nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,141 Commits 927 Branches 94 Tags 6.3 GiB
Commit Graph

140 Commits

Author SHA1 Message Date
Peter Steinberger 4540790cb6 refactor(bluebubbles): share dm/group access policy checks 2026-02-21 20:08:33 +01:00
Peter Steinberger 2ba6de7eaa refactor(security): make empty allowlist behavior explicit 2026-02-21 19:54:59 +01:00
Peter Steinberger 9632b9bcf0 fix(security): fail closed parsed chat allowlist 2026-02-21 19:51:36 +01:00
Peter Steinberger 283029bdea refactor(security): unify webhook auth matching paths 2026-02-21 11:52:34 +01:00
Peter Steinberger 6b2f2811dc fix(security): require BlueBubbles webhook auth 2026-02-21 11:41:50 +01:00
Peter Steinberger 9231d7d30f chore: bump version to 2026.2.21 2026-02-21 11:02:30 +01:00
Peter Steinberger f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger 53aecf7a8e test(bluebubbles): merge typing start stop method checks 2026-02-19 10:09:34 +00:00
Peter Steinberger 32ba62dc69 test(bluebubbles): merge setGroupIcon credential checks 2026-02-19 09:51:35 +00:00
Peter Steinberger 0c1d3b866c test(bluebubbles): collapse duplicate credential and chatGuid cases 2026-02-19 09:48:47 +00:00
Peter Steinberger 4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger 31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Peter Steinberger 9a2c39419e chore(release): bump version to 2026.2.17 2026-02-17 23:08:55 +01:00
Tyler Yust e1015a5197 fix(bluebubbles): recover outbound message IDs and include sender metadata 2026-02-17 11:39:58 -08:00
cpojer d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
Sebastian ca19745fa2 Revert "channels: migrate extension account listing to factory" 
This reverts commit d24340d75b.
 2026-02-16 23:17:13 -05:00
Sebastian 0158e41298 Revert "fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies" 
This reverts commit e179d453c7.
 2026-02-16 21:11:53 -05:00
cpojer b3d9ecf4e4
chore: Fix types that were broken due to reverts. 2026-02-17 10:57:31 +09:00
cpojer 889f221ed1
chore: Fix type errors in `extensions/bluebubbles` tests. 2026-02-17 10:14:00 +09:00
cpojer 90ef2d6bdf
chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger 7632e60d70 refactor(onboarding): reuse allowFrom merge helper in extensions 2026-02-16 23:47:57 +00:00
yinghaosang d24340d75b channels: migrate extension account listing to factory 2026-02-16 23:53:19 +01:00
Jean Carlos Nunez e179d453c7 fix: resolve #12770 - update Antigravity default model and trim leading whitespace in BlueBubbles replies 2026-02-16 23:50:14 +01:00
Peter Steinberger 1d37389490 test: annotate harness mocks to avoid TS2742 in CI 2026-02-16 15:19:11 +00:00
Peter Steinberger 544ffbcf7b refactor(extensions): dedupe connector helper usage 2026-02-16 14:59:30 +00:00
Peter Steinberger 39fa81dc96 chore: bump version to 2026.2.16 2026-02-16 06:08:47 +01:00
Peter Steinberger 88548784ce fix(bluebubbles): use Buffer for multipart body 2026-02-15 19:25:11 +00:00
Peter Steinberger 719280d737 refactor(bluebubbles): share multipart helpers 2026-02-15 19:24:03 +00:00
Shadow c6b3736fe7 fix: dedupe probe/token base types (#16986) (thanks @iyoda) 2026-02-15 11:36:54 -06:00
Peter Steinberger 379b445582 chore: bump version to 2026.2.15 2026-02-15 04:50:31 +01:00
Peter Steinberger 1ff15e60d3 chore(release): bump versions to 2026.2.14 2026-02-15 02:53:35 +01:00
Peter Steinberger 811e0c5797 refactor(bluebubbles): share send helpers 2026-02-15 01:15:43 +00:00
Peter Steinberger 461ead8ceb refactor(imessage): share target parsing helpers 2026-02-15 01:15:43 +00:00
Peter Steinberger a8e4ab3ebe refactor(bluebubbles): dedupe webhook normalization 2026-02-15 00:26:46 +00:00
Peter Steinberger 743f4b2849 fix(security): harden BlueBubbles webhook auth behind proxies 2026-02-14 19:47:51 +01:00
Christian Klotz df7464ddf6
fix(bluebubbles): include sender identity in group chat envelopes (#16326) 
* fix(bluebubbles): include sender identity in group chat envelopes

Use formatInboundEnvelope (matching iMessage/Signal pattern) so group
messages show the group label in the envelope header and include the
sender name in the message body. ConversationLabel now resolves to the
group name for groups instead of being undefined.

Fixes #16210

Co-authored-by: zerone0x <hi@trine.dev>

* fix(bluebubbles): use finalizeInboundContext and set BodyForAgent to raw text

Wrap ctxPayload with finalizeInboundContext (matching iMessage/Signal/
every other channel) so field normalization, ChatType, ConversationLabel
fallback, and MediaType alignment are applied consistently.

Change BodyForAgent from the envelope-formatted body to rawBody so the
agent prompt receives clean message text instead of the [BlueBubbles ...]
envelope wrapper.

Co-authored-by: zerone0x <hi@trine.dev>

* docs: add changelog entry for BlueBubbles group sender fix (#16326)

* fix(bluebubbles): include id in fromLabel matching formatInboundFromLabel

Align fromLabel output with the shared formatInboundFromLabel pattern:
groups get 'GroupName id:peerId', DMs get 'Name id:senderId' when the
name differs from the id. Addresses PR review feedback.

Co-authored-by: zerone0x <hi@trine.dev>

---------

Co-authored-by: zerone0x <hi@trine.dev>
 2026-02-14 18:17:26 +00:00
Mariano 71f357d949
bluebubbles: harden local media path handling against LFI (#16322) 
* bluebubbles: harden local media path handling

* bluebubbles: remove racy post-open symlink lstat

* fix: bluebubbles mediaLocalRoots docs + typing fix (#16322) (thanks @mbelinky)
 2026-02-14 17:43:44 +00:00
Peter Steinberger 188c4cd076 fix(security): reject ambiguous webhook target matches 2026-02-14 17:28:28 +01:00
Peter Steinberger 6543ce717c perf(test): avoid plugin-sdk barrel imports 2026-02-14 12:42:19 +00:00
Tyler Yust 45e12d2388
bluebubbles: gracefully handle disabled private API with action/tool filtering and fallbacks (#16002) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 243cc0cc9a
Co-authored-by: tyler6204 <243?+tyler6204@users.noreply.github.com>
Co-authored-by: tyler6204 <64381258+tyler6204@users.noreply.github.com>
Reviewed-by: @tyler6204
 2026-02-13 21:15:56 -08:00
Peter Steinberger f02247b6c5 fix(ci): fix discord proxy websocket binding and bluebubbles timeout status 2026-02-13 19:35:55 +00:00
Mariano 7f0489e473
Security/Browser: constrain trace and download output paths to OpenClaw temp roots (#15652) 
* Browser/Security: constrain trace and download output paths to temp roots

* Changelog: remove advisory ID from pre-public security note

* Browser/Security: constrain trace and download output paths to temp roots

* Changelog: remove advisory ID from pre-public security note

* test(bluebubbles): align timeout status expectation to 408

* test(discord): remove unused race-condition counter in threading test

* test(bluebubbles): align timeout status expectation to 408
 2026-02-13 19:24:33 +00:00
Peter Steinberger a1df0939db refactor(bluebubbles): split monitor parsing and processing modules 2026-02-13 19:08:37 +00:00
Peter Steinberger 3cbcba10cf fix(security): enforce bounded webhook body handling 2026-02-13 19:14:54 +01:00
Peter Steinberger 67251e97bd
fix(ci): sync extension versions to root release (#15199) 2026-02-13 05:54:03 +01:00
Peter Steinberger 7695b4842b chore: bump version to 2026.2.12 2026-02-12 18:20:46 +01:00
Coy Geek f836c385ff
fix: BlueBubbles webhook auth bypass via loopback proxy trust (#13787) 
* fix(an-08): apply security fix

Generated by staged fix workflow.

* fix(an-08): apply security fix

Generated by staged fix workflow.

* fix(an-08): stabilize bluebubbles auth fixture for security patch

Restore the default test password in createMockAccount and add a
fallback password query in createMockRequest when auth is omitted.

This keeps the AN-08 loopback-auth regression tests strict while
preserving existing monitor behavior tests that assume authenticated
webhook fixtures.
 2026-02-12 07:12:17 -06:00