nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,421 Commits 901 Branches 93 Tags 6.5 GiB
Commit Graph

33 Commits

Author SHA1 Message Date
Josh Avant 788f56f30f
Secrets: hard-fail unsupported SecretRef policy and fix gateway restart token drift (#58141) 
* Secrets: enforce C2 SecretRef policy and drift resolution

* Tests: add gateway auth startup/reload SecretRef runtime coverage

* Docs: sync C2 SecretRef policy and coverage matrix

* Config: hard-fail parent SecretRef policy writes

* Secrets: centralize unsupported SecretRef policy metadata

* Daemon: test service-env precedence for token drift refs

* Config: keep per-ref dry-run resolvability errors

* Docs: clarify config-set parent-object policy checks

* Gateway: fix drift fallback and schema-key filtering

* Gateway: align drift fallback with credential planner

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-31 02:37:31 -05:00
Peter Steinberger a4a00aa1da
feat: pluginize cli inference backends 2026-03-26 15:11:15 +00:00
Peter Steinberger 6b9915a106
refactor!: drop legacy CLAWDBOT env compatibility 2026-03-22 22:13:39 -07:00
Josh Avant a2cb81199e
secrets: harden read-only SecretRef command paths and diagnostics (#47794) 
* secrets: harden read-only SecretRef resolution for status and audit

* CLI: add SecretRef degrade-safe regression coverage

* Docs: align SecretRef status and daemon probe semantics

* Security audit: close SecretRef review gaps

* Security audit: preserve source auth SecretRef configuredness

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
 2026-03-15 21:55:24 -05:00
Vincent Koc c30cabcca4
Docs: sweep recent user-facing updates (#46424) 
* Docs: document Telegram force-document sends

* Docs: note Telegram document send behavior

* Docs: clarify memory file precedence

* Docs: align default AGENTS memory guidance

* Docs: update workspace FAQ memory note

* Docs: document gateway status require-rpc

* Docs: add require-rpc to gateway CLI index
 2026-03-14 10:20:44 -07:00
Josh Avant f4fef64fc1
Gateway: treat scope-limited probe RPC as degraded reachability (#45622) 
* Gateway: treat scope-limited probe RPC as degraded

* Docs: clarify gateway probe degraded scope output

* test: fix CI type regressions in gateway and outbound suites

* Tests: fix Node24 diffs theme loading and Windows assertions

* Tests: fix extension typing after main rebase

* Tests: fix Windows CI regressions after rebase

* Tests: normalize executable path assertions on Windows

* Tests: remove duplicate gateway daemon result alias

* Tests: stabilize Windows approval path assertions

* Tests: fix Discord rate-limit startup fixture typing

* Tests: use Windows-friendly relative exec fixtures

---------

Co-authored-by: Mainframe <mainframe@MainfraacStudio.localdomain>
 2026-03-13 23:13:33 -05:00
Vincent Koc 4062aa5e5d
Gateway: add safer password-file input for gateway run (#39067) 
* CLI: add gateway password-file option

* Docs: document safer gateway password input

* Update src/cli/gateway-cli/run.ts

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* Tests: clean up gateway password temp dirs

* CLI: restore gateway password warning flow

* Security: harden secret file reads

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-07 18:20:17 -08:00
Josh Avant 25252ab5ab
gateway: harden shared auth resolution across systemd, discord, and node host 2026-03-07 18:28:32 -06:00
Josh Avant 72cf9253fc
Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails (#35094) 2026-03-05 12:53:56 -06:00
Peter Steinberger b4dbe03298 refactor: unify restart gating and update availability sync 2026-02-19 10:00:41 +01:00
Gustavo Madeira Santana a13ff55bd9
Security: Prevent gateway credential exfiltration via URL override (#9179) 
* Gateway: require explicit auth for url overrides

* Gateway: scope credential blocking to non-local URLs only

Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.

Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.

This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.

* Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier)

* Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier)

* Tests: format gateway chat test (#8113) (thanks @victormier)

* Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 18:59:44 -05:00
Seb Slight abcaa8c7a9
Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
cpojer 8cab78abbc
chore: Run `pnpm format:fix`. 2026-01-31 21:13:13 +09:00
Peter Steinberger 9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger 6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger 96f1846c2c docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
Peter Steinberger b5fd66c92d fix: add explicit tailnet gateway bind 2026-01-21 20:36:09 +00:00
Peter Steinberger c129f0bbaa docs: align gateway service naming 2026-01-21 17:45:26 +00:00
Peter Steinberger 1f7cb4b853 fix: shorten bonjour gateway service type 2026-01-20 15:10:06 +00:00
Peter Steinberger 06c17a333e docs: update protocol + security notes 2026-01-20 13:04:20 +00:00
Peter Steinberger d88b239d3c feat: add device token auth and devices cli 2026-01-20 10:30:53 +00:00
Peter Steinberger d802844bd6 fix: gate gateway restarts and discord abort reconnects 2026-01-19 00:15:45 +00:00
Peter Steinberger a813343aa7 docs: clarify model refs and runtime notes 
Co-authored-by: Yuri Chukhlib <YuriNachos@users.noreply.github.com>
 2026-01-17 18:03:40 +00:00
Benjamin Jesuiter 7f6a288bd3 docs: clarify multi-gateway rescue bot guidance 2026-01-15 22:10:27 +00:00
Peter Steinberger 3eb48cbea7 docs: complete channels rename sweep 2026-01-13 08:40:39 +00:00
Peter Steinberger d97c211e82 docs: make remote host examples generic 2026-01-12 02:11:33 +00:00
Peter Steinberger 20b4e2b859 fix: stabilize live probes and docs 2026-01-11 02:26:39 +00:00
Peter Steinberger e0bf86f06c feat: improve gateway services and auto-reply commands 2026-01-11 02:27:16 +01:00
Peter Steinberger adb3bc2577 fix: reset dev gateway setup 2026-01-09 15:17:20 +01:00
Peter Steinberger 1716c01bdf feat(gateway): improve wide-area discovery 2026-01-09 13:54:53 +01:00
Peter Steinberger d258c68ca1 feat: add gateway dev config options 2026-01-09 10:39:00 +01:00
Peter Steinberger 5b50c97939 feat(cli): improve gateway status output 2026-01-09 09:27:42 +01:00
Peter Steinberger 8808d8c84c docs: add gateway CLI doc 2026-01-09 08:13:04 +01:00