nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,410 Commits 812 Branches 84 Tags 6 GiB
Commit Graph

13665 Commits

Author SHA1 Message Date
Kevin ONeill 77ec7b4adf fix: include .env file vars in gateway service environment on install 
When building the gateway install plan, read and parse
~/.openclaw/.env (or $OPENCLAW_STATE_DIR/.env) and merge those
key-value pairs into the service environment at the lowest
priority — below config env vars, auth-profile refs, and the
core service environment (HOME, PATH, OPENCLAW_*).

This ensures that user-defined secrets stored in .env (e.g.
BRAVE_API_KEY, OPENROUTER_API_KEY, DISCORD_BOT_TOKEN) are
embedded in the LaunchAgent plist (macOS), systemd unit (Linux),
and Scheduled Task (Windows) at install time, rather than
relying solely on the gateway process loading them via
dotenv.config() at startup.

Previously, on macOS the LaunchAgent plist never included .env
vars, which meant:
- launchctl print did not show user secrets (hard to debug)
- Child processes spawned before dotenv loaded had no access
- If the same key existed in both .env and the plist, the stale
  plist value won via dotenv override:false semantics

Dangerous host env vars (NODE_OPTIONS, LD_PRELOAD, etc.) are
filtered using the same security policy applied to config env
vars.

Fixes #37101
Relates to #22663
 2026-03-22 21:55:58 -07:00
Vincent Koc 3afb6a2b95 fix(exec): accept runtime failure kind in formatter 2026-03-22 21:54:02 -07:00
Peter Steinberger 97e4f37171 fix: keep status --json stdout clean (#52449) (thanks @cgdusek) 2026-03-22 21:51:08 -07:00
Charles Dusek 03c4bacbfb fix(cli): route deferred plugin logs to stderr in status --json 2026-03-22 21:51:08 -07:00
Charles Dusek 0e1da034c2 fix(cli): route plugin logs to stderr during --json output 2026-03-22 21:51:08 -07:00
Peter Steinberger e001e8f2f8 test: isolate exec foreground failure coverage 2026-03-23 04:47:12 +00:00
Peter Steinberger 8e568142f6 refactor: extract exec outcome and tool result helpers 2026-03-23 04:47:12 +00:00
Vincent Koc 5f746422aa fix(plugin-sdk): fast-path root diagnostic subscriptions 2026-03-22 21:07:11 -07:00
Vincent Koc faae3e155d fix(whatsapp): remove outbound runtime cycle 2026-03-22 21:04:14 -07:00
Vincent Koc 1042b59471
feat(web-search): add bundled Exa plugin (#52617) 2026-03-22 20:57:33 -07:00
Vincent Koc f69062c16e fix(plugin-sdk): export line runtime subpath 2026-03-22 20:39:16 -07:00
Vincent Koc 8b667cbe44 fix(build): repair stale plugin sdk surfaces 2026-03-22 20:36:28 -07:00
Vincent Koc 1354f37c88
fix(plugins): route keyed queue imports through core (#52608) 2026-03-22 20:35:28 -07:00
Vincent Koc 04cd389ef8 fix(ci): repair voice-call typing and provider contracts 2026-03-22 20:17:01 -07:00
Vincent Koc d949dffc6e fix(ci): repair tts and matrix refactor fallout 2026-03-22 20:12:01 -07:00
Vincent Koc 59105fd614 fix(ci): restore plugin manifests and boundary tests 2026-03-22 20:01:25 -07:00
Vincent Koc ac0fd26e16 fix(ci): resync generated baselines and line runtime seam 2026-03-22 19:53:26 -07:00
Vincent Koc 32fdd21c80 fix(acp): preserve hidden thought replay on session load 2026-03-22 19:48:19 -07:00
Vincent Koc 742c005ac8 fix(acp): preserve hidden thought chunks from gateway chat 2026-03-22 19:43:19 -07:00
Vincent Koc a83b7bca15 refactor(plugin-sdk): route core provider and telegram seams through sdk barrels 2026-03-22 19:43:19 -07:00
Vincent Koc 02f8a86e5c refactor(kilocode): route shared model constants through core seam 2026-03-22 19:43:19 -07:00
Vincent Koc 3ad652fa9e fix(build): restore plugin-sdk and line compat after refactor 2026-03-22 19:37:27 -07:00
Vincent Koc c0933e2fc8 perf(reply): lazy-load session store writes 2026-03-22 19:32:24 -07:00
Peter Steinberger f8731b3d9d fix: finish exec tool failure landing (#52508) (thanks @martingarramon) 2026-03-22 19:19:07 -07:00
Martin Garramon 22c75a55b0 fix(exec): return plain-text tool result on failure instead of raw JSON 
When an exec command fails (e.g. timeout), the tool previously rejected
with an Error, which the tool adapter caught and wrapped in a JSON object
({ status, tool, error }). The model then received this raw JSON as the
tool result and could parrot it verbatim to the user.

Now exec failures resolve with a proper tool result containing the error
as human-readable text in content[], matching the success path structure.
The model sees plain text it can naturally incorporate into its reply.

Also fixes a pre-existing format issue in update-cli.test.ts.

Fixes #52484

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:19:07 -07:00
Peter Steinberger 24f77d7457 fix: finish gateway probe auth landing (#52513) (thanks @CodeForgeNet) 2026-03-22 19:14:44 -07:00
Peter Steinberger a02499b335 fix: finish gateway probe auth landing (#52513) (thanks @CodeForgeNet) 2026-03-22 19:14:44 -07:00
CodeForgeNet b2107d3503 fix(status): await resolveGatewayProbeAuthResolution in scan.shared 
Function is now async after switching to resolveGatewayProbeAuthSafeWithSecretInputs.
Missing await caused TS error: Property 'auth' does not exist on type 'Promise<...>'.
 2026-03-22 19:14:44 -07:00
CodeForgeNet 52acc57a61 fix(status): resolve only selected probe-auth branch and fix plain status path 
Address two Codex P1/P2 issues:

1. (P1) Plain 'openclaw status' and 'openclaw status --json' still went
   through the sync resolveGatewayProbeAuthSafe path in
   status.gateway-probe.ts, which cannot expand SecretRef objects.
   Switched to async resolveGatewayProbeAuthSafeWithSecretInputs.

2. (P2) status-all.ts was eagerly resolving both local and remote probe
   auth before deciding which to use. A stale SecretRef in the unused
   branch could abort the command. Collapsed to a single resolution
   call using the correct mode upfront.

Updated status.scan.test.ts to use mockResolvedValue since
resolveGatewayProbeAuthResolution is now async.
 2026-03-22 19:14:44 -07:00
CodeForgeNet 3595ecba45 fix(gateway): pass process.env in status command probe auth to resolve SecretRef 
Fixes #52360

resolveGatewayProbeAuthSafe was called from status-all.ts without an
env argument, causing the credential resolution chain to fall back to
an empty object instead of process.env. This made env-backed SecretRef
tokens (gateway.auth.token, Telegram botToken, etc.) appear unresolved
in the status command path even when the runtime was healthy.

Added process.env as default fallback in buildGatewayProbeCredentialPolicy
and passed env explicitly from status-all.ts callers.

Related: #33070, #38973, #39415, #46014, #49730
 2026-03-22 19:14:44 -07:00
Vincent Koc 042669d8c8 refactor(plugins): finish provider and whatsapp cleanup 2026-03-22 19:13:25 -07:00
Vincent Koc 2131981230 refactor(plugins): move remaining channel and provider ownership out of src 2026-03-22 19:13:25 -07:00
Vincent Koc 7bfa261c42 perf(reply): lazy-load media path normalization 2026-03-22 19:12:44 -07:00
Peter Steinberger f04b49ee3e
test: fix provider config typing drift 2026-03-22 19:10:43 -07:00
Peter Steinberger 74cb08bede fix(plugins): accept media-understanding id hints 2026-03-23 02:08:49 +00:00
Peter Steinberger 9aafff7378
fix: restore main gate after type updates 2026-03-22 19:08:08 -07:00
Peter Steinberger 96d61aa50c
refactor: harden generated-file guards and provider ids 2026-03-22 19:08:08 -07:00
Vincent Koc 2fcd6507ec perf(reply): narrow queue imports 2026-03-22 19:05:12 -07:00
Vincent Koc 3392558b42 perf(reply): split usage line helpers 2026-03-22 19:00:35 -07:00
Peter Steinberger 562e4a1791 refactor(outbound): split delivery queue storage and recovery 2026-03-23 01:57:56 +00:00
Peter Steinberger 5051a37de4
test: fix googlechat security typing drift 2026-03-22 18:57:44 -07:00
Peter Steinberger e5be5c1b99 style: format plugin sdk helper updates 2026-03-23 01:56:01 +00:00
Peter Steinberger 5c8ea0a175 refactor: share channel setup status helpers 2026-03-23 01:56:01 +00:00
Peter Steinberger 583bea001c refactor: share parsed channel allowlist prompts 2026-03-23 01:56:01 +00:00
Peter Steinberger 7d032ed38c refactor: add provider onboarding preset appliers 2026-03-23 01:56:00 +00:00
Peter Steinberger 956fe72b39 refactor: extract single-provider plugin entry helper 2026-03-23 01:56:00 +00:00
Peter Steinberger 54213b587f refactor: reuse shared cli runtime test mocks 2026-03-23 01:53:28 +00:00
Peter Steinberger 2e6f2b0f07 test: centralize cli runtime capture helpers 2026-03-23 01:53:28 +00:00
Vincent Koc a960cba2db perf(reply): lazy-load context token lookup 2026-03-22 18:52:53 -07:00
Vincent Koc 7d8daa7173 perf(reply): lazy-load usage cost resolution 2026-03-22 18:48:42 -07:00