openclaw

Commit Graph

Author	SHA1	Message	Date
Peter Steinberger	022618e887	docs: refresh browser auth refs	2026-04-04 14:04:24 +01:00
Peter Steinberger	0afd30d325	docs: refresh shared-secret auth mirrors	2026-04-04 14:02:29 +01:00
Peter Steinberger	b0025b1921	docs: refresh hook ingress security refs	2026-04-04 13:59:09 +01:00
Peter Steinberger	c63a32661a	docs: refresh gateway auth overview mirrors	2026-04-04 13:54:15 +01:00
Peter Steinberger	11d17b3c38	docs: refresh control ui device identity refs	2026-04-04 13:52:23 +01:00
Peter Steinberger	4991cd66ef	docs: refresh reverse proxy hardening refs	2026-04-04 13:47:59 +01:00
Peter Steinberger	62babffc40	docs: refresh security audit reference docs	2026-04-04 13:42:47 +01:00
Peter Steinberger	375bd73ce1	docs: refresh security fix refs	2026-04-04 13:35:42 +01:00
Peter Steinberger	3100984a33	docs: refresh browser origin auth refs	2026-04-04 12:34:11 +01:00
Peter Steinberger	aaa173a4a7	docs: clarify node exec approval binding	2026-04-04 12:18:32 +01:00
Peter Steinberger	7671f4f1e3	docs: clarify gateway and plugin http auth scopes	2026-04-04 09:01:05 +01:00
huntharo	c4f40c3f7d	Plugins: allow unsafe-force override on update	2026-04-04 01:49:35 +09:00
Peter Steinberger	a6649201b7	docs: clarify default subagent allowlists	2026-04-03 19:45:05 +09:00
Vincent Koc	2f013b68f8	docs: add missing changelog entries and update context visibility security docs	2026-04-03 12:39:45 +09:00
Peter Steinberger	35e1605147	feat: add configurable context visibility	2026-04-03 04:34:57 +09:00
Peter Steinberger	4269f40811	docs(security): clarify exec yolo default	2026-04-02 14:52:51 +01:00
Peter Steinberger	8b2d24b62b	docs(security): clarify node pairing trust boundary	2026-04-01 18:27:23 +09:00
Peter Steinberger	0d7f1e2c84	feat(security): fail closed on dangerous skill installs	2026-03-31 23:27:20 +09:00
Peter Steinberger	44b9936136	feat(plugins): add dangerous unsafe install override	2026-03-31 23:16:11 +09:00
Peter Steinberger	cbfeecfab4	fix(gateway): restore shared-secret HTTP tool invoke auth	2026-03-31 22:55:15 +09:00
Vincent Koc	5474796735	docs(security): clarify acpx yolo mode	2026-03-31 20:54:30 +09:00
Peter Steinberger	0633406ff6	fix(gateway): restore compat HTTP operator auth	2026-03-31 16:49:30 +09:00
Vincent Koc	03a03c2dc4	fix(ci): restore skill fixtures and security doc anchors	2026-03-30 11:41:08 +09:00
Vincent Koc	66f8fb9e9b	docs: fix P2 in security -- normalize Security audit checklist heading to sentence case	2026-03-30 10:19:51 +09:00
Vincent Koc	50d815579c	docs: consolidate security page structure and add navigation - Merge 3 duplicate trust-model sections into one (Scope first + Deployment/host trust) - Promote "What the audit checks" from h3 to h2 (standalone topic, not child of Shared inbox) - Add "On this page" navigation links at the top for the 1200+ line page	2026-03-30 10:19:51 +09:00
Vincent Koc	169bbc82f2	docs: fix security page P1s -- dmScope, heading style, roadmap language - Add missing per-peer dmScope value to isolation options - Fix heading style: 3./4. -> 3)/4) for consistency with other numbered sections - Add channel qualifier to 'Separate Numbers' heading (WhatsApp/Signal/Telegram) - Remove roadmap speculation ('We may add readOnlyMode later')	2026-03-30 09:46:57 +09:00
Vincent Koc	9355925690	docs: fix Mintlify callout syntax in security page Replace GitHub-flavor > [!WARNING] with Mintlify <Warning> component. The old syntax renders as a plain blockquote in Mintlify, hiding the most safety-critical content on the page.	2026-03-30 09:43:33 +09:00
Radek Sienkiewicz	4680335b2a	docs: fix English link audits (#57039 ) Merged via squash. Prepared head SHA: `d20a3b620f` Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com> Reviewed-by: @velvet-shark	2026-03-30 01:21:00 +02:00
Peter Steinberger	276ccd2583	fix(exec): default implicit target to auto	2026-03-30 06:03:08 +09:00
Peter Steinberger	5d4c4bb850	fix(exec): restore runtime-aware implicit host default	2026-03-29 21:18:41 +01:00
Peter Steinberger	341e617c84	docs(plugins): refresh bundled plugin runtime docs	2026-03-29 09:10:39 +01:00
scoootscooob	5d81b64343	fix(exec): fail closed when sandbox is unavailable and harden deny followups (#56800 ) * fix(exec): fail closed when sandbox is unavailable and harden deny followups * docs(changelog): note exec fail-closed fix	2026-03-28 22:20:49 -07:00
Peter Steinberger	7ade3553b7	fix: gate synology chat reply name matching	2026-03-22 23:06:38 -07:00
Vincent Koc	b863e1c315	fix(docs): update remaining npm-spec references for ClawHub-first default - cli/plugins.md: rewrite install synopsis with ClawHub-first order - cli/hooks.md: update hook pack install examples - help/troubleshooting.md: <npm-spec> -> <package> - gateway/security/index.md: drop npm-specific framing	2026-03-22 15:43:15 -07:00
Peter Steinberger	405d808409	fix: restore repo-wide gate after exec safe-bin refactor	2026-03-22 17:28:04 +00:00
Peter Steinberger	0ac939059e	refactor(exec): split safe-bin semantics	2026-03-22 10:14:46 -07:00
Peter Steinberger	a94ec3b79b	fix(security): harden exec approval boundaries	2026-03-22 09:35:25 -07:00
Vincent Koc	0b11ee48f8	docs: fix 26 broken anchor links across 18 files	2026-03-19 10:33:02 -07:00
Vincent Koc	3cecbcf8b6	docs: fix curly quotes, non-breaking hyphens, and remaining apostrophes in headings	2026-03-18 01:31:38 -07:00
Vincent Koc	8ac4b09fa4	docs: fix em-dash headings and broken links across docs - Replace em-dashes in headings with hyphens/parens (breaks Mintlify anchors) - Fix broken /testing link in pi-dev.md to /help/testing - Convert absolute docs URLs to root-relative in pi-dev.md Files: migrating.md, images.md, audio.md, media-understanding.md, venice.md, minimax.md, AGENTS.default.md, security/index.md, pi-dev.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-17 23:55:46 -07:00
Peter Steinberger	6636ca87f4	docs(hooks): clarify trust model and audit guidance	2026-03-17 09:54:30 -07:00
Peter Steinberger	4d8106eece	docs(security): clarify wildcard Control UI origins	2026-03-17 09:36:51 -07:00
Peter Steinberger	e5919bc524	docs(gateway): clarify URL allowlist semantics	2026-03-17 00:03:27 -07:00
Tak Hoffman	4863b651c6	docs: rename onboarding user-facing wizard copy Co-authored-by: Tak <contact-redacted@example.com>	2026-03-16 19:50:31 -05:00
Vincent Koc	476d948732	!refactor(browser): remove Chrome extension path and add MCP doctor migration (#47893 ) * Browser: replace extension path with Chrome MCP * Browser: clarify relay stub and doctor checks * Docs: mark browser MCP migration as breaking * Browser: reject unsupported profile drivers * Browser: accept clawd alias on profile create * Doctor: narrow legacy browser driver migration	2026-03-15 23:56:08 -07:00
Peter Steinberger	5287ae3c06	docs: update setup wizard wording	2026-03-15 21:40:31 -07:00
Peter Steinberger	b14a5c6713	fix(zalouser): require ids for group allowlist auth	2026-03-13 01:31:17 +00:00
Josh Avant	0125ce1f44	Gateway: fail closed unresolved local auth SecretRefs (#42672 ) * Gateway: fail closed unresolved local auth SecretRefs * Docs: align node-host gateway auth precedence * CI: resolve rebase breakages in checks lanes * Tests: isolate LOCAL_REMOTE_FALLBACK_TOKEN env state * Gateway: remove stale remote.enabled auth-surface semantics * Changelog: note gateway SecretRef fail-closed fix	2026-03-10 21:41:56 -05:00
Peter Steinberger	daaf211e20	fix(node-host): fail closed on unbound interpreter approvals	2026-03-11 02:36:38 +00:00
Peter Steinberger	201420a7ee	fix: harden secret-file readers	2026-03-10 23:40:10 +00:00

1 2 3

133 Commits