nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,319 Commits 955 Branches 95 Tags 6.4 GiB
Commit Graph

29 Commits

Author SHA1 Message Date
HansY 3b1f8e3461
fix: strip inbound metadata before slash command detection (#58674) 
Slash commands like /model and /new were silently ignored when the inbound
message body included metadata prefix blocks (Conversation info, Sender info,
timestamps) injected by buildInboundUserContextPrefix. The command detection
functions (hasControlCommand, isControlCommandMessage, parseSendPolicyCommand)
now call stripInboundMetadata before normalizeCommandBody so embedded slash
commands are correctly recognized.
 2026-04-01 10:17:20 +01:00
Vincent Koc a30214a624
fix(heartbeat): block owner-only auth inheritance for exec events (#57652) 2026-03-31 09:06:51 +09:00
Tak Hoffman d2e25b03fe
fix(regression): preserve external command auth context 2026-03-27 20:24:14 -05:00
Peter Steinberger bcd61f0a38 refactor: dedupe helpers and source seams 2026-03-24 21:00:36 +00:00
Peter Steinberger 69a317995d
fix: fail closed when provider inference drops errored allowlists 2026-03-23 21:14:55 -07:00
Ayaan Zaidi 17c1ee7716
fix: preserve command auth resolution errors on empty inferred allowlists 2026-03-24 08:38:27 +05:30
Taras Lukavyi d4e3babdcc
fix: command auth SecretRef resolution (#52791) (thanks @Lukavyi) 
* fix(command-auth): handle unresolved SecretRef in resolveAllowFrom

* fix(command-auth): fall back to config allowlists

* fix(command-auth): avoid duplicate resolution fallback

* fix(command-auth): fail closed on invalid allowlists

* fix(command-auth): isolate fallback resolution errors

* fix: record command auth SecretRef landing notes (#52791) (thanks @Lukavyi)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>
 2026-03-24 08:21:30 +05:30
Peter Steinberger 7eb48d3cf8 refactor(auto-reply): share discord auth registry test fixture 2026-03-07 17:58:31 +00:00
Sid 60d33637d9
fix(auth): grant senderIsOwner for internal channels with operator.admin scope (openclaw#35704) 
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <45486779+Naylenv@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-05 16:32:42 -06:00
Peter Steinberger 08e2aa44e7 fix(commands): restrict commands.allowFrom to sender principals 2026-02-24 02:01:01 +00:00
Peter Steinberger d116bcfb14 refactor(runtime): consolidate followup, gateway, and provider dedupe paths 2026-02-22 14:08:51 +00:00
Peter Steinberger b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger 31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Sebastian dff8692613 fix(discord): normalize command allowFrom prefixes 2026-02-17 08:45:41 -05:00
cpojer d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer 90ef2d6bdf
chore: Update formatting. 2026-02-17 09:18:40 +09:00
Vignesh Natarajan e95134ba3f fix (commands): keep webchat auth on internal provider 2026-02-16 11:30:49 -08:00
Peter Steinberger f717a13039 refactor(agent): dedupe harness and command workflows 2026-02-16 14:59:30 +00:00
Shadow 47f6bb4146 Commands: add commands.allowFrom config 2026-02-09 23:58:52 -06:00
Peter Steinberger bdb90ea4ee test: register discord plugin in allowlist test 2026-02-05 00:38:50 -08:00
Peter Steinberger d6cde28c8e fix: stabilize windows acl tests and command auth registry (#9335) (thanks @M00N7682) 2026-02-05 00:38:35 -08:00
Peter Steinberger d84eb46467 fix: restore discord owner hint from allowlists 2026-02-04 23:34:22 -08:00
Gustavo Madeira Santana 385a7eba33 fix: enforce owner allowlist for commands 2026-02-04 20:05:08 -05:00
Gustavo Madeira Santana 392bbddf29
Security: owner-only tools + command auth hardening (#9202) 
* Security: gate whatsapp_login by sender auth

* Security: treat undefined senderAuthorized as unauthorized (opt-in)

* fix: gate whatsapp_login to owner senders (#8768) (thanks @victormier)

* fix: add explicit owner allowlist for tools (#8768) (thanks @victormier)

* fix: normalize escaped newlines in send actions (#8768) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 19:49:36 -05:00
cpojer f06dd8df06
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
Peter Steinberger 9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger 6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger 0d336272f9 test: consolidate auto-reply unit coverage 2026-01-23 18:34:33 +00:00