nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,098 Commits 901 Branches 93 Tags 6.5 GiB
Commit Graph

24098 Commits

Author SHA1 Message Date
Gustavo Madeira Santana 8dbba7d17c
fix(scripts/pr): make cleanup worktree-safe 2026-03-31 09:07:42 -04:00
Gustavo Madeira Santana 27b9665871
chore: clarify test performance guardrail 2026-03-31 09:07:42 -04:00
Vincent Koc d369c9373b perf(whatsapp): avoid module resets in poll adapter test 2026-03-31 22:06:01 +09:00
Vincent Koc 37099dae3e fix(ci): restore matrix monitor import guards and windows npm exit codes 2026-03-31 22:04:35 +09:00
Vincent Koc 35072c4751 perf(discord): avoid broad send barrel in webhook activity test 2026-03-31 22:02:01 +09:00
Vincent Koc 675b80c4a4 perf(slack): narrow send chunking imports 2026-03-31 21:58:00 +09:00
Gustavo Madeira Santana 4ea1ca4849
Sessions: parse thread suffixes by channel (#58100) 
Merged via squash.

Prepared head SHA: 2829b9c5b5
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 08:54:16 -04:00
Vincent Koc 11590eb6ce fix(ci): restore dotenv trust boundary and windows npm exit handling 2026-03-31 21:51:17 +09:00
Gustavo Madeira Santana 3ceec929df
Matrix: narrow monitor runtime seam 2026-03-31 08:46:53 -04:00
Vincent Koc 7710579a82 perf(telegram): narrow native command import surface 2026-03-31 21:43:16 +09:00
Vincent Koc b19e28a85e fix(telegram): lazy-load sticker vision model lookup 2026-03-31 21:31:05 +09:00
Vincent Koc dba96e7507
fix(discord): gate voice ingress by allowlists (#58245) 
* fix(discord): gate voice ingress by allowlists

* fix(discord): preserve voice allowlist context

* fix(discord): fetch guild metadata for voice allowlists

* fix(discord): reuse voice speaker context

* fix(discord): preserve cached speaker context

* fix(discord): tighten voice ingress authorization
 2026-03-31 21:29:13 +09:00
Vincent Koc 25a3d37970 fix(ci): restore matrix guardrails and windows exec shim 2026-03-31 21:27:43 +09:00
Gustavo Madeira Santana f8af407c86
build: pin axios to 1.13.6 
Pin axios through pnpm overrides and collapse the lockfile to a single
1.13.6 resolution.

This avoids accidental adoption of the compromised axios releases called
out in the ongoing supply chain attack reports while upstream guidance
settles.
 2026-03-31 08:27:00 -04:00
Vincent Koc 4d912e0451
fix(exec): block proxy-style env overrides (#58202) 
* fix(exec): block proxy-style env overrides

* fix(exec): keep trusted host proxy env inherited

* fix(exec): block git tls override env vars

* fix(skills): block dangerous env override keys
 2026-03-31 21:25:36 +09:00
Gustavo Madeira Santana 28bb8c600e
Matrix: narrow thread binding runtime seam 2026-03-31 08:12:46 -04:00
Gustavo Madeira Santana 305977571d
Matrix: narrow storage and routing imports 2026-03-31 08:12:46 -04:00
Vincent Koc e6441760d2 test(telegram): normalize message-context timing inputs 2026-03-31 21:10:43 +09:00
Vincent Koc 415e7d941b test(slack): remove slash metadata polling 2026-03-31 21:02:06 +09:00
Vincent Koc 730ba40763
fix(exec): unwrap arch and xcrun dispatch wrappers (#58203) 
* fix(exec): unwrap arch and xcrun dispatch wrappers

* fix(infra): scope arch wrapper unwrapping to macos

* fix(exec): scope arch wrapper unwrapping to macos

* fix(infra): validate macos arch wrapper selectors

* test(infra): cover invalid arch name wrappers
 2026-03-31 21:00:14 +09:00
Jacob Tomlinson 2ce44ca6a1
fix(plugins): guard marketplace archive downloads (#58267) 
* Plugins: guard marketplace archive downloads

* Plugins: harden marketplace download cleanup

* Plugins: bound marketplace archive downloads

* Plugins: harden marketplace archive failures

* Plugins: reject drive-relative marketplace archives

* Plugins: stream marketplace archive downloads
 2026-03-31 12:59:42 +01:00
Mariano 607076d164
ClawFlow: add runtime substrate (#58336) 
Merged via squash.

Prepared head SHA: 6a6158179e
Reviewed-by: @mbelinky
 2026-03-31 13:58:29 +02:00
Vincent Koc f2d4089ca2 test(discord): remove monitor polling overhead 2026-03-31 20:56:37 +09:00
Vincent Koc 334085fbe9 test(channels): inject telegram reply pipeline for dispatch tests 2026-03-31 20:54:30 +09:00
Vincent Koc 5474796735 docs(security): clarify acpx yolo mode 2026-03-31 20:54:30 +09:00
pgondhi987 d8c68c8d42
fix: migrate Telegram pairing allowFrom to default account only (#58165) 
* fix: migrate Telegram pairing allowFrom to default account only

* fix: address PR review feedback

* fix: address PR review feedback
 2026-03-31 12:51:38 +01:00
Vincent Koc 62c28c0708 test(discord): isolate ACP binding routing seam 2026-03-31 20:49:31 +09:00
Vincent Koc b4ac69c652 docs(acp): align approval policy wording 2026-03-31 20:49:31 +09:00
Vincent Koc cd5179314d fix(acp): use semantic approval classes 2026-03-31 20:49:31 +09:00
Gustavo Madeira Santana d077faab1a
Matrix: narrow monitor runtime imports 2026-03-31 07:29:47 -04:00
Gustavo Madeira Santana 2bdf2fbf14
Matrix: trim storage test import churn 2026-03-31 07:29:47 -04:00
Vincent Koc 225dfe0094 fix(ci): stabilize planner executor fallback tests 2026-03-31 20:26:28 +09:00
Gustavo Madeira Santana 8c0245f57b
fix(matrix): tighten DM invite promotion state (#58099) 
Merged via squash.

Prepared head SHA: 6638d4b505
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-03-31 07:09:18 -04:00
Vincent Koc 1243e2c0b6 fix(telegram): keep test harness CJS-safe 2026-03-31 20:04:21 +09:00
Vincent Koc e704323ff3
fix(media): drop auth headers on cross-origin redirects (#58224) 
* fix(media): drop auth headers on cross-origin redirects

* chore(changelog): sync unreleased context

* fix(media): keep fetch-guard redirect helper working
 2026-03-31 19:57:42 +09:00
Vincent Koc 3d5af14984
fix(agents): reject escaping symlinks in ssh sandbox uploads (#58220) 
* fix(agents): reject escaping ssh sandbox upload symlinks

* fix(agents): allow safe ssh upload symlink aliases

* test(ssh): keep upload stdin open in fake ssh

* Update CHANGELOG.md
 2026-03-31 19:56:45 +09:00
FMLS 44caf1ee3d
fix(browser): prevent cross-origin images from disappearing in CDP screenshots (#54358) 
fromSurface: true + captureBeyondViewport: true triggers a Chromium compositor
bug where cross-origin image textures are lost when extending the capture
surface. Switch to fromSurface: false to use the software rendering path.

For full-page captures, temporarily expand the viewport via
Emulation.setDeviceMetricsOverride, preserving the current mobile/DPR/screen
state during capture and restoring it afterward so pre-existing device
emulation is not lost.

Made-with: Cursor

Co-authored-by: hakunaliu <hakunaliu@tencent.com>
 2026-03-31 18:55:25 +08:00
Vincent Koc 57700d716f
fix(config): redact Nostr privateKey in config views (#58177) 
* wip(config): preserve nostr redaction progress

* fix(config): add private key redaction fallback

* fix(config): align nostr privateKey secret input handling

* fix(config): require resolved nostr private keys
 2026-03-31 19:55:03 +09:00
Vincent Koc efe9183f9d
fix(voice-call): pin plivo callback origins (#58238) 2026-03-31 19:50:35 +09:00
Vincent Koc cf3ae2612b fix(ci): reduce slow channel test skew 2026-03-31 19:49:40 +09:00
Vincent Koc da7f016db6 fix(doctor): align qmd probe cwd with runtime 2026-03-31 19:49:40 +09:00
Vincent Koc 6b3f99a11f
fix(gateway): enforce trusted-proxy HTTP origin checks (#58229) 
* fix(gateway): enforce trusted-proxy HTTP origin checks

* Update CHANGELOG.md
 2026-03-31 19:49:26 +09:00
Vincent Koc 9abcfdadf5
fix(voice-call): reject oversized pre-start media frames (#58241) 
* fix(voice-call): reject oversized pre-start frames

* fix(voice-call): avoid normalizing oversized frames

* chore(changelog): remove stray spacing

* fix(voice-call): remove dead inbound size guard
 2026-03-31 19:47:10 +09:00
Vincent Koc 9bc1f896c8
fix(pairing): scope pending request caps per account (#58239) 
* fix(pairing): scope pending pairing caps per account

* fix(pairing): count legacy default-account requests
 2026-03-31 19:45:45 +09:00
Vincent Koc f45e5a6569
fix(feishu): filter fetched group thread context (#58237) 
* fix(feishu): filter fetched group thread context

* fix(feishu): preserve filtered thread bootstrap
 2026-03-31 19:43:54 +09:00
Vincent Koc 2194587d70
fix(tlon): cap inbound image downloads (#58223) 2026-03-31 19:40:15 +09:00
Vincent Koc 9023a0436c
fix(exec): unwrap transparent approval wrappers (#58215) 
* fix(exec): unwrap transparent approval wrappers

* fix(exec): normalize sandbox-exec -D wrapper parsing
 2026-03-31 19:38:34 +09:00
Vincent Koc eb8de6715f
fix(exec): block risky host env overrides (#58209) 
* fix(exec): block risky host env overrides

* fix(exec): block GOPRIVATE host env overrides
 2026-03-31 19:37:43 +09:00
Vincent Koc 57c47d8c7f
fix(line): bound preverify webhook concurrency (#58199) 
* fix(line): bound preverify webhook concurrency

* test(line): cover preauth release timing

* fix(line): release webhook preauth slots earlier
 2026-03-31 19:34:25 +09:00
Vincent Koc 4d038bb242
fix(zalo): scope webhook replay dedupe per target (#58196) 2026-03-31 19:33:57 +09:00