nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,177 Commits 913 Branches 94 Tags 6.2 GiB
Commit Graph

190 Commits

Author SHA1 Message Date
Peter Steinberger c425ef3e74
build: bump version to 2026.3.31 2026-03-31 15:48:00 +01:00
Peter Steinberger 0d7f1e2c84
feat(security): fail closed on dangerous skill installs 2026-03-31 23:27:20 +09:00
Vincent Koc 4d912e0451
fix(exec): block proxy-style env overrides (#58202) 
* fix(exec): block proxy-style env overrides

* fix(exec): keep trusted host proxy env inherited

* fix(exec): block git tls override env vars

* fix(skills): block dangerous env override keys
 2026-03-31 21:25:36 +09:00
Vincent Koc eb8de6715f
fix(exec): block risky host env overrides (#58209) 
* fix(exec): block risky host env overrides

* fix(exec): block GOPRIVATE host env overrides
 2026-03-31 19:37:43 +09:00
Josh Avant c918ab4faf
fix(tts): restore 3.28 schema compatibility and fallback observability (#57953) 
* fix(tts): restore legacy config compatibility and fallback observability

* fix(tts): surface fallback attempts in status and telephony

* test(tts): cover /tts audio to /tts status fallback flow

* docs(tts): align migration and fallback observability guidance

* TTS: redact fallback logs and scope legacy plugin migration

* Infra: dedupe UV_EXTRA_INDEX_URL in host env policy

* Docs: scope doctor TTS migration to voice-call

* voice-call: restore strict known TTS provider validation
 2026-03-30 22:05:03 -05:00
Vincent Koc 5d8ca42c7d fix(ci): regenerate mac host env policy 2026-03-31 10:12:20 +09:00
Vincent Koc 7ae1bb0c77
fix(host-env): block Python package index redirection env vars (#58011) 
* fix(host-env): block Python package index redirection vars

* docs(changelog): note Python index override block

* Update src/infra/host-env-security-policy.json

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* fix(exec): block remaining uv index override env vars

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
 2026-03-31 09:53:32 +09:00
Jacob Tomlinson e277a37f89
Infra: block compiler env overrides (#57832) 2026-03-30 20:06:32 +01:00
pgondhi987 bc3b05dce4
fix(infra): block BROWSER, GIT_EDITOR, GIT_SEQUENCE_EDITOR from inherited host env (#57559) 2026-03-30 12:31:04 +01:00
Peter Steinberger f3bf7fe53a
chore: bump version to 2026.3.30 2026-03-30 09:28:29 +09:00
Peter Steinberger f1af7d66d2
chore: bump version to 2026.3.29 2026-03-29 14:33:12 +01:00
Peter Steinberger f9b1079283
build: cut 2026.3.28 stable 2026-03-29 02:33:41 +01:00
Peter Steinberger 92fb0caf35 fix: harden mac gateway attach smoke 2026-03-29 00:35:40 +00:00
Peter Steinberger 5efed49208 fix: keep mac local gateway attached 2026-03-29 00:28:32 +00:00
Peter Steinberger 587e18cd3f chore: prepare 2026.3.28-beta.1 release 2026-03-28 22:24:51 +00:00
Peter Steinberger 8a24cbf450 chore: bump version to 2026.3.28 2026-03-28 22:05:21 +00:00
Peter Steinberger c5c9640374 fix: harden config write auditing 2026-03-28 03:54:54 +00:00
Peter Steinberger 72ba2b3653 chore: bump version metadata to 2026.3.27 2026-03-28 02:00:22 +00:00
ImLukeF 6c9126ec19
macOS: test gateway version normalization 2026-03-28 12:05:34 +11:00
huohua-dev 8545cbd358
fix(macos): strip "OpenClaw " prefix before parsing gateway version 
`openclaw --version` outputs "OpenClaw 2026.x.y-z" but
readGatewayVersion() passed the full string to Semver.parse(),
which failed on the "OpenClaw " prefix. This caused the app to
fall back to reading package.json from a local source checkout
(~/Projects/openclaw), reporting a false version mismatch.

Strip the product name prefix before parsing so the installed
CLI version is correctly recognized.
 2026-03-28 12:05:33 +11:00
Tak Hoffman 4430805719
Allow inherited AWS config file paths 2026-03-27 15:16:19 -05:00
Jacob Tomlinson 6eb82fba3c
Infra: block additional host exec env keys (#55977) 2026-03-27 18:50:37 +00:00
Peter Steinberger 14b3360c22
chore: bump versions to 2026.3.26 2026-03-27 02:03:22 +00:00
Seungwoo hong 138a92373b
fix(talk): prevent double TTS playback when system voice times out (#53511) 
Merged via squash.

Prepared head SHA: 864d556fa6
Co-authored-by: hongsw <1100974+hongsw@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
 2026-03-26 15:37:40 -07:00
Peter Steinberger 883239a560
build: prepare 2026.3.25 unreleased 2026-03-26 13:57:45 +00:00
Tak Hoffman ab37d8810d
test: introduce planner-backed test runner, stabilize local builds (#54650) 
* test: stabilize ci and local vitest workers

* test: introduce planner-backed test runner

* test: address planner review follow-ups

* test: derive planner budgets from host capabilities

* test: restore planner filter helper import

* test: align planner explain output with execution

* test: keep low profile as serial alias

* test: restrict explicit planner file targets

* test: clean planner exits and pnpm launch

* test: tighten wrapper flag validation

* ci: gate heavy fanout on check

* test: key shard assignments by unit identity

* ci(bun): shard vitest lanes further

* test: restore ci overlap and stabilize planner tests

* test: relax planner output worker assertions

* test: reset plugin runtime state in optional tools suite

* ci: split macos node and swift jobs

* test: honor no-isolate top-level concurrency budgets

* ci: fix macos swift format lint

* test: cap max-profile top-level concurrency

* ci: shard macos node checks

* ci: use four macos node shards

* test: normalize explain targets before classification
 2026-03-25 18:11:58 -05:00
Peter Steinberger 97a7e93db4
build: prepare 2026.3.24 release 2026-03-25 09:31:05 -07:00
scoootscooob 44e27c6092 Webchat: handle bare /compact as session compaction 2026-03-24 10:58:09 -07:00
Val Alexander a710366e9e
feat(ui): Control UI polish — skills revamp, markdown preview, agent workspace, macOS config tree (#53411) thanks @BunsDev 
Co-authored-by: BunsDev <68980965+BunsDev@users.noreply.github.com>
Co-authored-by: Nova <nova@openknot.ai>
 2026-03-24 01:21:13 -05:00
Peter Steinberger 5ab3782215 fix: add config clobber forensics 2026-03-24 04:50:30 +00:00
Peter Steinberger dc4d2ca263
build: prepare 2026.3.24 2026-03-23 21:05:59 -07:00
Peter Steinberger 870b0d216a
build: prepare 2026.3.23-beta.1 2026-03-23 11:54:49 -07:00
Peter Steinberger 4d50084c6e
fix(exec): escape invisible approval filler chars 2026-03-22 22:52:14 -07:00
Peter Steinberger 412a3eb1ac
build: bump version to 2026.3.22 2026-03-22 11:58:33 -07:00
Peter Steinberger 719bfb46ff style: format macos sources for ci 2026-03-22 17:32:30 +00:00
Peter Steinberger a94ec3b79b
fix(security): harden exec approval boundaries 2026-03-22 09:35:25 -07:00
Josh Avant 7abfff756d
Exec: harden host env override handling across gateway and node (#51207) 
* Exec: harden host env override enforcement and fail closed

* Node host: enforce env override diagnostics before shell filtering

* Env overrides: align Windows key handling and mac node rejection
 2026-03-20 15:44:15 -05:00
Nimrod Gutman c4a4050ce4
fix(macos): align exec command parity (#50386) 
* fix(macos): align exec command parity

* fix(macos): address exec review follow-ups
 2026-03-19 13:51:17 +02:00
Andrew Demczuk 089a43f5e8
fix(security): block build-tool and glibc env injection vectors in host exec sandbox (#49702) 
Add GLIBC_TUNABLES, MAVEN_OPTS, SBT_OPTS, GRADLE_OPTS, ANT_OPTS,
DOTNET_ADDITIONAL_DEPS to blockedKeys and GRADLE_USER_HOME to
blockedOverrideKeys in the host exec security policy.

Closes #22681
 2026-03-18 13:11:01 +01:00
Brian Ernesto ab1da26f4d
fix(macos): show sessions after controls in tray menu (#38079) 
* fix(macos): show sessions after controls in tray menu

When many sessions are active, the injected session rows push the
toggles, action buttons, and settings items off-screen, requiring
a scroll to reach them.

Change findInsertIndex and findNodesInsertIndex to anchor just before
the separator above 'Settings…' instead of before 'Send Heartbeats'.
This ensures the controls section is always immediately visible on
menu open, with sessions appearing below.

* refactor: extract findAnchoredInsertIndex to eliminate duplication

findInsertIndex and findNodesInsertIndex shared identical logic.
Extract into a single private helper so any future anchor change
(e.g. Settings item title) only needs one edit.

* macOS: use structural tray menu anchor

---------

Co-authored-by: Brian Ernesto <bernesto@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
 2026-03-18 11:29:11 +11:00
Andrew Demczuk f84a41dcb8
fix(security): block JVM, Python, and .NET env injection vectors in host exec sandbox (#49025) 
Add JAVA_TOOL_OPTIONS, _JAVA_OPTIONS, JDK_JAVA_OPTIONS, PYTHONBREAKPOINT, and
DOTNET_STARTUP_HOOKS to blockedKeys in the host exec security policy.

Closes #22681
 2026-03-17 15:37:55 +01:00
Stable Genius 6b6942552d
fix(macos): stop relaunching the app after quit when launch-at-login is enabled (#40213) 
Merged via squash.

Prepared head SHA: c702d98bd6
Co-authored-by: stablegenius49 <259448942+stablegenius49@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Reviewed-by: @ImLukeF
 2026-03-17 20:59:56 +11:00
Br1an 7303253427
fix: update macOS node service to use current CLI command shape (closes #43171) (#46843) 
Merged via squash.

Prepared head SHA: dbf2edd6f4
Co-authored-by: Br1an67 <29810238+Br1an67@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
Reviewed-by: @ImLukeF
 2026-03-17 20:46:54 +11:00
Peter Steinberger 0d776c87c3
fix(macos): block canvas symlink escapes 2026-03-16 23:56:35 -07:00
Peter Steinberger be2e6ca0f6
fix(macos): harden exec approval socket auth 2026-03-16 23:00:22 -07:00
Nimrod Gutman 2a85fa7db1
fix(macos): restore debug build helpers (#48046) 2026-03-16 10:57:08 +02:00
Vincent Koc 8e04d1fe15
macOS: restrict canvas agent actions to trusted surfaces (#46790) 
* macOS: restrict canvas agent actions to trusted surfaces

* Changelog: note trusted macOS canvas actions

* macOS: encode allowed canvas schemes as JSON
 2026-03-14 23:26:19 -07:00
Peter Steinberger be8fc3399e
build: prepare 2026.3.14 cycle 2026-03-14 06:02:01 +00:00
kkhomej33-netizen e7d9648fba
feat(cron): support custom session IDs and auto-bind to current session (#16511) 
feat(cron): support persistent session targets for cron jobs (#9765)

Add support for `sessionTarget: "current"` and `session:<id>` so cron jobs can
bind to the creating session or a persistent named session instead of only
`main` or ephemeral `isolated` sessions.

Also:
- preserve custom session targets across reloads and restarts
- update gateway validation and normalization for the new target forms
- add cron coverage for current/custom session targets and fallback behavior
- fix merged CI regressions in Discord and diffs tests
- add a changelog entry for the new cron session behavior

Co-authored-by: kkhomej33-netizen <kkhomej33-netizen@users.noreply.github.com>
Co-authored-by: ImLukeF <92253590+ImLukeF@users.noreply.github.com>
 2026-03-14 16:48:46 +11:00
Luke bed661609e
fix(macos): align minimum Node.js version with runtime guard (22.16.0) (#45640) 
* macOS: align minimum Node.js version with runtime guard

* macOS: add boundary and failure-message coverage for RuntimeLocator

* docs: add changelog note for the macOS runtime locator fix

* credit: original fix direction from @sumleo, cleaned up and rebased in #45640 by @ImLukeF
 2026-03-14 13:43:21 +11:00