openclaw

Commit Graph

Author	SHA1	Message	Date
Josh Avant	a2cb81199e	secrets: harden read-only SecretRef command paths and diagnostics (#47794 ) * secrets: harden read-only SecretRef resolution for status and audit * CLI: add SecretRef degrade-safe regression coverage * Docs: align SecretRef status and daemon probe semantics * Security audit: close SecretRef review gaps * Security audit: preserve source auth SecretRef configuredness * changelog Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com> --------- Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>	2026-03-15 21:55:24 -05:00
Sally O'Malley	8db6fcca77	fix(gateway/cli): relax local backend self-pairing and harden launchd restarts (#46290 ) Signed-off-by: sallyom <somalley@redhat.com>	2026-03-14 14:27:52 -04:00
Peter Steinberger	9747da8682	fix: honor gateway command env in status reads	2026-03-13 20:50:48 +00:00
Peter Steinberger	380eb1c072	refactor: reuse shared gateway probe auth	2026-03-08 03:02:25 +00:00
Peter Steinberger	fd1e481624	refactor: split daemon status gathering	2026-03-08 03:02:25 +00:00
Peter Steinberger	2646739d23	refactor: centralize strict numeric parsing	2026-03-08 03:02:25 +00:00
Peter Steinberger	fecca6fd8d	refactor: unify gateway SecretRef auth resolution paths	2026-03-07 23:27:50 +00:00
Peter Steinberger	a91731a831	refactor: centralize gateway auth env credential readers	2026-03-07 21:09:26 +00:00
Josh Avant	72cf9253fc	Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094 )	2026-03-05 12:53:56 -06:00
Josh Avant	806803b7ef	feat(secrets): expand SecretRef coverage across user-supplied credentials (#29580 ) * feat(secrets): expand secret target coverage and gateway tooling * docs(secrets): align gateway and CLI secret docs * chore(protocol): regenerate swift gateway models for secrets methods * fix(config): restore talk apiKey fallback and stabilize runner test * ci(windows): reduce test worker count for shard stability * ci(windows): raise node heap for test shard stability * test(feishu): make proxy env precedence assertion windows-safe * fix(gateway): resolve auth password SecretInput refs for clients * fix(gateway): resolve remote SecretInput credentials for clients * fix(secrets): skip inactive refs in command snapshot assignments * fix(secrets): scope gateway.remote refs to effective auth surfaces * fix(secrets): ignore memory defaults when enabled agents disable search * fix(secrets): honor Google Chat serviceAccountRef inheritance * fix(secrets): address tsgo errors in command and gateway collectors * fix(secrets): avoid auth-store load in providers-only configure * fix(gateway): defer local password ref resolution by precedence * fix(secrets): gate telegram webhook secret refs by webhook mode * fix(secrets): gate slack signing secret refs to http mode * fix(secrets): skip telegram botToken refs when tokenFile is set * fix(secrets): gate discord pluralkit refs by enabled flag * fix(secrets): gate discord voice tts refs by voice enabled * test(secrets): make runtime fixture modes explicit * fix(cli): resolve local qr password secret refs * fix(cli): fail when gateway leaves command refs unresolved * fix(gateway): fail when local password SecretRef is unresolved * fix(gateway): fail when required remote SecretRefs are unresolved * fix(gateway): resolve local password refs only when password can win * fix(cli): skip local password SecretRef resolution on qr token override * test(gateway): cast SecretRef fixtures to OpenClawConfig * test(secrets): activate mode-gated targets in runtime coverage fixture * fix(cron): support SecretInput webhook tokens safely * fix(bluebubbles): support SecretInput passwords across config paths * fix(msteams): make appPassword SecretInput-safe in onboarding/token paths * fix(bluebubbles): align SecretInput schema helper typing * fix(cli): clarify secrets.resolve version-skew errors * refactor(secrets): return structured inactive paths from secrets.resolve * refactor(gateway): type onboarding secret writes as SecretInput * chore(protocol): regenerate swift models for secrets.resolve * feat(secrets): expand extension credential secretref support * fix(secrets): gate web-search refs by active provider * fix(onboarding): detect SecretRef credentials in extension status * fix(onboarding): allow keeping existing ref in secret prompt * fix(onboarding): resolve gateway password SecretRefs for probe and tui * fix(onboarding): honor secret-input-mode for local gateway auth * fix(acp): resolve gateway SecretInput credentials * fix(secrets): gate gateway.remote refs to remote surfaces * test(secrets): cover pattern matching and inactive array refs * docs(secrets): clarify secrets.resolve and remote active surfaces * fix(bluebubbles): keep existing SecretRef during onboarding * fix(tests): resolve CI type errors in new SecretRef coverage * fix(extensions): replace raw fetch with SSRF-guarded fetch * test(secrets): mark gateway remote targets active in runtime coverage * test(infra): normalize home-prefix expectation across platforms * fix(cli): only resolve local qr password refs in password mode * test(cli): cover local qr token mode with unresolved password ref * docs(cli): clarify local qr password ref resolution behavior * refactor(extensions): reuse sdk SecretInput helpers * fix(wizard): resolve onboarding env-template secrets before plaintext * fix(cli): surface secrets.resolve diagnostics in memory and qr * test(secrets): repair post-rebase runtime and fixtures * fix(gateway): skip remote password ref resolution when token wins * fix(secrets): treat tailscale remote gateway refs as active * fix(gateway): allow remote password fallback when token ref is unresolved * fix(gateway): ignore stale local password refs for none and trusted-proxy * fix(gateway): skip remote secret ref resolution on local call paths * test(cli): cover qr remote tailscale secret ref resolution * fix(secrets): align gateway password active-surface with auth inference * fix(cli): resolve inferred local gateway password refs in qr * fix(gateway): prefer resolvable remote password over token ref pre-resolution * test(gateway): cover none and trusted-proxy stale password refs * docs(secrets): sync qr and gateway active-surface behavior * fix: restore stability blockers from pre-release audit * Secrets: fix collector/runtime precedence contradictions * docs: align secrets and web credential docs * fix(rebase): resolve integration regressions after main rebase * fix(node-host): resolve gateway secret refs for auth * fix(secrets): harden secretinput runtime readers * gateway: skip inactive auth secretref resolution * cli: avoid gateway preflight for inactive secret refs * extensions: allow unresolved refs in onboarding status * tests: fix qr-cli module mock hoist ordering * Security: align audit checks with SecretInput resolution * Gateway: resolve local-mode remote fallback secret refs * Node host: avoid resolving inactive password secret refs * Secrets runtime: mark Slack appToken inactive for HTTP mode * secrets: keep inactive gateway remote refs non-blocking * cli: include agent memory secret targets in runtime resolution * docs(secrets): sync docs with active-surface and web search behavior * fix(secrets): keep telegram top-level token refs active for blank account tokens * fix(daemon): resolve gateway password secret refs for probe auth * fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled * fix(secrets): align token inheritance and exec timeout defaults * docs(secrets): clarify active-surface notes in cli docs * cli: require secrets.resolve gateway capability * gateway: log auth secret surface diagnostics * secrets: remove dead provider resolver module * fix(secrets): restore gateway auth precedence and fallback resolution * fix(tests): align plugin runtime mock typings --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>	2026-03-03 02:58:20 +00:00
Peter Steinberger	b1c30f0ba9	refactor: dedupe cli config cron and install flows	2026-03-02 19:57:33 +00:00
Shakker	bed69339c1	fix(cli): scope daemon status TLS fingerprint to local probes	2026-02-26 18:13:33 +00:00
Liu Yuan	90d426f9ad	fix(cli): gateway status probe with TLS when bind=lan - Use wss:// scheme when TLS is enabled (specifically for bind=lan) - Load TLS runtime to get certificate fingerprint - Pass fingerprint to probeGatewayStatus for self-signed cert trust	2026-02-26 18:13:33 +00:00
Peter Steinberger	b8b43175c5	style: align formatting with oxfmt 0.33	2026-02-18 01:34:35 +00:00
Peter Steinberger	31f9be126c	style: run oxfmt and fix gate failures	2026-02-18 01:29:02 +00:00
cpojer	d0cb8c19b2	chore: wtf.	2026-02-17 13:36:48 +09:00
Sebastian	ed11e93cf2	chore(format)	2026-02-16 23:20:16 -05:00
cpojer	90ef2d6bdf	chore: Update formatting.	2026-02-17 09:18:40 +09:00
Aviral	b8c8130efe	fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (#11448 ) * fix(gateway): use LAN IP for WebSocket/probe URLs when bind=lan (#11329) When gateway.bind=lan, the HTTP server correctly binds to 0.0.0.0 (all interfaces), but WebSocket connection URLs, probe targets, and Control UI links were hardcoded to 127.0.0.1. This caused CLI commands and status probes to show localhost-only URLs even in LAN mode, and made onboarding display misleading connection info. - Add pickPrimaryLanIPv4() to gateway/net.ts to detect the machine's primary LAN IPv4 address (prefers en0/eth0, falls back to any external interface) - Update pickProbeHostForBind() to use LAN IP when bind=lan - Update buildGatewayConnectionDetails() to use LAN IP and report "local lan <ip>" as the URL source - Update resolveControlUiLinks() to return LAN-accessible URLs - Update probe note in status.gather.ts to reflect new behavior - Add tests for pickPrimaryLanIPv4 and bind=lan URL resolution Closes #11329 Co-authored-by: Cursor <cursoragent@cursor.com> * test: move vi.restoreAllMocks to afterEach in pickPrimaryLanIPv4 Per review feedback: avoid calling vi.restoreAllMocks() inside individual tests as it restores all spies globally and can cause ordering issues. Use afterEach in the describe block instead. Co-authored-by: Cursor <cursoragent@cursor.com> * Changelog: note LAN bind URLs fix (#11448) (thanks @AnonO6) --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>	2026-02-07 19:16:51 -06:00
cpojer	f06dd8df06	chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.	2026-02-01 10:03:47 +09:00
cpojer	5ceff756e1	chore: Enable "curly" rule to avoid single-statement if confusion/errors.	2026-01-31 16:19:20 +09:00
Peter Steinberger	9a7160786a	refactor: rename to openclaw	2026-01-30 03:16:21 +01:00
Peter Steinberger	b5fd66c92d	fix: add explicit tailnet gateway bind	2026-01-21 20:36:09 +00:00
Peter Steinberger	2f8206862a	refactor: remove bridge protocol	2026-01-19 10:08:29 +00:00
Peter Steinberger	534a012a4e	style: apply oxfmt	2026-01-17 18:32:23 +00:00
Peter Steinberger	8a67d29748	fix: improve WSL2 systemd daemon hints	2026-01-17 18:19:55 +00:00
Benjamin Jesuiter	daf471c450	fix: unify daemon service label resolution with env	2026-01-15 22:10:27 +00:00
Peter Steinberger	77cf40da87	feat: profile-aware gateway service names (#671 ) Thanks @bjesuiter. Co-authored-by: Benjamin Jesuiter <bjesuiter@gmail.com>	2026-01-15 05:23:41 +00:00
Peter Steinberger	c379191f80	chore: migrate to oxlint and oxfmt Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>	2026-01-14 15:02:19 +00:00
Peter Steinberger	bcbfb357be	refactor(src): split oversized modules	2026-01-14 01:17:56 +00:00

30 Commits