nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,737 Commits 718 Branches 79 Tags 2.2 GiB
Commit Graph

12027 Commits

Author SHA1 Message Date
Peter Steinberger 854df8352c refactor: share net and slack input helpers 2026-03-13 23:35:26 +00:00
Val Alexander 868fd32ee7
fix(config): avoid Anthropic startup crash (#45520) 
Co-authored-by: Val Alexander <bunsthedev@gmail.com>
 2026-03-13 18:28:33 -05:00
Robin Waslander 1803d16d5c
fix(auth): make device bootstrap tokens single-use to prevent scope escalation 
Refs: GHSA-63f5-hhc7-cx6p
 2026-03-13 23:58:45 +01:00
Peter Steinberger ae1a1fccfe fix: stabilize browser existing-session control 2026-03-13 22:41:17 +00:00
Vincent Koc e82ba71911
fix(browser): follow up batch failure and limit handling (#45506) 
* fix(browser): propagate nested batch failures

* fix(browser): validate top-level batch limits

* test(browser): cover nested batch failures

* test(browser): cover top-level batch limits
 2026-03-13 15:39:28 -07:00
Robin Waslander 7e49e98f79
fix(telegram): validate webhook secret before reading request body 
Refs: GHSA-jq3f-vjww-8rq7
 2026-03-13 23:21:48 +01:00
Vincent Koc f59b2b1db3
fix(browser): normalize batch act dispatch for selector and batch support (#45457) 
* feat(browser): add batch actions, CSS selector support, and click delayMs

Adds three improvements to the browser act tool:

1. CSS selector support: All element-targeting actions (click, type,
   hover, drag, scrollIntoView, select) now accept an optional
   'selector' parameter alongside 'ref'. When selector is provided,
   Playwright's page.locator() is used directly, skipping the need
   for a snapshot to obtain refs. This reduces roundtrips for agents
   that already know the DOM structure.

2. Click delay (delayMs): The click action now accepts an optional
   'delayMs' parameter. When set, the element is hovered first, then
   after the specified delay, clicked. This enables human-like
   hover-before-click in a single tool call instead of three
   (hover + wait + click).

3. Batch actions: New 'batch' action kind that accepts an array of
   actions to execute sequentially in a single tool call. Supports
   'stopOnError' (default true) to control whether execution halts
   on first failure. Results are returned as an array. This eliminates
   the AI inference roundtrip between each action, dramatically
   reducing latency and token cost for multi-step flows.

Addresses: #44431, #38844

* fix(browser): address security review — batch evaluateEnabled guard, input validation, recursion limit

Fixes all 4 issues raised by Greptile review:

1. Security: batch actions now respect evaluateEnabled flag.
   executeSingleAction and batchViaPlaywright accept evaluateEnabled
   param. evaluate and wait-with-fn inside batches are rejected
   when evaluateEnabled=false, matching the direct route guards.

2. Security: batch input validation. Each action in body.actions
   is validated as a plain object with a known kind string before
   dispatch. Applies same normalization as direct action handlers.

3. Perf: SELECTOR_ALLOWED_KINDS moved to module scope as a
   ReadonlySet<string> constant (was re-created on every request).

4. Security: max batch nesting depth of 5. Nested batch actions
   track depth and throw if MAX_BATCH_DEPTH exceeded, preventing
   call stack exhaustion from crafted payloads.

* fix(browser): normalize batch act dispatch

* fix(browser): tighten existing-session act typing

* fix(browser): preserve batch type text

* fix(browser): complete batch action execution

* test(browser): cover batch route normalization

* test(browser): cover batch interaction dispatch

* fix(browser): bound batch route action inputs

* fix(browser): harden batch interaction limits

* test(browser): cover batch security guardrails

---------

Co-authored-by: Diwakar <diwakarrankawat@gmail.com>
 2026-03-13 15:10:55 -07:00
Peter Steinberger d0337a18b6
fix: clear typecheck backlog 2026-03-13 22:09:06 +00:00
Peter Steinberger a66a0852bb
test: cover plugin-sdk subpath imports 2026-03-13 22:09:06 +00:00
Vincent Koc 65f92fd839
Guard updater service refresh against missing invocation cwd (#45486) 
* Update: capture a stable cwd for service refresh env

* Test: cover service refresh when cwd disappears
 2026-03-13 18:09:01 -04:00
Peter Steinberger fac754041c fix: tighten executable path coverage 2026-03-13 22:07:14 +00:00
Peter Steinberger 0826feb94d test: tighten path prepend helper coverage 2026-03-13 22:06:01 +00:00
Peter Steinberger 56e5b8b9e8 test: tighten secret file error coverage 2026-03-13 22:04:54 +00:00
Peter Steinberger c04ea0eac5 test: tighten tmp dir security coverage 2026-03-13 22:03:17 +00:00
Peter Steinberger cb99a23d84 test: tighten shell env helper coverage 2026-03-13 22:02:18 +00:00
Peter Steinberger fb4aa7eaba fix: tighten shared chat envelope coverage 2026-03-13 22:00:22 +00:00
Peter Steinberger 2fe4c4f8e5 test: tighten shared auth store coverage 2026-03-13 21:59:35 +00:00
Peter Steinberger 6a9e141c7a test: tighten shared config eval helper coverage 2026-03-13 21:58:23 +00:00
Peter Steinberger b7ff8256ef test: guard plugin-sdk shared-bundle regression (#45426) (thanks @TarasShyn) 2026-03-13 21:57:43 +00:00
Peter Steinberger 592d93211f test: tighten shared manifest metadata coverage 2026-03-13 21:57:16 +00:00
Peter Steinberger 25e900f64a test: tighten shared requirements coverage 2026-03-13 21:55:40 +00:00
Val Alexander 158d970e2b
[codex] Polish sidebar status, agent skills, and chat rendering (#45451) 
* style: update chat layout and spacing for improved UI consistency

- Adjusted margin and padding for .chat-thread and .content--chat to enhance layout.
- Consolidated CSS selectors for better readability and maintainability.
- Introduced new test for log parsing functionality to ensure accurate message extraction.

* UI: polish agent skills, chat images, and sidebar status

* test: stabilize vitest helper export types

* UI: address review feedback on agents refresh and chat styles

* test: update outbound gateway client fixture values

* test: narrow shared ip fixtures to IPv4
 2026-03-13 16:53:40 -05:00
Peter Steinberger 52900b48ad test: tighten shared policy helper coverage 2026-03-13 21:53:11 +00:00
Peter Steinberger 4de268587c test: tighten shared tailscale fallback coverage 2026-03-13 21:52:01 +00:00
Peter Steinberger e665888a45 test: tighten shared usage aggregate coverage 2026-03-13 21:51:01 +00:00
Peter Steinberger fbcea506ba test: tighten shared gateway bind and avatar coverage 2026-03-13 21:49:50 +00:00
Peter Steinberger daca6c9df2 test: tighten small shared helper coverage 2026-03-13 21:48:40 +00:00
Peter Steinberger 9b590c9f67 test: tighten shared reasoning tag coverage 2026-03-13 21:47:33 +00:00
Peter Steinberger ae5563dd18 test: tighten shared join and message content coverage 2026-03-13 21:46:20 +00:00
Peter Steinberger 2d7a061161 test: tighten shared ip parsing coverage 2026-03-13 21:45:30 +00:00
Peter Steinberger c659f6c959
fix: improve onboarding install diagnostics 2026-03-13 21:44:29 +00:00
Peter Steinberger eea41f308e fix: tighten shared subagent format coverage 2026-03-13 21:44:11 +00:00
Peter Steinberger dd54b6f4c7 test: tighten shared node match coverage 2026-03-13 21:43:01 +00:00
Peter Steinberger 73c2edbc0c test: tighten shared code region coverage 2026-03-13 21:42:07 +00:00
Peter Steinberger fa04e62201 test: tighten shared tailscale and sample coverage 2026-03-13 21:40:59 +00:00
Peter Steinberger 7235ee55c6 test: share APNs direct send fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger 29bc011ec7 test: share heartbeat retry fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger ed3dd6a1a0 test: share install flow failure harness 2026-03-13 21:40:54 +00:00
Peter Steinberger 84a50acb55 refactor: share portable env entry normalization 2026-03-13 21:40:54 +00:00
Peter Steinberger ef15600b3e refactor: share request body chunk accounting 2026-03-13 21:40:54 +00:00
Peter Steinberger 8f852ef82f refactor: share system run success delivery 2026-03-13 21:40:54 +00:00
Peter Steinberger a2fcaf9774 test: share plugin install path fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger f06ae90884 test: share process respawn launchd assertions 2026-03-13 21:40:54 +00:00
Peter Steinberger 25eb3d5209 refactor: share openclaw root package parsing 2026-03-13 21:40:54 +00:00
Peter Steinberger 95f8b91c8a test: share memory search manager fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger 7eb38e8f7b test: share temporal decay vector fixtures 2026-03-13 21:40:54 +00:00
Peter Steinberger a879ad7547 test: share node host credential assertions 2026-03-13 21:40:54 +00:00
Peter Steinberger ba34266e89 test: dedupe cron config setup 2026-03-13 21:40:53 +00:00
Peter Steinberger 7119ab1d98 refactor: dedupe home relative path resolution 2026-03-13 21:40:53 +00:00
Peter Steinberger e4924a0134 test: dedupe acp translator cancel scoping tests 2026-03-13 21:40:53 +00:00