nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,823 Commits 948 Branches 95 Tags 6.5 GiB
Commit Graph

15791 Commits

Author SHA1 Message Date
Derek YU 5f6e3499f3
fix: detect PID recycling in gateway lock on Windows/macOS + startup progress (#59843) 
Fix stale lock files from crashed gateway processes blocking new invocations on Windows/macOS. Detect PID recycling to avoid false positive lock conflicts, and add startup progress indicator.

Thanks @TonyDerek-dot
 2026-04-02 22:07:35 -05:00
Neerav Makwana 7c7098fd1d
fix: keep inbound images readable on upgraded installs (#59971) (thanks @neeravmakwana) 
* fix(telegram): allow inbound media from config dir

Made-with: Cursor

* test: simplify local roots regression

* fix: keep inbound images readable on upgraded installs (#59971) (thanks @neeravmakwana)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-04-03 08:24:29 +05:30
Gustavo Madeira Santana 1efa923ab8
Matrix: add native exec approvals (#58635) 
Merged via squash.

Prepared head SHA: d9f048e827
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-04-02 21:08:54 -04:00
Josh Lehman ed8d5b3797
fix: add Telegram native progress placeholder opt-in for plugin commands (#59300) 
Merged via squash.

Prepared head SHA: 4f5bc22a89
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
 2026-04-02 15:55:46 -07:00
Bruce MacDonald 5f4077cc7d fix(ollama): prefer real cloud auth over local marker 2026-04-02 15:51:57 -07:00
Peter Steinberger 64581c655d
test: make plugin activation boundary env agnostic 2026-04-03 05:02:58 +09:00
Peter Steinberger bff6025bde
test: refresh generated baselines 2026-04-03 04:54:59 +09:00
Peter Steinberger 694d12a90b
refactor: apply context visibility across channels 2026-04-03 04:34:57 +09:00
Peter Steinberger 35e1605147
feat: add configurable context visibility 2026-04-03 04:34:57 +09:00
Vincent Koc 883df8c6a8
fix(plugins): reuse runtime registries for web provider snapshots (#59865) 
* fix(plugins): reuse runtime registries for web providers

* test(plugins): clarify runtime reuse intent

* chore(changelog): note web provider runtime reuse
 2026-04-03 04:07:43 +09:00
Agustin Rivera 193fdd6e3b
fix(policy): preserve restrictive tool allowlists (#58476) 
* fix(policy): preserve restrictive tool allowlists

Co-authored-by: David Silva <david.silva@gendigital.com>

* fix(policy): address review follow-ups

* fix(policy): restore additive alsoAllow semantics

* fix(policy): preserve optional tool opt-ins for allow-all configs

* fix(policy): narrow plugin-only allowlist warnings

* fix(policy): add changelog entry

* Revert "fix(policy): add changelog entry"

This reverts commit 4a996bf4ca.

* chore: add changelog for restrictive tool allowlists

---------

Co-authored-by: David Silva <david.silva@gendigital.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 12:55:36 -06:00
Vincent Koc d34bca3ce6
fix(plugins): reuse runtime registry for provider resolution (#59856) 
* fix(plugins): reuse runtime registry for provider resolution

* test(plugins): align provider runtime helper names
 2026-04-03 03:40:24 +09:00
Agustin Rivera d631326c5e
fix(tailscale): gate test binary override (#58468) 
* fix(tailscale): gate test binary override

* fix(changelog): note tailscale override hardening

* fix(changelog): drop tailscale note from pr

* chore: add changelog for tailscale test binary gating

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 12:39:10 -06:00
Peter Steinberger d74a12264a
fix: mirror bedrock runtime dep in root package 2026-04-02 19:26:56 +01:00
Vincent Koc f911bbc353
refactor(plugins): separate activation from enablement (#59844) 
* refactor(plugins): separate activation from enablement

* fix(cli): sanitize verbose plugin activation reasons
 2026-04-03 03:22:37 +09:00
Peter Steinberger 0ebb69b882
build: set release version to 2026.4.2 2026-04-02 19:09:58 +01:00
Peter Steinberger 38bd525888
test: align strict inline-eval awk denial expectation 2026-04-02 19:09:39 +01:00
Vincent Koc 7aa22959e4
refactor(tasks): rename registry hooks to observers (#59829) 2026-04-03 02:42:59 +09:00
Agustin Rivera 676b748056
Limit connect snapshot metadata to admin-scoped clients (#58469) 
* fix(gateway): gate connect snapshot metadata by scope

* fix(gateway): clarify connect snapshot trust boundary

* fix(gateway): note connect snapshot change in changelog

* fix(gateway): remove changelog changes from PR

* chore: add changelog for scoped gateway snapshot metadata

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:41:47 -06:00
Peter Steinberger 45c8207ef2 fix(exec): clarify auto routing semantics (#58897) (thanks @vincentkoc) 2026-04-03 02:37:12 +09:00
Vincent Koc 5dca81271c fix(exec): clarify and cover auto host override guard 2026-04-03 02:37:12 +09:00
Vincent Koc dae6632da1 Security: block exec host overrides under auto target 2026-04-03 02:37:12 +09:00
Agustin Rivera 5874a387ae
fix(windows): reject unresolved cmd wrappers (#58436) 
* fix(windows): reject unresolved cmd wrappers

* fix(windows): add wrapper policy coverage

* fix(windows): document wrapper fallback migration

* fix(windows): drop changelog entry from pr

* chore: add changelog for Windows wrapper fail-closed behavior

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
 2026-04-02 11:35:50 -06:00
Peter Steinberger 3e452f2671
fix: preserve strict inline-eval approval boundaries (#59780) (thanks @luoyanglang) 2026-04-02 18:30:29 +01:00
Peter Steinberger f03d7c5a4c
refactor: centralize Windows exec invocation 2026-04-02 18:27:53 +01:00
luoyanglang f0a4bbba33 test(tasks): close flow registry before temp-dir cleanup 2026-04-03 02:25:48 +09:00
luoyanglang 68d8e15a2e fix(exec): satisfy allowlist predicate type checks 2026-04-03 02:25:48 +09:00
luoyanglang 7c83cae425 fix(exec): keep strict inline-eval interpreter approvals reusable 2026-04-03 02:25:48 +09:00
joelnishanth d5865bbcc2 fix: decouple approval availability from native delivery enablement (#59620) 
getActionAvailabilityState in createApproverRestrictedNativeApprovalAdapter
was gating on both hasApprovers AND isNativeDeliveryEnabled, causing
Telegram exec approvals to report "not allowed" when
channels.telegram.execApprovals.target was configured but
execApprovals.enabled was not explicitly true. The availability check
should only depend on whether approvers exist; native delivery mode is
a routing concern handled downstream.
 2026-04-03 02:21:17 +09:00
lawrence3699 2fd7f7ca52 fix(exec): hide windows console windows 2026-04-03 02:19:32 +09:00
pgondhi987 7eb094a00d
fix(infra): align env key normalization in approval binding path (#59182) 
* fix: address issue

* fix: address PR review feedback

* fix: address review feedback

* fix: address review feedback

* chore: add changelog for Windows env approval binding

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:14:33 -06:00
Vincent Koc 774beb8e5c
refactor(plugin-sdk): add task domain runtime surfaces (#59805) 
* refactor(plugin-sdk): add task domain runtime views

* chore(plugin-sdk): refresh api baseline

* fix(plugin-sdk): preserve task runtime owner isolation
 2026-04-03 02:11:21 +09:00
Peter Steinberger fc76f667c2 test: isolate task flow link validation stores 2026-04-03 02:04:26 +09:00
Peter Steinberger a406045f2f test: accept Windows exec approval denial path 2026-04-03 02:04:26 +09:00
Peter Steinberger 247a06813e fix: avoid gateway cwd for node exec (#58977) (thanks @Starhappysh) 2026-04-03 02:04:26 +09:00
jianxing zhang 50b270a86b fix: widen HostExecApprovalParams.cwd to string | undefined 
Remote node exec may have no explicit cwd when the gateway's own
process.cwd() is omitted. Allow undefined to flow through the
approval request type.
 2026-04-03 02:04:26 +09:00
jianxing zhang 302c6e30bb fix: resolve type errors where workdir (string | undefined) flows to string-only params 
After the node early-return, narrow workdir back to string via
resolvedWorkdir for gateway/sandbox paths. Update
buildExecApprovalPendingToolResult and buildApprovalPendingMessage
to accept string | undefined for cwd since node execution may omit it.
 2026-04-03 02:04:26 +09:00
jianxing zhang 3b3191ab3a fix(exec): skip gateway cwd injection for remote node host 
When exec runs with host=node and no explicit cwd is provided, the
gateway was injecting its own process.cwd() as the default working
directory. In cross-platform setups (e.g. Linux gateway + Windows node),
this gateway-local path does not exist on the node, causing
"SYSTEM_RUN_DENIED: approval requires an existing canonical cwd".

This change detects when no explicit workdir was provided (neither via
the tool call params.workdir nor via agent defaults.cwd) and passes
undefined instead of the gateway cwd. This lets the remote node use its
own default working directory.

Changes:
- bash-tools.exec.ts: Track whether workdir was explicitly provided;
  when host=node and no explicit workdir, pass undefined instead of
  gateway process.cwd()
- bash-tools.exec-host-node.ts: Accept workdir as string | undefined;
  only send cwd to system.run.prepare when defined
- bash-tools.exec-approval-request.ts: Accept workdir as
  string | undefined in HostExecApprovalParams

Fixes #58934

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 02:04:26 +09:00
pgondhi987 8aceaf5d0f
fix(security): close fail-open bypass in exec script preflight [AI] (#59398) 
* fix: address issue

* fix: finalize issue changes

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* chore: add changelog for exec preflight fail-closed hardening

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
 2026-04-02 11:00:39 -06:00
Peter Steinberger e36c563775
refactor(exec): dedupe executable candidate resolution 2026-04-03 01:58:37 +09:00
Vincent Koc 990545181b fix(ci): preserve strict inline-eval denial after durable awk trust 2026-04-03 01:55:01 +09:00
SnowSky1 e6ce31eb54 fix(exec): ignore malformed drive-less windows exec paths 2026-04-03 01:53:25 +09:00
Devin Robison 96b55821bc
fix: share ACP owner-only approval classes (#201) (#59255) 
Co-authored-by: OpenClaw Dummy Agent <octriage-dummy@example.invalid>
 2026-04-02 10:45:41 -06:00
Jacob Tomlinson 176c059b05
node-host: bind pnpm dlx approval scripts (#58374) 
* node-host: bind pnpm dlx approval scripts

* node-host: cover pnpm dlx package alias

* node-host: cover pnpm dlx flag forms

* node-host: fail closed on unsafe pnpm dlx flags

* node-host: narrow pnpm dlx fail-closed guard

* node-host: scan pnpm dlx past global --

* node-host: allow pnpm dlx file args

* node-host: allow pnpm dlx data args

* node-host: fail closed on unknown pnpm dlx flags

* node-host: support pnpm workspace-root flag

* node-host: restrict pnpm dlx tail scan

* node-host: support pnpm parallel flag

* changelog: node-host pnpm dlx approval binding (#58374)
 2026-04-02 09:41:28 -07:00
Vincent Koc e4818a345e test(tasks): close flow registry before temp dir cleanup 2026-04-03 01:32:05 +09:00
Peter Steinberger 17f6626ffe
feat(approvals): auto-enable native chat approvals 2026-04-02 17:30:40 +01:00
Peter Steinberger 721cab2b8d
refactor(exec): split allowlist segment evaluation helpers 2026-04-03 01:22:25 +09:00
Peter Steinberger 812a7636fb
refactor: simplify exec approval followup delivery 2026-04-02 17:19:42 +01:00
Peter Steinberger 47dcfc49b8
fix: scope #57584 to shell allowlist changes 2026-04-03 01:11:20 +09:00
biao 8d81e76f23
fix: evaluate shell wrapper inline commands against allowlist (#57377) (#57584) 
When a skill constructs a compound command via a shell wrapper
(e.g. `sh -c "cat SKILL.md && gog-wrapper calendar events"`),
the allowlist check was comparing `/bin/sh` instead of the actual
target binaries, causing the entire command to be silently rejected.

This adds recursive inline command evaluation that:
- Detects chain operators (&&, ||, ;) in the -c payload
- Parses each sub-command independently via analyzeShellCommand
- Evaluates every sub-command against the allowlist
- Preserves per-sub-command segmentSatisfiedBy for accurate tracking
- Limits recursion depth to 3 to prevent abuse
- Skips recursion on Windows (no POSIX shell semantics)

Closes #57377

Co-authored-by: WZBbiao <wangzhenbiao326@gmail.com>
 2026-04-03 01:06:40 +09:00