nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,532 Commits 733 Branches 79 Tags 2.6 GiB
Commit Graph

515 Commits

Author SHA1 Message Date
Peter Steinberger 8cc841766c docs(security): enumerate dangerous config parameters 2026-02-24 14:25:43 +00:00
Peter Steinberger 4d124e4a9b feat(security): warn on likely multi-user trust-model mismatch 2026-02-24 14:03:19 +00:00
Peter Steinberger 8c5cf2d5b2 docs(subagents): document default runTimeoutSeconds config (#24594) (thanks @mitchmcalister) 2026-02-24 04:22:43 +00:00
Peter Steinberger 223d7dc23d feat(gateway)!: require explicit non-loopback control-ui origins 2026-02-24 01:57:11 +00:00
Peter Steinberger 5eb72ab769 fix(security): harden browser SSRF defaults and migrate legacy key 2026-02-24 01:52:01 +00:00
Peter Steinberger f0f886ecc4 docs(security): clarify gateway-node trust boundary in docs 2026-02-24 01:35:44 +00:00
Peter Steinberger cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907) 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
 2026-02-24 01:01:51 +00:00
Peter Steinberger 41b0568b35 docs(security): clarify shared-agent trust boundaries 2026-02-24 01:00:05 +00:00
Peter Steinberger 400220275c docs: clarify multi-instance recommendations for user isolation 2026-02-24 00:40:08 +00:00
Peter Steinberger 7d55277d72 docs: clarify operator trust boundary for shared gateways 2026-02-24 00:25:01 +00:00
Gustavo Madeira Santana eff3c5c707
Session/Cron maintenance hardening and cleanup UX (#24753) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7533b85156
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
 2026-02-23 22:39:48 +00:00
Peter Steinberger 9af3ec92a5 fix(gateway): add HSTS header hardening and docs 2026-02-23 19:47:29 +00:00
Peter Steinberger 78e7f41d28 docs: detail per-agent prompt caching configuration 2026-02-23 18:46:40 +00:00
边黎安 a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config (#24210) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0f272b1027
Co-authored-by: bianbiandashen <16240681+bianbiandashen@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-23 03:18:55 -05:00
Tak Hoffman 9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-22 23:55:59 -06:00
Peter Steinberger e0d4194869 docs: add missing summary/read_when metadata 2026-02-22 20:45:09 +01:00
Peter Steinberger 08431da5d5 refactor(gateway): unify credential precedence across entrypoints 2026-02-22 18:55:44 +01:00
Peter Steinberger e58054b85c docs(telegram): align Node22 network defaults and setup guidance 2026-02-22 17:54:16 +01:00
Peter Steinberger 0d0f4c6992 refactor(exec): centralize safe-bin policy checks 2026-02-22 13:18:25 +01:00
Peter Steinberger 65dccbdb4b fix: document onboarding dmScope default as breaking change (#23468) (thanks @bmendonca3) 2026-02-22 12:36:49 +01:00
Peter Steinberger 85e5ed3f78 refactor(channels): centralize runtime group policy handling 2026-02-22 12:35:41 +01:00
Brian Mendonca bc78b343ba Security: expand audit checks for mDNS and real-IP fallback 2026-02-22 11:26:17 +01:00
Peter Steinberger 8887f41d7d refactor(gateway)!: remove legacy v1 device-auth handshake 2026-02-22 09:27:03 +01:00
Peter Steinberger 008a8c9dc6 chore(docs): normalize security finding table formatting 2026-02-22 08:03:29 +00:00
Peter Steinberger 265da4dd2a fix(security): harden gateway command/audit guardrails 2026-02-22 08:45:48 +01:00
Peter Steinberger 049b8b14bc fix(security): flag open-group runtime/fs exposure in audit 2026-02-22 08:22:51 +01:00
Peter Steinberger 817905f3a0 docs: document thread-bound subagent sessions and remove plan 2026-02-21 19:59:55 +01:00
Peter Steinberger 2c14b0cf4c refactor(config): unify streaming config across channels 2026-02-21 19:53:42 +01:00
Peter Steinberger f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger 8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger 621d8e1312 fix(sandbox): require noVNC observer password auth 2026-02-21 13:44:24 +01:00
Peter Steinberger be7f825006 refactor(gateway): harden proxy client ip resolution 2026-02-21 13:36:23 +01:00
Peter Steinberger 14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger f265d45840 fix(tts): make model provider overrides opt-in 2026-02-21 13:16:07 +01:00
Peter Steinberger 356d61aacf fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
Peter Steinberger 99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Peter Steinberger 810218756d docs(security): clarify trusted-host deployment assumptions 2026-02-21 12:53:12 +01:00
Peter Steinberger ede496fa1a docs: clarify trusted-host assumption for tokenless tailscale 2026-02-21 12:52:49 +01:00
Ayaan Zaidi 677384c519
refactor: simplify Telegram preview streaming to single boolean (#22012) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: a4017d3b94
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com>
Reviewed-by: @obviyus
 2026-02-21 15:19:13 +05:30
Shadow f555835b09
Channels: add thread-aware model overrides 2026-02-20 19:26:25 -06:00
Shadow 4ab946eebf
Discord VC: voice channels, transcription, and TTS (#18774) 2026-02-20 16:06:07 -06:00
Mariano 094dbdaf2b
fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback (#22082) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 6ff3ca9b5d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 18:03:53 +00:00
adhitShet ae4907ce6e
fix(heartbeat): return false for zero-width active-hours window (#21408) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 993860bd03
Co-authored-by: adhitShet <131381638+adhitShet@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 20:03:57 -05:00
Peter Steinberger c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger 1316e57403 fix: enforce inbound attachment root policy across pipelines 2026-02-19 14:15:51 +01:00
Peter Steinberger 49d0def6d1 fix(security): harden imessage remote scp/ssh handling 2026-02-19 11:08:23 +01:00