron, and plugin route updates
2026-03-05 17:05:21 -05:00
72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails ( #35094 )
2026-03-05 12:53:56 -06:00
806803b7ef
feat(secrets): expand SecretRef coverage across user-supplied credentials ( #29580 )
...
* feat(secrets): expand secret target coverage and gateway tooling
* docs(secrets): align gateway and CLI secret docs
* chore(protocol): regenerate swift gateway models for secrets methods
* fix(config): restore talk apiKey fallback and stabilize runner test
* ci(windows): reduce test worker count for shard stability
* ci(windows): raise node heap for test shard stability
* test(feishu): make proxy env precedence assertion windows-safe
* fix(gateway): resolve auth password SecretInput refs for clients
* fix(gateway): resolve remote SecretInput credentials for clients
* fix(secrets): skip inactive refs in command snapshot assignments
* fix(secrets): scope gateway.remote refs to effective auth surfaces
* fix(secrets): ignore memory defaults when enabled agents disable search
* fix(secrets): honor Google Chat serviceAccountRef inheritance
* fix(secrets): address tsgo errors in command and gateway collectors
* fix(secrets): avoid auth-store load in providers-only configure
* fix(gateway): defer local password ref resolution by precedence
* fix(secrets): gate telegram webhook secret refs by webhook mode
* fix(secrets): gate slack signing secret refs to http mode
* fix(secrets): skip telegram botToken refs when tokenFile is set
* fix(secrets): gate discord pluralkit refs by enabled flag
* fix(secrets): gate discord voice tts refs by voice enabled
* test(secrets): make runtime fixture modes explicit
* fix(cli): resolve local qr password secret refs
* fix(cli): fail when gateway leaves command refs unresolved
* fix(gateway): fail when local password SecretRef is unresolved
* fix(gateway): fail when required remote SecretRefs are unresolved
* fix(gateway): resolve local password refs only when password can win
* fix(cli): skip local password SecretRef resolution on qr token override
* test(gateway): cast SecretRef fixtures to OpenClawConfig
* test(secrets): activate mode-gated targets in runtime coverage fixture
* fix(cron): support SecretInput webhook tokens safely
* fix(bluebubbles): support SecretInput passwords across config paths
* fix(msteams): make appPassword SecretInput-safe in onboarding/token paths
* fix(bluebubbles): align SecretInput schema helper typing
* fix(cli): clarify secrets.resolve version-skew errors
* refactor(secrets): return structured inactive paths from secrets.resolve
* refactor(gateway): type onboarding secret writes as SecretInput
* chore(protocol): regenerate swift models for secrets.resolve
* feat(secrets): expand extension credential secretref support
* fix(secrets): gate web-search refs by active provider
* fix(onboarding): detect SecretRef credentials in extension status
* fix(onboarding): allow keeping existing ref in secret prompt
* fix(onboarding): resolve gateway password SecretRefs for probe and tui
* fix(onboarding): honor secret-input-mode for local gateway auth
* fix(acp): resolve gateway SecretInput credentials
* fix(secrets): gate gateway.remote refs to remote surfaces
* test(secrets): cover pattern matching and inactive array refs
* docs(secrets): clarify secrets.resolve and remote active surfaces
* fix(bluebubbles): keep existing SecretRef during onboarding
* fix(tests): resolve CI type errors in new SecretRef coverage
* fix(extensions): replace raw fetch with SSRF-guarded fetch
* test(secrets): mark gateway remote targets active in runtime coverage
* test(infra): normalize home-prefix expectation across platforms
* fix(cli): only resolve local qr password refs in password mode
* test(cli): cover local qr token mode with unresolved password ref
* docs(cli): clarify local qr password ref resolution behavior
* refactor(extensions): reuse sdk SecretInput helpers
* fix(wizard): resolve onboarding env-template secrets before plaintext
* fix(cli): surface secrets.resolve diagnostics in memory and qr
* test(secrets): repair post-rebase runtime and fixtures
* fix(gateway): skip remote password ref resolution when token wins
* fix(secrets): treat tailscale remote gateway refs as active
* fix(gateway): allow remote password fallback when token ref is unresolved
* fix(gateway): ignore stale local password refs for none and trusted-proxy
* fix(gateway): skip remote secret ref resolution on local call paths
* test(cli): cover qr remote tailscale secret ref resolution
* fix(secrets): align gateway password active-surface with auth inference
* fix(cli): resolve inferred local gateway password refs in qr
* fix(gateway): prefer resolvable remote password over token ref pre-resolution
* test(gateway): cover none and trusted-proxy stale password refs
* docs(secrets): sync qr and gateway active-surface behavior
* fix: restore stability blockers from pre-release audit
* Secrets: fix collector/runtime precedence contradictions
* docs: align secrets and web credential docs
* fix(rebase): resolve integration regressions after main rebase
* fix(node-host): resolve gateway secret refs for auth
* fix(secrets): harden secretinput runtime readers
* gateway: skip inactive auth secretref resolution
* cli: avoid gateway preflight for inactive secret refs
* extensions: allow unresolved refs in onboarding status
* tests: fix qr-cli module mock hoist ordering
* Security: align audit checks with SecretInput resolution
* Gateway: resolve local-mode remote fallback secret refs
* Node host: avoid resolving inactive password secret refs
* Secrets runtime: mark Slack appToken inactive for HTTP mode
* secrets: keep inactive gateway remote refs non-blocking
* cli: include agent memory secret targets in runtime resolution
* docs(secrets): sync docs with active-surface and web search behavior
* fix(secrets): keep telegram top-level token refs active for blank account tokens
* fix(daemon): resolve gateway password secret refs for probe auth
* fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled
* fix(secrets): align token inheritance and exec timeout defaults
* docs(secrets): clarify active-surface notes in cli docs
* cli: require secrets.resolve gateway capability
* gateway: log auth secret surface diagnostics
* secrets: remove dead provider resolver module
* fix(secrets): restore gateway auth precedence and fallback resolution
* fix(tests): align plugin runtime mock typings
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-03-03 02:58:20 +00:00
6b85ec3022
docs: tighten subscription guidance and update MiniMax M2.5 refs
2026-03-03 00:02:37 +00:00
ad12d1fbce
fix(plugins): prefer bundled plugin ids over bare npm specs
2026-03-02 20:49:50 +00:00
3002f13ca7
feat(config): add `openclaw config validate` and improve startup error messages ( #31220 )
...
Merged via squash.
Prepared head SHA: 4598f2a541
2026-03-02 00:45:51 -05:00
548a502c69
docs: sync android node docs with current pairing and capabilities
2026-03-02 11:08:51 +05:30
449511484d
fix(gateway): allow ws:// to private network addresses ( #28670 )
...
* fix(gateway): allow ws:// to RFC 1918 private network addresses
resolve ws-private-network conflicts
* gateway: keep ws security strict-by-default with private opt-in
* gateway: apply private ws opt-in in connection detail guard
* gateway: apply private ws opt-in in websocket client
* onboarding: gate private ws urls behind explicit opt-in
* gateway tests: enforce strict ws defaults with private opt-in
* onboarding tests: validate private ws opt-in behavior
* gateway client tests: cover private ws env override
* gateway call tests: cover private ws env override
* changelog: add ws strict-default security entry for pr 28670
* docs(onboard): document private ws break-glass env
* docs(gateway): add private ws env to remote guide
* docs(docker): add private ws break-glass env var
* docs(security): add private ws break-glass guidance
* docs(config): document OPENCLAW_ALLOW_PRIVATE_WS
* Update CHANGELOG.md
* gateway: normalize private-ws host classification
* test(gateway): cover non-unicast ipv6 private-ws edges
* changelog: rename insecure private ws break-glass env
* docs(onboard): rename insecure private ws env
* docs(gateway): rename insecure private ws env in config reference
* docs(gateway): rename insecure private ws env in remote guide
* docs(security): rename insecure private ws env
* docs(docker): rename insecure private ws env
* test(onboard): rename insecure private ws env
* onboard: rename insecure private ws env
* test(gateway): rename insecure private ws env in call tests
* gateway: rename insecure private ws env in call flow
* test(gateway): rename insecure private ws env in client tests
* gateway: rename insecure private ws env in client
* docker: pass insecure private ws env to services
* docker-setup: persist insecure private ws env
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-03-01 20:49:45 -08:00
96ffbb5aaf
CLI: add config path subcommand to print active config file path ( #26256 )
...
Merged via squash.
Prepared head SHA: b11c593a34
2026-03-01 23:33:20 -05:00
b7615e0ce3
Exec/ACP: inject OPENCLAW_SHELL into child shell env ( #31271 )
...
* exec: mark runtime shell context in exec env
* tests(exec): cover OPENCLAW_SHELL in gateway exec
* tests(exec): cover OPENCLAW_SHELL in pty mode
* acpx: mark runtime shell context for spawned process
* tests(acpx): log OPENCLAW_SHELL in runtime fixture
* tests(acpx): assert OPENCLAW_SHELL in runtime prompt
* docs(env): document OPENCLAW_SHELL runtime markers
* docs(exec): describe OPENCLAW_SHELL exec marker
* docs(acp): document OPENCLAW_SHELL acp marker
* docs(gateway): note OPENCLAW_SHELL for background exec
* tui: tag local shell runs with OPENCLAW_SHELL
* tests(tui): assert OPENCLAW_SHELL in local shell runner
* acp client: tag spawned bridge env with OPENCLAW_SHELL
* tests(acp): cover acp client OPENCLAW_SHELL env helper
* docs(env): include acp-client and tui-local shell markers
* docs(acp): document acp-client OPENCLAW_SHELL marker
* docs(tui): document tui-local OPENCLAW_SHELL marker
* exec: keep shell runtime env string-only for docker args
* changelog: note OPENCLAW_SHELL runtime markers
2026-03-01 20:31:06 -08:00
d320b30b9b
Docs: expand ACP first-use naming and link protocol site
2026-02-27 00:33:58 +01:00
297cca0565
docs(cli): improve secrets command guide
2026-02-27 00:20:02 +01:00
0ec7711bc2
fix(agents): harden compaction and reset safety
...
Co-authored-by: jaden-clovervnd <91520439+jaden-clovervnd@users.noreply.github.com>
Co-authored-by: Sid <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Marcus Widing <245375637+widingmarcus-cyber@users.noreply.github.com>
2026-02-26 17:41:24 +01:00
4380d74d49
docs(secrets): add dedicated apply plan contract page
2026-02-26 14:47:22 +00:00
14897e8de7
docs(secrets): clarify partial migration guidance
2026-02-26 14:47:22 +00:00
06290b49b2
feat(secrets): finalize mode rename and validated exec docs
2026-02-26 14:47:22 +00:00
f413e314b9
feat(secrets): replace migrate flow with audit/configure/apply
2026-02-26 14:47:22 +00:00
bde9cbb058
docs(secrets): align provider model and add exec resolver coverage
2026-02-26 14:47:22 +00:00
5e3a86fd2f
feat(secrets): expand onboarding secret-ref flows and custom-provider parity
2026-02-26 14:47:22 +00:00
e8637c79b3
fix(secrets): harden sops migration sops rule matching
2026-02-26 14:47:22 +00:00
0e69660c41
feat(secrets): finalize external secrets runtime and migration hardening
2026-02-26 14:47:22 +00:00
c5b89fbaea
Docs: address review feedback on secrets docs
2026-02-26 14:47:22 +00:00
9203d583f9
Docs: add secrets and CLI secrets reference pages
2026-02-26 14:47:22 +00:00
c0a3801086
Docs: document secrets refs runtime and migration
2026-02-26 14:47:22 +00:00
dfa0b5b4fc
Channels: move single-account config into accounts.default ( #27334 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 50b5771808
2026-02-26 04:06:03 -05:00
96c7702526
Agents: add account-scoped bind and routing commands ( #27195 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: ad35a458a5
2026-02-26 02:36:56 -05:00
42f455739f
fix(security): clarify denyCommands exact-match guidance
2026-02-26 00:55:35 +01:00
c2a837565c
docs: fix configure section example
2026-02-25 02:44:49 +00:00
bfafec2271
docs: expand doctor and devices CLI references
2026-02-25 02:41:13 +00:00
a12cbf8994
docs: refresh CLI and trusted-proxy docs
2026-02-25 02:40:12 +00:00
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
12cc754332
fix(acp): harden permission auto-approval policy
2026-02-24 01:03:30 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
d92ba4f8aa
feat: Provider/Mistral full support for Mistral on OpenClaw 🇫🇷 ( #23845 )
...
* Onboard: add Mistral auth choice and CLI flags
* Onboard/Auth: add Mistral provider config defaults
* Auth choice: wire Mistral API-key flow
* Onboard non-interactive: support --mistral-api-key
* Media understanding: add Mistral Voxtral audio provider
* Changelog: note Mistral onboarding and media support
* Docs: add Mistral provider and onboarding/media references
* Tests: cover Mistral media registry/defaults and auth mapping
* Memory: add Mistral embeddings provider support
* Onboarding: refresh Mistral model metadata
* Docs: document Mistral embeddings and endpoints
* Memory: persist Mistral embedding client state in managers
* Memory: add regressions for mistral provider wiring
* Gateway: add live tool probe retry helper
* Gateway: cover live tool probe retry helper
* Gateway: retry malformed live tool-read probe responses
* Memory: support plain-text batch error bodies
* Tests: add Mistral Voxtral live transcription smoke
* Docs: add Mistral live audio test command
* Revert: remove Mistral live voice test and docs entry
* Onboard: re-export Mistral default model ref from models
* Changelog: credit joeVenner for Mistral work
* fix: include Mistral in auto audio key fallback
* Update CHANGELOG.md
* Update CHANGELOG.md
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-23 00:03:56 +00:00
3461dda880
docs: fix voicecall expose disable example
2026-02-22 20:58:28 +01:00
72446f419f
docs: align CLI docs and help surface
2026-02-22 20:05:01 +01:00
0c1f491a02
fix(gateway): clarify pairing and node auth guidance
2026-02-22 19:50:29 +01:00
f442a3539f
feat(update): add core auto-updater and dry-run preview
2026-02-22 17:11:36 +01:00
6fda04e938
refactor: tighten onboarding dmScope typing and docs links
2026-02-22 12:46:09 +01:00
65dccbdb4b
fix: document onboarding dmScope default as breaking change ( #23468 ) (thanks @bmendonca3)
2026-02-22 12:36:49 +01:00
bc78b343ba
Security: expand audit checks for mDNS and real-IP fallback
2026-02-22 11:26:17 +01:00
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
049b8b14bc
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:51 +01:00
f97c45c5b5
fix(security): warn on Discord name-based allowlists in audit
2026-02-21 19:45:17 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
1835dec200
fix(security): force sandbox browser hash migration and audit stale labels
2026-02-21 13:25:41 +01:00
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
d871ee91d0
fix(config-cli): correct misleading --json flag description ( #21332 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b6c8d1edfa
2026-02-19 20:09:17 -05:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
5dc50b8a3f
fix(security): harden npm plugin and hook install integrity flow
2026-02-19 15:11:25 +01:00
e3e0ffd801
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:56 +01:00
b4dbe03298
refactor: unify restart gating and update availability sync
2026-02-19 10:00:41 +01:00
a333d92013
docs(security): harden gateway security guidance
2026-02-17 23:48:49 +01:00
c0072be6a6
docs(cli): add components send example
2026-02-17 09:58:47 -05:00
b114c82701
CLI: approve latest pending device request
2026-02-17 14:08:04 +00:00
e4d63818f5
fix: ignore tools.exec.pathPrepend for node hosts
2026-02-14 20:45:05 +01:00
65eefd65e1
docs: clarify node host PATH override behavior
2026-02-14 20:17:07 +01:00
8e5689a84d
feat(telegram): add sendPoll support ( #16193 ) ( #16209 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: b58492cfed
2026-02-14 18:34:30 +01:00
6f7d31c426
fix(security): harden plugin/hook npm installs
2026-02-14 14:07:14 +01:00
f8ba8f7699
fix(docs): update outdated hooks documentation URLs ( #16165 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 8ed13fb02f
2026-02-14 13:05:37 +01:00
ab71fdf821
Plugin API: compaction/reset hooks, bootstrap file globs, memory plugin status ( #13287 )
...
* feat: add before_compaction and before_reset plugin hooks with session context
- Pass session messages to before_compaction hook
- Add before_reset plugin hook for /new and /reset commands
- Add sessionId to plugin hook agent context
* feat: extraBootstrapFiles config with glob pattern support
Add extraBootstrapFiles to agent defaults config, allowing glob patterns
(e.g. "projects/*/TOOLS.md") to auto-load project-level bootstrap files
into agent context every turn. Missing files silently skipped.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(status): show custom memory plugins as enabled, not unavailable
The status command probes memory availability using the built-in
memory-core manager. Custom memory plugins (e.g. via plugin slot)
can't be probed this way, so they incorrectly showed "unavailable".
Now they show "enabled (plugin X)" without the misleading label.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use async fs.glob and capture pre-compaction messages
- Replace globSync (node:fs) with fs.glob (node:fs/promises) to match
codebase conventions for async file operations
- Capture session.messages BEFORE replaceMessages(limited) so
before_compaction hook receives the full conversation history,
not the already-truncated list
* fix: resolve lint errors from CI (oxlint strict mode)
- Add void to fire-and-forget IIFE (no-floating-promises)
- Use String() for unknown catch params in template literals
- Add curly braces to single-statement if (curly rule)
* fix: resolve remaining CI lint errors in workspace.ts
- Remove `| string` from WorkspaceBootstrapFileName union (made all
typeof members redundant per no-redundant-type-constituents)
- Use type assertion for extra bootstrap file names
- Drop redundant await on fs.glob() AsyncIterable (await-thenable)
* fix: address Greptile review — path traversal guard + fs/promises import
- workspace.ts: use path.resolve() + traversal check in loadExtraBootstrapFiles()
- commands-core.ts: import fs from node:fs/promises, drop fs.promises prefix
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: resolve symlinks before workspace boundary check
Greptile correctly identified that symlinks inside the workspace could
point to files outside it, bypassing the path prefix check. Now uses
fs.realpath() to resolve symlinks before verifying the real path stays
within the workspace boundary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address Greptile review — hook reliability and type safety
1. before_compaction: add compactingCount field so plugins know both
the full pre-compaction message count and the truncated count being
fed to the compaction LLM. Clarify semantics in comment.
2. loadExtraBootstrapFiles: use path.basename() for the name field
so "projects/quaid/TOOLS.md" maps to the known "TOOLS.md" type
instead of an invalid WorkspaceBootstrapFileName cast.
3. before_reset: fire the hook even when no session file exists.
Previously, short sessions without a persisted file would silently
skip the hook. Now fires with empty messages array so plugins
always know a reset occurred.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: validate bootstrap filenames and add compaction hook timeout
- Only load extra bootstrap files whose basename matches a recognized
workspace filename (AGENTS.md, TOOLS.md, etc.), preventing arbitrary
files from being injected into agent context.
- Wrap before_compaction hook in a 30-second Promise.race timeout so
misbehaving plugins cannot stall the compaction pipeline.
- Clarify hook comments: before_compaction is intentionally awaited
(plugins need messages before they're discarded) but bounded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: make before_compaction non-blocking, add sessionFile to after_compaction
- before_compaction is now true fire-and-forget — no await, no timeout.
Plugins that need full conversation data should persist it themselves
and return quickly, or use after_compaction for async processing.
- after_compaction now includes sessionFile path so plugins can read
the full JSONL transcript asynchronously. All pre-compaction messages
are preserved on disk, eliminating the need to block compaction.
- Removes Promise.race timeout pattern that didn't actually cancel
slow hooks (just raced past them while they continued running).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add sessionFile to before_compaction for parallel processing
The session JSONL already has all messages on disk before compaction
starts. By providing sessionFile in before_compaction, plugins can
read and extract data in parallel with the compaction LLM call rather
than waiting for after_compaction. This is the optimal path for memory
plugins that need the full conversation history.
sessionFile is also kept on after_compaction for plugins that only
need to act after compaction completes (analytics, cleanup, etc.).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: move bootstrap extras into bundled hook
---------
Co-authored-by: Solomon Steadman <solstead@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Clawdbot <clawdbot@alfie.local>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 00:45:45 +01:00
1def8c5448
fix(security): extend audit hardening checks
2026-02-13 16:26:58 +01:00
57d0f65e7d
CLI: add plugins uninstall command ( #5985 ) (openclaw#6141) thanks @JustasMonkev
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test
Co-authored-by: JustasMonkev <59362982+JustasMonkev@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 20:11:26 -06:00
3421b2ec1e
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
5e7842a41d
feat(zai): auto-detect endpoint + default glm-5 ( #14786 )
...
* feat(zai): auto-detect endpoint + default glm-5
* test: fix Z.AI default endpoint expectation (#14786 )
* test: bump embedded runner beforeAll timeout
* chore: update changelog for Z.AI GLM-5 autodetect (#14786 )
* chore: resolve changelog merge conflict with main (#14786 )
* chore: append changelog note for #14786 without merge conflict
* chore: sync changelog with main to resolve merge conflict
2026-02-12 19:16:04 +01:00
4c86010b06
fix: remove bundled soul-evil hook ( closes #8776 ) ( #14757 )
...
* fix: remove bundled soul-evil hook (closes #8776 )
* fix: remove soul-evil docs (#14757 ) (thanks @Imccccc)
---------
Co-authored-by: OpenClaw Bot <bot@openclaw.ai>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-12 18:52:09 +01:00
540996f10f
feat(provider): Z.AI endpoints + model catalog ( #13456 ) (thanks @tomsun28) ( #13456 )
...
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-12 07:01:48 -06:00
029b77c85b
onboard: support custom provider in non-interactive flow ( #14223 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 5b98d6514e
2026-02-11 14:48:45 -05:00
f32214ea27
fix(cli): drop logs --localTime alias noise
2026-02-11 08:35:49 -05:00
851fcb2617
feat: Add --localTime option to logs command for local timezone display ( #13818 )
...
* feat: add --localTime options to make logs to show time with local time zone
fix #12447
* fix: prep logs local-time option and docs (#13818 ) (thanks @xialonglee)
---------
Co-authored-by: xialonglee <li.xialong@xydigit.com>
Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-11 08:24:08 -05:00
2914cb1d48
Onboard: rename Custom API Endpoint to Custom Provider
2026-02-10 07:36:04 -05:00
c0befdee0b
feat(onboard): add custom/local API configuration flow ( #11106 )
...
* feat(onboard): add custom/local API configuration flow
* ci: retry macos check
* fix: expand custom API onboarding (#11106 ) (thanks @MackDing)
* fix: refine custom endpoint detection (#11106 ) (thanks @MackDing)
* fix: streamline custom endpoint onboarding (#11106 ) (thanks @MackDing)
* fix: skip model picker for custom endpoint (#11106 ) (thanks @MackDing)
* fix: avoid allowlist picker for custom endpoint (#11106 ) (thanks @MackDing)
* Onboard: reuse shared fetch timeout helper (#11106 ) (thanks @MackDing)
* Onboard: clarify default base URL name (#11106 ) (thanks @MackDing)
---------
Co-authored-by: OpenClaw Contributor <contributor@openclaw.ai>
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
2026-02-10 07:31:02 -05:00
9949f82590
fix(discord): support forum channel thread-create ( #10062 )
...
* fix(discord): support forum channel thread-create
* fix: harden discord forum thread-create (#10062 ) (thanks @jarvis89757)
---------
Co-authored-by: Shakker <shakkerdroid@gmail.com>
2026-02-08 05:51:10 +00:00
8fae55e8e0
fix(cron): share isolated announce flow + harden cron scheduling/delivery ( #11641 )
...
* fix(cron): comprehensive cron scheduling and delivery fixes
- Fix delivery target resolution for isolated agent cron jobs
- Improve schedule parsing and validation
- Add job retry logic and error handling
- Enhance cron ops with better state management
- Add timer improvements for more reliable cron execution
- Add cron event type to protocol schema
- Support cron events in heartbeat runner (skip empty-heartbeat check,
use dedicated CRON_EVENT_PROMPT for relay)
* fix: remove cron debug test and add changelog/docs notes (#11641 ) (thanks @tyler6204)
2026-02-07 19:46:01 -08:00
929a3725d3
docs: canonicalize docs paths and align zh navigation ( #11428 )
...
* docs(navigation): canonicalize paths and align zh nav
* chore(docs): remove stray .DS_Store
* docs(scripts): add non-mint docs link audit
* docs(nav): fix zh source paths and preserve legacy redirects (#11428 ) (thanks @sebslight)
* chore(docs): satisfy lint for docs link audit script (#11428 ) (thanks @sebslight)
2026-02-07 15:40:35 -05:00
d1dc60774b
Docs: fix broken /plugins links ( #9308 )
...
* Docs: fix broken /plugins links to /plugin
The documentation linked to /plugins which doesn't exist.
The correct path is /plugin (singular) which contains the
plugins overview documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: drop manual zh-CN doc edits from plugins link fix
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Sebastian <19554889+sebslight@users.noreply.github.com>
2026-02-06 21:08:26 -05:00
9e0030b75f
docs(onboarding): streamline CLI onboarding docs ( #9830 )
2026-02-05 13:46:11 -05:00
a13ff55bd9
Security: Prevent gateway credential exfiltration via URL override ( #9179 )
...
* Gateway: require explicit auth for url overrides
* Gateway: scope credential blocking to non-local URLs only
Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.
Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.
This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.
* Security: require explicit credentials for gateway url overrides (#8113 ) (thanks @victormier)
* Gateway: reuse explicit auth helper for url overrides (#8113 ) (thanks @victormier)
* Tests: format gateway chat test (#8113 ) (thanks @victormier)
* Tests: require explicit auth for gateway url overrides (#8113 ) (thanks @victormier)
---------
Co-authored-by: Victor Mier <victormier@gmail.com>
2026-02-04 18:59:44 -05:00
3f82daefd8
feat(cron): enhance delivery modes and job configuration
...
- Updated isolated cron jobs to support new delivery modes: `announce` and `none`, improving output management.
- Refactored job configuration to remove legacy fields and streamline delivery settings.
- Enhanced the `CronJobEditor` UI to reflect changes in delivery options, including a new segmented control for delivery mode selection.
- Updated documentation to clarify the new delivery configurations and their implications for job execution.
- Improved tests to validate the new delivery behavior and ensure backward compatibility with legacy settings.
This update provides users with greater flexibility in managing how isolated jobs deliver their outputs, enhancing overall usability and clarity in job configurations.
2026-02-04 01:03:59 -08:00
ab9f06f4ff
feat(cron): enhance one-shot job behavior and CLI options
...
- Default one-shot jobs to delete after success, improving job management.
- Introduced `--keep-after-run` CLI option to allow users to retain one-shot jobs post-execution.
- Updated documentation to clarify default behaviors and new options for one-shot jobs.
- Adjusted cron job creation logic to ensure consistent handling of delete options.
- Enhanced tests to validate new behaviors and ensure reliability.
This update streamlines the handling of one-shot jobs, providing users with more control over job persistence and execution outcomes.
2026-02-04 01:03:59 -08:00
0bb0dfc9bc
feat(cron): default isolated jobs to announce delivery and enhance scheduling options
...
- Updated isolated cron jobs to default to `announce` delivery mode, improving user experience.
- Enhanced scheduling options to accept ISO 8601 timestamps for `schedule.at`, while still supporting epoch milliseconds.
- Refined documentation to clarify delivery modes and scheduling formats.
- Adjusted related CLI commands and UI components to reflect these changes, ensuring consistency across the platform.
- Improved handling of legacy delivery fields for backward compatibility.
This update streamlines the configuration of isolated jobs, making it easier for users to manage job outputs and schedules.
2026-02-04 01:03:59 -08:00
Josh Avant
Mariano
Mariano
Tyler Yust
shichangs
arceus77-7
Vincent Koc
Jason
Peter Steinberger
Sid
Ayaan Zaidi
Alberto Leal
cyb1278588254
Philipp Spiess
Gustavo Madeira Santana
Peter Steinberger
Gustavo Madeira Santana
Brian Mendonca
adhitShet
Sebastian
Robby
Nicholas
solstead
JustasM
Tyler
Tomsun28
ENCHIGO
Peter Lee
Blossom
jarvis89757
DEOKLYONG MOON
Tyler Yust