e2362d352d
fix(heartbeat): default target none and internalize relay prompts
2026-02-25 01:28:47 +00:00
ee6fec36eb
docs(discord): document DAVE defaults and decrypt recovery
2026-02-25 00:28:06 +00:00
9cd50c51b0
fix(discord): harden voice DAVE receive reliability ( #25861 )
...
Reimplements and consolidates related work:
- #24339 stale disconnect/destroyed session guards
- #25312 voice listener cleanup on stop
- #23036 restore @snazzah/davey runtime dependency
Adds Discord voice DAVE config passthrough, repeated decrypt failure
rejoin recovery, regression tests, docs, and changelog updates.
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
Co-authored-by: Do Cao Hieu <admin@docaohieu.com>
2026-02-25 00:19:50 +00:00
14b6eea6e3
feat(sandbox): block container namespace joins by default
2026-02-24 23:20:34 +00:00
370d115549
fix: enforce workspaceOnly for native prompt image autoload
2026-02-24 14:47:59 +00:00
8cc841766c
docs(security): enumerate dangerous config parameters
2026-02-24 14:25:43 +00:00
4d124e4a9b
feat(security): warn on likely multi-user trust-model mismatch
2026-02-24 14:03:19 +00:00
8c5cf2d5b2
docs(subagents): document default runTimeoutSeconds config ( #24594 ) (thanks @mitchmcalister)
2026-02-24 04:22:43 +00:00
223d7dc23d
feat(gateway)!: require explicit non-loopback control-ui origins
2026-02-24 01:57:11 +00:00
5eb72ab769
fix(security): harden browser SSRF defaults and migrate legacy key
2026-02-24 01:52:01 +00:00
f0f886ecc4
docs(security): clarify gateway-node trust boundary in docs
2026-02-24 01:35:44 +00:00
cfa44ea6b4
fix(security): make allowFrom id-only by default with dangerous name opt-in ( #24907 )
...
* fix(channels): default allowFrom to id-only; add dangerous name opt-in
* docs(security): align channel allowFrom docs with id-only default
2026-02-24 01:01:51 +00:00
41b0568b35
docs(security): clarify shared-agent trust boundaries
2026-02-24 01:00:05 +00:00
400220275c
docs: clarify multi-instance recommendations for user isolation
2026-02-24 00:40:08 +00:00
7d55277d72
docs: clarify operator trust boundary for shared gateways
2026-02-24 00:25:01 +00:00
eff3c5c707
Session/Cron maintenance hardening and cleanup UX ( #24753 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 7533b85156
2026-02-23 22:39:48 +00:00
9af3ec92a5
fix(gateway): add HSTS header hardening and docs
2026-02-23 19:47:29 +00:00
78e7f41d28
docs: detail per-agent prompt caching configuration
2026-02-23 18:46:40 +00:00
a4c373935f
fix(agents): fall back to agents.defaults.model when agent has no model config ( #24210 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 0f272b1027
2026-02-23 03:18:55 -05:00
9e1a13bf4c
Gateway/UI: data-driven agents tools catalog with provenance (openclaw#24199) thanks @Takhoffman
...
Verified:
- pnpm install --frozen-lockfile
- pnpm build
- gh pr checks 24199 --watch --fail-fast
Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-02-22 23:55:59 -06:00
e0d4194869
docs: add missing summary/read_when metadata
2026-02-22 20:45:09 +01:00
08431da5d5
refactor(gateway): unify credential precedence across entrypoints
2026-02-22 18:55:44 +01:00
e58054b85c
docs(telegram): align Node22 network defaults and setup guidance
2026-02-22 17:54:16 +01:00
0d0f4c6992
refactor(exec): centralize safe-bin policy checks
2026-02-22 13:18:25 +01:00
65dccbdb4b
fix: document onboarding dmScope default as breaking change ( #23468 ) (thanks @bmendonca3)
2026-02-22 12:36:49 +01:00
85e5ed3f78
refactor(channels): centralize runtime group policy handling
2026-02-22 12:35:41 +01:00
bc78b343ba
Security: expand audit checks for mDNS and real-IP fallback
2026-02-22 11:26:17 +01:00
8887f41d7d
refactor(gateway)!: remove legacy v1 device-auth handshake
2026-02-22 09:27:03 +01:00
008a8c9dc6
chore(docs): normalize security finding table formatting
2026-02-22 08:03:29 +00:00
265da4dd2a
fix(security): harden gateway command/audit guardrails
2026-02-22 08:45:48 +01:00
049b8b14bc
fix(security): flag open-group runtime/fs exposure in audit
2026-02-22 08:22:51 +01:00
817905f3a0
docs: document thread-bound subagent sessions and remove plan
2026-02-21 19:59:55 +01:00
2c14b0cf4c
refactor(config): unify streaming config across channels
2026-02-21 19:53:42 +01:00
f48698a50b
fix(security): harden sandbox browser network defaults
2026-02-21 14:02:53 +01:00
8c1518f0f3
fix(sandbox): use one-time noVNC observer tokens
2026-02-21 13:56:58 +01:00
621d8e1312
fix(sandbox): require noVNC observer password auth
2026-02-21 13:44:24 +01:00
be7f825006
refactor(gateway): harden proxy client ip resolution
2026-02-21 13:36:23 +01:00
14b0d2b816
refactor: harden control-ui auth flow and add insecure-flag audit summary
2026-02-21 13:18:23 +01:00
f265d45840
fix(tts): make model provider overrides opt-in
2026-02-21 13:16:07 +01:00
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
99048dbec2
fix(gateway): align insecure-auth toggle messaging
2026-02-21 12:57:22 +01:00
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
677384c519
refactor: simplify Telegram preview streaming to single boolean ( #22012 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a4017d3b94
2026-02-21 15:19:13 +05:30
f555835b09
Channels: add thread-aware model overrides
2026-02-20 19:26:25 -06:00
4ab946eebf
Discord VC: voice channels, transcription, and TTS ( #18774 )
2026-02-20 16:06:07 -06:00
094dbdaf2b
fix(gateway): require loopback proxy IP for trusted-proxy + bind=loopback ( #22082 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 6ff3ca9b5d
2026-02-20 18:03:53 +00:00
ae4907ce6e
fix(heartbeat): return false for zero-width active-hours window ( #21408 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 993860bd03
2026-02-19 20:03:57 -05:00
c45f3c5b00
fix(gateway): harden canvas auth with session capabilities
2026-02-19 15:51:22 +01:00
b40821b068
fix: harden ACP secret handling and exec preflight boundaries
2026-02-19 15:34:20 +01:00
a40c10d3e2
fix: harden agent gateway authorization scopes
2026-02-19 14:37:56 +01:00
ff74d89e86
fix: harden gateway control-plane restart protections
2026-02-19 14:30:15 +01:00
e3e0ffd801
feat(security): audit gateway HTTP no-auth exposure
2026-02-19 14:25:56 +01:00
1316e57403
fix: enforce inbound attachment root policy across pipelines
2026-02-19 14:15:51 +01:00
49d0def6d1
fix(security): harden imessage remote scp/ssh handling
2026-02-19 11:08:23 +01:00
9c2640a810
docs: clarify WhatsApp group allowlist and reply mention behavior
2026-02-19 09:19:34 +01:00
c5698caca3
Security: default gateway auth bootstrap and explicit mode none ( #20686 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: be1b73182c
2026-02-19 02:35:50 -05:00
d833dcd731
fix(telegram): cron and heartbeat messages land in wrong chat instead of target topic ( #19367 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: bf02bbf9ce
2026-02-18 15:31:01 +05:30
d1c00dbb7c
fix: harden include confinement edge cases ( #18652 ) (thanks @aether-ai-agent)
2026-02-18 03:27:16 +01:00
2e91552f09
feat(agents): add generic provider api key rotation ( #19587 )
2026-02-18 01:31:11 +01:00
4c569ce246
docs(tokens): document image dimension token tradeoffs
2026-02-18 00:56:57 +01:00
b05e89e5e6
fix(agents): make image sanitization dimension configurable
2026-02-18 00:54:20 +01:00
a333d92013
docs(security): harden gateway security guidance
2026-02-17 23:48:49 +01:00
19a8f8bbf6
test(cron): add model fallback regression coverage
2026-02-17 10:40:25 -05:00
5d1bcc76cc
docs(zai): document tool_stream defaults
2026-02-17 09:22:55 -05:00
076df941a3
feat: add configurable tool loop detection
2026-02-17 00:17:01 +01:00
72e228e14b
Heartbeat: allow suppressing tool warnings ( #18497 )
...
* Heartbeat: allow suppressing tool warnings
* Changelog: note heartbeat tool-warning suppression
2026-02-16 13:29:24 -06:00
8a67016646
Agents: raise bootstrap total cap and warn on /context truncation ( #18229 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f6620526df
2026-02-16 12:04:53 -05:00
bc67af6ad8
cron: separate webhook POST delivery from announce ( #17901 )
...
* cron: split webhook delivery from announce mode
* cron: validate webhook delivery target
* cron: remove legacy webhook fallback config
* fix: finalize cron webhook delivery prep (#17901 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-16 02:36:00 -08:00
c6c53437f7
fix(security): scope session tools and webhook secret fallback
2026-02-16 03:47:10 +01:00
1b6704ef53
docs: update sandbox bind mount guidance
2026-02-16 03:05:16 +01:00
115cfb4430
gateway: add cron finished-run webhook ( #14535 )
...
* gateway: add cron finished webhook delivery
* config: allow cron webhook in runtime schema
* cron: require notify flag for webhook posts
* ui/docs: add cron notify toggle and webhook docs
* fix: harden cron webhook auth and fill notify coverage (#14535 ) (thanks @advaitpaliwal)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
2026-02-15 16:14:17 -08:00
b6069fc68c
feat: support per-channel ackReaction config ( #17092 ) (thanks @zerone0x)
2026-02-15 11:30:25 -06:00
9203a2fdb1
Discord: CV2! ( #16364 )
2026-02-15 10:24:53 -06:00
a69e82765f
fix(telegram): stream replies in-place without duplicate final sends
2026-02-15 20:32:51 +05:30
ddfdd20d79
docs: update Slack/Discord allowFrom references
2026-02-15 03:49:33 +01:00
f9bb748a6c
fix(memory): prevent QMD scope deny bypass
2026-02-15 02:41:45 +00:00
4a44da7d91
fix(security): default apply_patch workspace containment
2026-02-15 03:19:27 +01:00
5b23999404
docs: document bootstrap total cap and exec log/notify behavior
2026-02-14 18:36:35 -05:00
5e7c3250cb
fix(security): add optional workspace-only path guards for fs tools
2026-02-14 23:50:24 +01:00
9abf86f7e0
docs(changelog): document Slack/Discord dmPolicy aliases
2026-02-14 21:04:27 +01:00
53af46ffb8
docs: note WhatsApp per-account dmPolicy override
2026-02-14 19:52:39 +01:00
a3c9bc792e
docs(podman): add gateway.mode=local troubleshooting note
2026-02-14 18:07:05 +01:00
054366dea4
fix(security): require explicit trust for first-time TLS pins
2026-02-14 17:55:20 +01:00
d583782ee3
fix(security): harden discovery routing and TLS pins
2026-02-14 17:18:14 +01:00
cb9a5e1cb9
feat(sandbox): separate bind mounts for browser containers ( #16230 )
...
* feat(sandbox): add separate browser.binds config for browser containers
Allow configuring bind mounts independently for browser containers via
sandbox.browser.binds. When set, browser containers use browser-specific
binds instead of inheriting docker.binds. Falls back to docker.binds
when browser.binds is not configured for backwards compatibility.
Closes #14614
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(sandbox): honor empty browser binds override (#16230 ) (thanks @seheepeak)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 15:27:41 +01:00
644bef157a
docs: clarify hook transform module path constraints
2026-02-14 15:03:27 +01:00
6a386a7886
docs(security): clarify canvas host exposure and auth
2026-02-14 14:57:19 +01:00
a0361b8ba9
fix(security): restrict hook transform module loading
2026-02-14 13:46:09 +01:00
fba19fe942
docs: link trusted-proxy auth from gateway docs ( #16172 )
2026-02-14 12:44:25 +01:00
1fb52b4d7b
feat(gateway): add trusted-proxy auth mode ( #15940 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 279d4b304f
2026-02-14 12:32:17 +01:00
13aface863
fix(config): accept $schema key in root config ( #15280 )
...
* fix(config): accept $schema key in root config (#14998 )
* fix: strip $schema via preprocess to avoid spurious UI section
* fix(config): allow root without zod preprocess wrapper
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-14 03:07:12 +01:00
767fd9f222
fix: classify /tools/invoke errors and sanitize 500s ( #13185 ) (thanks @davidrudduck)
2026-02-13 16:58:30 +01:00
1def8c5448
fix(security): extend audit hardening checks
2026-02-13 16:26:58 +01:00
30b6eccae5
feat(gateway): add auth rate-limiting & brute-force protection ( #15035 )
...
* feat(gateway): add auth rate-limiting & brute-force protection
Add a per-IP sliding-window rate limiter to Gateway authentication
endpoints (HTTP, WebSocket upgrade, and WS message-level auth).
When gateway.auth.rateLimit is configured, failed auth attempts are
tracked per client IP. Once the threshold is exceeded within the
sliding window, further attempts are blocked with HTTP 429 + Retry-After
until the lockout period expires. Loopback addresses are exempt by
default so local CLI sessions are never locked out.
The limiter is only created when explicitly configured (undefined
otherwise), keeping the feature fully opt-in and backward-compatible.
* fix(gateway): isolate auth rate-limit scopes and normalize 429 responses
---------
Co-authored-by: buerbaumer <buerbaumer@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-02-13 15:32:38 +01:00
ee31cd47b4
fix: close OC-02 gaps in ACP permission + gateway HTTP deny config ( #15390 ) (thanks @aether-ai-agent)
2026-02-13 14:30:06 +01:00
8c920b9a18
fix(docs): remove hardcoded Mermaid init blocks that break dark mode ( #15157 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 3239baaf15
2026-02-12 22:48:26 -05:00
3421b2ec1e
fix: harden hook session key routing defaults
2026-02-13 02:09:14 +01:00
99f28031e5
fix: harden OpenResponses URL input fetching
2026-02-13 01:38:49 +01:00
3ed06c6f36
docs: modernize gateway configuration page (Phase 1) ( #14111 )
...
* docs(configuration): split into overview + full reference with Mintlify components
* docs(configuration): use tooltip for JSON5 format note
* docs(configuration): fix Accordion closing tags inside list contexts
* docs(configuration): expand intro to reflect full config surface
* docs(configuration): trim intro to three concise bullets
* docs(configuration-examples): revert all branch changes
* docs(configuration): improve hot-reload section with tabs and accordion
* docs(configuration): uncramp hot-reload — subheadings, bullet list, warning
* docs(configuration): restore hot-apply vs restart table
* docs(configuration): fix hot-reload table against codebase
* docs: add configuration-reference.md — full field-by-field reference
* docs(gateway): refresh runbook and align config reference
* docs: include pending docs updates and install graphic
2026-02-11 10:44:34 -05:00
Peter Steinberger
Peter Steinberger
Gustavo Madeira Santana
边黎安
Tak Hoffman
Brian Mendonca
Ayaan Zaidi
Shadow
Mariano
adhitShet
Gustavo Madeira Santana
Taras Lukavyi
Sebastian
Advait Paliwal
Shadow
Ayaan Zaidi
seheepeak
Nick Taylor
大猫子
Harald Buerbaumer
Tulsi Prasad