nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,898 Commits 899 Branches 93 Tags 5.7 GiB
Commit Graph

23898 Commits

Author SHA1 Message Date
Gustavo Madeira Santana b6f88b72e8
Matrix: limit ingress locking to room history 2026-03-30 15:09:55 -04:00
Gustavo Madeira Santana be740253de
Matrix: ignore stale snapshot mismatches 2026-03-30 15:09:55 -04:00
Gustavo Madeira Santana ec1655f331
Matrix: reject stale history snapshots after room recreation 2026-03-30 15:09:55 -04:00
Gustavo Madeira Santana 1e46af399f
Matrix: buffer poll updates in room history 2026-03-30 15:09:55 -04:00
Gustavo Madeira Santana 05ddd00f61
Matrix: narrow room history tracker api 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana 97b5229620
Matrix: avoid idle ingress serialization 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana 7eac926f44
Matrix: refresh watermark recency on consume 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana 2b3d776403
Matrix: ignore stale history after room eviction 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana e03327203c
Matrix: clean monitor history helpers 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana c7052853f3
Matrix: narrow history ingress lock 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana 28fbd2cf6c
Matrix: format history regression test 2026-03-30 15:09:54 -04:00
Gustavo Madeira Santana ba922701e3
Matrix: stabilize group history snapshots 2026-03-30 15:09:53 -04:00
chain710 6f7825a3a9
feat(matrix): add group chat history context for agent triggers 
Implement per-room message queue with per-agent watermarks so each agent
in a Matrix room independently tracks which messages it has consumed.

- Non-trigger messages accumulate in a shared per-room queue
- When an agent is triggered, it receives InboundHistory of pending messages
  since its last reply (capped at historyLimit)
- Watermark only advances to the snapshot taken at dispatch time, so messages
  arriving during async processing are visible on the next trigger (race safety)
- Each agent has an independent watermark, so multiple agents in the same room
  see independent history windows

Configure via channels.matrix.historyLimit (or messages.groupChat.historyLimit).
Default is 0 (disabled, preserving existing behavior).
 2026-03-30 15:09:53 -04:00
Jacob Tomlinson 8deb9522f3
Guard marketplace and Ollama network requests (#57850) 
* Plugins: guard marketplace and Ollama fetches

* Ollama: pin guarded host allowlist
 2026-03-30 20:08:38 +01:00
Jacob Tomlinson e277a37f89
Infra: block compiler env overrides (#57832) 2026-03-30 20:06:32 +01:00
Jacob Tomlinson cfe1445953
Sandbox: sanitize SSH subprocess env (#57848) 
* Sandbox: sanitize SSH subprocess env

* Sandbox: add sanitize env undefined test
 2026-03-30 20:05:57 +01:00
Jacob Tomlinson f0af186726
gateway: ignore bearer-declared HTTP operator scopes (#57783) 
* gateway: ignore bearer-declared HTTP operator scopes

* gateway: key HTTP bearer guards to auth mode

* gateway: refresh rebased HTTP regression expectations

* gateway: honor resolved HTTP auth method

* gateway: remove duplicate openresponses owner flags
 2026-03-30 20:04:33 +01:00
Jacob Tomlinson 2a75416634
CLI: reset remote URL after trust decline (#57828) 
Co-authored-by: zsxsoft <git@zsxsoft.com>
 2026-03-30 20:03:06 +01:00
Jacob Tomlinson ad77666054
fix(voice-call): canonicalize Telnyx replay request keys (#57829) 2026-03-30 20:01:43 +01:00
Agustin Rivera e65c265e89
Security: block exec approval shell carrier targets (#57871) 
* Security: block exec approval shell carrier targets

* Tests: tighten exec approval carrier regression assertions
 2026-03-30 12:35:04 -06:00
Mariano 9d9cf0d8ff
Tasks: route one-task emergence through parent flows (#57874) 2026-03-30 20:25:01 +02:00
Mariano 7590c22db7
Tasks: add minimal flow registry scaffold (#57865) 2026-03-30 19:57:26 +02:00
Devin Robison 8c83128fc3
Discord: fix Group DM component interaction routing and auth (#57763) 
* Discord: fix Group DM component interaction routing and auth

* Update tests
 2026-03-30 11:17:53 -06:00
Devin Robison 8fdb19676a
Fix Discord native commands bypassing group DM channel allowlist (#57735) 
* Fix Discord native commands bypassing group DM channel allowlist

* Fix linting

* Update tests
 2026-03-30 11:17:36 -06:00
Gustavo Madeira Santana dd17dae3e5
Matrix: drop unused MatrixClient constructor params 2026-03-30 13:17:02 -04:00
Gustavo Madeira Santana 1ea85a5d0b
Matrix: remove stale monitor mention regex param 2026-03-30 13:17:02 -04:00
Shakker e8b0d57eb6 test: isolate browser navigation tests from host proxy env 2026-03-30 18:10:08 +01:00
Shakker 8746e2e216 fix: restore cli registry side-effect option 2026-03-30 18:10:08 +01:00
Shakker ba7c98ab51 fix: align outbound media root tests with config-derived tmp paths 2026-03-30 18:10:08 +01:00
Ayaan Zaidi 1b557ffe65 fix(plugins): keep snapshot hook loads isolated 2026-03-30 22:00:54 +05:30
joelnishanth f849b8de97 hooks: default hooks.internal.enabled to true so bundled hooks load on fresh installs 
Made-with: Cursor
 2026-03-30 22:00:54 +05:30
Jacob Tomlinson 3886b65ef2
fix(gateway): require node pairing before enabling node commands (#57777) 
* Gateway: require node pairing for node commands

* Gateway: request node pairing on initial connect

* Gateway: filter pending node pairing commands
 2026-03-30 17:29:28 +01:00
Jacob Tomlinson 6b38815f86
fix(gateway): tighten tools invoke HTTP guardrails (#57771) 
* fix(gateway): tighten tools invoke HTTP guardrails

Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>

* fix(security): centralize gateway HTTP deny defaults

* fix(gateway): drop duplicate scope guard after rebase

---------

Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
 2026-03-30 17:16:33 +01:00
Jacob Tomlinson 1ca4261d7e
fix(media): keep local roots configuration-derived (#57770) 
* fix(media): keep local roots configuration-derived

Co-authored-by: Jacob Tomlinson <jtomlinson@nvidia.com>

* fix(media): simplify local root lookup

* fix(media): keep legacy local roots export
 2026-03-30 17:15:03 +01:00
Shakker aff6883f93 fix: avoid over-sharding single include-file test batches 2026-03-30 17:14:02 +01:00
Shakker c22edbb8ee test: align ci regression stubs with production behavior 2026-03-30 17:11:06 +01:00
Shakker 555a4d896c test: stabilize media attachment cache path assertions 2026-03-30 17:11:06 +01:00
Shakker 4c45fc3575 test: remove telegram extension dependency from reply command tests 2026-03-30 17:11:06 +01:00
Jacob Tomlinson 17d0be02f2
fix(gateway): bind OpenResponses HTTP ingress as non-owner (#57778) 
* fix(gateway): bind OpenResponses HTTP ingress as non-owner

Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>

* test(gateway): cover streaming OpenResponses non-owner ingress

---------

Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>
 2026-03-30 17:05:29 +01:00
Jacob Tomlinson 1a75906a6f
Exec approvals: prevent interpreter allow-always persistence (#57772) 
* Exec approvals: block interpreter allow-always persistence

* Exec approvals: normalize interpreter allowlist formatting

* Exec approvals: normalize interpreter allowlist wrapping

* Exec approvals: tighten awk regression coverage

* Exec approvals: harden awk interpreter coverage
 2026-03-30 17:03:54 +01:00
pgondhi987 b7b46ad185
fix(skills): replace readFileSync with symlink-safe, root-confined skill file loader (#57519) 
* fix: replace readFileSync with symlink-safe, root-confined skill file loader

* fix(skills): preserve directory-name fallback when frontmatter omits name

* fix: harden skill loader path containment

---------

Co-authored-by: Jacob Tomlinson <jacobtomlinson@users.noreply.github.com>
 2026-03-30 17:03:05 +01:00
Jacob Tomlinson 7a5c5f33d0
Infra: block auth env vars from workspace dotenv (#57767) 
* Infra: block auth env vars from workspace dotenv

* Infra: block workspace dotenv auth key variants

* Infra: block workspace dotenv live auth keys
 2026-03-30 17:01:22 +01:00
Jacob Tomlinson 29cb1e3c7e
Gateway: tighten HTTP tool invoke authorization (#57773) 
* Gateway: harden HTTP tool invoke access

* Gateway: strengthen HTTP tools invoke regression coverage

* Gateway: keep owner-only tools off HTTP
 2026-03-30 16:59:40 +01:00
Jacob Tomlinson ae703ab0e7
infra: harden identifier entropy and delay jitter (#57744) 
* infra: harden identifier entropy and delay jitter

* test: make randomness hardening deterministic in CI
 2026-03-30 16:57:30 +01:00
Jacob Tomlinson 32a4a47d60
Agents: pin apply-patch workspace mutations (#56016) 
* Agents: pin apply-patch file ops to workspace

* Agents: resolve apply-patch review feedback

* Infra: fallback pinned path helper spawn failures
 2026-03-30 16:49:49 +01:00
pgondhi987 6d341cf366
fix(auto-reply): thread per-agent tools.exec defaults into reply directives (#57689) 
* fix(auto-reply): thread per-agent tools.exec defaults into exec overrides

* test(auto-reply): add session-override and inline-directive priority tests for exec agent defaults
 2026-03-30 16:46:54 +01:00
samzong 09bb93c6e0
fix(subagents): correct duration display showing 5-6x inflated runtime (#57739) 
Merged via squash.

Prepared head SHA: 018bbbca4d
Co-authored-by: samzong <13782141+samzong@users.noreply.github.com>
Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com>
Reviewed-by: @frankekn
 2026-03-30 23:44:36 +08:00
Jacob Tomlinson f011d0be28
fix(gateway): treat OpenAI HTTP ingress as non-owner (#57769) 
Co-authored-by: Brian Mendonca <208517100+bmendonca3@users.noreply.github.com>
 2026-03-30 16:26:53 +01:00
Sean c6f2db1506
fix: prevent gateway attachment offload regressions (#55513) (thanks @Syysean) 
* feat(gateway): implement claim check pattern to prevent OOM on large attachments

* fix: sanitize mediaId, refine trimEnd, remove warn log, add threshold and absolute path

* fix: enforce maxBytes before decoding and use dynamic path from saveMediaBuffer

* fix: enforce absolute maxBytes limit before Buffer allocation and preserve file extensions

* fix: align saveMediaBuffer arguments and satisfy oxfmt linter

* chore: strictly enforce linting rules (curly braces, unused vars, and error typing)

* fix: restrict offload to mainstream mimes to avoid extension-loss bug in store.ts for BMP/TIFF

* fix: restrict offload to mainstream mimes to bypass store.ts extension-loss bug

* chore: document bmp/tiff exclusion from offload whitelist in MIME_TO_EXT

* feat: implement agent-side resolver for opaque media URIs and finalize contract

* fix: support unicode media URIs and allow consecutive dots in safe IDs based on Codex review

* fix(gateway): enforce strict fail-fast for oversized media to prevent OOM bypass

* refactor(gateway): harden media offload with performance and security optimizations

This update refines the Claim Check pattern with industrial-grade guards:

- Performance: Implemented sampled Base64 validation for large payloads (>4KB) to prevent event loop blocking.
- Security: Added null-byte (\u0000) detection and reinforced path traversal guards.
- I18n: Updated media-uri regex to a blacklist-based character class for Unicode/Chinese filename support, with oxlint bypass for intentional control regex.
- Robustness: Enhanced error diagnostics with JSON-serialized IDs.

* fix: add HEIC/HEIF to offload allowlist and pass maxBytes to saveMediaBuffer

* fix(gateway): clean up offloaded media files on attachment parse failure

Address Codex review feedback: track saved media IDs and implement best-effort cleanup via deleteMediaBuffer if subsequent attachments fail validation, preventing orphaned files on disk.

* fix(gateway): enforce full base64 validation to prevent whitespace padding bypass

Address Codex review feedback: remove early return in isValidBase64 so padded payloads cannot bypass offload thresholds and reintroduce memory pressure. Updated related comments.

* fix(gateway): preserve offloaded media metadata and fix validation error mapping

Address Codex review feedback:
- Add \offloadedRefs\ to \ParsedMessageWithImages\ to expose structured metadata for offloaded attachments, preventing transcript media loss.
- Move \erifyDecodedSize\ outside the storage try-catch block to correctly surface client base64 validation failures as 4xx errors instead of 5xx \MediaOffloadError\.
- Add JSDoc TODOs indicating that upstream callers (chat.ts, agent.ts, server-node-events.ts) must explicitly pass the \supportsImages\ flag.

* fix(agents): explicitly allow media store dir when loading offloaded images

Address Codex review feedback: Pass getMediaDir() to loadWebMedia's localRoots for media-uri refs to prevent legacy path resolution mismatches from silently dropping large attachments.

* fix(gateway): resolve attachment offload regressions and error mapping

Address Codex review feedback:
- Pass \supportsImages\ dynamically in \chat.ts\ and \gent.ts\ based on model catalog, and explicitly in \server-node-events.ts\.
- Persist \offloadedRefs\ into the transcript pipeline in \chat.ts\ to preserve media metadata for >2MB attachments.
- Correctly map \MediaOffloadError\ to 5xx (UNAVAILABLE) to differentiate server storage faults from 4xx client validation errors.

* fix(gateway): dynamically compute supportsImages for overrides and node events

Address follow-up Codex review feedback:

- Use effective model (including overrides) to compute \supportsImages\ in \gent.ts\.

- Move session load earlier in \server-node-events.ts\ to dynamically compute \supportsImages\ rather than hardcoding true.

* fix(gateway): resolve capability edge cases reported by codex

Address final Codex edge cases:
- Refactor \gent.ts\ to compute \supportsImages\ even when no session key is present, ensuring text-only override requests without sessions safely drop attachments.
- Update catalog lookups in \chat.ts\, \gent.ts\, and \server-node-events.ts\ to strictly match both \id\ and \provider\ to prevent cross-provider model collisions.

* fix(agents): restore before_install hook for skill installs

Restore the plugin scanner security hook that was accidentally dropped during merge conflict resolution.

* fix: resolve attachment pathing, defer parsing after auth gates, and clean up node-event mocks

* fix: resolve syntax errors in test-env, fix missing helper imports, and optimize parsing sequence in node events

* fix(gateway): re-enforce message length limit after attachment parsing

Adds a secondary check to ensure the 20,000-char cap remains effective even after media markers are appended during the offload flow.

* fix(gateway): prevent dropping valid small images and clean up orphaned media on size rejection

* fix(gateway): share attachment image capability checks

* fix(gateway): preserve mixed attachment order

* fix: fail closed on unknown image capability (#55513) (thanks @Syysean)

* fix: classify offloaded attachment refs explicitly (#55513) (thanks @Syysean)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-30 20:54:40 +05:30
Shakker 3ad747e25f style: apply formatter cleanups 2026-03-30 16:20:27 +01:00