nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,229 Commits 931 Branches 94 Tags 6.2 GiB
Commit Graph

10229 Commits

Author SHA1 Message Date
Gustavo Madeira Santana bcbb50e368 docs(changelog): add PR number for pairing hardening 2026-02-14 16:22:47 -05:00
Gustavo Madeira Santana ee12d72e1d Security/Pairing: share token generator/verify for device and node 2026-02-14 16:22:47 -05:00
Gustavo Madeira Santana 2dd23608f8 test: remove nullable token fallbacks in pairing coverage 2026-02-14 16:22:47 -05:00
Gustavo Madeira Santana b937767c92 test: tighten device pairing hardening assertions 2026-02-14 16:22:47 -05:00
Gustavo Madeira Santana 24fbaa5391 docs(changelog): credit device pairing hardening 2026-02-14 16:22:47 -05:00
Gustavo Madeira Santana 2e5f365e43 test: cover device pairing token hardening 2026-02-14 16:22:47 -05:00
Kolega.dev 37c4db02ab fix: harden device pairing token generation and verification 
Improved token generation in newToken() and added timing-safe token
comparison in verifyDeviceToken() following the existing pattern from
gateway auth.
 2026-02-14 16:22:47 -05:00
Peter Steinberger b97191b81a refactor(test): share discord send rest harness 2026-02-14 21:20:43 +00:00
Peter Steinberger 0b59c48087 refactor(test): dedupe web broadcast group inbound setup 2026-02-14 21:20:43 +00:00
Peter Steinberger 3c043f5d2d refactor(test): share telegram send test setup 2026-02-14 21:20:43 +00:00
Peter Steinberger 96f80d6d82 refactor(test): share models-config e2e setup 2026-02-14 21:20:43 +00:00
Peter Steinberger 5f55a53f0e refactor(test): share doctor legacy migration setup 2026-02-14 21:20:43 +00:00
Peter Steinberger 09fa33f7e2 refactor(test): share pw-tools-core test setup 2026-02-14 21:20:43 +00:00
Peter Steinberger 20cefd78cb refactor(test): share signal tool result test setup 2026-02-14 21:20:43 +00:00
Peter Steinberger 696a358215 perf(test): speed up update-runner suite 2026-02-14 21:20:15 +00:00
Peter Steinberger badde6e29f perf(test): speed up cron schedule suite 2026-02-14 21:20:15 +00:00
Peter Steinberger 50900721c3 perf(test): speed up cron one-shot suite 2026-02-14 21:20:15 +00:00
Peter Steinberger ced4ac4902 perf(test): speed up pairing-store suite 2026-02-14 21:20:15 +00:00
Peter Steinberger 6a361685ab perf(test): speed up control-ui-assets suite 2026-02-14 21:20:15 +00:00
Peter Steinberger ac3f834cee perf(test): consolidate web auto-reply media e2e suites 2026-02-14 21:20:15 +00:00
Peter Steinberger 03ea99ec65 perf(test): consolidate web auto-reply prefix and gating suites 2026-02-14 21:20:15 +00:00
Peter Steinberger 7f660d59da perf(test): preload runReplyAgent in typing heartbeat harness 2026-02-14 21:20:15 +00:00
Peter Steinberger 32aea365ed perf(test): consolidate agent runner misc suites 2026-02-14 21:19:39 +00:00
Peter Steinberger d5142f312a perf(test): consolidate web auto-reply suites 2026-02-14 21:19:19 +00:00
Peter Steinberger 64f7182180 perf(test): consolidate agent runner suites 2026-02-14 21:17:29 +00:00
Peter Steinberger 42ab5dd2d1 perf(test): consolidate agent runner suites 2026-02-14 21:17:29 +00:00
Peter Steinberger 0b20ee2722 docs(changelog): note gateway /approve scope fix 2026-02-14 22:14:18 +01:00
Peter Steinberger 6a1ad2b499 docs(matrix): clarify allowlist requires full MXIDs 2026-02-14 22:13:41 +01:00
Tak Hoffman cc35c66ff0 docs: add agent submission control policy reference 2026-02-14 15:12:40 -06:00
Peter Steinberger 938b1dd1e7 docs(changelog): fix gatewayUrl SSRF entry 2026-02-14 22:08:28 +01:00
Peter Steinberger 3513ff09de docs(changelog): note Telegram webhookSecret hard requirement 2026-02-14 22:08:19 +01:00
Coy Geek 633fe8b9c1 fix(aa-08): apply security fix 
Generated by staged fix workflow.
 2026-02-14 22:08:19 +01:00
Peter Steinberger f8c404a485 test(web): import auto-reply after mocks 2026-02-14 22:01:54 +01:00
Peter Steinberger d73f3336de fix(exec): close stdin for non-pty runs 2026-02-14 22:01:54 +01:00
Peter Steinberger 043ae00446 test(auto-reply): import reply after harness mocks 2026-02-14 22:01:54 +01:00
Peter Steinberger bf2dc0d9c2 test(auto-reply): fix vi.mock import order 2026-02-14 22:01:54 +01:00
Peter Steinberger 5c6318b583 test(cron): assert cron run session ids 2026-02-14 22:01:54 +01:00
Peter Steinberger c9f02da89f fix(cli): make program test mocks portable 2026-02-14 22:01:54 +01:00
Peter Steinberger 00b7ab7db7 fix(gateway): remove unused device auth import 2026-02-14 22:01:12 +01:00
Peter Steinberger d8a2c80cd7 fix(gateway): prefer explicit token over stored auth 2026-02-14 22:01:11 +01:00
Peter Steinberger c06a962bb6 test(e2e): stabilize suite 2026-02-14 22:01:11 +01:00
Peter Steinberger 2a3da21333 fix(sessions): normalize agent session keys for send policy 2026-02-14 22:01:11 +01:00
Peter Steinberger ee8d8be2e3 fix(chutes): accept manual OAuth code input 2026-02-14 22:01:11 +01:00
Peter Steinberger c5406e1d24 fix(security): prevent gatewayUrl SSRF 2026-02-14 22:01:11 +01:00
Peter Steinberger e95ce05c1e chore(security): soften gatewayUrl override messaging 2026-02-14 21:53:30 +01:00
Peter Steinberger 2d5647a804 fix(security): restrict tool gatewayUrl overrides 2026-02-14 21:53:14 +01:00
Marcus Castro 07850e8a93
fix(media): strip MEDIA: prefix in loadWebMediaInternal (#13107) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 9d95e6af5a
Co-authored-by: mcaxtr <7562095+mcaxtr@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 21:41:26 +01:00
Peter Steinberger 1bde33c0bc docs(changelog): note browser control path traversal fix 2026-02-14 21:37:34 +01:00
Peter Steinberger b2a4283c36 fix(podman): avoid root writes to user home 2026-02-14 21:34:42 +01:00
Peter Steinberger 0e8ec83742 refactor(test): dedupe web auto-reply group message setup 2026-02-14 20:33:46 +00:00