nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,591 Commits 736 Branches 79 Tags 2.7 GiB
Commit Graph

7698 Commits

Author SHA1 Message Date
Peter Steinberger d1cb779f5f test(agents): dedupe embedded runner and sessions lifecycle fixtures 2026-02-19 08:47:14 +00:00
Peter Steinberger c9b5def1b8 test(agents): dedupe openai reasoning replay fixtures 2026-02-19 08:44:37 +00:00
Peter Steinberger 50805d8977 test(agents): dedupe patch and cli credential assertions 2026-02-19 08:44:37 +00:00
Peter Steinberger 429b8783fd test(agents): dedupe avatar and compaction fixtures 2026-02-19 08:44:37 +00:00
orlyjamie 2ddc13cdb7 feat(ui): add update warning banner to control dashboard 
SecurityScorecard's STRIKE research recently identified over 40,000
exposed OpenClaw gateway instances, with 35.4% running known-vulnerable
versions. The gateway already performs an npm update check on startup
and compares against the registry every 24 hours — but the result is
only logged to the server console. The control UI has zero visibility
into whether the running version is outdated, which means operators
have no idea they're exposed unless they happen to read server logs.

OpenClaw's user base is broadening well beyond developers who live in
terminals. Self-hosters, small teams, and non-technical operators are
deploying gateways and relying on the control dashboard as their
primary management interface. For these users, security has to be
surfaced where they already are — not hidden behind CLI output they
will never see. Making version awareness frictionless and actionable
is a prerequisite for reducing that 35.4% number.

This PR adds a sticky red warning banner to the top of the control UI
content area whenever the gateway detects it is running behind the
latest published version. The banner includes an "Update now" button
wired to the existing update.run RPC (the same mechanism the config
page already uses), so operators can act immediately without switching
to a terminal.

Server side:
- Cache the update check result in a module-level variable with a
  typed UpdateAvailable shape (currentVersion, latestVersion, channel)
- Export a getUpdateAvailable() getter for the rest of the process
- Add an optional updateAvailable field to SnapshotSchema (backward
  compatible — old clients ignore it, old servers simply omit it)
- Include the cached update status in buildGatewaySnapshot() so it
  is delivered to every UI client on connect and reconnect

UI side:
- Add updateAvailable to GatewayHost, AppViewState, and the app's
  reactive state so it flows through the standard snapshot pipeline
- Extract updateAvailable from the hello snapshot in applySnapshot()
- Render a .update-banner.callout.danger element with role="alert"
  as the first child of <main>, before the content header
- Wire the "Update now" button to runUpdate(state), the same
  controller function used by the config tab
- Use position:sticky and negative margins to pin the banner
  edge-to-edge at the top of the scrollable content area
 2026-02-19 09:43:45 +01:00
Peter Steinberger 64546d33ee test(cli): dedupe cron edit existing-job lookup mocks 2026-02-19 08:38:50 +00:00
Peter Steinberger 65cf56d482 test(agents): dedupe generic repeat loop fixtures 2026-02-19 08:33:49 +00:00
Peter Steinberger e4bb6e044d test(cron): dedupe delayed-timer job assertions 2026-02-19 08:32:58 +00:00
Peter Steinberger cdee433332 test(browser): dedupe explicit auth-mode auto-token checks 2026-02-19 08:32:58 +00:00
Peter Steinberger 7d12c5ea4d test: remove duplicate extra-high think-level case 2026-02-19 08:30:26 +00:00
Peter Steinberger 3cfcb25999 test(agents): dedupe transcript duplicate-tool fixtures 2026-02-19 08:29:06 +00:00
Peter Steinberger c4c2060b81 test(agents): dedupe sessions_spawn requester run setup 2026-02-19 08:29:06 +00:00
Peter Steinberger 47bbef30f9 test: merge duplicate undefined api-key persistence checks 2026-02-19 08:27:40 +00:00
Peter Steinberger fe3bd9d65b test: merge duplicate gateway token coercion checks 2026-02-19 08:26:43 +00:00
Peter Steinberger 1481160484 test(cli): dedupe browser state command setup 2026-02-19 08:25:12 +00:00
Peter Steinberger a76f552b00 test(agents): dedupe workspace memory-entry assertions 2026-02-19 08:25:12 +00:00
Peter Steinberger 53a4e5151d test(agents): dedupe tool image fixture setup 2026-02-19 08:25:12 +00:00
Peter Steinberger 69e6da0e28 test(auto-reply): dedupe heartbeat typing flow setup 2026-02-19 08:25:12 +00:00
Peter Steinberger 3c7c45e153 test(gateway): dedupe config.apply request scaffolding 2026-02-19 08:25:12 +00:00
Peter Steinberger e0c3cc4981 test(browser): dedupe auth mode no-token assertions 2026-02-19 08:25:12 +00:00
Peter Steinberger edce5a505a test(cron): dedupe applyJobPatch fixture setup 2026-02-19 08:25:12 +00:00
Peter Steinberger 733e385843 test(hooks): dedupe gmail runtime path assertions 2026-02-19 08:25:12 +00:00
Peter Steinberger d8b720cc5f test(config): dedupe model provider fixture setup 2026-02-19 08:25:12 +00:00
Peter Steinberger 8bb1747ad9 test(gateway): dedupe assistant chat event assertions 2026-02-19 08:25:12 +00:00
Peter Steinberger 644d037969 test(config): dedupe OPENCLAW_HOME path assertions 2026-02-19 08:25:12 +00:00
Peter Steinberger ab924eb522 test(infra): dedupe outbound recovery test scaffolding 2026-02-19 08:25:12 +00:00
Peter Steinberger 4e5cffe4c9 test: fix flaky run-node spawn side-effects 2026-02-19 08:24:55 +00:00
Peter Steinberger ad4c784f20 test: collapse duplicate gateway token-generation cases 2026-02-19 08:15:32 +00:00
Peter Steinberger b78fa57401 test: remove duplicate telegram de-linkify case 2026-02-19 08:11:42 +00:00
Vignesh Natarajan 0ff506140d fix: clear matched tool errors and dedupe reasoning end 2026-02-19 00:05:10 -08:00
Ayaan Zaidi 221d50bc18 fix: preserve assistant partial stream during reasoning 2026-02-19 00:05:10 -08:00
Peter Steinberger b97b8908b9 test: remove duplicate telegram .co link formatting case 2026-02-19 08:00:05 +00:00
Peter Steinberger 9a490fbbeb test: drop duplicate followup compaction token assertion 2026-02-19 07:57:24 +00:00
Peter Steinberger a82a41236e test(web): dedupe creds-update trigger helper in session tests 2026-02-19 07:52:32 +00:00
Peter Steinberger 18d4ad6aab test: trim duplicate cross-context policy cases 2026-02-19 07:50:38 +00:00
Peter Steinberger bbb07bdc19 test(media): dedupe active-model fallback resolver setup 2026-02-19 07:50:10 +00:00
Peter Steinberger ca71b5cc51 test(shell-env): dedupe repeated login-shell path lookups 2026-02-19 07:50:10 +00:00
Peter Steinberger 8d7df30ee0 test: remove duplicate target-resolution cases from outbound suite 2026-02-19 07:47:17 +00:00
Peter Steinberger 57ea6feb03 test(gateway): dedupe startup auth override token checks 2026-02-19 07:45:27 +00:00
Peter Steinberger ccd68d8166 test(subagents): dedupe sessions_spawn model expectation paths 2026-02-19 07:45:27 +00:00
Peter Steinberger d7b2efc2e7 test(agents): dedupe ping-pong loop test scaffolding 2026-02-19 07:45:27 +00:00
Peter Steinberger 3cb0c96740 test(image-tool): dedupe repeated image tool fixture assertions 2026-02-19 07:45:27 +00:00
Peter Steinberger 1c04f5fcbb style: format extension relay imports 2026-02-19 07:44:06 +00:00
Peter Steinberger ff1189c6d6 test: remove duplicate inbound-meta coverage from reply-flow 2026-02-19 07:41:52 +00:00
Peter Steinberger 7e54b6c96f fix(browser): unify extension relay auth on gateway token 2026-02-19 08:40:40 +01:00
Peter Steinberger 781b1c1e09 test(memory): dedupe voyage embedding provider test setup 2026-02-19 07:37:06 +00:00
Peter Steinberger bd4fdfc356 test(reply): dedupe compaction session fixture setup 2026-02-19 07:37:06 +00:00
Gustavo Madeira Santana c5698caca3
Security: default gateway auth bootstrap and explicit mode none (#20686) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: be1b73182c
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
 2026-02-19 02:35:50 -05:00
Peter Steinberger a2e846f649 test: drop duplicate skills-cli integration coverage 2026-02-19 07:33:37 +00:00
Peter Steinberger a4da6cfd53 test(update-cli): dedupe restart script test setup helpers 2026-02-19 07:33:16 +00:00