nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,699 Commits 763 Branches 79 Tags 4.9 GiB
Commit Graph

14699 Commits

Author SHA1 Message Date
Peter Steinberger dcd592a601 refactor: eliminate jscpd clones and boost tests 2026-02-19 15:08:54 +00:00
Peter Steinberger 71983716ff test: share channels command mock harness 2026-02-19 15:08:14 +00:00
Peter Steinberger 0213a09211 test: share temp home env harness 2026-02-19 15:08:14 +00:00
Peter Steinberger edf92f1cb0 refactor: share npm integrity drift handling 2026-02-19 15:08:14 +00:00
Peter Steinberger 72e426be60 test: reuse isolated agent mock module 2026-02-19 15:08:14 +00:00
Peter Steinberger e1059e95aa refactor(daemon): extract schtasks cmd-set codec helpers 2026-02-19 16:07:15 +01:00
Peter Steinberger a688ccf24a refactor(security): unify safe-bin argv parsing and harden regressions 2026-02-19 16:04:58 +01:00
Peter Steinberger 2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger 8288702f51 docs(changelog): add Windows schtasks injection fix note 2026-02-19 15:57:42 +01:00
Peter Steinberger dafe52e8cf fix(daemon): escape schtasks environment assignments 2026-02-19 15:52:13 +01:00
Peter Steinberger c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger f76f98b268 chore: fix formatting drift and stabilize cron tool mocks 2026-02-19 15:41:38 +01:00
Peter Steinberger 63e39d7f57 fix(security): harden ACP prompt size guardrails 2026-02-19 15:41:01 +01:00
Aether AI Agent ebcf19746f fix(security): OC-53 validate prompt size before string concatenation to prevent memory exhaustion — Aether AI Agent 2026-02-19 15:41:01 +01:00
Aether AI Agent 732e53151e fix(security): OC-53 enforce 2MB prompt size limit to prevent ACP DoS — Aether AI Agent 2026-02-19 15:41:01 +01:00
Peter Steinberger c9dee59266 refactor(security): centralize trusted sender checks for discord moderation 2026-02-19 15:39:56 +01:00
Peter Steinberger 81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger 10379e7dcd fix: harden voice-call tts deep merge 2026-02-19 15:37:01 +01:00
Peter Steinberger b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger 3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger 9130fd2b06 ci: harden workflow action input handling 2026-02-19 15:27:48 +01:00
Peter Steinberger efca61e3ac test: share cron tool mock harness 2026-02-19 14:27:37 +00:00
Peter Steinberger eb9861b20a test: share memory manager bootstrap helper 2026-02-19 14:27:37 +00:00
Peter Steinberger 2581b67cdb refactor: share exec approval request helper 2026-02-19 14:27:37 +00:00
Peter Steinberger 3179097a1f refactor: dedupe redact snapshot restore prelude 2026-02-19 14:27:37 +00:00
Peter Steinberger ffd4e85873 refactor: share allow-from merge and sender-id checks 2026-02-19 14:27:37 +00:00
Peter Steinberger ba538c98c7 refactor: share plain object guard across config and utils 2026-02-19 14:27:36 +00:00
Peter Steinberger 397f243ded refactor: dedupe gateway session guards and agent test fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger a99fd8f2dd refactor: reuse daemon action response type in lifecycle core 2026-02-19 14:27:36 +00:00
Peter Steinberger 672b1c5084 refactor: dedupe slack monitor mrkdwn and modal event base 2026-02-19 14:27:36 +00:00
Peter Steinberger cb6b835a49 test: dedupe heartbeat and action-runner fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger 26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger 77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger 775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger 3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger 5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger 2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger b54ba3391b fix: credit contributor in changelog (#20916) (thanks @orlyjamie) 2026-02-19 15:00:10 +01:00
Peter Steinberger 29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger f8b61bb4ed refactor(acp): split session tests and share rate limiter 2026-02-19 14:55:06 +01:00
Peter Steinberger 19348050be style: normalize acp translator import ordering 2026-02-19 13:54:40 +00:00
Peter Steinberger 7a89049d1d refactor: dedupe pending pairing request flow and add reuse tests 2026-02-19 13:54:35 +00:00
Peter Steinberger d900d5efbd style: normalize ws message handler import ordering 2026-02-19 13:51:53 +00:00
Peter Steinberger 79ab4927c1 test: dedupe extracted-size budget assertions in archive tests 2026-02-19 13:51:53 +00:00
Peter Steinberger 7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie 7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger 4ddc4dfd76 test: dedupe fetch cleanup-throw signal harness 2026-02-19 13:50:07 +00:00