nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,701 Commits 733 Branches 79 Tags 2.6 GiB
Commit Graph

9322 Commits

Author SHA1 Message Date
Peter Steinberger c7ae4ed04d fix: harden sandbox fs dash-path regression coverage (#25891) (thanks @albertlieyingadrian) 2026-02-25 01:40:30 +00:00
Albert Lie 5e3502df5f fix(sandbox): prevent shell option interpretation for paths with leading hyphens 
Paths starting with "-" (like those containing "---" pattern) can be
interpreted as shell options by the sh shell. This fix adds a helper
function that prepends "./" to paths starting with "-" to prevent
this interpretation.

This fixes the issue where sandbox filesystem operations fail with
"Syntax error: ; unexpected" when file paths contain the "---" pattern
used in auto-generated inbound media filenames like:
file_1095---f00a04a2-99a0-4d98-99b0-dfe61c5a4198.ogg

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-02-25 01:40:30 +00:00
Peter Steinberger b35d00aaf8 fix: sanitize Gemini 3.1 Google reasoning payloads 2026-02-25 01:40:14 +00:00
Peter Steinberger 039713c3e7 fix: suppress reasoning payload leakage in whatsapp replies 2026-02-25 01:36:37 +00:00
Peter Steinberger a177b10b79 test(windows): normalize risky-path assertions 2026-02-25 01:28:47 +00:00
Peter Steinberger e2362d352d fix(heartbeat): default target none and internalize relay prompts 2026-02-25 01:28:47 +00:00
Peter Steinberger 43f318cd9a fix(agents): reduce billing false positives on long text (#25680) 
Land PR #25680 from @lairtonlelis.
Retain explicit status/code/http 402 detection for oversized structured payloads.

Co-authored-by: Ailton <lairton@telnyx.com>
 2026-02-25 01:22:17 +00:00
Peter Steinberger 0078070680 fix(telegram): refresh global undici dispatcher for autoSelectFamily (#25682) 
Land PR #25682 from @lairtonlelis after maintainer rework:
track dispatcher updates when network decision changes to avoid stale global fetch behavior.

Co-authored-by: Ailton <lairton@telnyx.com>
 2026-02-25 01:16:03 +00:00
Peter Steinberger bd213cf2ad fix(agents): normalize SiliconFlow Pro thinking=off payload (#25435) 
Land PR #25435 from @Zjianru.
Changelog: add 2026.2.24 fix entry with contributor credit.

Co-authored-by: codez <codezhujr@gmail.com>
 2026-02-25 01:11:34 +00:00
Peter Steinberger 2157c490af test: normalize tmp media path assertion for windows 2026-02-25 00:58:17 +00:00
Peter Steinberger 5c6b2cbc8e refactor: extract iMessage echo cache and unify suppression guards 2026-02-25 00:53:39 +00:00
Peter Steinberger 196a7dbd24 test(media): add win32 dev=0 local media regression 2026-02-25 00:47:02 +00:00
Peter Steinberger 2a11c09a8d fix: harden iMessage echo dedupe and reasoning suppression (#25897) 2026-02-25 00:46:56 +00:00
Peter Steinberger a9ce6bd79b refactor: dedupe exec wrapper denial plan and test setup 2026-02-25 00:43:29 +00:00
Peter Steinberger 943b8f171a fix: align windows safe-open file identity checks 2026-02-25 00:42:04 +00:00
shenghui kevin 7455ceecf8 fix(windows): skip unreliable dev comparison in fs-safe openVerifiedLocalFile 
On Windows, device IDs (dev) returned by handle.stat() and fs.lstat()
may differ even for the same file, causing false-positive 'path-mismatch'
errors when reading local media files.

This fix introduces a statsMatch() helper that:
- Always compares inode (ino) values
- Skips device ID (dev) comparison on Windows where it's unreliable
- Maintains full comparison on Unix platforms

Fixes #25699
 2026-02-25 00:42:04 +00:00
Peter Steinberger 3c95f89662 refactor(exec): split system.run phases and align ts/swift validator contracts 2026-02-25 00:35:06 +00:00
Peter Steinberger a1a6235c66 test: bridge discord voice private casts via unknown 2026-02-25 00:31:17 +00:00
Peter Steinberger 9cd50c51b0 fix(discord): harden voice DAVE receive reliability (#25861) 
Reimplements and consolidates related work:
- #24339 stale disconnect/destroyed session guards
- #25312 voice listener cleanup on stop
- #23036 restore @snazzah/davey runtime dependency

Adds Discord voice DAVE config passthrough, repeated decrypt failure
rejoin recovery, regression tests, docs, and changelog updates.

Co-authored-by: Frank Yang <frank.ekn@gmail.com>
Co-authored-by: Do Cao Hieu <admin@docaohieu.com>
 2026-02-25 00:19:50 +00:00
Vincent Koc 5509bf2c75 Gateway tests: include synthetic allowlist models in models.list 2026-02-24 19:16:02 -05:00
Vincent Koc f7cf3d0dad Gateway tests: accept allowlisted refs absent from catalog 2026-02-24 19:16:02 -05:00
Vincent Koc f34325ec01 Tests: cover allowlist refs missing from catalog 2026-02-24 19:16:02 -05:00
Vincent Koc e9068e2571 Agents: trust explicit allowlist refs beyond catalog 2026-02-24 19:16:02 -05:00
Peter Steinberger 57c9a18180 fix(security): block env depth-overflow approval bypass 2026-02-25 00:14:13 +00:00
Vincent Koc aee38c42d3 Tests: preserve OpenRouter explicit auth order under cooldown fields 2026-02-24 19:12:08 -05:00
Vincent Koc 06f0b4a193 Tests: keep OpenRouter runnable with legacy cooldown markers 2026-02-24 19:12:08 -05:00
Vincent Koc ebc8c4b609 Tests: skip OpenRouter failure cooldown persistence 2026-02-24 19:12:08 -05:00
Vincent Koc 5de04960a0 Tests: cover OpenRouter cooldown display bypass 2026-02-24 19:12:08 -05:00
Vincent Koc f1d5c1a31f Auth: use cooldown helper in explicit profile order 2026-02-24 19:12:08 -05:00
Vincent Koc daa4f34ce8 Auth: bypass cooldown tracking for OpenRouter 2026-02-24 19:12:08 -05:00
Peter Steinberger 97e56cb73c fix(discord): land proxy/media/reaction/model-picker regressions 
Reimplements core Discord fixes from #25277 #25523 #25575 #25588 #25731 with expanded tests.

- thread proxy-aware fetch into inbound attachment/sticker downloads
- fetch /gateway/bot via proxy dispatcher before ws connect
- wire statusReactions emojis/timing overrides into controller
- compact model-picker custom_id keys with backward-compatible parsing

Co-authored-by: openperf <openperf@users.noreply.github.com>
Co-authored-by: chilu18 <chilu18@users.noreply.github.com>
Co-authored-by: Yipsh <Yipsh@users.noreply.github.com>
Co-authored-by: lbo728 <lbo728@users.noreply.github.com>
Co-authored-by: s1korrrr <s1korrrr@users.noreply.github.com>
 2026-02-25 00:03:30 +00:00
Peter Steinberger 55cf92578d fix(security): harden system.run companion command binding 2026-02-25 00:02:03 +00:00
Fred White b7deb062ea fix: normalize "bedrock" provider ID to "amazon-bedrock" 
Add "bedrock" and "aws-bedrock" as aliases for the canonical
"amazon-bedrock" provider ID in normalizeProviderId().

Without this mapping, configuring a model as "bedrock/..." causes
the auth resolution fallback to miss the Bedrock-specific AWS SDK
path, since the fallback check requires normalized === "amazon-bedrock".
This primarily affects the main agent when the explicit auth override
is not preserved through config merging.

Fixes #15716
 2026-02-24 23:57:11 +00:00
suko b3e6653503 fix(onboard): avoid false 'telegram plugin not available' block 2026-02-24 23:55:27 +00:00
Peter Steinberger b0bb3cca8a test(types): fix ts narrowing regressions in followup and matrix queue tests 2026-02-24 23:54:51 +00:00
Mark Musson e22a2d77ba fix(whatsapp): stop retry loop on non-retryable 440 close 2026-02-24 23:52:49 +00:00
Peter Steinberger def993dbd8 refactor(tmp): harden temp boundary guardrails 2026-02-24 23:51:10 +00:00
Vincent Koc cc386f4962 Telegram tests: route exact do not do that to control lane 2026-02-24 18:50:53 -05:00
Vincent Koc 83f586b93b Gateway tests: cover exact do not do that stop matching 2026-02-24 18:50:53 -05:00
Vincent Koc 91391bbe01 Auto-reply tests: assert exact do not do that behavior 2026-02-24 18:50:53 -05:00
Vincent Koc 7bb08ba945 Auto-reply: add exact stop trigger for do not do that 2026-02-24 18:50:53 -05:00
Peter Steinberger 53f9b7d4e7 fix(automation): harden announce delivery + cron coding profile (#25813 #25821 #25822) 
Co-authored-by: Shawn <shenghuikevin@shenghuideMac-mini.local>
Co-authored-by: 不做了睡大觉 <user@example.com>
Co-authored-by: Marcus Widing <widing.marcus@gmail.com>
 2026-02-24 23:49:34 +00:00
Peter Steinberger 36d1e1dcff refactor(telegram): simplify DM media auth precheck flow 2026-02-24 23:49:10 +00:00
Peter Steinberger 316fad13aa refactor(outbound): unify attachment hydration flow 2026-02-24 23:48:43 +00:00
Brian Mendonca 9924f7c84e fix(security): classify hook sessions case-insensitively 2026-02-24 23:48:09 +00:00
Brian Mendonca 48b052322b Security: sanitize inherited host exec env 2026-02-24 23:46:39 +00:00
Peter Steinberger 9514201fb9 fix(telegram): block unauthorized DM media downloads 2026-02-24 23:44:50 +00:00
Brian Mendonca 5a64f6d766 Gateway/Security: protect /api/channels plugin root 2026-02-24 23:44:32 +00:00
Peter Steinberger 453664f09d refactor(zalo): split monitor access and webhook logic 2026-02-24 23:40:51 +00:00
Peter Steinberger 58309fd8d9 refactor(matrix,tests): extract helpers and inject send-queue timing 2026-02-24 23:37:50 +00:00